fix(gateway-api): use stable v1 apiVersion for TLSRoute

v1alpha2 is deprecated in Gateway API v1.5.0 with a removal warning.
Update all TLSRoute resources to use gateway.networking.k8s.io/v1.

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Kirill Ilin <stitch14@yandex.ru>

.github/workflows/tags.yaml

@@ -123,20 +123,6 @@ jobs:
           git commit -m "Prepare release ${GITHUB_REF#refs/tags/}" -s || echo "No changes to commit"
           git push origin HEAD || true
 
-      # Tag the api/apps/v1alpha1 submodule for pkg.go.dev
-      - name: Tag API submodule
-        if: steps.check_release.outputs.skip == 'false'
-        env:
-          GH_PAT: ${{ secrets.GH_PAT }}
-        run: |
-          VTAG="${{ steps.tag.outputs.tag }}"
-          SUBTAG="api/apps/v1alpha1/${VTAG}"
-          git config user.name  "cozystack-bot"
-          git config user.email "217169706+cozystack-bot@users.noreply.github.com"
-          git remote set-url origin https://cozystack-bot:${GH_PAT}@github.com/${GITHUB_REPOSITORY}
-          git tag "${SUBTAG}" "${VTAG}^{}" 2>/dev/null || git tag "${SUBTAG}" HEAD
-          git push origin "${SUBTAG}" || true
-
       # Create or reuse draft release
       - name: Create / reuse draft release
         if: steps.check_release.outputs.skip == 'false'
@@ -384,74 +370,3 @@ jobs:
               
               console.log(`Created PR #${pr.data.number} for changelog`);
             }
-
-  update-website-docs:
-    name: Update Website Docs
-    runs-on: [self-hosted]
-    needs: [generate-changelog]
-    if: needs.generate-changelog.result == 'success'
-    permissions:
-      contents: read
-    steps:
-      - name: Parse tag
-        id: tag
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const ref = context.ref.replace('refs/tags/', '');
-            const m = ref.match(/^v(\d+\.\d+\.\d+)(-(?:alpha|beta|rc)\.\d+)?$/);
-            if (!m) {
-              core.setFailed(`❌ tag '${ref}' must match 'vX.Y.Z' or 'vX.Y.Z-(alpha|beta|rc).N'`);
-              return;
-            }
-            const version = m[1] + (m[2] ?? '');
-            core.setOutput('tag',     ref);      // v0.22.0
-            core.setOutput('version', version);  // 0.22.0
-
-      - name: Checkout website repo
-        uses: actions/checkout@v4
-        with:
-          repository: cozystack/website
-          token: ${{ secrets.GH_PAT }}
-          ref: main
-
-      - name: Update docs from release branch
-        env:
-          GH_TOKEN: ${{ secrets.GH_PAT }}
-        run: make update-all BRANCH=release-${{ steps.tag.outputs.version }} RELEASE_TAG=${{ steps.tag.outputs.tag }}
-
-      - name: Commit and push
-        id: commit
-        run: |
-          git config user.name  "cozystack-bot"
-          git config user.email "217169706+cozystack-bot@users.noreply.github.com"
-          git add content
-          if git diff --cached --quiet; then
-            echo "No changes to commit"
-            echo "changed=false" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-          BRANCH="update-docs-v${{ steps.tag.outputs.version }}"
-          git branch -D "$BRANCH" 2>/dev/null || true
-          git checkout -b "$BRANCH"
-          git commit --signoff -m "[docs] Update managed apps reference for v${{ steps.tag.outputs.version }}"
-          git push --force --set-upstream origin "$BRANCH"
-          echo "changed=true" >> $GITHUB_OUTPUT
-
-      - name: Open pull request
-        if: steps.commit.outputs.changed == 'true'
-        env:
-          GH_TOKEN: ${{ secrets.GH_PAT }}
-        run: |
-          BRANCH="update-docs-v${{ steps.tag.outputs.version }}"
-          pr_state=$(gh pr view "$BRANCH" --repo cozystack/website --json state --jq .state 2>/dev/null || echo "")
-          if [[ "$pr_state" == "OPEN" ]]; then
-            echo "PR already open, skipping creation."
-          else
-            gh pr create \
-              --repo cozystack/website \
-              --title "[docs] Update managed apps reference for v${{ steps.tag.outputs.version }}" \
-              --body "Automated docs update for release \`v${{ steps.tag.outputs.version }}\`." \
-              --head "update-docs-v${{ steps.tag.outputs.version }}" \
-              --base main
-          fi

Makefile

@@ -58,11 +58,7 @@ manifests:
 cozypkg:
 	go build -ldflags "-X github.com/cozystack/cozystack/cmd/cozypkg/cmd.Version=v$(COZYSTACK_VERSION)" -o _out/bin/cozypkg ./cmd/cozypkg
 
-assets: assets-talos assets-cozypkg openapi-json
-
-openapi-json:
-	mkdir -p _out/assets
-	VERSION=$(shell git describe --tags --always 2>/dev/null || echo dev) go run ./tools/openapi-gen/ > _out/assets/openapi.json
+assets: assets-talos assets-cozypkg
 
 assets-talos:
 	make -C packages/core/talos assets

api/apps/v1alpha1/bucket/types.go

@@ -1,35 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package bucket
-
-import (
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Provisions bucket from the `-lock` BucketClass (with object lock enabled).
-	// +kubebuilder:default:=false
-	Locking bool `json:"locking"`
-	// Selects a specific BucketClass by storage pool name.
-	// +kubebuilder:default:=""
-	StoragePool string `json:"storagePool,omitempty"`
-	// Users configuration map.
-	// +kubebuilder:default:={}
-	Users map[string]User `json:"users,omitempty"`
-}
-
-type User struct {
-	// Whether the user has read-only access.
-	Readonly bool `json:"readonly,omitempty"`
-}

api/apps/v1alpha1/clickhouse/types.go

@@ -1,114 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package clickhouse
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Backup configuration.
-	// +kubebuilder:default:={}
-	Backup Backup `json:"backup"`
-	// ClickHouse Keeper configuration.
-	// +kubebuilder:default:={}
-	ClickhouseKeeper ClickHouseKeeper `json:"clickhouseKeeper"`
-	// Size of Persistent Volume for logs.
-	// +kubebuilder:default:="2Gi"
-	LogStorageSize resource.Quantity `json:"logStorageSize"`
-	// TTL (expiration time) for `query_log` and `query_thread_log`.
-	// +kubebuilder:default:=15
-	LogTTL int `json:"logTTL"`
-	// Number of ClickHouse replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each ClickHouse replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="small"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Number of ClickHouse shards.
-	// +kubebuilder:default:=1
-	Shards int `json:"shards"`
-	// Persistent Volume Claim size available for application data.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-	// Users configuration map.
-	// +kubebuilder:default:={}
-	Users map[string]User `json:"users,omitempty"`
-}
-
-type ClickHouseKeeper struct {
-	// Deploy ClickHouse Keeper for cluster coordination.
-	// +kubebuilder:default:=true
-	Enabled bool `json:"enabled,omitempty"`
-	// Number of Keeper replicas.
-	// +kubebuilder:default:=3
-	Replicas int `json:"replicas,omitempty"`
-	// Default sizing preset.
-	// +kubebuilder:default:="micro"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset,omitempty"`
-	// Persistent Volume Claim size available for application data.
-	// +kubebuilder:default:="1Gi"
-	Size resource.Quantity `json:"size,omitempty"`
-}
-
-type User struct {
-	// Password for the user.
-	Password string `json:"password,omitempty"`
-	// User is readonly (default: false).
-	Readonly bool `json:"readonly,omitempty"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type Backup struct {
-	// Retention strategy for cleaning up old backups.
-	// +kubebuilder:default:="--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
-	CleanupStrategy string `json:"cleanupStrategy"`
-	// Enable regular backups (default: false).
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Password for Restic backup encryption.
-	// +kubebuilder:default:="<password>"
-	ResticPassword string `json:"resticPassword"`
-	// Access key for S3 authentication.
-	// +kubebuilder:default:="<your-access-key>"
-	S3AccessKey string `json:"s3AccessKey"`
-	// S3 bucket used for storing backups.
-	// +kubebuilder:default:="s3.example.org/clickhouse-backups"
-	S3Bucket string `json:"s3Bucket"`
-	// AWS S3 region where backups are stored.
-	// +kubebuilder:default:="us-east-1"
-	S3Region string `json:"s3Region"`
-	// Secret key for S3 authentication.
-	// +kubebuilder:default:="<your-secret-key>"
-	S3SecretKey string `json:"s3SecretKey"`
-	// Cron schedule for automated backups.
-	// +kubebuilder:default:="0 2 * * *"
-	Schedule string `json:"schedule"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

api/apps/v1alpha1/foundationdb/types.go

@@ -1,164 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package foundationdb
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Enable automatic pod replacements.
-	// +kubebuilder:default:=true
-	AutomaticReplacements bool `json:"automaticReplacements"`
-	// Backup configuration.
-	// +kubebuilder:default:={}
-	Backup Backup `json:"backup"`
-	// Cluster configuration.
-	// +kubebuilder:default:={}
-	Cluster Cluster `json:"cluster"`
-	// Custom parameters to pass to FoundationDB.
-	// +kubebuilder:default:={}
-	CustomParameters []string `json:"customParameters,omitempty"`
-	// Container image deployment type.
-	// +kubebuilder:default:="unified"
-	ImageType ImageType `json:"imageType"`
-	// Monitoring configuration.
-	// +kubebuilder:default:={}
-	Monitoring Monitoring `json:"monitoring"`
-	// Explicit CPU and memory configuration for each FoundationDB instance. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="medium"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Security context for containers.
-	// +kubebuilder:default:={}
-	SecurityContext SecurityContext `json:"securityContext"`
-	// Storage configuration.
-	// +kubebuilder:default:={}
-	Storage Storage `json:"storage"`
-}
-
-type Cluster struct {
-	// Fault domain configuration.
-	// +kubebuilder:default:={}
-	FaultDomain ClusterFaultDomain `json:"faultDomain"`
-	// Process counts for different roles.
-	// +kubebuilder:default:={}
-	ProcessCounts ClusterProcessCounts `json:"processCounts"`
-	// Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback).
-	// +kubebuilder:default:="double"
-	RedundancyMode string `json:"redundancyMode"`
-	// Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory).
-	// +kubebuilder:default:="ssd-2"
-	StorageEngine string `json:"storageEngine"`
-	// Version of FoundationDB to use.
-	// +kubebuilder:default:="7.3.63"
-	Version string `json:"version"`
-}
-
-type BackupS3Credentials struct {
-	// S3 access key ID.
-	// +kubebuilder:default:=""
-	AccessKeyId string `json:"accessKeyId"`
-	// S3 secret access key.
-	// +kubebuilder:default:=""
-	SecretAccessKey string `json:"secretAccessKey"`
-}
-
-type BackupS3 struct {
-	// S3 bucket name.
-	// +kubebuilder:default:=""
-	Bucket string `json:"bucket"`
-	// S3 credentials.
-	// +kubebuilder:default:={}
-	Credentials BackupS3Credentials `json:"credentials"`
-	// S3 endpoint URL.
-	// +kubebuilder:default:=""
-	Endpoint string `json:"endpoint"`
-	// S3 region.
-	// +kubebuilder:default:="us-east-1"
-	Region string `json:"region"`
-}
-
-type SecurityContext struct {
-	// Group ID to run the container.
-	// +kubebuilder:default:=4059
-	RunAsGroup int `json:"runAsGroup"`
-	// User ID to run the container.
-	// +kubebuilder:default:=4059
-	RunAsUser int `json:"runAsUser"`
-}
-
-type ClusterFaultDomain struct {
-	// Fault domain key.
-	// +kubebuilder:default:="kubernetes.io/hostname"
-	Key string `json:"key"`
-	// Fault domain value source.
-	// +kubebuilder:default:="spec.nodeName"
-	ValueFrom string `json:"valueFrom"`
-}
-
-type Storage struct {
-	// Size of persistent volumes for each instance.
-	// +kubebuilder:default:="16Gi"
-	Size resource.Quantity `json:"size"`
-	// Storage class (if not set, uses cluster default).
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-}
-
-type Resources struct {
-	// CPU available to each instance.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each instance.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type Backup struct {
-	// Enable backups.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Retention policy for backups.
-	// +kubebuilder:default:="7d"
-	RetentionPolicy string `json:"retentionPolicy"`
-	// S3 configuration for backups.
-	// +kubebuilder:default:={}
-	S3 BackupS3 `json:"s3"`
-}
-
-type ClusterProcessCounts struct {
-	// Number of cluster controller processes.
-	// +kubebuilder:default:=1
-	ClusterController int `json:"cluster_controller"`
-	// Number of stateless processes (-1 for automatic).
-	// +kubebuilder:default:=-1
-	Stateless int `json:"stateless"`
-	// Number of storage processes (determines cluster size).
-	// +kubebuilder:default:=3
-	Storage int `json:"storage"`
-}
-
-type Monitoring struct {
-	// Enable WorkloadMonitor integration.
-	// +kubebuilder:default:=true
-	Enabled bool `json:"enabled"`
-}
-
-// +kubebuilder:validation:Enum="unified";"split"
-type ImageType string
-
-// +kubebuilder:validation:Enum="small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

