Release v0.34.8 (#1337)

This PR prepares the release `v0.34.8`.

.github/workflows/pull-requests.yaml

@@ -264,7 +264,8 @@ jobs:
       - uses: actions/checkout@v4
       - id: set
         run: |
-          apps=$(ls hack/e2e-apps/*.bats | cut -f3 -d/ | cut -f1 -d. | jq -R | jq -cs)
+          apps=$(find hack/e2e-apps -maxdepth 1 -mindepth 1 -name '*.bats' | \
+            awk -F/ '{sub(/\..+/, "", $NF); print $NF}' | jq -R . | jq -cs .)
           echo "matrix={\"app\":$apps}" >> "$GITHUB_OUTPUT"
 
   test_apps:

.github/workflows/tags.yaml

@@ -149,36 +149,35 @@ jobs:
           version:     ${{ steps.tag.outputs.tag }}            # A
           compare-to:  ${{ steps.latest_release.outputs.tag }} # B
 
-      # Create or reuse DRAFT GitHub Release
+      # Create or reuse draft release
       - name: Create / reuse draft release
         if: steps.check_release.outputs.skip == 'false'
         id: release
         uses: actions/github-script@v7
         with:
           script: |
-            const tag        = '${{ steps.tag.outputs.tag }}';
-            const isRc       = ${{ steps.tag.outputs.is_rc }};
-            const outdated   = '${{ steps.semver.outputs.comparison-result }}' === '<';
-            const makeLatest = outdated ? false : 'legacy';
-            const releases   = await github.rest.repos.listReleases({
+            const tag      = '${{ steps.tag.outputs.tag }}';
+            const isRc     = ${{ steps.tag.outputs.is_rc }};
+            const releases = await github.rest.repos.listReleases({
               owner: context.repo.owner,
               repo:  context.repo.repo
             });
-            let rel          = releases.data.find(r => r.tag_name === tag);
+
+            let rel = releases.data.find(r => r.tag_name === tag);
             if (!rel) {
               rel = await github.rest.repos.createRelease({
                 owner: context.repo.owner,
                 repo:  context.repo.repo,
-                tag_name:    tag,
-                name:        tag,
-                draft:       true,
-                prerelease:  isRc,
-                make_latest: makeLatest
+                tag_name:   tag,
+                name:       tag,
+                draft:      true,
+                prerelease: isRc               // no make_latest for drafts
               });
               console.log(`Draft release created for ${tag}`);
             } else {
               console.log(`Re-using existing release ${tag}`);
             }
+
             core.setOutput('upload_url', rel.upload_url);
 
       # Build + upload assets (optional)

hack/e2e-apps/bucket.bats

@@ -0,0 +1,47 @@
+#!/usr/bin/env bats
+
+@test "Create and Verify Seeweedfs Bucket" {
+  # Create the bucket resource
+  name='test'
+  kubectl apply -f - <<EOF
+apiVersion: apps.cozystack.io/v1alpha1
+kind: Bucket
+metadata:
+  name: ${name}
+  namespace: tenant-test
+spec: {}
+EOF
+
+  # Wait for the bucket to be ready
+  kubectl -n tenant-test wait hr bucket-${name} --timeout=100s --for=condition=ready
+  kubectl -n tenant-test wait bucketclaims.objectstorage.k8s.io bucket-${name} --timeout=300s --for=jsonpath='{.status.bucketReady}'
+  kubectl -n tenant-test wait bucketaccesses.objectstorage.k8s.io bucket-${name} --timeout=300s --for=jsonpath='{.status.accessGranted}'
+
+  # Get and decode credentials
+  kubectl -n tenant-test get secret bucket-${name} -ojsonpath='{.data.BucketInfo}' | base64 -d > bucket-test-credentials.json
+
+  # Get credentials from the secret
+  ACCESS_KEY=$(jq -r '.spec.secretS3.accessKeyID' bucket-test-credentials.json)
+  SECRET_KEY=$(jq -r '.spec.secretS3.accessSecretKey' bucket-test-credentials.json)
+  BUCKET_NAME=$(jq -r '.spec.bucketName' bucket-test-credentials.json)
+
+  # Start port-forwarding
+  bash -c 'timeout 100s kubectl port-forward service/seaweedfs-s3 -n tenant-root 8333:8333 > /dev/null 2>&1 &'
+
+  # Wait for port-forward to be ready
+  timeout 30 sh -ec 'until nc -z localhost 8333; do sleep 1; done'
+
+  # Set up MinIO alias with error handling
+  mc alias set local https://localhost:8333 $ACCESS_KEY $SECRET_KEY --insecure
+
+  # Upload file to bucket
+  mc cp bucket-test-credentials.json $BUCKET_NAME/bucket-test-credentials.json
+
+  # Verify file was uploaded
+  mc ls $BUCKET_NAME/bucket-test-credentials.json
+
+  # Clean up uploaded file
+  mc rm $BUCKET_NAME/bucket-test-credentials.json
+
+  kubectl -n tenant-test delete bucket.apps.cozystack.io ${name}
+}

hack/e2e-apps/clickhouse.bats

@@ -38,5 +38,4 @@ EOF
   timeout 100 sh -ec "until kubectl -n tenant-test get svc chi-clickhouse-$name-clickhouse-0-0 -o jsonpath='{.spec.ports[*].port}' | grep -q '9000 8123 9009'; do sleep 10; done"
   timeout 80 sh -ec "until kubectl -n tenant-test get sts chi-clickhouse-$name-clickhouse-0-1 ; do sleep 10; done"
   kubectl -n tenant-test wait statefulset.apps/chi-clickhouse-$name-clickhouse-0-1 --timeout=140s --for=jsonpath='{.status.replicas}'=1
-  kubectl -n tenant-test delete clickhouse $name
 }

hack/e2e-apps/kubernetes-latest.bats

@@ -1,6 +0,0 @@
-#!/usr/bin/env bats
-
-@test "Create a tenant Kubernetes control plane with latest version" {
-  . hack/e2e-apps/run-kubernetes.sh
-  run_kubernetes_test 'keys | sort_by(.) | .[-1]' 'test-latest-version' '59991'
-}

hack/e2e-apps/kubernetes-previous.bats

@@ -1,6 +0,0 @@
-#!/usr/bin/env bats
-
-@test "Create a tenant Kubernetes control plane with previous version" {
-  . hack/e2e-apps/run-kubernetes.sh
-  run_kubernetes_test 'keys | sort_by(.) | .[-2]' 'test-previous-version' '59992'
-}

hack/e2e-apps/kubernetes.bats

@@ -1,3 +1,5 @@
+#!/usr/bin/env bats
+
 run_kubernetes_test() {
     local version_expr="$1"
     local test_name="$2"
@@ -102,3 +104,10 @@ EOF
   kubectl -n tenant-test delete kuberneteses.apps.cozystack.io $test_name
 
