Release v0.34.8 (#1337 )

This PR prepares the release `v0.34.8`.
Prepare release v0.34.8
2026-03-03 13:38:56 +00:00 · 2025-08-12 19:52:37 +03:00 · 2025-08-12 12:42:46 +00:00 · 2025-08-12 15:36:20 +03:00 · 2025-08-12 12:35:57 +00:00 · 2025-08-12 14:09:23 +03:00
67 changed files with 497 additions and 232 deletions
--- a/.github/workflows/tags.yaml
+++ b/.github/workflows/tags.yaml
@@ -149,36 +149,35 @@ jobs:
          version:     ${{ steps.tag.outputs.tag }}            # A
          compare-to:  ${{ steps.latest_release.outputs.tag }} # B

-      # Create or reuse DRAFT GitHub Release
+      # Create or reuse draft release
      - name: Create / reuse draft release
        if: steps.check_release.outputs.skip == 'false'
        id: release
        uses: actions/github-script@v7
        with:
          script: |
-            const tag        = '${{ steps.tag.outputs.tag }}';
-            const isRc       = ${{ steps.tag.outputs.is_rc }};
-            const outdated   = '${{ steps.semver.outputs.comparison-result }}' === '<';
-            const makeLatest = outdated ? false : 'legacy';
-            const releases   = await github.rest.repos.listReleases({
+            const tag      = '${{ steps.tag.outputs.tag }}';
+            const isRc     = ${{ steps.tag.outputs.is_rc }};
+            const releases = await github.rest.repos.listReleases({
              owner: context.repo.owner,
              repo:  context.repo.repo
            });
-            let rel          = releases.data.find(r => r.tag_name === tag);
+
+            let rel = releases.data.find(r => r.tag_name === tag);
            if (!rel) {
              rel = await github.rest.repos.createRelease({
                owner: context.repo.owner,
                repo:  context.repo.repo,
-                tag_name:    tag,
-                name:        tag,
-                draft:       true,
-                prerelease:  isRc,
-                make_latest: makeLatest
+                tag_name:   tag,
+                name:       tag,
+                draft:      true,
+                prerelease: isRc               // no make_latest for drafts
              });
              console.log(`Draft release created for ${tag}`);
            } else {
              console.log(`Re-using existing release ${tag}`);
            }
+
            core.setOutput('upload_url', rel.upload_url);

      # Build + upload assets (optional)
--- a/1
+++ b/1
@@ -22,6 +22,7 @@ build: build-deps
 	make -C packages/system/metallb image
 	make -C packages/system/kamaji image
 	make -C packages/system/bucket image
+	make -C packages/system/objectstorage-controller image
 	make -C packages/core/testing image
 	make -C packages/core/installer image
 	make manifests
--- a/hack/e2e-apps/bucket.bats
+++ b/hack/e2e-apps/bucket.bats
@@ -0,0 +1,47 @@
+#!/usr/bin/env bats
+
+@test "Create and Verify Seeweedfs Bucket" {
+  # Create the bucket resource
+  name='test'
+  kubectl apply -f - <<EOF
+apiVersion: apps.cozystack.io/v1alpha1
+kind: Bucket
+metadata:
+  name: ${name}
+  namespace: tenant-test
+spec: {}
+EOF
+
+  # Wait for the bucket to be ready
+  kubectl -n tenant-test wait hr bucket-${name} --timeout=100s --for=condition=ready
+  kubectl -n tenant-test wait bucketclaims.objectstorage.k8s.io bucket-${name} --timeout=300s --for=jsonpath='{.status.bucketReady}'
+  kubectl -n tenant-test wait bucketaccesses.objectstorage.k8s.io bucket-${name} --timeout=300s --for=jsonpath='{.status.accessGranted}'
+
+  # Get and decode credentials
+  kubectl -n tenant-test get secret bucket-${name} -ojsonpath='{.data.BucketInfo}' | base64 -d > bucket-test-credentials.json
+
+  # Get credentials from the secret
+  ACCESS_KEY=$(jq -r '.spec.secretS3.accessKeyID' bucket-test-credentials.json)
+  SECRET_KEY=$(jq -r '.spec.secretS3.accessSecretKey' bucket-test-credentials.json)
+  BUCKET_NAME=$(jq -r '.spec.bucketName' bucket-test-credentials.json)
+
+  # Start port-forwarding
+  bash -c 'timeout 100s kubectl port-forward service/seaweedfs-s3 -n tenant-root 8333:8333 > /dev/null 2>&1 &'
+
+  # Wait for port-forward to be ready
+  timeout 30 sh -ec 'until nc -z localhost 8333; do sleep 1; done'
+
+  # Set up MinIO alias with error handling
+  mc alias set local https://localhost:8333 $ACCESS_KEY $SECRET_KEY --insecure
+
+  # Upload file to bucket
+  mc cp bucket-test-credentials.json $BUCKET_NAME/bucket-test-credentials.json
+
+  # Verify file was uploaded
+  mc ls $BUCKET_NAME/bucket-test-credentials.json
+
+  # Clean up uploaded file
+  mc rm $BUCKET_NAME/bucket-test-credentials.json
+
+  kubectl -n tenant-test delete bucket.apps.cozystack.io ${name}
+}
--- a/hack/e2e-install-cozystack.bats
+++ b/hack/e2e-install-cozystack.bats
@@ -123,10 +123,10 @@ EOF