api/apps/v1alpha1/go.mod

@@ -1,24 +0,0 @@
-module github.com/cozystack/cozystack/api/apps/v1alpha1
-
-go 1.25.0
-
-require k8s.io/apimachinery v0.35.2
-
-require (
-	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
-	github.com/go-logr/logr v1.4.3 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
-	github.com/x448/float16 v0.8.4 // indirect
-	go.yaml.in/yaml/v2 v2.4.3 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
-	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
-	k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect
-	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
-	sigs.k8s.io/randfill v1.0.0 // indirect
-	sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
-)

api/apps/v1alpha1/go.sum

@@ -1,56 +0,0 @@
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
-github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
-github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
-github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
-github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8=
-github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
-github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
-github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
-github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
-go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
-go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/apimachinery v0.35.2 h1:NqsM/mmZA7sHW02JZ9RTtk3wInRgbVxL8MPfzSANAK8=
-k8s.io/apimachinery v0.35.2/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns=
-k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
-k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE=
-k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ=
-k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck=
-k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg=
-sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
-sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
-sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
-sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
-sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=

api/apps/v1alpha1/harbor/types.go

@@ -1,116 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package harbor
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Core API server configuration.
-	// +kubebuilder:default:={}
-	Core Core `json:"core"`
-	// PostgreSQL database configuration.
-	// +kubebuilder:default:={}
-	Database Database `json:"database"`
-	// Hostname for external access to Harbor (defaults to 'harbor' subdomain for the tenant host).
-	// +kubebuilder:default:=""
-	Host string `json:"host,omitempty"`
-	// Background job service configuration.
-	// +kubebuilder:default:={}
-	Jobservice Jobservice `json:"jobservice"`
-	// Redis cache configuration.
-	// +kubebuilder:default:={}
-	Redis Redis `json:"redis"`
-	// Container image registry configuration.
-	// +kubebuilder:default:={}
-	Registry Registry `json:"registry"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-	// Trivy vulnerability scanner configuration.
-	// +kubebuilder:default:={}
-	Trivy Trivy `json:"trivy"`
-}
-
-type Trivy struct {
-	// Enable or disable the vulnerability scanner.
-	// +kubebuilder:default:=true
-	Enabled bool `json:"enabled"`
-	// Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset,omitempty"`
-	// Persistent Volume size for vulnerability database cache.
-	// +kubebuilder:default:="5Gi"
-	Size resource.Quantity `json:"size"`
-}
-
-type Jobservice struct {
-	// Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset,omitempty"`
-}
-
-type Resources struct {
-	// Number of CPU cores allocated.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Amount of memory allocated.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type Database struct {
-	// Number of database instances.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Persistent Volume size for database storage.
-	// +kubebuilder:default:="5Gi"
-	Size resource.Quantity `json:"size"`
-}
-
-type Redis struct {
-	// Number of Redis replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Persistent Volume size for cache storage.
-	// +kubebuilder:default:="1Gi"
-	Size resource.Quantity `json:"size"`
-}
-
-type Core struct {
-	// Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="small"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset,omitempty"`
-}
-
-type Registry struct {
-	// Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="small"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

api/apps/v1alpha1/httpcache/types.go

@@ -1,74 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package httpcache
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Endpoints configuration, as a list of <ip:port>.
-	// +kubebuilder:default:={}
-	Endpoints []string `json:"endpoints,omitempty"`
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// HAProxy configuration.
-	// +kubebuilder:default:={}
-	Haproxy HAProxy `json:"haproxy"`
-	// Nginx configuration.
-	// +kubebuilder:default:={}
-	Nginx Nginx `json:"nginx"`
-	// Persistent Volume Claim size available for application data.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type HAProxy struct {
-	// Number of HAProxy replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-}
-
-type Nginx struct {
-	// Number of Nginx replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

api/apps/v1alpha1/kafka/types.go

@@ -1,92 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package kafka
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// Kafka configuration.
-	// +kubebuilder:default:={}
-	Kafka Kafka `json:"kafka"`
-	// Topics configuration.
-	// +kubebuilder:default:={}
-	Topics []Topic `json:"topics,omitempty"`
-	// ZooKeeper configuration.
-	// +kubebuilder:default:={}
-	Zookeeper ZooKeeper `json:"zookeeper"`
-}
-
-type ZooKeeper struct {
-	// Number of ZooKeeper replicas.
-	// +kubebuilder:default:=3
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="small"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Persistent Volume size for ZooKeeper.
-	// +kubebuilder:default:="5Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the ZooKeeper data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-}
-
-type Topic struct {
-	// Topic configuration.
-	Config k8sRuntime.RawExtension `json:"config"`
-	// Topic name.
-	Name string `json:"name"`
-	// Number of partitions.
-	Partitions int `json:"partitions"`
-	// Number of replicas.
-	Replicas int `json:"replicas"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type Kafka struct {
-	// Number of Kafka replicas.
-	// +kubebuilder:default:=3
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="small"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Persistent Volume size for Kafka.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the Kafka data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

api/apps/v1alpha1/kubernetes/types.go

@@ -1,260 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package kubernetes
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Cluster addons configuration.
-	// +kubebuilder:default:={}
-	Addons Addons `json:"addons"`
-	// Kubernetes control-plane configuration.
-	// +kubebuilder:default:={}
-	ControlPlane ControlPlane `json:"controlPlane"`
-	// External hostname for Kubernetes cluster. Defaults to `<cluster-name>.<tenant-host>` if empty.
-	// +kubebuilder:default:=""
-	Host string `json:"host"`
-	// Worker nodes configuration map.
-	// +kubebuilder:default:={"md0":{"ephemeralStorage":"20Gi","gpus":{},"instanceType":"u1.medium","maxReplicas":10,"minReplicas":0,"resources":{},"roles":{"ingress-nginx"}}}
-	NodeGroups map[string]NodeGroup `json:"nodeGroups,omitempty"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:="replicated"
-	StorageClass string `json:"storageClass"`
-	// Kubernetes major.minor version to deploy
-	// +kubebuilder:default:="v1.35"
-	Version Version `json:"version"`
-}
-
-type VeleroAddon struct {
-	// Enable Velero.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Custom Helm values overrides.
-	// +kubebuilder:default:={}
-	ValuesOverride k8sRuntime.RawExtension `json:"valuesOverride"`
-}
-
-type KonnectivityServer struct {
-	// CPU and memory resources for Konnectivity.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources"`
-	// Preset if `resources` omitted.
-	// +kubebuilder:default:="micro"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-}
-
-type IngressNginxAddon struct {
-	// Enable the controller (requires nodes labeled `ingress-nginx`).
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Method to expose the controller. Allowed values: `Proxied`, `LoadBalancer`.
-	// +kubebuilder:default:="Proxied"
-	ExposeMethod IngressNginxExposeMethod `json:"exposeMethod"`
-	// Domains routed to this tenant cluster when `exposeMethod` is `Proxied`.
-	// +kubebuilder:default:={}
-	Hosts []string `json:"hosts,omitempty"`
-	// Custom Helm values overrides.
-	// +kubebuilder:default:={}
-	ValuesOverride k8sRuntime.RawExtension `json:"valuesOverride"`
-}
-
-type FluxCDAddon struct {
-	// Enable FluxCD.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Custom Helm values overrides.
-	// +kubebuilder:default:={}
-	ValuesOverride k8sRuntime.RawExtension `json:"valuesOverride"`
-}
-
-type APIServer struct {
-	// CPU and memory resources for API Server.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources"`
-	// Preset if `resources` omitted.
-	// +kubebuilder:default:="large"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-}
-
-type Resources struct {
-	// CPU available.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type CoreDNSAddon struct {
-	// Custom Helm values overrides.
-	// +kubebuilder:default:={}
-	ValuesOverride k8sRuntime.RawExtension `json:"valuesOverride"`
-}
-
-type Konnectivity struct {
-	// Konnectivity Server configuration.
-	// +kubebuilder:default:={}
-	Server KonnectivityServer `json:"server"`
-}
-
-type ControlPlane struct {
-	// API Server configuration.
-	// +kubebuilder:default:={}
-	ApiServer APIServer `json:"apiServer"`
-	// Controller Manager configuration.
-	// +kubebuilder:default:={}
-	ControllerManager ControllerManager `json:"controllerManager"`
-	// Konnectivity configuration.
-	// +kubebuilder:default:={}
-	Konnectivity Konnectivity `json:"konnectivity"`
-	// Number of control-plane replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Scheduler configuration.
-	// +kubebuilder:default:={}
-	Scheduler Scheduler `json:"scheduler"`
-}
-
-type GPUOperatorAddon struct {
-	// Enable GPU Operator.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Custom Helm values overrides.
-	// +kubebuilder:default:={}
-	ValuesOverride k8sRuntime.RawExtension `json:"valuesOverride"`
-}
-
-type Addons struct {
-	// Cert-manager addon.
-	// +kubebuilder:default:={}
-	CertManager CertManagerAddon `json:"certManager"`
-	// Cilium CNI plugin.
-	// +kubebuilder:default:={}
-	Cilium CiliumAddon `json:"cilium"`
-	// CoreDNS addon.
-	// +kubebuilder:default:={}
-	Coredns CoreDNSAddon `json:"coredns"`
-	// FluxCD GitOps operator.
-	// +kubebuilder:default:={}
-	Fluxcd FluxCDAddon `json:"fluxcd"`
-	// Gateway API addon.
-	// +kubebuilder:default:={}
-	GatewayAPI GatewayAPIAddon `json:"gatewayAPI"`
-	// NVIDIA GPU Operator.
-	// +kubebuilder:default:={}
-	GpuOperator GPUOperatorAddon `json:"gpuOperator"`
-	// Ingress-NGINX controller.
-	// +kubebuilder:default:={}
-	IngressNginx IngressNginxAddon `json:"ingressNginx"`
-	// Monitoring agents.
-	// +kubebuilder:default:={}
-	MonitoringAgents MonitoringAgentsAddon `json:"monitoringAgents"`
-	// Velero backup/restore addon.
-	// +kubebuilder:default:={}
-	Velero VeleroAddon `json:"velero"`
-	// Vertical Pod Autoscaler.
-	// +kubebuilder:default:={}
-	VerticalPodAutoscaler VerticalPodAutoscalerAddon `json:"verticalPodAutoscaler"`
-}
-
-type Scheduler struct {
-	// CPU and memory resources for Scheduler.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources"`
-	// Preset if `resources` omitted.
-	// +kubebuilder:default:="micro"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-}
-
-type CertManagerAddon struct {
-	// Enable cert-manager.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Custom Helm values overrides.
-	// +kubebuilder:default:={}
-	ValuesOverride k8sRuntime.RawExtension `json:"valuesOverride"`
-}
-
-type MonitoringAgentsAddon struct {
-	// Enable monitoring agents.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Custom Helm values overrides.
-	// +kubebuilder:default:={}
-	ValuesOverride k8sRuntime.RawExtension `json:"valuesOverride"`
-}
-
-type GPU struct {
-	// Name of GPU, such as "nvidia.com/AD102GL_L40S".
-	Name string `json:"name"`
-}
-
-type GatewayAPIAddon struct {
-	// Enable Gateway API.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-}
-
-type VerticalPodAutoscalerAddon struct {
-	// Custom Helm values overrides.
-	// +kubebuilder:default:={}
-	ValuesOverride k8sRuntime.RawExtension `json:"valuesOverride"`
-}
-
-type ControllerManager struct {
-	// CPU and memory resources for Controller Manager.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources"`
-	// Preset if `resources` omitted.
-	// +kubebuilder:default:="micro"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-}
-
-type NodeGroup struct {
-	// Ephemeral storage size.
-	// +kubebuilder:default:="20Gi"
-	EphemeralStorage resource.Quantity `json:"ephemeralStorage"`
-	// List of GPUs to attach (NVIDIA driver requires at least 4 GiB RAM).
-	Gpus []GPU `json:"gpus,omitempty"`
-	// Virtual machine instance type.
-	// +kubebuilder:default:="u1.medium"
-	InstanceType string `json:"instanceType"`
-	// Maximum number of replicas.
-	// +kubebuilder:default:=10
-	MaxReplicas int `json:"maxReplicas"`
-	// Minimum number of replicas.
-	// +kubebuilder:default:=0
-	MinReplicas int `json:"minReplicas"`
-	// CPU and memory resources for each worker node.
-	Resources Resources `json:"resources"`
-	// List of node roles.
-	Roles []string `json:"roles,omitempty"`
-}
-
-type CiliumAddon struct {
-	// Custom Helm values overrides.
-	// +kubebuilder:default:={}
-	ValuesOverride k8sRuntime.RawExtension `json:"valuesOverride"`
-}
-
-// +kubebuilder:validation:Enum="v1.35";"v1.34";"v1.33";"v1.32";"v1.31";"v1.30"
-type Version string
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string
-
-// +kubebuilder:validation:Enum="Proxied";"LoadBalancer"
-type IngressNginxExposeMethod string