 }
+
+@test "Create a tenant Kubernetes control plane with latest version" {
+  run_kubernetes_test 'keys | sort_by(.) | .[-1]' 'test-latest-version' '59991'
+}
+@test "Create a tenant Kubernetes control plane with previous version" {
+  run_kubernetes_test 'keys | sort_by(.) | .[-2]' 'test-previous-version' '59992'
+}

hack/e2e-install-cozystack.bats

@@ -123,10 +123,10 @@ EOF
 
 @test "Configure Tenant and wait for applications" {
   # Patch root tenant and wait for its releases
-  kubectl patch tenants/root -n tenant-root --type merge -p '{"spec":{"host":"example.org","ingress":true,"monitoring":true,"etcd":true,"isolated":true}}'
+  kubectl patch tenants/root -n tenant-root --type merge -p '{"spec":{"host":"example.org","ingress":true,"monitoring":true,"etcd":true,"isolated":true, "seaweedfs": true}}'
 
-  timeout 60 sh -ec 'until kubectl get hr -n tenant-root etcd ingress monitoring tenant-root >/dev/null 2>&1; do sleep 1; done'
-  kubectl wait hr/etcd hr/ingress hr/tenant-root -n tenant-root --timeout=2m --for=condition=ready
+  timeout 60 sh -ec 'until kubectl get hr -n tenant-root etcd ingress monitoring seaweedfs tenant-root >/dev/null 2>&1; do sleep 1; done'
+  kubectl wait hr/etcd hr/ingress hr/tenant-root hr/seaweedfs -n tenant-root --timeout=4m --for=condition=ready
 
   if ! kubectl wait hr/monitoring -n tenant-root --timeout=2m --for=condition=ready; then
     flux reconcile hr monitoring -n tenant-root --force

packages/apps/ferretdb/templates/external-svc.yaml

@@ -8,9 +8,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   ports:
   - name: ferretdb

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.6.1@sha256:e0a07082bb6fc6aeaae2315f335386f1705a646c72f9e0af512aebbca5cb2b15
+ghcr.io/cozystack/cozystack/nginx-cache:0.6.1@sha256:50ac1581e3100bd6c477a71161cb455a341ffaf9e5e2f6086802e4e25271e8af

packages/apps/http-cache/templates/haproxy/service.yaml

@@ -10,9 +10,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   selector:
     app: {{ .Release.Name }}-haproxy

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.26.1
+version: 0.26.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.26.0@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.26.3@sha256:e4fbb7d2043f25b90cc8840468d0880e9d3d72ae8b1c8801bf8c35f944cc485d

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.26.0@sha256:49843a0b670eab061627e48df338b2b8bc9f577dc2cfd4c2ed4071e02e64b424
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.26.3@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2

packages/apps/kubernetes/images/kubevirt-cloud-provider/Dockerfile

@@ -21,6 +21,6 @@ RUN go mod vendor
 
 RUN CGO_ENABLED=0 go build -mod=vendor -ldflags="-s -w" -o bin/kubevirt-cloud-controller-manager ./cmd/kubevirt-cloud-controller-manager
 
-FROM registry.access.redhat.com/ubi9/ubi-micro
+FROM scratch
 COPY --from=builder /go/src/kubevirt.io/cloud-provider-kubevirt/bin/kubevirt-cloud-controller-manager /bin/kubevirt-cloud-controller-manager
 ENTRYPOINT [ "/bin/kubevirt-cloud-controller-manager" ]

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.0@sha256:445c2727b04ac68595b43c988ff17b3d69a7b22b0644fde3b10c65b47a7bc036
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.3@sha256:df3a2f503b4a035567b20b81a0f105c15971274fd675101c3b3eb2413d966d2e

packages/apps/kubernetes/templates/helmreleases/csi.yaml

@@ -35,6 +35,8 @@ spec:
     storageClass: "{{ . }}"
   {{- end }}
   dependsOn:
+  - name: {{ .Release.Name }}-vsnap-crd
+    namespace: {{ .Release.Namespace }}
   {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
   - name: {{ .Release.Name }}
     namespace: {{ .Release.Namespace }}

packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml

@@ -3,6 +3,7 @@
 {{- $clusterDomain := (index $cozyConfig.data "cluster-domain") | default "cozy.local" }}
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $targetTenant := index $myNS.metadata.annotations "namespace.cozystack.io/monitoring" }}
+vpaForVPA: false
 vertical-pod-autoscaler:
   recommender:
     extraArgs:

packages/apps/kubernetes/templates/helmreleases/volumesnapshot_crd.yaml

@@ -1,16 +1,16 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: {{ .Release.Name }}-volumesnapshot-crd-for-tenant-k8s
+  name: {{ .Release.Name }}-vsnap-crd
   labels:
     cozystack.io/repository: system
     cozystack.io/target-cluster-name: {{ .Release.Name }}
 spec:
   interval: 5m
-  releaseName: volumesnapshot-crd-for-tenant-k8s
+  releaseName: vsnap-crd
   chart:
     spec:
-      chart: cozy-volumesnapshot-crd-for-tenant-k8s
+      chart: cozy-vsnap-crd
       reconcileStrategy: Revision
       sourceRef:
         kind: HelmRepository
@@ -21,8 +21,8 @@ spec:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig
       key: super-admin.svc
-  targetNamespace: cozy-volumesnapshot-crd-for-tenant-k8s
-  storageNamespace: cozy-volumesnapshot-crd-for-tenant-k8s
+  targetNamespace: cozy-vsnap-crd
+  storageNamespace: cozy-vsnap-crd
   install:
     createNamespace: true
     remediation:

packages/apps/kubernetes/values.yaml

@@ -10,25 +10,25 @@ version: "v1.32"
 host: ""
 ## @param nodeGroups [object] Worker nodes configuration (see example)
 ##
-nodeGroups: {}
-#   md0:
-#     minReplicas: 0
-#     maxReplicas: 10
-#     instanceType: "u1.medium"
-#     ephemeralStorage: 20Gi
-#     roles:
-#     - ingress-nginx
-# 
-#     resources:
-#       cpu: ""
-#       memory: ""
-# 
-#     ## List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)
-#     ## e.g:
-#     ## instanceType: "u1.xlarge"
-#     ## gpus:
-#     ## - name: nvidia.com/AD102GL_L40S
-#     gpus: []
+nodeGroups:
+  md0:
+    minReplicas: 0
+    maxReplicas: 10
+    instanceType: "u1.medium"
+    ephemeralStorage: 20Gi
+    roles:
+    - ingress-nginx
+
+    resources:
+      cpu: ""
+      memory: ""
+
+    ## List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)
+    ## e.g:
+    ## instanceType: "u1.xlarge"
+    ## gpus:
+    ## - name: nvidia.com/AD102GL_L40S
+    gpus: []
 