api/apps/v1alpha1/mariadb/types.go

@@ -1,111 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package mariadb
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Backup configuration.
-	// +kubebuilder:default:={}
-	Backup Backup `json:"backup"`
-	// Databases configuration map.
-	// +kubebuilder:default:={}
-	Databases map[string]Database `json:"databases,omitempty"`
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// Number of MariaDB replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each MariaDB replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Persistent Volume Claim size available for application data.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-	// Users configuration map.
-	// +kubebuilder:default:={}
-	Users map[string]User `json:"users,omitempty"`
-	// MariaDB major.minor version to deploy
-	// +kubebuilder:default:="v11.8"
-	Version Version `json:"version"`
-}
-
-type Backup struct {
-	// Retention strategy for cleaning up old backups.
-	// +kubebuilder:default:="--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
-	CleanupStrategy string `json:"cleanupStrategy"`
-	// Enable regular backups (default: false).
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Password for Restic backup encryption.
-	// +kubebuilder:default:="<password>"
-	ResticPassword string `json:"resticPassword"`
-	// Access key for S3 authentication.
-	// +kubebuilder:default:="<your-access-key>"
-	S3AccessKey string `json:"s3AccessKey"`
-	// S3 bucket used for storing backups.
-	// +kubebuilder:default:="s3.example.org/mariadb-backups"
-	S3Bucket string `json:"s3Bucket"`
-	// AWS S3 region where backups are stored.
-	// +kubebuilder:default:="us-east-1"
-	S3Region string `json:"s3Region"`
-	// Secret key for S3 authentication.
-	// +kubebuilder:default:="<your-secret-key>"
-	S3SecretKey string `json:"s3SecretKey"`
-	// Cron schedule for automated backups.
-	// +kubebuilder:default:="0 2 * * *"
-	Schedule string `json:"schedule"`
-}
-
-type Database struct {
-	// Roles assigned to users.
-	Roles DatabaseRoles `json:"roles,omitempty"`
-}
-
-type DatabaseRoles struct {
-	// List of users with admin privileges.
-	Admin []string `json:"admin,omitempty"`
-	// List of users with read-only privileges.
-	Readonly []string `json:"readonly,omitempty"`
-}
-
-type User struct {
-	// Maximum number of connections.
-	MaxUserConnections int `json:"maxUserConnections"`
-	// Password for the user.
-	Password string `json:"password"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string
-
-// +kubebuilder:validation:Enum="v11.8";"v11.4";"v10.11";"v10.6"
-type Version string

api/apps/v1alpha1/mongodb/types.go

@@ -1,151 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package mongodb
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Backup configuration.
-	// +kubebuilder:default:={}
-	Backup Backup `json:"backup"`
-	// Bootstrap configuration.
-	// +kubebuilder:default:={}
-	Bootstrap Bootstrap `json:"bootstrap"`
-	// Databases configuration map.
-	// +kubebuilder:default:={}
-	Databases map[string]Database `json:"databases,omitempty"`
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// Number of MongoDB replicas in replica set.
-	// +kubebuilder:default:=3
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each MongoDB replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="small"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Enable sharded cluster mode. When disabled, deploys a replica set.
-	// +kubebuilder:default:=false
-	Sharding bool `json:"sharding"`
-	// Configuration for sharded cluster mode.
-	// +kubebuilder:default:={}
-	ShardingConfig ShardingConfig `json:"shardingConfig"`
-	// Persistent Volume Claim size available for application data.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-	// Users configuration map.
-	// +kubebuilder:default:={}
-	Users map[string]User `json:"users,omitempty"`
-	// MongoDB major version to deploy.
-	// +kubebuilder:default:="v8"
-	Version Version `json:"version"`
-}
-
-type Shard struct {
-	// Shard name.
-	Name string `json:"name"`
-	// Number of replicas in this shard.
-	Replicas int `json:"replicas"`
-	// PVC size for this shard.
-	Size resource.Quantity `json:"size"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type DatabaseRoles struct {
-	// List of users with admin privileges (readWrite + dbAdmin).
-	Admin []string `json:"admin,omitempty"`
-	// List of users with read-only privileges.
-	Readonly []string `json:"readonly,omitempty"`
-}
-
-type Backup struct {
-	// Destination path for backups (e.g. s3://bucket/path/).
-	// +kubebuilder:default:="s3://bucket/path/to/folder/"
-	DestinationPath string `json:"destinationPath,omitempty"`
-	// Enable regular backups.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// S3 endpoint URL for uploads.
-	// +kubebuilder:default:="http://minio-gateway-service:9000"
-	EndpointURL string `json:"endpointURL,omitempty"`
-	// Retention policy (e.g. "30d").
-	// +kubebuilder:default:="30d"
-	RetentionPolicy string `json:"retentionPolicy,omitempty"`
-	// Access key for S3 authentication.
-	// +kubebuilder:default:=""
-	S3AccessKey string `json:"s3AccessKey,omitempty"`
-	// Secret key for S3 authentication.
-	// +kubebuilder:default:=""
-	S3SecretKey string `json:"s3SecretKey,omitempty"`
-	// Cron schedule for automated backups.
-	// +kubebuilder:default:="0 2 * * *"
-	Schedule string `json:"schedule,omitempty"`
-}
-
-type ShardingConfig struct {
-	// PVC size for config servers.
-	// +kubebuilder:default:="3Gi"
-	ConfigServerSize resource.Quantity `json:"configServerSize"`
-	// Number of config server replicas.
-	// +kubebuilder:default:=3
-	ConfigServers int `json:"configServers"`
-	// Number of mongos router replicas.
-	// +kubebuilder:default:=2
-	Mongos int `json:"mongos"`
-	// List of shard configurations.
-	// +kubebuilder:default:={{"name":"rs0","replicas":3,"size":"10Gi"}}
-	Shards []Shard `json:"shards,omitempty"`
-}
-
-type Bootstrap struct {
-	// Name of backup to restore from.
-	// +kubebuilder:default:=""
-	BackupName string `json:"backupName"`
-	// Whether to restore from a backup.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Timestamp for point-in-time recovery; empty means latest.
-	// +kubebuilder:default:=""
-	RecoveryTime string `json:"recoveryTime,omitempty"`
-}
-
-type User struct {
-	// Password for the user (auto-generated if omitted).
-	Password string `json:"password,omitempty"`
-}
-
-type Database struct {
-	// Roles assigned to users.
-	Roles DatabaseRoles `json:"roles,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="v8";"v7";"v6"
-type Version string
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

api/apps/v1alpha1/nats/types.go

@@ -1,80 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package nats
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-	k8sRuntime "k8s.io/apimachinery/pkg/runtime"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// NATS configuration.
-	// +kubebuilder:default:={}
-	Config ValuesConfig `json:"config"`
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// Jetstream configuration.
-	// +kubebuilder:default:={}
-	Jetstream Jetstream `json:"jetstream"`
-	// Number of replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each NATS replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-	// Users configuration map.
-	// +kubebuilder:default:={}
-	Users map[string]User `json:"users,omitempty"`
-}
-
-type User struct {
-	// Password for the user.
-	Password string `json:"password,omitempty"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type Jetstream struct {
-	// Enable or disable Jetstream for persistent messaging in NATS.
-	// +kubebuilder:default:=true
-	Enabled bool `json:"enabled"`
-	// Jetstream persistent storage size.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-}
-
-type ValuesConfig struct {
-	// Additional configuration to merge into NATS config.
-	// +kubebuilder:default:={}
-	Merge *k8sRuntime.RawExtension `json:"merge,omitempty"`
-	// Additional resolver configuration to merge into NATS config.
-	// +kubebuilder:default:={}
-	Resolver *k8sRuntime.RawExtension `json:"resolver,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

api/apps/v1alpha1/openbao/types.go

@@ -1,53 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package openbao
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// Number of OpenBAO replicas. HA with Raft is automatically enabled when replicas > 1. Switching between standalone (file storage) and HA (Raft storage) modes requires data migration.
-	// +kubebuilder:default:=1
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each OpenBAO replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="small"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Persistent Volume Claim size for data storage.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-	// Enable the OpenBAO web UI.
-	// +kubebuilder:default:=true
-	Ui bool `json:"ui"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

api/apps/v1alpha1/postgresql/types.go

@@ -1,152 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package postgresql
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Backup configuration.
-	// +kubebuilder:default:={}
-	Backup Backup `json:"backup"`
-	// Bootstrap configuration.
-	// +kubebuilder:default:={}
-	Bootstrap Bootstrap `json:"bootstrap"`
-	// Databases configuration map.
-	// +kubebuilder:default:={}
-	Databases map[string]Database `json:"databases,omitempty"`
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// PostgreSQL server configuration.
-	// +kubebuilder:default:={}
-	Postgresql PostgreSQL `json:"postgresql"`
-	// Quorum configuration for synchronous replication.
-	// +kubebuilder:default:={}
-	Quorum Quorum `json:"quorum"`
-	// Number of Postgres replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each PostgreSQL replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="micro"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Persistent Volume Claim size available for application data.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-	// Users configuration map.
-	// +kubebuilder:default:={}
-	Users map[string]User `json:"users,omitempty"`
-	// PostgreSQL major version to deploy
-	// +kubebuilder:default:="v18"
-	Version Version `json:"version"`
-}
-
-type User struct {
-	// Password for the user.
-	Password string `json:"password,omitempty"`
-	// Whether the user has replication privileges.
-	Replication bool `json:"replication,omitempty"`
-}
-
-type Bootstrap struct {
-	// Whether to restore from a backup.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// Previous cluster name before deletion.
-	// +kubebuilder:default:=""
-	OldName string `json:"oldName"`
-	// Timestamp (RFC3339) for point-in-time recovery; empty means latest.
-	// +kubebuilder:default:=""
-	RecoveryTime string `json:"recoveryTime,omitempty"`
-}
-
-type Quorum struct {
-	// Maximum number of synchronous replicas allowed (must be less than total replicas).
-	// +kubebuilder:default:=0
-	MaxSyncReplicas int `json:"maxSyncReplicas"`
-	// Minimum number of synchronous replicas required for commit.
-	// +kubebuilder:default:=0
-	MinSyncReplicas int `json:"minSyncReplicas"`
-}
-
-type DatabaseRoles struct {
-	// List of users with admin privileges.
-	Admin []string `json:"admin,omitempty"`
-	// List of users with read-only privileges.
-	Readonly []string `json:"readonly,omitempty"`
-}
-
-type Database struct {
-	// List of enabled PostgreSQL extensions.
-	Extensions []string `json:"extensions,omitempty"`
-	// Roles assigned to users.
-	Roles DatabaseRoles `json:"roles,omitempty"`
-}
-
-type Backup struct {
-	// Destination path for backups (e.g. s3://bucket/path/).
-	// +kubebuilder:default:="s3://bucket/path/to/folder/"
-	DestinationPath string `json:"destinationPath,omitempty"`
-	// Enable regular backups.
-	// +kubebuilder:default:=false
-	Enabled bool `json:"enabled"`
-	// S3 endpoint URL for uploads.
-	// +kubebuilder:default:="http://minio-gateway-service:9000"
-	EndpointURL string `json:"endpointURL,omitempty"`
-	// Retention policy (e.g. "30d").
-	// +kubebuilder:default:="30d"
-	RetentionPolicy string `json:"retentionPolicy,omitempty"`
-	// Access key for S3 authentication.
-	// +kubebuilder:default:="<your-access-key>"
-	S3AccessKey string `json:"s3AccessKey,omitempty"`
-	// Secret key for S3 authentication.
-	// +kubebuilder:default:="<your-secret-key>"
-	S3SecretKey string `json:"s3SecretKey,omitempty"`
-	// Cron schedule for automated backups.
-	// +kubebuilder:default:="0 2 * * * *"
-	Schedule string `json:"schedule,omitempty"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type PostgreSQLParameters struct {
-	// Maximum number of concurrent connections to the database server.
-	// +kubebuilder:default:=100
-	MaxConnections int `json:"max_connections,omitempty"`
-}
-
-type PostgreSQL struct {
-	// PostgreSQL server parameters.
-	// +kubebuilder:default:={}
-	Parameters PostgreSQLParameters `json:"parameters,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string
-
-// +kubebuilder:validation:Enum="v18";"v17";"v16";"v15";"v14";"v13"
-type Version string