 
 ## @section Cluster Addons

packages/apps/postgres/templates/external-svc.yaml

@@ -7,9 +7,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   ports:
   - name: postgres

packages/apps/redis/templates/service.yaml

@@ -11,9 +11,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   selector:
     app.kubernetes.io/component: redis

packages/apps/tcp-balancer/templates/service.yaml

@@ -10,9 +10,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   selector:
     app: {{ .Release.Name }}-haproxy

packages/apps/versions_map

@@ -61,8 +61,10 @@ kubernetes 0.24.0 62cb694d
 kubernetes 0.25.0 70f82667
 kubernetes 0.25.1 acd4663a
 kubernetes 0.25.2 08cb7c0f
-kubernetes 0.26.0 68a47097
-kubernetes 0.26.1 HEAD
+kubernetes 0.26.0 9584e5f5
+kubernetes 0.26.1 0e47e1e8
+kubernetes 0.26.2 8ddbe32e
+kubernetes 0.26.3 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e
@@ -173,7 +175,8 @@ virtual-machine 0.10.2 632224a3
 virtual-machine 0.11.0 4369b031
 virtual-machine 0.12.0 acd4663a
 virtual-machine 0.12.1 909208ba
-virtual-machine 0.12.2 HEAD
+virtual-machine 0.12.2 8ddbe32e
+virtual-machine 0.12.3 HEAD
 vm-disk 0.1.0 d971f2ff
 vm-disk 0.1.1 6130f43d
 vm-disk 0.1.2 632224a3
@@ -192,7 +195,8 @@ vm-instance 0.7.2 632224a3
 vm-instance 0.8.0 4369b031
 vm-instance 0.9.0 acd4663a
 vm-instance 0.10.0 909208ba
-vm-instance 0.10.1 HEAD
+vm-instance 0.10.1 8ddbe32e
+vm-instance 0.10.2 HEAD
 vpn 0.1.0 263e47be
 vpn 0.2.0 53f2365e
 vpn 0.3.0 6c5cf5bf

packages/apps/virtual-machine/Chart.yaml

@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.12.2
+version: 0.12.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/virtual-machine/Makefile

@@ -3,10 +3,10 @@ include ../../../scripts/package.mk
 generate:
 	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
 	yq -o json -i '.properties.gpus.items.type = "object" | .properties.gpus.default = []' values.schema.json
-	INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
-	  && yq -i -o json ".properties.instanceType.optional=true | .properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
+	# INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
+	#  && yq -i -o json ".properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
 	PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \
-	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
+	  && yq -i -o json ".properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
 	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
 	yq -i -o json '.properties.systemDisk.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' values.schema.json
 	yq -i -o json '.properties.externalMethod.enum = ["PortList", "WholeIP"]' values.schema.json

packages/apps/virtual-machine/templates/service.yaml

@@ -13,9 +13,7 @@ metadata:
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   selector:
     {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
   ports:

packages/apps/virtual-machine/values.schema.json

@@ -44,7 +44,6 @@
       "default": "ubuntu",
       "description": "Virtual Machine preferences profile",
       "type": "string",
-      "optional": true,
       "enum": [
         "alpine",
         "centos.7",
@@ -94,59 +93,7 @@
     "instanceType": {
       "default": "u1.medium",
       "description": "Virtual Machine instance type",
-      "type": "string",
-      "optional": true,
-      "enum": [
-        "cx1.2xlarge",
-        "cx1.4xlarge",
-        "cx1.8xlarge",
-        "cx1.large",
-        "cx1.medium",
-        "cx1.xlarge",
-        "gn1.2xlarge",
-        "gn1.4xlarge",
-        "gn1.8xlarge",
-        "gn1.xlarge",
-        "m1.2xlarge",
-        "m1.4xlarge",
-        "m1.8xlarge",
-        "m1.large",
-        "m1.xlarge",
-        "n1.2xlarge",
-        "n1.4xlarge",
-        "n1.8xlarge",
-        "n1.large",
-        "n1.medium",
-        "n1.xlarge",
-        "o1.2xlarge",
-        "o1.4xlarge",
-        "o1.8xlarge",
-        "o1.large",
-        "o1.medium",
-        "o1.micro",
-        "o1.nano",
-        "o1.small",
-        "o1.xlarge",
-        "rt1.2xlarge",
-        "rt1.4xlarge",
-        "rt1.8xlarge",
-        "rt1.large",
-        "rt1.medium",
-        "rt1.micro",
-        "rt1.small",
-        "rt1.xlarge",
-        "u1.2xlarge",
-        "u1.2xmedium",
-        "u1.4xlarge",
-        "u1.8xlarge",
-        "u1.large",
-        "u1.medium",
-        "u1.micro",
-        "u1.nano",
-        "u1.small",
-        "u1.xlarge",
-        ""
-      ]
+      "type": "string"
     },
     "resources": {
       "properties": {

packages/apps/vm-instance/Chart.yaml

@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.10.1
+version: 0.10.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/vm-instance/Makefile

@@ -4,9 +4,9 @@ generate:
 	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
 	yq -o json -i '.properties.disks.items.type = "object" | .properties.disks.default = []' values.schema.json
 	yq -o json -i '.properties.gpus.items.type = "object" | .properties.gpus.default = []' values.schema.json
-	INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
-	  && yq -i -o json ".properties.instanceType.optional=true | .properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
+	#INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
+	#  && yq -i -o json ".properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
 	PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \
-	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
+	  && yq -i -o json ".properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
 	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
 	yq -i -o json '.properties.externalMethod.enum = ["PortList", "WholeIP"]' values.schema.json

packages/apps/vm-instance/templates/service.yaml

@@ -13,9 +13,7 @@ metadata:
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   selector:
     {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
   ports:

packages/apps/vm-instance/values.schema.json

@@ -52,7 +52,6 @@
       "default": "ubuntu",
       "description": "Virtual Machine preferences profile",
       "type": "string",
-      "optional": true,
       "enum": [
         "alpine",
         "centos.7",
@@ -102,59 +101,7 @@
     "instanceType": {
       "default": "u1.medium",
       "description": "Virtual Machine instance type",
-      "type": "string",
-      "optional": true,
-      "enum": [
-        "cx1.2xlarge",
-        "cx1.4xlarge",
-        "cx1.8xlarge",
-        "cx1.large",
-        "cx1.medium",
-        "cx1.xlarge",
-        "gn1.2xlarge",
-        "gn1.4xlarge",
-        "gn1.8xlarge",
-        "gn1.xlarge",
-        "m1.2xlarge",
-        "m1.4xlarge",
-        "m1.8xlarge",
-        "m1.large",
-        "m1.xlarge",
-        "n1.2xlarge",
-        "n1.4xlarge",
-        "n1.8xlarge",
-        "n1.large",
-        "n1.medium",
-        "n1.xlarge",
-        "o1.2xlarge",
-        "o1.4xlarge",
-        "o1.8xlarge",
-        "o1.large",
-        "o1.medium",
-        "o1.micro",
-        "o1.nano",
-        "o1.small",
-        "o1.xlarge",
-        "rt1.2xlarge",
-        "rt1.4xlarge",
-        "rt1.8xlarge",
-        "rt1.large",
-        "rt1.medium",
-        "rt1.micro",
-        "rt1.small",
-        "rt1.xlarge",
-        "u1.2xlarge",
-        "u1.2xmedium",
-        "u1.4xlarge",
-        "u1.8xlarge",
-        "u1.large",
-        "u1.medium",
-        "u1.micro",
-        "u1.nano",
-        "u1.small",
-        "u1.xlarge",
-        ""
-      ]
+      "type": "string"
     },
     "resources": {
       "properties": {

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.35.0-alpha.1@sha256:c50451e26a1a2a9f8962e26f6ab668b71b95186f53c1ae84118733e2cd464293
+  image: ghcr.io/cozystack/cozystack/installer:v0.34.8@sha256:c9dae64d1cbb3882749aae3af47e63152a835cb603af12ba573618c0d0940437

packages/core/platform/bundles/distro-full.yaml

@@ -258,10 +258,3 @@ releases:
   privileged: true
   optional: true
   dependsOn: [cilium]
-
-- name: hetzner-robotlb
-  releaseName: robotlb
-  optional: true
-  chart: cozy-hetzner-robotlb
-  namespace: cozy-hetzner-robotlb
-  dependsOn: [cilium]

packages/core/platform/bundles/distro-hosted.yaml

@@ -171,9 +171,3 @@ releases:
   namespace: cozy-velero
   privileged: true
   optional: true
-
-- name: hetzner-robotlb
-  releaseName: robotlb
-  optional: true
-  chart: cozy-hetzner-robotlb
-  namespace: cozy-hetzner-robotlb

packages/core/platform/bundles/paas-full.yaml

@@ -415,10 +415,3 @@ releases:
   privileged: true
   optional: true
   dependsOn: [monitoring-agents]
-
-- name: hetzner-robotlb
-  releaseName: robotlb
-  optional: true
-  chart: cozy-hetzner-robotlb
-  namespace: cozy-hetzner-robotlb
-  dependsOn: [cilium, kubeovn]

packages/core/platform/bundles/paas-hosted.yaml

@@ -238,9 +238,3 @@ releases:
   privileged: true
   optional: true
   dependsOn: [monitoring-agents]
-
-- name: hetzner-robotlb
-  releaseName: robotlb
-  optional: true
-  chart: cozy-hetzner-robotlb
-  namespace: cozy-hetzner-robotlb

packages/core/testing/images/e2e-sandbox/Dockerfile

@@ -19,6 +19,7 @@ RUN curl -sSL "https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_${TA
  && chmod +x /usr/local/bin/yq
 RUN curl -sSL "https://fluxcd.io/install.sh" | bash
 RUN curl -sSL "https://github.com/cozystack/cozypkg/raw/refs/heads/main/hack/install.sh" | sh -s -- -v "${COZYPKG_VERSION}"
-
+RUN curl https://dl.min.io/client/mc/release/${TARGETOS}-${TARGETARCH}/mc --create-dirs -o  /usr/local/bin/mc \
+&& chmod +x /usr/local/bin/mc
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.35.0-alpha.1@sha256:ea73a2aeeac810be8eaee636aba6d6d10051772297ee76b6ce28a2aa7aa6a7f4
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.34.8@sha256:f88293295f95419e0ec5484430ae3b46c58dc07050ccb12104b7b0e7902b1712

packages/extra/bootbox/images/matchbox.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.35.0-alpha.1@sha256:103e7c66ba47caee2126eca2d4b40e67041d4a3e6b729945b4dfc55decda74e7
+ghcr.io/cozystack/cozystack/matchbox:v0.34.8@sha256:9280492dad668db1aeb678e1d5d5cf29a86ada26776fbcbe36bbfa1fc1e9d311

packages/extra/etcd/Chart.yaml

@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: /logos/etcd.svg
 type: application
-version: 2.9.0
+version: 2.9.1

packages/extra/etcd/templates/etcd-cluster.yaml

@@ -49,6 +49,14 @@ spec:
         {{- with .Values.resources }}
         resources: {{- include "cozy-lib.resources.sanitize" (list . $) | nindent 10 }}
         {{- end }}
+    {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }}
+    {{- $rawConstraints := "" }}
+    {{- if $configMap }}
+      {{- $rawConstraints = get $configMap.data "globalAppTopologySpreadConstraints" }}
+    {{- end }}
+    {{- if $rawConstraints }}
+      {{- $rawConstraints | fromYaml | toYaml | nindent 6 }}
+    {{- else }}
       topologySpreadConstraints:
       - maxSkew: 1
         topologyKey: "kubernetes.io/hostname"
@@ -56,6 +64,7 @@ spec:
         labelSelector:
           matchLabels:
             app.kubernetes.io/instance: etcd
+    {{- end }}
   podDisruptionBudgetTemplate: {}
 ---
 apiVersion: cert-manager.io/v1

packages/extra/seaweedfs/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.0
+version: 0.6.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/extra/seaweedfs/README.md

@@ -4,14 +4,15 @@
 
 ### Common parameters
 
-| Name                | Description                                                                                                              | Value           |
-| ------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- |
-| `host`              | The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host).                   | `""`            |
-| `topology`          | The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone, Client)                                       | `Simple`        |
-| `replicationFactor` | The number of replicas for each volume in the SeaweedFS cluster.                                                         | `2`             |
-| `replicas`          | Persistent Volume size for SeaweedFS                                                                                     | `2`             |
-| `size`              | Persistent Volume size                                                                                                   | `10Gi`          |
-| `storageClass`      | StorageClass used to store the data                                                                                      | `""`            |
-| `zones`             | A map of zones for MultiZone topology. Each zone can have its own number of replicas and size.                           | `{}`            |
-| `filer.external`    | Enable external access to the SeaweedFS filer from outside the cluster. Use this when `topology` is not set to `Client`. | `false`         |
-| `remoteEndpoint`    | The endpoint of the remote filer GRPC service. Used when `topology` is set to `Client`.                                  | `1.2.3.4:18888` |
+| Name                | Description                                                                                            | Value    |
+| ------------------- | ------------------------------------------------------------------------------------------------------ | -------- |
+| `host`              | The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host). | `""`     |
+| `topology`          | The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone, Client)                     | `Simple` |
+| `replicationFactor` | The number of replicas for each volume in the SeaweedFS cluster.                                       | `2`      |
+| `replicas`          | Persistent Volume size for SeaweedFS                                                                   | `2`      |
+| `size`              | Persistent Volume size                                                                                 | `10Gi`   |
+| `storageClass`      | StorageClass used to store the data                                                                    | `""`     |
+| `zones`             | A map of zones for MultiZone topology. Each zone can have its own number of replicas and size.         | `{}`     |
+| `filer.grpcHost`    | The hostname used to expose or access the filer service externally.                                    | `""`     |
+| `filer.grpcPort`    | The port used to access the filer service externally.                                                  | `443`    |
+| `filer.whitelist`   | A list of IP addresses or CIDR ranges that are allowed to access the filer service.                    | `[]`     |