api/apps/v1alpha1/qdrant/types.go

@@ -1,50 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package qdrant
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// Number of Qdrant replicas. Cluster mode is automatically enabled when replicas > 1.
-	// +kubebuilder:default:=1
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each Qdrant replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="small"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Persistent Volume Claim size available for vector data storage.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

api/apps/v1alpha1/rabbitmq/types.go

@@ -1,79 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package rabbitmq
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// Number of RabbitMQ replicas.
-	// +kubebuilder:default:=3
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each RabbitMQ replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Persistent Volume Claim size available for application data.
-	// +kubebuilder:default:="10Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-	// Users configuration map.
-	// +kubebuilder:default:={}
-	Users map[string]User `json:"users,omitempty"`
-	// RabbitMQ major.minor version to deploy
-	// +kubebuilder:default:="v4.2"
-	Version Version `json:"version"`
-	// Virtual hosts configuration map.
-	// +kubebuilder:default:={}
-	Vhosts map[string]Vhost `json:"vhosts,omitempty"`
-}
-
-type Vhost struct {
-	// Virtual host roles list.
-	Roles Roles `json:"roles"`
-}
-
-type User struct {
-	// Password for the user.
-	Password string `json:"password,omitempty"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type Roles struct {
-	// List of admin users.
-	Admin []string `json:"admin,omitempty"`
-	// List of readonly users.
-	Readonly []string `json:"readonly,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string
-
-// +kubebuilder:validation:Enum="v4.2";"v4.1";"v4.0";"v3.13"
-type Version string

api/apps/v1alpha1/redis/types.go

@@ -1,59 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package redis
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Enable password generation.
-	// +kubebuilder:default:=true
-	AuthEnabled bool `json:"authEnabled"`
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// Number of Redis replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each Redis replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Persistent Volume Claim size available for application data.
-	// +kubebuilder:default:="1Gi"
-	Size resource.Quantity `json:"size"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:=""
-	StorageClass string `json:"storageClass"`
-	// Redis major version to deploy
-	// +kubebuilder:default:="v8"
-	Version Version `json:"version"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string
-
-// +kubebuilder:validation:Enum="v8";"v7"
-type Version string

api/apps/v1alpha1/tcpbalancer/types.go

@@ -1,77 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package tcpbalancer
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// HTTP and HTTPS configuration.
-	// +kubebuilder:default:={}
-	HttpAndHttps HttpAndHttps `json:"httpAndHttps"`
-	// Number of HAProxy replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each TCP Balancer replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// List of allowed client networks.
-	// +kubebuilder:default:={}
-	Whitelist []string `json:"whitelist,omitempty"`
-	// Secure HTTP by whitelisting client networks (default: false).
-	// +kubebuilder:default:=false
-	WhitelistHTTP bool `json:"whitelistHTTP"`
-}
-
-type TargetPorts struct {
-	// HTTP port number.
-	// +kubebuilder:default:=80
-	Http int `json:"http"`
-	// HTTPS port number.
-	// +kubebuilder:default:=443
-	Https int `json:"https"`
-}
-
-type HttpAndHttps struct {
-	// Endpoint addresses list.
-	// +kubebuilder:default:={}
-	Endpoints []string `json:"endpoints,omitempty"`
-	// Mode for balancer.
-	// +kubebuilder:default:="tcp"
-	Mode Mode `json:"mode"`
-	// Target ports configuration.
-	// +kubebuilder:default:={}
-	TargetPorts TargetPorts `json:"targetPorts"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string
-
-// +kubebuilder:validation:Enum="tcp";"tcp-with-proxy"
-type Mode string

api/apps/v1alpha1/tenant/types.go

@@ -1,40 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package tenant
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Deploy own Etcd cluster.
-	// +kubebuilder:default:=false
-	Etcd bool `json:"etcd"`
-	// The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host).
-	// +kubebuilder:default:=""
-	Host string `json:"host,omitempty"`
-	// Deploy own Ingress Controller.
-	// +kubebuilder:default:=false
-	Ingress bool `json:"ingress"`
-	// Deploy own Monitoring Stack.
-	// +kubebuilder:default:=false
-	Monitoring bool `json:"monitoring"`
-	// Define resource quotas for the tenant.
-	// +kubebuilder:default:={}
-	ResourceQuotas map[string]resource.Quantity `json:"resourceQuotas,omitempty"`
-	// Deploy own SeaweedFS.
-	// +kubebuilder:default:=false
-	Seaweedfs bool `json:"seaweedfs"`
-}

api/apps/v1alpha1/vmdisk/types.go

@@ -1,53 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package vmdisk
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Defines if disk should be considered optical.
-	// +kubebuilder:default:=false
-	Optical bool `json:"optical"`
-	// The source image location used to create a disk.
-	// +kubebuilder:default:={}
-	Source Source `json:"source"`
-	// The size of the disk allocated for the virtual machine.
-	// +kubebuilder:default:="5Gi"
-	Storage resource.Quantity `json:"storage"`
-	// StorageClass used to store the data.
-	// +kubebuilder:default:="replicated"
-	StorageClass string `json:"storageClass"`
-}
-
-type SourceImage struct {
-	// Name of the image to use (uploaded as "golden image" or from the list: `ubuntu`, `fedora`, `cirros`, `alpine`, `talos`).
-	Name string `json:"name"`
-}
-
-type SourceHTTP struct {
-	// URL to download the image.
-	Url string `json:"url"`
-}
-
-type Source struct {
-	// Download image from an HTTP source.
-	Http *SourceHTTP `json:"http,omitempty"`
-	// Use image by name.
-	Image *SourceImage `json:"image,omitempty"`
-	// Upload local image.
-	Upload *SourceUpload `json:"upload,omitempty"`
-}

api/apps/v1alpha1/vminstance/types.go

@@ -1,96 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package vminstance
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Cloud-init user data.
-	// +kubebuilder:default:=""
-	CloudInit string `json:"cloudInit"`
-	// Seed string to generate SMBIOS UUID for the VM.
-	// +kubebuilder:default:=""
-	CloudInitSeed string `json:"cloudInitSeed"`
-	// Model specifies the CPU model inside the VMI. List of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map
-	// +kubebuilder:default:=""
-	CpuModel string `json:"cpuModel"`
-	// List of disks to attach.
-	// +kubebuilder:default:={}
-	Disks []Disk `json:"disks,omitempty"`
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// Method to pass through traffic to the VM.
-	// +kubebuilder:default:="PortList"
-	ExternalMethod ExternalMethod `json:"externalMethod"`
-	// Ports to forward from outside the cluster.
-	// +kubebuilder:default:={22}
-	ExternalPorts []int `json:"externalPorts,omitempty"`
-	// List of GPUs to attach (NVIDIA driver requires at least 4 GiB RAM).
-	// +kubebuilder:default:={}
-	Gpus []GPU `json:"gpus,omitempty"`
-	// Virtual Machine preferences profile.
-	// +kubebuilder:default:="ubuntu"
-	InstanceProfile string `json:"instanceProfile"`
-	// Virtual Machine instance type.
-	// +kubebuilder:default:="u1.medium"
-	InstanceType string `json:"instanceType"`
-	// Resource configuration for the virtual machine.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Requested running state of the VirtualMachineInstance
-	// +kubebuilder:default:="Always"
-	RunStrategy RunStrategy `json:"runStrategy"`
-	// List of SSH public keys for authentication.
-	// +kubebuilder:default:={}
-	SshKeys []string `json:"sshKeys,omitempty"`
-	// Additional subnets
-	// +kubebuilder:default:={}
-	Subnets []Subnet `json:"subnets,omitempty"`
-}
-
-type Disk struct {
-	// Disk bus type (e.g. "sata").
-	Bus string `json:"bus,omitempty"`
-	// Disk name.
-	Name string `json:"name"`
-}
-
-type Subnet struct {
-	// Subnet name
-	Name string `json:"name,omitempty"`
-}
-
-type GPU struct {
-	// The name of the GPU resource to attach.
-	Name string `json:"name"`
-}
-
-type Resources struct {
-	// Number of CPU cores allocated.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Amount of memory allocated.
-	Memory resource.Quantity `json:"memory,omitempty"`
-	// Number of CPU sockets (vCPU topology).
-	Sockets resource.Quantity `json:"sockets,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="Always";"Halted";"Manual";"RerunOnFailure";"Once"
-type RunStrategy string
-
-// +kubebuilder:validation:Enum="PortList";"WholeIP"
-type ExternalMethod string

api/apps/v1alpha1/vpc/types.go

@@ -1,31 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package vpc
-
-import (
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Subnets of a VPC
-	// +kubebuilder:default:={}
-	Subnets []Subnet `json:"subnets,omitempty"`
-}
-
-type Subnet struct {
-	// IP address range
-	Cidr string `json:"cidr,omitempty"`
-	// Subnet name
-	Name string `json:"name"`
-}

api/apps/v1alpha1/vpn/types.go

@@ -1,58 +0,0 @@
-// +kubebuilder:object:generate=true
-// +kubebuilder:object:root=true
-// +groupName=values.helm.io
-
-// +versionName=v1alpha1
-
-// Code generated by values-gen. DO NOT EDIT.
-package vpn
-
-import (
-	resource "k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type Config struct {
-	v1.TypeMeta   `json:",inline"`
-	v1.ObjectMeta `json:"metadata,omitempty"`
-	Spec          ConfigSpec `json:"spec,omitempty"`
-}
-
-type ConfigSpec struct {
-	// Enable external access from outside the cluster.
-	// +kubebuilder:default:=false
-	External bool `json:"external"`
-	// List of externalIPs for service. Optional. If not specified, will use LoadBalancer service by default.
-	// +kubebuilder:default:={}
-	ExternalIPs []string `json:"externalIPs,omitempty"`
-	// Host used to substitute into generated URLs.
-	// +kubebuilder:default:=""
-	Host string `json:"host"`
-	// Number of VPN server replicas.
-	// +kubebuilder:default:=2
-	Replicas int `json:"replicas"`
-	// Explicit CPU and memory configuration for each VPN server replica. When omitted, the preset defined in `resourcesPreset` is applied.
-	// +kubebuilder:default:={}
-	Resources Resources `json:"resources,omitempty"`
-	// Default sizing preset used when `resources` is omitted.
-	// +kubebuilder:default:="nano"
-	ResourcesPreset ResourcesPreset `json:"resourcesPreset"`
-	// Users configuration map.
-	// +kubebuilder:default:={}
-	Users map[string]User `json:"users,omitempty"`
-}
-
-type Resources struct {
-	// CPU available to each replica.
-	Cpu resource.Quantity `json:"cpu,omitempty"`
-	// Memory (RAM) available to each replica.
-	Memory resource.Quantity `json:"memory,omitempty"`
-}
-
-type User struct {
-	// Password for the user (autogenerated if not provided).
-	Password string `json:"password,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="nano";"micro";"small";"medium";"large";"xlarge";"2xlarge"
-type ResourcesPreset string

hack/update-codegen.sh

@@ -68,7 +68,7 @@ kube::codegen::gen_client \
     "${SCRIPT_ROOT}/pkg/apis"
 