packages/extra/seaweedfs/images/seaweedfs-cosi-driver.tag

@@ -0,0 +1 @@
+ghcr.io/seaweedfs/seaweedfs-cosi-driver:v0.2.0

packages/extra/seaweedfs/templates/client/cosi-deployment.yaml

@@ -35,7 +35,7 @@ spec:
     spec:
       containers:
       - name: seaweedfs-cosi-driver
-        image: ghcr.io/seaweedfs/seaweedfs-cosi-driver:v0.1.2
+        image: "{{ $.Files.Get "images/seaweedfs-cosi-driver.tag" | trim }}"
         imagePullPolicy: IfNotPresent
         env:
         - name: DRIVERNAME
@@ -43,7 +43,7 @@ spec:
         - name: ENDPOINT
           value: https://{{ .Values.host | default (printf "s3.%s" $host) }}
         - name: SEAWEEDFS_FILER
-          value: {{ .Values.remoteEndpoint }}
+          value: "{{ .Values.filer.grpcHost }}:{{ .Values.filer.grpcPort }}"
         - name: WEED_GRPC_CLIENT_KEY
           value: /usr/local/share/ca-certificates/client/tls.key
         - name: WEED_GRPC_CLIENT_CERT

packages/extra/seaweedfs/templates/ingress.yaml

@@ -0,0 +1,44 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
+
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+{{- if and (not (eq .Values.topology "Client")) (.Values.filer.grpcHost) }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: GRPCS
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," (.Values.filer.whitelist | default "0.0.0.0/32") }}"
+  name: seaweedfs-filer-external
+spec:
+  ingressClassName: tenant-root
+  rules:
+  - host: {{ .Values.filer.grpcHost | default (printf "filer.%s" $host) }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ $.Release.Name }}-filer-external
+            port:
+              number: 18888
+        path: /
+        pathType: ImplementationSpecific
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $.Release.Name }}-filer-external
+spec:
+  ports:
+  - name: swfs-filer-grpc
+    port: 18888
+    protocol: TCP
+    targetPort: 18888
+  selector:
+    app.kubernetes.io/component: filer
+    app.kubernetes.io/name: {{ $.Release.Name }}
+{{- end }}

packages/extra/seaweedfs/templates/seaweedfs.yaml

@@ -2,8 +2,8 @@
 {{- if not (has .Values.topology (list "Simple" "MultiZone" "Client")) }}
 {{-   fail "Invalid value for .Values.topology. Must be one of 'Simple', 'MultiZone' or 'Client'." }}
 {{- end }}
-{{- if and (eq .Values.topology "Client") (not .Values.remoteEndpoint) }}
-{{-   fail "When topology is 'Client', .Values.remoteEndpoint must be set to a valid remote filer GRPC service endpoint." }}
+{{- if and (eq .Values.topology "Client") (not .Values.filer.grpcHost) }}
+{{-   fail "When topology is 'Client', .Values.filer.grpcHost must be set to a valid remote filer GRPC service endpoint." }}
 {{- end }}
 {{- if lt (int .Values.replicationFactor) 1 }}
 {{-   fail "Invalid value for .Values.replicationFactor. Must be at least 1." }}
@@ -110,6 +110,7 @@ spec:
             {{- else if $.Values.storageClass }}
             storageClass: {{ $.Values.storageClass }}
             {{- end }}
+            maxVolumes: 0
           nodeSelector: |
             topology.kubernetes.io/zone: {{ $zoneName }}
           dataCenter: {{ $zone.dataCenter | default $zoneName }}

packages/extra/seaweedfs/templates/svc-external.yaml

@@ -1,18 +0,0 @@
-{{- if and (not (eq .Values.topology "Client")) (.Values.filer.external) }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ $.Release.Name }}-filer-external
-spec:
-  type: LoadBalancer
-  externalTrafficPolicy: Local
-  ports:
-  - name: swfs-filer-grpc
-    port: 18888
-    protocol: TCP
-    targetPort: 18888
-  selector:
-    app.kubernetes.io/component: filer
-    app.kubernetes.io/name: {{ $.Release.Name }}
-{{- end }}

packages/extra/seaweedfs/values.schema.json

@@ -2,10 +2,21 @@
   "properties": {
     "filer": {
       "properties": {
-        "external": {
-          "default": false,
-          "description": "Enable external access to the SeaweedFS filer from outside the cluster. Use this when `topology` is not set to `Client`.",
-          "type": "boolean"
+        "grpcHost": {
+          "default": "",
+          "description": "The hostname used to expose or access the filer service externally.",
+          "type": "string"
+        },
+        "grpcPort": {
+          "default": 443,
+          "description": "The port used to access the filer service externally.",
+          "type": "number"
+        },
+        "whitelist": {
+          "default": [],
+          "description": "A list of IP addresses or CIDR ranges that are allowed to access the filer service.",
+          "items": {},
+          "type": "array"
         }
       },
       "type": "object"
@@ -15,11 +26,6 @@
       "description": "The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host).",
       "type": "string"
     },
-    "remoteEndpoint": {
-      "default": "1.2.3.4:18888",
-      "description": "The endpoint of the remote filer GRPC service. Used when `topology` is set to `Client`.",
-      "type": "string"
-    },
     "replicas": {
       "default": 2,
       "description": "Persistent Volume size for SeaweedFS",

packages/extra/seaweedfs/values.yaml

@@ -32,9 +32,10 @@ storageClass: ""
 ##     size: 10Gi
 zones: {}
 
-## @param filer.external Enable external access to the SeaweedFS filer from outside the cluster. Use this when `topology` is not set to `Client`.
+## @param filer.grpcHost The hostname used to expose or access the filer service externally.
+## @param filer.grpcPort The port used to access the filer service externally.
+## @param filer.whitelist A list of IP addresses or CIDR ranges that are allowed to access the filer service.
 filer:
-  external: false
-
-## @param remoteEndpoint The endpoint of the remote filer GRPC service. Used when `topology` is set to `Client`.
-remoteEndpoint: "1.2.3.4:18888"
+  grpcHost: ""
+  grpcPort: 443
+  whitelist: []

packages/extra/versions_map

@@ -13,7 +13,8 @@ etcd 2.6.0 8c460528
 etcd 2.6.1 45a7416c
 etcd 2.7.0 632224a3
 etcd 2.8.0 4369b031
-etcd 2.9.0 HEAD
+etcd 2.9.0 8ddbe32e
+etcd 2.9.1 HEAD
 info 1.0.0 93bdf411
 info 1.0.1 632224a3
 info 1.1.0 HEAD
@@ -54,4 +55,5 @@ seaweedfs 0.2.1 fde4bcfa
 seaweedfs 0.3.0 45a7416c
 seaweedfs 0.4.0 632224a3
 seaweedfs 0.4.1 8c86905b
-seaweedfs 0.5.0 HEAD
+seaweedfs 0.5.0 9584e5f5
+seaweedfs 0.6.0 HEAD

packages/library/cozy-lib/templates/_network.tpl

@@ -1,23 +0,0 @@
-{{- define "cozy-lib.network.defaultDisableLoadBalancerNodePorts" }}
-{{/* Default behavior prior to introduction */}}
-{{-   `true` }}
-{{- end }}
-
-{{/* 
-Invoke as {{ include "cozy-lib.network.disableLoadBalancerNodePorts" $ }}.
-Detects whether the current load balancer class requires nodeports to function
-correctly. Currently just checks if Hetzner's RobotLB is enabled, which does
-require nodeports, and so, returns `false`. Otherwise assumes that metallb is
-in use and returns `true`.
-*/}}
-
-{{- define "cozy-lib.network.disableLoadBalancerNodePorts" }}
-{{-   include "cozy-lib.loadCozyConfig" (list "" .) }}
-{{-   $cozyConfig := index . 1 "cozyConfig" }}
-{{-   if not $cozyConfig }}
-{{-     include "cozy-lib.network.defaultDisableLoadBalancerNodePorts" . }}
-{{-   else }}
-{{-     $enabledComponents := splitList "," ((index $cozyConfig.data "bundle-enable") | default "") }}
-{{-     not (has "robotlb" $enabledComponents) }}
-{{-   end }}
-{{- end }}