 $CONTROLLER_GEN object:headerFile="hack/boilerplate.go.txt" paths="./api/..."
-$CONTROLLER_GEN rbac:roleName=manager-role crd paths="./api/..." output:crd:artifacts:config=${TMPDIR}
+$CONTROLLER_GEN rbac:roleName=manager-role crd paths="./api/..." output:crd:artifacts:config=${TMPDIR} 
 
 mv ${TMPDIR}/cozystack.io_packages.yaml ${OPERATOR_CRDDIR}/cozystack.io_packages.yaml
 mv ${TMPDIR}/cozystack.io_packagesources.yaml ${OPERATOR_CRDDIR}/cozystack.io_packagesources.yaml
@@ -80,6 +80,3 @@ mv ${TMPDIR}/backups.cozystack.io*.yaml ${BACKUPS_CORE_CRDDIR}/
 mv ${TMPDIR}/strategy.backups.cozystack.io*.yaml ${BACKUPSTRATEGY_CRDDIR}/
 
 mv ${TMPDIR}/*.yaml ${COZY_CONTROLLER_CRDDIR}/
-
-# Tidy dependencies for standalone api/apps/v1alpha1 submodule
-(cd "${SCRIPT_ROOT}/api/apps/v1alpha1" && go mod tidy)

hack/upload-assets.sh

@@ -14,4 +14,3 @@ gh release upload --clobber $version _out/assets/kernel-amd64
 gh release upload --clobber $version _out/assets/initramfs-metal-amd64.xz
 gh release upload --clobber $version _out/assets/cozypkg-*.tar.gz
 gh release upload --clobber $version _out/assets/cozypkg-checksums.txt
-gh release upload --clobber $version _out/assets/openapi.json

packages/apps/bucket/Makefile

@@ -1,5 +1,5 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'bucket' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/bucket/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/apps/clickhouse/Makefile

@@ -4,7 +4,7 @@ include ../../../hack/common-envs.mk
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'clickhouse' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/clickhouse/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh
 
 image:

packages/apps/foundationdb/Makefile

@@ -1,4 +1,4 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'foundationdb' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/foundationdb/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md

packages/apps/harbor/Makefile

@@ -3,5 +3,5 @@ NAME=harbor
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'harbor' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/harbor/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/apps/harbor/templates/httproute.yaml

@@ -0,0 +1,75 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
+{{- $gateway := .Values._namespace.gateway | default "" }}
+{{- $host := .Values._namespace.host }}
+{{- $harborHost := .Values.host | default (printf "%s.%s" .Release.Name $host) }}
+
+{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: {{ .Release.Name }}-harbor
+  annotations:
+    cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+    labels:
+      cozystack.io/gateway: {{ $gateway }}
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+    hostname: {{ $harborHost | quote }}
+    allowedRoutes:
+      namespaces:
+        from: Same
+  - name: https
+    protocol: HTTPS
+    port: 443
+    hostname: {{ $harborHost | quote }}
+    tls:
+      mode: Terminate
+      certificateRefs:
+      - name: {{ .Release.Name }}-harbor-gateway-tls
+    allowedRoutes:
+      namespaces:
+        from: Same
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ .Release.Name }}-harbor-redirect-to-https
+spec:
+  parentRefs:
+  - name: {{ .Release.Name }}-harbor
+    sectionName: http
+  hostnames:
+  - {{ $harborHost | quote }}
+  rules:
+  - filters:
+    - type: RequestRedirect
+      requestRedirect:
+        scheme: https
+        statusCode: 301
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ .Release.Name }}-harbor
+spec:
+  parentRefs:
+  - name: {{ .Release.Name }}-harbor
+    sectionName: https
+  hostnames:
+  - {{ $harborHost | quote }}
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: {{ .Release.Name }}
+      port: 80
+{{- end }}

packages/apps/http-cache/Makefile

@@ -17,7 +17,7 @@ image-nginx:
 	rm -f images/nginx-cache.json
 
 generate:
-	cozyvalues-gen -m 'httpcache' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/httpcache/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh
 
 update:

packages/apps/kafka/Makefile

@@ -2,5 +2,5 @@ include ../../../hack/package.mk
 PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]
 
 generate:
-	cozyvalues-gen -m 'kafka' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/kafka/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/apps/kubernetes/Makefile

@@ -5,7 +5,7 @@ include ../../../hack/common-envs.mk
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'kubernetes' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/kubernetes/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh
 
 update:

packages/apps/mariadb/Makefile

@@ -4,7 +4,7 @@ include ../../../hack/common-envs.mk
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'mariadb' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/mariadb/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh
 
 update:

packages/apps/mongodb/Makefile

@@ -3,7 +3,7 @@ include ../../../hack/package.mk
 .PHONY: generate update
 
 generate:
-	cozyvalues-gen -m 'mongodb' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/mongodb/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh
 
 update:

packages/apps/nats/Makefile

@@ -1,5 +1,5 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'nats' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/nats/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/apps/openbao/Makefile

@@ -1,5 +1,5 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'openbao' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/openbao/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/apps/postgres/Makefile

@@ -1,7 +1,7 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'postgresql' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/postgresql/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh
 
 update:

packages/apps/qdrant/Makefile

@@ -1,5 +1,5 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'qdrant' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/qdrant/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/apps/rabbitmq/Makefile

@@ -1,7 +1,7 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'rabbitmq' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/rabbitmq/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh
 
 update:

packages/apps/redis/Makefile

@@ -1,7 +1,7 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'redis' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/redis/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh
 
 update:

packages/apps/tcp-balancer/Makefile

@@ -1,5 +1,5 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'tcpbalancer' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/tcpbalancer/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/apps/tenant/Makefile

@@ -1,5 +1,5 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'tenant' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/tenant/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/apps/tenant/README.md

@@ -80,6 +80,7 @@ tenant-u1
 | `etcd`           | Deploy own Etcd cluster.                                                                                                   | `bool`                | `false` |
 | `monitoring`     | Deploy own Monitoring Stack.                                                                                               | `bool`                | `false` |
 | `ingress`        | Deploy own Ingress Controller.                                                                                             | `bool`                | `false` |
+| `gateway`        | Deploy own Gateway API gateway (separate LB for this tenant).                                                              | `bool`                | `false` |
 | `seaweedfs`      | Deploy own SeaweedFS.                                                                                                      | `bool`                | `false` |
 | `resourceQuotas` | Define resource quotas for the tenant.                                                                                     | `map[string]quantity` | `{}`    |
 

packages/apps/tenant/templates/namespace.yaml

@@ -29,6 +29,11 @@
 {{- $ingress = $tenantName }}
 {{- end }}
 
+{{- $gateway := $parentNamespace.gateway | default "" }}
+{{- if .Values.gateway }}
+{{- $gateway = $tenantName }}
+{{- end }}
+
 {{- $monitoring := $parentNamespace.monitoring | default "" }}
 {{- if .Values.monitoring }}
 {{- $monitoring = $tenantName }}
@@ -55,6 +60,7 @@ metadata:
     {{/* Labels for network policies */}}
     namespace.cozystack.io/etcd: {{ $etcd | quote }}
     namespace.cozystack.io/ingress: {{ $ingress | quote }}
+    namespace.cozystack.io/gateway: {{ $gateway | quote }}
     namespace.cozystack.io/monitoring: {{ $monitoring | quote }}
     namespace.cozystack.io/seaweedfs: {{ $seaweedfs | quote }}
     namespace.cozystack.io/host: {{ $computedHost | quote }}
@@ -83,6 +89,7 @@ stringData:
     _namespace:
       etcd: {{ $etcd | quote }}
       ingress: {{ $ingress | quote }}
+      gateway: {{ $gateway | quote }}
       monitoring: {{ $monitoring | quote }}
       seaweedfs: {{ $seaweedfs | quote }}
       host: {{ $computedHost | quote }}

packages/apps/tenant/values.schema.json

@@ -7,6 +7,11 @@
       "type": "boolean",
       "default": false
     },
+    "gateway": {
+      "description": "Deploy own Gateway API gateway (separate LB for this tenant).",
+      "type": "boolean",
+      "default": false
+    },
     "host": {
       "description": "The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host).",
       "type": "string",

packages/apps/tenant/values.yaml

@@ -14,6 +14,9 @@ monitoring: false
 ## @param {bool} ingress - Deploy own Ingress Controller.
 ingress: false
 
+## @param {bool} gateway - Deploy own Gateway API gateway (separate LB for this tenant).
+gateway: false
+
 ## @param {bool} seaweedfs - Deploy own SeaweedFS.
 seaweedfs: false
 

packages/apps/vm-disk/Makefile

@@ -1,5 +1,5 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'vmdisk' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/vmdisk/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/apps/vm-instance/Makefile

@@ -1,7 +1,7 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'vminstance' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/vminstance/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	#INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
 	#  && yq -i -o json ".properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
 	PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \

packages/apps/vpc/Makefile

@@ -1,7 +1,7 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'vpc' -v values.yaml -s values.schema.json -g ../../../api/apps/v1alpha1/vpc/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json
 	../../../hack/update-crd.sh
 
 update:

packages/apps/vpn/Makefile

@@ -1,5 +1,5 @@
 include ../../../hack/package.mk
 
 generate:
-	cozyvalues-gen -m 'vpn' -v values.yaml -s values.schema.json -r README.md -g ../../../api/apps/v1alpha1/vpn/types.go
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	../../../hack/update-crd.sh

packages/core/platform/sources/cozystack-gateway.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: PackageSource
+metadata:
+  name: cozystack.cozystack-gateway
+spec:
+  sourceRef:
+    kind: OCIRepository
+    name: cozystack-packages
+    namespace: cozy-system
+    path: /
+  variants:
+  - name: default
+    dependsOn:
+    - cozystack.networking
+    - cozystack.cert-manager
+    components:
+    - name: cozystack-gateway
+      path: system/cozystack-gateway
+      install:
+        namespace: cozy-gateway
+        releaseName: cozystack-gateway

packages/core/platform/sources/networking.yaml

@@ -15,6 +15,12 @@ spec:
   - name: cilium
     dependsOn: []
     components:
+    - name: gateway-api-crds
+      path: system/gateway-api-crds
+      install:
+        namespace: cozy-gateway-api-crds
+        releaseName: gateway-api-crds
+        dependsOn: []
     - name: cilium
       path: system/cilium
       valuesFiles:
@@ -24,7 +30,8 @@ spec:
         privileged: true
         namespace: cozy-cilium
         releaseName: cilium
-        dependsOn: []
+        dependsOn:
+        - gateway-api-crds
     - name: cilium-networkpolicy
       path: system/cilium-networkpolicy
       install:
@@ -36,6 +43,12 @@ spec:
   - name: cilium-kilo
     dependsOn: []
     components:
+    - name: gateway-api-crds
+      path: system/gateway-api-crds
+      install:
+        namespace: cozy-gateway-api-crds
+        releaseName: gateway-api-crds
+        dependsOn: []
     - name: cilium
       path: system/cilium
       valuesFiles:
@@ -46,7 +59,8 @@ spec:
         privileged: true
         namespace: cozy-cilium
         releaseName: cilium
-        dependsOn: []
+        dependsOn:
+        - gateway-api-crds
     - name: kilo
       path: system/kilo
       valuesFiles:
@@ -62,6 +76,12 @@ spec:
   - name: cilium-generic
     dependsOn: []
     components:
+    - name: gateway-api-crds
+      path: system/gateway-api-crds
+      install:
+        namespace: cozy-gateway-api-crds
+        releaseName: gateway-api-crds
+        dependsOn: []
     - name: cilium
       path: system/cilium
       valuesFiles:
@@ -70,7 +90,8 @@ spec:
         privileged: true
         namespace: cozy-cilium
         releaseName: cilium
-        dependsOn: []
+        dependsOn:
+        - gateway-api-crds
     - name: cilium-networkpolicy
       path: system/cilium-networkpolicy
       install:
@@ -82,6 +103,12 @@ spec:
   - name: kubeovn-cilium
     dependsOn: []
     components:
+    - name: gateway-api-crds
+      path: system/gateway-api-crds
+      install:
+        namespace: cozy-gateway-api-crds
+        releaseName: gateway-api-crds
+        dependsOn: []
     - name: cilium
       path: system/cilium
       valuesFiles:
@@ -92,7 +119,8 @@ spec:
         privileged: true
         namespace: cozy-cilium
         releaseName: cilium
-        dependsOn: []
+        dependsOn:
+        - gateway-api-crds
     - name: cilium-networkpolicy
       path: system/cilium-networkpolicy
       install:
@@ -113,6 +141,12 @@ spec:
   - name: kubeovn-cilium-generic
     dependsOn: []
     components:
+    - name: gateway-api-crds
+      path: system/gateway-api-crds
+      install:
+        namespace: cozy-gateway-api-crds
+        releaseName: gateway-api-crds
+        dependsOn: []
     - name: cilium
       path: system/cilium
       valuesFiles:
@@ -122,7 +156,8 @@ spec:
         privileged: true
         namespace: cozy-cilium
         releaseName: cilium
-        dependsOn: []
+        dependsOn:
+        - gateway-api-crds
     - name: cilium-networkpolicy
       path: system/cilium-networkpolicy
       install:

packages/core/platform/templates/apps.yaml

@@ -39,6 +39,13 @@ stringData:
       scheduling:
         {{- . | toYaml | nindent 8 }}
       {{- end }}
+      gateway-api: {{ .Values.gateway.gatewayAPI | quote }}
+      gateway-name: {{ .Values.gateway.name | quote }}
+      gateway-namespace: {{ .Values.gateway.namespace | quote }}
+      {{- with .Values.publishing.hostnames }}
+      hostnames:
+        {{- . | toYaml | nindent 8 }}
+      {{- end }}
       {{- with $kubeRootCa.data }}
       kube-root-ca: {{ index . "ca.crt" | b64enc | quote }}
       {{- end }}

packages/core/platform/templates/bundles/system.yaml

@@ -16,10 +16,14 @@
 {{- $kubeovnValues := dict "kube-ovn" $kubeovnDict -}}
 {{- $_ := set $networkingComponents "kubeovn" (dict "values" $kubeovnValues) -}}
 {{- /* For Talos (isp-full): use KubePrism endpoint and disable cgroup autoMount */ -}}
-{{- $ciliumValues := dict "cilium" (dict
+{{- $ciliumDict := dict
   "k8sServiceHost" "localhost"
   "k8sServicePort" "7445"
-  "cgroup" (dict "autoMount" (dict "enabled" false))) -}}
+  "cgroup" (dict "autoMount" (dict "enabled" false)) -}}
+{{- if .Values.gateway.gatewayAPI -}}
+{{- $_ := set $ciliumDict "gatewayAPI" (dict "enabled" true) -}}
+{{- end -}}
+{{- $ciliumValues := dict "cilium" $ciliumDict -}}
 {{- $_ := set $networkingComponents "cilium" (dict "values" $ciliumValues) -}}
 {{- end -}}
 {{include "cozystack.platform.package" (list "cozystack.networking" "kubeovn-cilium" $ $networkingComponents) }}
@@ -83,10 +87,14 @@
 {{- $kubeovnValues := dict "kube-ovn" $kubeovnDict -}}
 {{- $_ := set $networkingComponents "kubeovn" (dict "values" $kubeovnValues) -}}
 {{- /* Cilium configuration - for generic k8s, always enable cgroup autoMount */ -}}
-{{- $ciliumValues := dict "cilium" (dict
+{{- $ciliumDict := dict
   "k8sServiceHost" $apiHost
   "k8sServicePort" $apiPort
-  "cgroup" (dict "autoMount" (dict "enabled" true))) -}}
+  "cgroup" (dict "autoMount" (dict "enabled" true)) -}}
+{{- if .Values.gateway.gatewayAPI -}}
+{{- $_ := set $ciliumDict "gatewayAPI" (dict "enabled" true) -}}
+{{- end -}}
+{{- $ciliumValues := dict "cilium" $ciliumDict -}}
 {{- $_ := set $networkingComponents "cilium" (dict "values" $ciliumValues) -}}
 {{- end -}}
 {{- /* Use kubeovn-cilium-generic variant (no values-talos.yaml) */ -}}
@@ -118,7 +126,15 @@
 {{- end }}
 
 # Common Packages
-{{include "cozystack.platform.package.default" (list "cozystack.cert-manager" $) }}
+{{- $certManagerComponents := dict -}}
+{{- if .Values.gateway.gatewayAPI -}}
+{{- $certManagerValues := dict "cert-manager" (dict "config" (dict "enableGatewayAPI" true)) -}}
+{{- $_ := set $certManagerComponents "cert-manager" (dict "values" $certManagerValues) -}}
+{{- end -}}
+{{include "cozystack.platform.package" (list "cozystack.cert-manager" "default" $ $certManagerComponents) }}
+{{- if .Values.gateway.gatewayAPI }}
+{{include "cozystack.platform.package.default" (list "cozystack.cozystack-gateway" $) }}
+{{- end }}
 {{include "cozystack.platform.package.default" (list "cozystack.flux-plunger" $) }}
 {{include "cozystack.platform.package.default" (list "cozystack.victoria-metrics-operator" $) }}
 {{- $tenantComponents := dict -}}
@@ -148,7 +164,16 @@
 # Optional System Packages (controlled via bundles.enabledPackages)
 {{include "cozystack.platform.package.optional.default" (list "cozystack.nfs-driver" $) }}
 {{include "cozystack.platform.package.optional.default" (list "cozystack.telepresence" $) }}
-{{include "cozystack.platform.package.optional.default" (list "cozystack.external-dns" $) }}
+{{- $externalDnsComponents := dict -}}
+{{- if .Values.gateway.gatewayAPI -}}
+{{- $externalDnsValues := dict "external-dns" (dict "sources" (list "service" "ingress" "gateway-httproute")) -}}
+{{- $_ := set $externalDnsComponents "external-dns" (dict "values" $externalDnsValues) -}}
+{{- end -}}
+{{- $disabled := default (list) .Values.bundles.disabledPackages -}}
+{{- $enabled := default (list) .Values.bundles.enabledPackages -}}
+{{- if and (has "cozystack.external-dns" $enabled) (not (has "cozystack.external-dns" $disabled)) -}}
+{{include "cozystack.platform.package" (list "cozystack.external-dns" "default" $ $externalDnsComponents) }}
+{{- end }}
 {{include "cozystack.platform.package.optional.default" (list "cozystack.external-dns-application" $) }}
 {{include "cozystack.platform.package.optional.default" (list "cozystack.external-secrets-operator" $) }}
 {{- if has "cozystack.bootbox" (default (list) .Values.bundles.enabledPackages) }}

packages/core/platform/values.yaml

@@ -34,6 +34,16 @@ networking:
   # Set this to comma-separated list of master node IPs to override.
   kubeovn:
     MASTER_NODES: ""
+# Gateway configuration
+# ingress and gatewayAPI can be enabled independently;
+# future work will wire gateway.ingress into ingress controller selection
+gateway:
+  ingress: true
+  gatewayAPI: false
+  # Gateway name and namespace for system-level Gateway resource
+  # Components reference this Gateway via parentRefs
+  name: cozystack
+  namespace: cozy-gateway
 # Service publishing and ingress configuration
 publishing:
   host: "example.org"
@@ -43,6 +53,15 @@ publishing:
     - dashboard
     - vm-exportproxy
     - cdi-uploadproxy
+  # Hostname overrides for system services
+  # By default, hostname = {service-name}.{host}
+  # Override individual hostnames when the convention doesn't fit
+  #
+  # Example:
+  # hostnames:
+  #   keycloak: "auth.example.org"
+  #   dashboard: "panel.example.org"
+  hostnames: {}
   apiServerEndpoint: "" # example: "https://api.example.org"
   externalIPs: []
   certificates:

packages/extra/bootbox/templates/matchbox/httproute.yaml

@@ -0,0 +1,75 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
+{{- $gateway := .Values._namespace.gateway | default "" }}
+{{- $host := .Values._namespace.host }}
+{{- $bootboxHost := printf "bootbox.%s" (.Values.host | default $host) }}
+
+{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: bootbox
+  annotations:
+    cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+    labels:
+      cozystack.io/gateway: {{ $gateway }}
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+    hostname: {{ $bootboxHost | quote }}
+    allowedRoutes:
+      namespaces:
+        from: Same
+  - name: https
+    protocol: HTTPS
+    port: 443
+    hostname: {{ $bootboxHost | quote }}
+    tls:
+      mode: Terminate
+      certificateRefs:
+      - name: bootbox-gateway-tls
+    allowedRoutes:
+      namespaces:
+        from: Same
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: bootbox-redirect-to-https
+spec:
+  parentRefs:
+  - name: bootbox
+    sectionName: http
+  hostnames:
+  - {{ $bootboxHost | quote }}
+  rules:
+  - filters:
+    - type: RequestRedirect
+      requestRedirect:
+        scheme: https
+        statusCode: 301
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: bootbox
+spec:
+  parentRefs:
+  - name: bootbox
+    sectionName: https
+  hostnames:
+  - {{ $bootboxHost | quote }}
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: bootbox
+      port: 8080
+{{- end }}

packages/extra/seaweedfs/templates/tlsroute.yaml

@@ -0,0 +1,41 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $gateway := .Values._namespace.gateway | default "" }}
+{{- $host := .Values._namespace.host }}
+
+{{- if and (eq $gatewayAPI "true") (ne $gateway "") (not (eq .Values.topology "Client")) (.Values.filer.grpcHost) }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: seaweedfs-filer
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+    labels:
+      cozystack.io/gateway: {{ $gateway }}
+  listeners:
+  - name: tls-passthrough
+    protocol: TLS
+    port: 443
+    hostname: {{ .Values.filer.grpcHost | default (printf "filer.%s" $host) | quote }}
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: Same
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: TLSRoute
+metadata:
+  name: seaweedfs-filer
+spec:
+  parentRefs:
+  - name: seaweedfs-filer
+    sectionName: tls-passthrough
+  hostnames:
+  - {{ .Values.filer.grpcHost | default (printf "filer.%s" $host) | quote }}
+  rules:
+  - backendRefs:
+    - name: {{ $.Release.Name }}-filer-external
+      port: 18888
+{{- end }}

packages/system/bucket/templates/httproute.yaml

@@ -0,0 +1,75 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
+{{- $gateway := .Values._namespace.gateway | default "" }}
+{{- $host := .Values._namespace.host }}
+{{- $bucketHost := printf "%s.%s" .Values.bucketName $host }}
+
+{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: {{ .Values.bucketName }}-ui
+  annotations:
+    cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+    labels:
+      cozystack.io/gateway: {{ $gateway }}
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+    hostname: {{ $bucketHost | quote }}
+    allowedRoutes:
+      namespaces:
+        from: Same
+  - name: https
+    protocol: HTTPS
+    port: 443
+    hostname: {{ $bucketHost | quote }}
+    tls:
+      mode: Terminate
+      certificateRefs:
+      - name: {{ .Values.bucketName }}-ui-gateway-tls
+    allowedRoutes:
+      namespaces:
+        from: Same
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ .Values.bucketName }}-ui-redirect-to-https
+spec:
+  parentRefs:
+  - name: {{ .Values.bucketName }}-ui
+    sectionName: http
+  hostnames:
+  - {{ $bucketHost | quote }}
+  rules:
+  - filters:
+    - type: RequestRedirect
+      requestRedirect:
+        scheme: https
+        statusCode: 301
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ .Values.bucketName }}-ui
+spec:
+  parentRefs:
+  - name: {{ .Values.bucketName }}-ui
+    sectionName: https
+  hostnames:
+  - {{ $bucketHost | quote }}
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: {{ .Values.bucketName }}-ui
+      port: 8080
+{{- end }}

packages/system/cert-manager/values.yaml

@@ -0,0 +1 @@
+cert-manager: {}

packages/system/cozystack-api/templates/api-tlsroute.yaml

@@ -0,0 +1,25 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $host := index .Values._cluster "root-host" }}
+{{- $hostnames := .Values._cluster.hostnames | default dict }}
+{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
+{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
+{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
+
+{{- if and (eq $gatewayAPI "true") (has "api" $exposeServices) }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: TLSRoute
+metadata:
+  name: kubernetes-api
+  namespace: default
+spec:
+  parentRefs:
+  - name: {{ $gatewayName }}
+    namespace: {{ $gatewayNamespace }}
+    sectionName: tls-passthrough-api
+  hostnames:
+  - {{ index $hostnames "api" | default (printf "api.%s" $host) | quote }}
+  rules:
+  - backendRefs:
+    - name: kubernetes
+      port: 443
+{{- end }}

packages/system/cozystack-basics/templates/cozystack-values-secret.yaml

@@ -16,5 +16,6 @@ stringData:
       host: {{ index .Values._cluster "root-host" | quote }}
       etcd: tenant-root
       ingress: tenant-root
+      gateway: tenant-root
       monitoring: tenant-root
       seaweedfs: tenant-root

packages/system/cozystack-gateway/Chart.yaml

@@ -0,0 +1,3 @@
+apiVersion: v2
+name: cozy-cozystack-gateway
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/cozystack-gateway/templates/gateway.yaml