packages/system/bucket/images/s3manager.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:34db8c950f14a3e2742b7c31bd3c6a1fe631c9b398caac611ed5cfdac5769d36
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:a9c0a5d5519b2da200d7d035fe30087ea4834fc8013a482848c160610b5b9716

packages/system/cozystack-api/values.yaml

@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.35.0-alpha.1@sha256:677b5af99f2b7d1adb4c25d5637f2fa5a1baffb423269fa166d2ea15a0028864
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.34.8@sha256:86ef89a7be84761038cc25507a1b6e195c9f86c8051ac8aca8044dd8de39dedb

packages/system/cozystack-controller/values.yaml

@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.35.0-alpha.1@sha256:7a510d046d7e1dd1f82a06f7a014bf7690f95cbd42005a417520b216141f86a0
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.34.8@sha256:cd4082e3672e793cbead467041ffb372d465085653614885f109fc7c582cd112
   debug: false
   disableTelemetry: false
-  cozystackVersion: "v0.35.0-alpha.1"
+  cozystackVersion: "v0.34.8"

packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml

@@ -76,7 +76,7 @@ data:
       "kubeappsNamespace": {{ .Release.Namespace | quote }},
       "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
       "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.35.0-alpha.1",
+      "appVersion": "v0.34.8",
       "authProxyEnabled": {{ .Values.authProxy.enabled }},
       "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
       "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},

packages/system/dashboard/images/dashboard/Dockerfile

@@ -1,7 +1,7 @@
 FROM bitnami/node:20.15.1 AS build
 WORKDIR /app
 
-ARG COMMIT_REF=cdf9095f50c74505870de337725d2a9d0bd20947
+ARG COMMIT_REF=4926bc68fabb0914afab574006643c85a597b371
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=2 kubeapps-${COMMIT_REF}/dashboard
 
 RUN yarn install --frozen-lockfile

packages/system/dashboard/images/kubeapps-apis/Dockerfile

@@ -4,7 +4,7 @@
 # syntax = docker/dockerfile:1
 
 FROM alpine AS source
-ARG COMMIT_REF=cdf9095f50c74505870de337725d2a9d0bd20947
+ARG COMMIT_REF=4926bc68fabb0914afab574006643c85a597b371
 RUN apk add --no-cache patch
 WORKDIR /source
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1

packages/system/dashboard/values.yaml

@@ -19,8 +19,8 @@ kubeapps:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: dashboard
-      tag: v0.35.0-alpha.1
-      digest: "sha256:ad4b95660b6c5c1b9736ca4768a3f9648705c2855d0a08880d570b4e480dba78"
+      tag: v0.34.8
+      digest: "sha256:54906b3d2492c8603a347a5938b6db36e5ed5c4149111cae1804ac9110361947"
   redis:
     master:
       resourcesPreset: "none"
@@ -37,8 +37,8 @@ kubeapps:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: kubeapps-apis
-      tag: v0.35.0-alpha.1
-      digest: "sha256:5eb100bab12012659caaa335e510438fec4db22929d2ff8131d51572f609c4b5"
+      tag: v0.34.8
+      digest: "sha256:6a02c7ef1e851118472e80ec7dac961e7637a6d32f4bd35dc1d2f0b32bf217a3"
     pluginConfig:
       flux:
         packages:

packages/system/hetzner-robotlb/Chart.yaml

@@ -1,3 +0,0 @@
-apiVersion: v2
-name: cozy-hetzner-robotlb
-version: 0.1.3  # Placeholder, the actual version will be automatically set during the build process

packages/system/hetzner-robotlb/Makefile

@@ -1,9 +0,0 @@
-export NAME=hetzner-robotlb
-export NAMESPACE=cozy-$(NAME)
-
-include ../../../scripts/package.mk
-
-update:
-	rm -rf charts
-	mkdir -p charts
-	helm pull oci://ghcr.io/intreecom/charts/robotlb --untar --untardir charts

packages/system/hetzner-robotlb/charts/robotlb/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

packages/system/hetzner-robotlb/charts/robotlb/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v2
-appVersion: 0.0.5
-description: A Helm chart for robotlb (loadbalancer on hetzner cloud).
-name: robotlb
-type: application
-version: 0.1.3

packages/system/hetzner-robotlb/charts/robotlb/templates/NOTES.txt

@@ -1,4 +0,0 @@
-The RobotLB Operator was successfully installed.
-Please follow the readme to create loadbalanced services.
-
-README: https://github.com/intreecom/robotlb

packages/system/hetzner-robotlb/charts/robotlb/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "robotlb.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "robotlb.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "robotlb.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "robotlb.labels" -}}
-helm.sh/chart: {{ include "robotlb.chart" . }}
-{{ include "robotlb.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "robotlb.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "robotlb.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "robotlb.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "robotlb.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

packages/system/hetzner-robotlb/charts/robotlb/templates/deployment.yaml

@@ -1,66 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "robotlb.fullname" . }}
-  labels:
-    {{- include "robotlb.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicas }}
-  selector:
-    matchLabels:
-      {{- include "robotlb.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "robotlb.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "robotlb.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command:
-            - /usr/local/bin/robotlb
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          {{- with .Values.envs }}
-          env:
-            {{- range $key, $val := . }}
-              - name: {{ $key | quote }}
-                value: {{ $val | quote }}
-            {{ end -}}
-          {{- end }}
-          {{- with .Values.existingSecrets }}
-          envFrom:
-            {{- range $val := . }}
-            - secretRef:
-                name: {{ $val | quote }}
-            {{ end -}}
-          {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

packages/system/hetzner-robotlb/charts/robotlb/templates/role.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "robotlb.fullname" . }}-cr
-rules: {{- toYaml .Values.serviceAccount.permissions | nindent 2 }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "robotlb.fullname" . }}-crb
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "robotlb.fullname" . }}-cr
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "robotlb.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
-{{- end }}

packages/system/hetzner-robotlb/charts/robotlb/templates/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "robotlb.serviceAccountName" . }}
-  labels:
-    {{- include "robotlb.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}

packages/system/hetzner-robotlb/charts/robotlb/values.yaml

@@ -1,73 +0,0 @@
-# Default values for robotlb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-image:
-  repository: ghcr.io/intreecom/robotlb
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-envs:
-  ROBOTLB_LOG_LEVEL: "INFO"
-
-existingSecrets: []
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-  # This is a list of cluster permissions to apply to the service account.
-  # By default it grants all permissions.
-  permissions:
-  - apiGroups: [""]
-    resources: [services, services/status]
-    verbs: [get, list, patch, update, watch]
-  - apiGroups: [""]
-    resources: [nodes, pods]
-    verbs: [get, list, watch]
-
-podAnnotations: {}
-podLabels: {}
-
-podSecurityContext:
-  {}
-  # fsGroup: 2000
-
-securityContext:
-  {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-resources:
-  {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