@@ -0,0 +1,99 @@
+{{- $rootHost := index .Values._cluster "root-host" }}
+{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
+{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
+{{- $oidcEnabled := (index .Values._cluster "oidc-enabled") | default "false" }}
+{{- $hostnames := .Values._cluster.hostnames | default dict }}
+{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: {{ $gatewayName }}
+  annotations:
+    cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+    labels:
+      cozystack.io/gateway: tenant-root
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+    allowedRoutes:
+      namespaces:
+        from: All
+  {{- if has "dashboard" $exposeServices }}
+  - name: https-dashboard
+    protocol: HTTPS
+    port: 443
+    hostname: {{ index $hostnames "dashboard" | default (printf "dashboard.%s" $rootHost) | quote }}
+    tls:
+      mode: Terminate
+      certificateRefs:
+      - name: gateway-dashboard-tls
+    allowedRoutes:
+      namespaces:
+        from: All
+  {{- end }}
+  {{- if eq $oidcEnabled "true" }}
+  - name: https-keycloak
+    protocol: HTTPS
+    port: 443
+    hostname: {{ index $hostnames "keycloak" | default (printf "keycloak.%s" $rootHost) | quote }}
+    tls:
+      mode: Terminate
+      certificateRefs:
+      - name: gateway-keycloak-tls
+    allowedRoutes:
+      namespaces:
+        from: All
+  {{- end }}
+  {{- if has "api" $exposeServices }}
+  - name: tls-passthrough-api
+    protocol: TLS
+    port: 443
+    hostname: {{ index $hostnames "api" | default (printf "api.%s" $rootHost) | quote }}
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: All
+  {{- end }}
+  {{- if has "vm-exportproxy" $exposeServices }}
+  - name: tls-passthrough-vm-exportproxy
+    protocol: TLS
+    port: 443
+    hostname: {{ index $hostnames "vm-exportproxy" | default (printf "vm-exportproxy.%s" $rootHost) | quote }}
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: All
+  {{- end }}
+  {{- if has "cdi-uploadproxy" $exposeServices }}
+  - name: tls-passthrough-cdi-uploadproxy
+    protocol: TLS
+    port: 443
+    hostname: {{ index $hostnames "cdi-uploadproxy" | default (printf "cdi-uploadproxy.%s" $rootHost) | quote }}
+    tls:
+      mode: Passthrough
+    allowedRoutes:
+      namespaces:
+        from: All
+  {{- end }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ $gatewayName }}-redirect-to-https
+spec:
+  parentRefs:
+  - name: {{ $gatewayName }}
+    sectionName: http
+  rules:
+  - filters:
+    - type: RequestRedirect
+      requestRedirect:
+        scheme: https
+        statusCode: 301

packages/system/cozystack-gateway/values.yaml

@@ -0,0 +1 @@
+_cluster: {}

packages/system/dashboard/templates/httproute.yaml

@@ -0,0 +1,28 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $host := index .Values._cluster "root-host" }}
+{{- $hostnames := .Values._cluster.hostnames | default dict }}
+{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
+{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
+{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
+
+{{- if and (eq $gatewayAPI "true") (has "dashboard" $exposeServices) }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: dashboard-web
+spec:
+  parentRefs:
+  - name: {{ $gatewayName }}
+    namespace: {{ $gatewayNamespace }}
+    sectionName: https-dashboard
+  hostnames:
+  - {{ index $hostnames "dashboard" | default (printf "dashboard.%s" $host) | quote }}
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: incloud-web-gatekeeper
+      port: 8000
+{{- end }}

packages/system/gateway-api-crds/Makefile

@@ -6,4 +6,4 @@ include ../../../hack/package.mk
 update:
 	rm -rf templates
 	mkdir templates
-	kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.2.0" > templates/crds-experimental.yaml
+	kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.5.0" > templates/crds-experimental.yaml

packages/system/keycloak/templates/httproute.yaml

@@ -0,0 +1,30 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $host := index .Values._cluster "root-host" }}
+{{- $hostnames := .Values._cluster.hostnames | default dict }}
+{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
+{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
+{{- $keycloakHost := .Values.ingress.host | default (index $hostnames "keycloak") | default (printf "keycloak.%s" $host) }}
+
+{{- $oidcEnabled := (index .Values._cluster "oidc-enabled") | default "false" }}
+
+{{- if and (eq $gatewayAPI "true") (eq $oidcEnabled "true") }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: keycloak
+spec:
+  parentRefs:
+  - name: {{ $gatewayName }}
+    namespace: {{ $gatewayNamespace }}
+    sectionName: https-keycloak
+  hostnames:
+  - {{ $keycloakHost | quote }}
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: keycloak-http
+      port: 80
+{{- end }}

packages/system/kubevirt-cdi/templates/cdi-uploadproxy-tlsroute.yaml

@@ -0,0 +1,24 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $host := index .Values._cluster "root-host" }}
+{{- $hostnames := .Values._cluster.hostnames | default dict }}
+{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
+{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
+{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
+
+{{- if and (eq $gatewayAPI "true") (has "cdi-uploadproxy" $exposeServices) }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: TLSRoute
+metadata:
+  name: cdi-uploadproxy
+spec:
+  parentRefs:
+  - name: {{ $gatewayName }}
+    namespace: {{ $gatewayNamespace }}
+    sectionName: tls-passthrough-cdi-uploadproxy
+  hostnames:
+  - {{ index $hostnames "cdi-uploadproxy" | default (printf "cdi-uploadproxy.%s" $host) | quote }}
+  rules:
+  - backendRefs:
+    - name: cdi-uploadproxy
+      port: 443
+{{- end }}

packages/system/kubevirt/templates/vm-exportproxy-tlsroute.yaml

@@ -0,0 +1,24 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $host := index .Values._cluster "root-host" }}
+{{- $hostnames := .Values._cluster.hostnames | default dict }}
+{{- $exposeServices := splitList "," ((index .Values._cluster "expose-services") | default "") }}
+{{- $gatewayName := (index .Values._cluster "gateway-name") | default "cozystack" }}
+{{- $gatewayNamespace := (index .Values._cluster "gateway-namespace") | default "cozy-gateway" }}
+
+{{- if and (eq $gatewayAPI "true") (has "vm-exportproxy" $exposeServices) }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: TLSRoute
+metadata:
+  name: vm-exportproxy
+spec:
+  parentRefs:
+  - name: {{ $gatewayName }}
+    namespace: {{ $gatewayNamespace }}
+    sectionName: tls-passthrough-vm-exportproxy
+  hostnames:
+  - {{ index $hostnames "vm-exportproxy" | default (printf "vm-exportproxy.%s" $host) | quote }}
+  rules:
+  - backendRefs:
+    - name: vm-exportproxy
+      port: 443
+{{- end }}

packages/system/monitoring/templates/alerta/httproute.yaml

@@ -0,0 +1,75 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
+{{- $gateway := .Values._namespace.gateway | default "" }}
+{{- $host := .Values._namespace.host }}
+{{- $alertaHost := printf "alerta.%s" (.Values.host | default $host) }}
+
+{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: alerta
+  annotations:
+    cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+    labels:
+      cozystack.io/gateway: {{ $gateway }}
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+    hostname: {{ $alertaHost | quote }}
+    allowedRoutes:
+      namespaces:
+        from: Same
+  - name: https
+    protocol: HTTPS
+    port: 443
+    hostname: {{ $alertaHost | quote }}
+    tls:
+      mode: Terminate
+      certificateRefs:
+      - name: alerta-gateway-tls
+    allowedRoutes:
+      namespaces:
+        from: Same
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: alerta-redirect-to-https
+spec:
+  parentRefs:
+  - name: alerta
+    sectionName: http
+  hostnames:
+  - {{ $alertaHost | quote }}
+  rules:
+  - filters:
+    - type: RequestRedirect
+      requestRedirect:
+        scheme: https
+        statusCode: 301
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: alerta
+spec:
+  parentRefs:
+  - name: alerta
+    sectionName: https
+  hostnames:
+  - {{ $alertaHost | quote }}
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: alerta
+      port: 80
+{{- end }}

packages/system/monitoring/templates/grafana/httproute.yaml

@@ -0,0 +1,75 @@
+{{- $gatewayAPI := (index .Values._cluster "gateway-api") | default "false" }}
+{{- $clusterIssuer := (index .Values._cluster "issuer-name") | default "letsencrypt-prod" }}
+{{- $gateway := .Values._namespace.gateway | default "" }}
+{{- $host := .Values._namespace.host }}
+{{- $grafanaHost := printf "grafana.%s" (.Values.host | default $host) }}
+
+{{- if and (eq $gatewayAPI "true") (ne $gateway "") }}
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: grafana
+  annotations:
+    cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
+spec:
+  gatewayClassName: cilium
+  infrastructure:
+    labels:
+      cozystack.io/gateway: {{ $gateway }}
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+    hostname: {{ $grafanaHost | quote }}
+    allowedRoutes:
+      namespaces:
+        from: Same
+  - name: https
+    protocol: HTTPS
+    port: 443
+    hostname: {{ $grafanaHost | quote }}
+    tls:
+      mode: Terminate
+      certificateRefs:
+      - name: grafana-gateway-tls
+    allowedRoutes:
+      namespaces:
+        from: Same
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: grafana-redirect-to-https
+spec:
+  parentRefs:
+  - name: grafana
+    sectionName: http
+  hostnames:
+  - {{ $grafanaHost | quote }}
+  rules:
+  - filters:
+    - type: RequestRedirect
+      requestRedirect:
+        scheme: https
+        statusCode: 301
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: grafana
+spec:
+  parentRefs:
+  - name: grafana
+    sectionName: https
+  hostnames:
+  - {{ $grafanaHost | quote }}
+  rules:
+  - matches:
+    - path:
+        type: PathPrefix
+        value: /
+    backendRefs:
+    - name: grafana-service
+      port: 3000
+{{- end }}