packages/system/hetzner-robotlb/values.yaml

@@ -1,3 +0,0 @@
-robotlb:
-  replicas: 1
-  existingSecrets: ["hetzner-robotlb-credentials"]

packages/system/kamaji/Makefile

@@ -27,4 +27,5 @@ image:
 		yq -i '.kamaji.image.repository = strenv(REPOSITORY)' values.yaml
 	TAG=$(TAG)@$$(yq e '."containerimage.digest"' images/kamaji.json -o json -r) \
 		yq -i '.kamaji.image.tag = strenv(TAG)' values.yaml
+	yq -i '.kamaji.extraArgs[0] = "--migrate-image=" + .kamaji.image.repository + ":" + .kamaji.image.tag' values.yaml
 	rm -f images/kamaji.json

packages/system/kamaji/values.yaml

@@ -3,7 +3,7 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.35.0-alpha.1@sha256:7ce47da363e7be4f297e6de42a72416238c66c613e2effdbfa3fef987701d61a
+    tag: v0.34.8@sha256:908dc829ce8493607dffcf6de95e4993ff2bfc0d65949c501bd7119fad45127a
     repository: ghcr.io/cozystack/cozystack/kamaji
   resources:
     limits:
@@ -12,3 +12,5 @@ kamaji:
     requests:
       cpu: 100m
       memory: 100Mi
+  extraArgs:
+    - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.34.8@sha256:908dc829ce8493607dffcf6de95e4993ff2bfc0d65949c501bd7119fad45127a

packages/system/keycloak-configure/templates/configure-kk.yaml

@@ -200,7 +200,7 @@ spec:
     - groups
     - kubernetes-client
   redirectUris:
-    - "http://dashboard.{{ $host }}/oauth2/callback/*"
+    - "https://dashboard.{{ $host }}/oauth2/callback/*"
     {{- range $i, $v := $extraRedirectUris }}
     - "{{ $v }}"
     {{- end }}
@@ -223,8 +223,7 @@ data:
         clientSecret: {{ $kubeappsClient }}
         cookieSecret: {{ $cookieSecret }}
         extraFlags:
-          - --ssl-insecure-skip-verify
-          - --cookie-secure=false
+          - --cookie-secure
           - --scope=openid email groups
           - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy
 

packages/system/kubeovn-webhook/values.yaml

@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.35.0-alpha.1@sha256:dab57f5f68e77830b63c37c1b0c3228f404137435eced38bb21982954e280398
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.34.8@sha256:e6c845b65142d554d34187aef29afcbd8f67fae7dcc787255fb53de2b6103386

packages/system/kubeovn/values.yaml

@@ -64,4 +64,4 @@ global:
   images:
     kubeovn:
       repository: kubeovn
-      tag: v1.13.14@sha256:beb6e0bac9321fe9b26a11b24bf99a7e176af5e60a2826acc34a7edec5198e6a
+      tag: v1.13.14@sha256:0f27c268300fe30fe3ad61d145fdb276d5dddba2d792aacc26f3f512f7ef205d

packages/system/kubevirt-csi-node/values.yaml

@@ -1,3 +1,3 @@
 storageClass: replicated
 csiDriver:
-  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.0@sha256:445c2727b04ac68595b43c988ff17b3d69a7b22b0644fde3b10c65b47a7bc036
+  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.3@sha256:df3a2f503b4a035567b20b81a0f105c15971274fd675101c3b3eb2413d966d2e

packages/system/linstor/templates/podscrape.yaml

@@ -37,7 +37,7 @@ spec:
     - replacement: linstor-satellite
       targetLabel: job
     - sourceLabels: [__meta_kubernetes_pod_node_name]
-      targetLabel: node
+      targetLabel: controller_node
     - targetLabel: tier
       replacement: cluster
   selector:

packages/system/objectstorage-controller/Makefile

@@ -27,4 +27,3 @@ image-controller image-sidecar:
 	IMAGE="$(REGISTRY)/objectstorage-$(TARGET):$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/$(TARGET).json -r)" \
 		yq -i '$(YAML_PATH) = strenv(IMAGE)' $(VALUES_FILE)
 	rm -f images/$(TARGET).json
-	yq .seaweedfs.cosi.sidecar.image ../seaweedfs/values.yaml > ../../extra/seaweedfs/images/objectstorage-sidecar.tag

packages/system/objectstorage-controller/values.yaml

@@ -1,3 +1,3 @@
 objectstorage:
   controller:
-    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.35.0-alpha.1@sha256:2fe77880b81b0210273c85a142cb13e6857d13dd941337456b426597f5778bc3"
+    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.34.8@sha256:5891c7fb46fb7c6ada4abc4e78e69b34631d13e32a30a86c0abc15cc17675450"

packages/system/seaweedfs/values.yaml

@@ -6,8 +6,8 @@ global:
     WEED_CLUSTER_SW_FILER: "seaweedfs-filer-client:8888"
 seaweedfs:
   master:
+    volumeSizeLimitMB: 30000
     replicas: 3
-    volumeSizeLimitMB: 100
     #  replication type is XYZ:
     # X number of replica in other data centers
     # Y number of replica in other racks in the same data center
@@ -87,6 +87,8 @@ seaweedfs:
       host: "seaweedfs2.demo.cozystack.io"
       annotations:
         nginx.ingress.kubernetes.io/proxy-body-size: "0"
+        nginx.ingress.kubernetes.io/proxy-buffering: "off"
+        nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
         nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
         acme.cert-manager.io/http01-ingress-class: tenant-root
         cert-manager.io/cluster-issuer: letsencrypt-prod
@@ -102,7 +104,7 @@ seaweedfs:
     bucketClassName: "seaweedfs"
     region: ""
     sidecar:
-      image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.35.0-alpha.1@sha256:e4f9a7302285ea9febeb28fc2fa97cb7c01bb91e602f975c31aad1fe46f778f7"
+      image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.34.8@sha256:ccc7ec31b2beebf09413b9a41ffa8fd06899510127572c9e1c1e30ddab45ebe9"
   certificates:
     commonName: "SeaweedFS CA"
     ipAddresses: []

packages/system/volumesnapshot-crd-for-tenant-k8s/Chart.yaml

@@ -1,3 +1,3 @@
 apiVersion: v2
-name: cozy-volumesnapshot-crd-for-tenant-k8s
+name: cozy-vsnap-crd
 version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/volumesnapshot-crd-for-tenant-k8s/Makefile

@@ -1,4 +1,4 @@
-export NAME=volumesnapshot-crd-for-tenant-k8s
+export NAME=vsnap-crd
 export NAMESPACE=cozy-$(NAME)
 
 include ../../../scripts/package.mk

pkg/registry/apps/application/rest.go

@@ -18,7 +18,6 @@ package application
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"
@@ -42,10 +41,6 @@ import (
 
 	appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1"
 	"github.com/cozystack/cozystack/pkg/config"
-	internalapiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
-	apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema"
-	schemadefault "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting"
 