packages/system/tenant-rd/cozyrds/tenant.yaml

@@ -8,7 +8,7 @@ spec:
     singular: tenant
     plural: tenants
     openAPISchema: |-
-      {"title":"Chart Values","type":"object","properties":{"etcd":{"description":"Deploy own Etcd cluster.","type":"boolean","default":false},"host":{"description":"The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host).","type":"string","default":""},"ingress":{"description":"Deploy own Ingress Controller.","type":"boolean","default":false},"monitoring":{"description":"Deploy own Monitoring Stack.","type":"boolean","default":false},"resourceQuotas":{"description":"Define resource quotas for the tenant.","type":"object","default":{},"additionalProperties":{"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}},"seaweedfs":{"description":"Deploy own SeaweedFS.","type":"boolean","default":false}}}
+      {"title":"Chart Values","type":"object","properties":{"etcd":{"description":"Deploy own Etcd cluster.","type":"boolean","default":false},"gateway":{"description":"Deploy own Gateway API gateway (separate LB for this tenant).","type":"boolean","default":false},"host":{"description":"The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host).","type":"string","default":""},"ingress":{"description":"Deploy own Ingress Controller.","type":"boolean","default":false},"monitoring":{"description":"Deploy own Monitoring Stack.","type":"boolean","default":false},"resourceQuotas":{"description":"Define resource quotas for the tenant.","type":"object","default":{},"additionalProperties":{"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}},"seaweedfs":{"description":"Deploy own SeaweedFS.","type":"boolean","default":false}}}
   release:
     prefix: tenant-
     labels:
@@ -23,7 +23,7 @@ spec:
     plural: Tenants
     description: Separated tenant namespace
     icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQwMykiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDAzKSI+CjxwYXRoIGQ9Ik03MiAyOUM2Ni4zOTI2IDI5IDYxLjAxNDggMzEuMjM4OCA1Ny4wNDk3IDM1LjIyNEM1My4wODQ3IDM5LjIwOTEgNTAuODU3MSA0NC42MTQxIDUwLjg1NzEgNTAuMjVDNTAuODU3MSA1NS44ODU5IDUzLjA4NDcgNjEuMjkwOSA1Ny4wNDk3IDY1LjI3NkM2MS4wMTQ4IDY5LjI2MTIgNjYuMzkyNiA3MS41IDcyIDcxLjVDNzcuNjA3NCA3MS41IDgyLjk4NTIgNjkuMjYxMiA4Ni45NTAzIDY1LjI3NkM5MC45MTUzIDYxLjI5MDkgOTMuMTQyOSA1NS44ODU5IDkzLjE0MjkgNTAuMjVDOTMuMTQyOSA0NC42MTQxIDkwLjkxNTMgMzkuMjA5MSA4Ni45NTAzIDM1LjIyNEM4Mi45ODUyIDMxLjIzODggNzcuNjA3NCAyOSA3MiAyOVpNNjAuOTgyNiA4My4zMDM3QzYwLjQ1NCA4Mi41ODk4IDU5LjU5NTEgODIuMTkxNCA1OC43MTk2IDgyLjI3NDRDNDUuMzg5NyA4My43MzU0IDM1IDk1LjEwNzQgMzUgMTA4LjkwM0MzNSAxMTEuNzI2IDM3LjI3OTUgMTE0IDQwLjA3MSAxMTRIMTAzLjkyOUMxMDYuNzM3IDExNCAxMDkgMTExLjcwOSAxMDkgMTA4LjkwM0MxMDkgOTUuMTA3NCA5OC42MTAzIDgzLjc1MiA4NS4yNjM4IDgyLjI5MUM4NC4zODg0IDgyLjE5MTQgODMuNTI5NSA4Mi42MDY0IDgzLjAwMDkgODMuMzIwM0w3NC4wOTc4IDk1LjI0MDJDNzMuMDQwNiA5Ni42NTE0IDcwLjkyNjMgOTYuNjUxNCA2OS44NjkyIDk1LjI0MDJMNjAuOTY2MSA4My4zMjAzTDYwLjk4MjYgODMuMzAzN1oiIGZpbGw9ImJsYWNrIi8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODdfMzQwMyIgeDE9IjcyIiB5MT0iMTQ0IiB4Mj0iLTEuMjgxN2UtMDUiIHkyPSI0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNDMEQ2RkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjMiIHN0b3AtY29sb3I9IiNDNERBRkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjY1IiBzdG9wLWNvbG9yPSIjRDNFOUZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0U5RkZGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzY4N18zNDAzIj4KPHJlY3Qgd2lkdGg9Ijc0IiBoZWlnaHQ9Ijg1IiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzUgMjkpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg==
-    keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "etcd"], ["spec", "monitoring"], ["spec", "ingress"], ["spec", "seaweedfs"], ["spec", "resourceQuotas"]]
+    keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "etcd"], ["spec", "monitoring"], ["spec", "ingress"], ["spec", "gateway"], ["spec", "seaweedfs"], ["spec", "resourceQuotas"]]
   secrets:
     exclude: []
     include: []

tools/openapi-gen/main.go

@@ -1,245 +0,0 @@
-// Copyright 2024 The Cozystack Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Command openapi-gen assembles the OpenAPI v3 spec for apps.cozystack.io from
-// ApplicationDefinition YAML files in the repository.
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"path/filepath"
-	"sort"
-	"strings"
-
-	cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
-	sampleopenapi "github.com/cozystack/cozystack/pkg/generated/openapi"
-	"k8s.io/kube-openapi/pkg/validation/spec"
-	"sigs.k8s.io/yaml"
-)
-
-const apiPrefix = "com.github.cozystack.cozystack.pkg.apis.apps.v1alpha1"
-
-func main() {
-	if err := run(); err != nil {
-		fmt.Fprintf(os.Stderr, "error: %v\n", err)
-		os.Exit(1)
-	}
-}
-
-func run() error {
-	// Find all ApplicationDefinition YAML files
-	pattern := "packages/system/*-rd/cozyrds/*.yaml"
-	matches, err := filepath.Glob(pattern)
-	if err != nil {
-		return fmt.Errorf("glob %q: %w", pattern, err)
-	}
-	if len(matches) == 0 {
-		return fmt.Errorf("no files matched %q — run from repo root", pattern)
-	}
-
-	// Parse ApplicationDefinitions and build kindSchemas map
-	kindSchemas := map[string]string{}
-	for _, path := range matches {
-		data, err := os.ReadFile(path)
-		if err != nil {
-			return fmt.Errorf("read %s: %w", path, err)
-		}
-		var appDef cozyv1alpha1.ApplicationDefinition
-		if err := yaml.Unmarshal(data, &appDef); err != nil {
-			return fmt.Errorf("parse %s: %w", path, err)
-		}
-		kind := appDef.Spec.Application.Kind
-		schema := appDef.Spec.Application.OpenAPISchema
-		if kind == "" || schema == "" {
-			continue
-		}
-		kindSchemas[kind] = schema
-	}
-
-	if len(kindSchemas) == 0 {
-		return fmt.Errorf("no ApplicationDefinitions with kind+schema found")
-	}
-
-	// Get base OpenAPI definitions (Application, ApplicationList, ApplicationStatus + k8s types)
-	defs := sampleopenapi.GetOpenAPIDefinitions(func(path string) spec.Ref {
-		name := sanitizeName(path)
-		return spec.MustCreateRef("#/components/schemas/" + name)
-	})
-
-	// Build schemas map
-	schemas := map[string]*spec.Schema{}
-	for path, def := range defs {
-		name := sanitizeName(path)
-		s := def.Schema
-		schemas[name] = &s
-	}
-
-	baseRef := apiPrefix + ".Application"
-	baseListRef := apiPrefix + ".ApplicationList"
-	baseStatusRef := apiPrefix + ".ApplicationStatus"
-
-	base, ok1 := schemas[baseRef]
-	baseList, ok2 := schemas[baseListRef]
-	baseStat, ok3 := schemas[baseStatusRef]
-	if !ok1 || !ok2 || !ok3 {
-		return fmt.Errorf("base Application schemas not found in GetOpenAPIDefinitions output")
-	}
-
-	// For each kind, clone base schemas and inject per-kind spec
-	for kind, rawSchema := range kindSchemas {
-		ref := apiPrefix + "." + kind
-		statusRef := ref + "Status"
-		listRef := ref + "List"
-
-		obj := deepCopySchema(base)
-		status := deepCopySchema(baseStat)
-		list := deepCopySchema(baseList)
-
-		// Set x-kubernetes-group-version-kind
-		obj.Extensions = map[string]interface{}{
-			"x-kubernetes-group-version-kind": []interface{}{
-				map[string]interface{}{"group": "apps.cozystack.io", "version": "v1alpha1", "kind": kind},
-			},
-		}
-		list.Extensions = map[string]interface{}{
-			"x-kubernetes-group-version-kind": []interface{}{
-				map[string]interface{}{"group": "apps.cozystack.io", "version": "v1alpha1", "kind": kind + "List"},
-			},
-		}
-
-		// Fix refs inside obj and list
-		if prop, ok := obj.Properties["status"]; ok {
-			prop.Ref = spec.MustCreateRef("#/components/schemas/" + statusRef)
-			obj.Properties["status"] = prop
-		}
-		if list.Properties != nil {
-			if items := list.Properties["items"]; items.Items != nil && items.Items.Schema != nil {
-				items.Items.Schema.Ref = spec.MustCreateRef("#/components/schemas/" + ref)
-				list.Properties["items"] = items
-			}
-		}
-
-		// Inject spec schema
-		if err := patchSpec(obj, rawSchema); err != nil {
-			fmt.Fprintf(os.Stderr, "warning: kind %s spec patch failed: %v\n", kind, err)
-		}
-
-		schemas[ref] = obj
-		schemas[statusRef] = status
-		schemas[listRef] = list
-	}
-
-	// Remove base Application schemas
-	delete(schemas, baseRef)
-	delete(schemas, baseListRef)
-	delete(schemas, baseStatusRef)
-
-	// Get version from environment
-	version := os.Getenv("VERSION")
-	if version == "" {
-		version = "dev"
-	}
-
-	// Sort schema names for deterministic output
-	schemaNames := make([]string, 0, len(schemas))
-	for name := range schemas {
-		schemaNames = append(schemaNames, name)
-	}
-	sort.Strings(schemaNames)
-	orderedSchemas := make(map[string]*spec.Schema, len(schemas))
-	for _, name := range schemaNames {
-		orderedSchemas[name] = schemas[name]
-	}
-
-	doc := map[string]interface{}{
-		"openapi": "3.0.0",
-		"info": map[string]interface{}{
-			"title":   "Cozystack apps.cozystack.io API",
-			"version": version,
-		},
-		"paths": map[string]interface{}{},
-		"components": map[string]interface{}{
-			"schemas": orderedSchemas,
-		},
-	}
-
-	enc := json.NewEncoder(os.Stdout)
-	enc.SetIndent("", "  ")
-	return enc.Encode(doc)
-}
-
-// sanitizeName converts a Go type path to an OpenAPI component name.
-// e.g. "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.Application"
-// → "com.github.cozystack.cozystack.pkg.apis.apps.v1alpha1.Application"
-func sanitizeName(path string) string {
-	// Split on last "." to separate package path from type name
-	lastDot := strings.LastIndex(path, ".")
-	if lastDot < 0 {
-		return strings.ReplaceAll(path, "/", ".")
-	}
-	pkgPath := path[:lastDot]
-	typeName := path[lastDot+1:]
-	// Reverse the domain component (github.com → com.github)
-	parts := strings.Split(pkgPath, "/")
-	if len(parts) > 0 && strings.Contains(parts[0], ".") {
-		domainParts := strings.Split(parts[0], ".")
-		for i, j := 0, len(domainParts)-1; i < j; i, j = i+1, j-1 {
-			domainParts[i], domainParts[j] = domainParts[j], domainParts[i]
-		}
-		parts[0] = strings.Join(domainParts, ".")
-	}
-	return strings.Join(parts, ".") + "." + typeName
-}
-
-func deepCopySchema(in *spec.Schema) *spec.Schema {
-	if in == nil {
-		return nil
-	}
-	raw, err := json.Marshal(in)
-	if err != nil {
-		panic(fmt.Errorf("marshal schema: %w", err))
-	}
-	var out spec.Schema
-	if err := json.Unmarshal(raw, &out); err != nil {
-		panic(fmt.Errorf("unmarshal schema: %w", err))
-	}
-	return &out
-}
-
-func patchSpec(target *spec.Schema, raw string) error {
-	raw = strings.TrimSpace(raw)
-	if raw == "" {
-		if target.Properties == nil {
-			target.Properties = map[string]spec.Schema{}
-		}
-		prop := target.Properties["spec"]
-		prop.AdditionalProperties = &spec.SchemaOrBool{Allows: true}
-		target.Properties["spec"] = prop
-		return nil
-	}
-	var custom spec.Schema
-	if err := json.Unmarshal([]byte(raw), &custom); err != nil {
-		return err
-	}
-	if custom.AdditionalProperties == nil {
-		custom.AdditionalProperties = &spec.SchemaOrBool{Allows: true}
-	}
-	if target.Properties == nil {
-		target.Properties = map[string]spec.Schema{}
-	}
-	target.Properties["spec"] = custom
-	return nil
-}