 	// Importing API errors package to construct appropriate error responses
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -83,21 +78,10 @@ type REST struct {
 	kindName      string
 	singularName  string
 	releaseConfig config.ReleaseConfig
-	specSchema    *structuralschema.Structural
 }
 
 // NewREST creates a new REST storage for Application with specific configuration
 func NewREST(dynamicClient dynamic.Interface, config *config.Resource) *REST {
-	var specSchema *structuralschema.Structural
-	if raw := strings.TrimSpace(config.Application.OpenAPISchema); raw != "" {
-		var js internalapiext.JSONSchemaProps
-		if err := json.Unmarshal([]byte(raw), &js); err != nil {
-			klog.Errorf("Failed to unmarshal OpenAPI schema: %v", err)
-		} else if specSchema, err = structuralschema.NewStructural(&js); err != nil {
-			klog.Errorf("Failed to create structural schema: %v", err)
-		}
-	}
-
 	return &REST{
 		dynamicClient: dynamicClient,
 		gvr: schema.GroupVersionResource{
@@ -112,7 +96,6 @@ func NewREST(dynamicClient dynamic.Interface, config *config.Resource) *REST {
 		kindName:      config.Application.Kind,
 		singularName:  config.Application.Singular,
 		releaseConfig: config.Release,
-		specSchema:    specSchema,
 	}
 }
 
@@ -271,7 +254,6 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption
 			klog.Errorf("Invalid field selector: %v", err)
 			return nil, fmt.Errorf("invalid field selector: %v", err)
 		}
-
 		// Check if selector is for metadata.name
 		if name, exists := fs.RequiresExactMatch("metadata.name"); exists {
 			// Convert Application name to HelmRelease name
@@ -321,17 +303,8 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption
 		return nil, err
 	}
 
-	// Initialize empty Application list
-	appList := &appsv1alpha1.ApplicationList{
-		TypeMeta: metav1.TypeMeta{
-			APIVersion: "apps.cozystack.io/v1alpha1",
-			Kind:       "ApplicationList",
-		},
-		ListMeta: metav1.ListMeta{
-			ResourceVersion: hrList.GetResourceVersion(),
-		},
-		Items: []appsv1alpha1.Application{},
-	}
+	// Initialize unstructured items array
+	items := make([]unstructured.Unstructured, 0)
 
 	// Iterate over HelmReleases and convert to Applications
 	for _, hr := range hrList.Items {
@@ -369,7 +342,6 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption
 				klog.Errorf("Invalid field selector: %v", err)
 				continue
 			}
-
 			fieldsSet := fields.Set{
 				"metadata.name":      app.Name,
 				"metadata.namespace": app.Namespace,
@@ -379,10 +351,23 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption
 			}
 		}
 
-		appList.Items = append(appList.Items, app)
+		// Convert Application to unstructured
+		unstructuredApp, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&app)
+		if err != nil {
+			klog.Errorf("Error converting Application %s to unstructured: %v", app.Name, err)
+			continue
+		}
+		items = append(items, unstructured.Unstructured{Object: unstructuredApp})
 	}
 
-	klog.V(6).Infof("Successfully listed %d Application resources in namespace %s", len(appList.Items), namespace)
+	// Explicitly set apiVersion and kind in unstructured object
+	appList := &unstructured.UnstructuredList{}
+	appList.SetAPIVersion("apps.cozystack.io/v1alpha1")
+	appList.SetKind(r.kindName + "List")
+	appList.SetResourceVersion(hrList.GetResourceVersion())
+	appList.Items = items
+
+	klog.V(6).Infof("Successfully listed %d Application resources in namespace %s", len(items), namespace)
 	return appList, nil
 }
 
@@ -935,10 +920,6 @@ func (r *REST) ConvertHelmReleaseToApplication(hr *unstructured.Unstructured) (a
 		return appsv1alpha1.Application{}, err
 	}
 
-	if err := r.applySpecDefaults(&app); err != nil {
-		return app, fmt.Errorf("defaulting error: %w", err)
-	}
-
 	klog.V(6).Infof("Successfully converted HelmRelease %s to Application", hr.GetName())
 	return app, nil
 }
@@ -1036,6 +1017,19 @@ func (r *REST) ConvertToTable(ctx context.Context, object runtime.Object, tableO
 	case *appsv1alpha1.Application:
 		table = r.buildTableFromApplication(*obj)
 		table.ListMeta.ResourceVersion = obj.GetResourceVersion()
+	case *unstructured.UnstructuredList:
+		apps := make([]appsv1alpha1.Application, 0, len(obj.Items))
+		for _, u := range obj.Items {
+			var a appsv1alpha1.Application
+			err := runtime.DefaultUnstructuredConverter.FromUnstructured(u.Object, &a)
+			if err != nil {
+				klog.Errorf("Failed to convert Unstructured to Application: %v", err)
+				continue
+			}
+			apps = append(apps, a)
+		}
+		table = r.buildTableFromApplications(apps)
+		table.ListMeta.ResourceVersion = obj.GetResourceVersion()
 	case *unstructured.Unstructured:
 		var app appsv1alpha1.Application
 		err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &app)
@@ -1067,7 +1061,6 @@ func (r *REST) ConvertToTable(ctx context.Context, object runtime.Object, tableO
 	}
 
 	klog.V(6).Infof("ConvertToTable: returning table with %d rows", len(table.Rows))
-
 	return &table, nil
 }
 
@@ -1191,28 +1184,3 @@ func (e errNotAcceptable) Status() metav1.Status {
 		Message: e.Error(),
 	}
 }
-
-// applySpecDefaults applies default values to the Application spec based on the schema
-func (r *REST) applySpecDefaults(app *appsv1alpha1.Application) error {
-	if r.specSchema == nil {
-		return nil
-	}
-	var m map[string]any
-	if app.Spec != nil && len(app.Spec.Raw) > 0 {
-		if err := json.Unmarshal(app.Spec.Raw, &m); err != nil {
-			return err
-		}
-	}
-	if m == nil {
-		m = map[string]any{}
-	}
-
-	schemadefault.Default(m, r.specSchema)
-
-	raw, err := json.Marshal(m)
-	if err != nil {
-		return err
-	}
-	app.Spec = &apiextv1.JSON{Raw: raw}
-	return nil
-}

scripts/migrations/17

@@ -0,0 +1,10 @@
+#!/bin/sh
+# Migration 17 --> 18
+
+# Upgrade kubernetes.apps to new chart version
+kubectl get kuberneteses.apps.cozystack.io -A --no-headers --output=custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name' | while read NAMESPACE NAME; do
+  kubectl patch kuberneteses.apps.cozystack.io -n "$NAMESPACE" "$NAME" --type merge -p '{"appVersion":"0.26.1"}'
+done
+
+# Write version to cozystack-version config
+kubectl create configmap -n cozy-system cozystack-version --from-literal=version=18 --dry-run=client -o yaml | kubectl apply -f-