@test "Configure Tenant and wait for applications" {
  # Patch root tenant and wait for its releases
-  kubectl patch tenants/root -n tenant-root --type merge -p '{"spec":{"host":"example.org","ingress":true,"monitoring":true,"etcd":true,"isolated":true}}'
+  kubectl patch tenants/root -n tenant-root --type merge -p '{"spec":{"host":"example.org","ingress":true,"monitoring":true,"etcd":true,"isolated":true, "seaweedfs": true}}'

-  timeout 60 sh -ec 'until kubectl get hr -n tenant-root etcd ingress monitoring tenant-root >/dev/null 2>&1; do sleep 1; done'
-  kubectl wait hr/etcd hr/ingress hr/tenant-root -n tenant-root --timeout=2m --for=condition=ready
+  timeout 60 sh -ec 'until kubectl get hr -n tenant-root etcd ingress monitoring seaweedfs tenant-root >/dev/null 2>&1; do sleep 1; done'
+  kubectl wait hr/etcd hr/ingress hr/tenant-root hr/seaweedfs -n tenant-root --timeout=4m --for=condition=ready

  if ! kubectl wait hr/monitoring -n tenant-root --timeout=2m --for=condition=ready; then
    flux reconcile hr monitoring -n tenant-root --force
--- a/packages/apps/http-cache/images/nginx-cache.tag
+++ b/packages/apps/http-cache/images/nginx-cache.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.6.1@sha256:e0a07082bb6fc6aeaae2315f335386f1705a646c72f9e0af512aebbca5cb2b15
+ghcr.io/cozystack/cozystack/nginx-cache:0.6.1@sha256:50ac1581e3100bd6c477a71161cb455a341ffaf9e5e2f6086802e4e25271e8af
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.26.0
+version: 0.26.3

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/kubernetes/images/cluster-autoscaler.tag
+++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.26.0@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.26.3@sha256:e4fbb7d2043f25b90cc8840468d0880e9d3d72ae8b1c8801bf8c35f944cc485d
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.26.0@sha256:49843a0b670eab061627e48df338b2b8bc9f577dc2cfd4c2ed4071e02e64b424
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.26.3@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider/Dockerfile
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider/Dockerfile
@@ -21,6 +21,6 @@ RUN go mod vendor

 RUN CGO_ENABLED=0 go build -mod=vendor -ldflags="-s -w" -o bin/kubevirt-cloud-controller-manager ./cmd/kubevirt-cloud-controller-manager

-FROM registry.access.redhat.com/ubi9/ubi-micro
+FROM scratch
 COPY --from=builder /go/src/kubevirt.io/cloud-provider-kubevirt/bin/kubevirt-cloud-controller-manager /bin/kubevirt-cloud-controller-manager
 ENTRYPOINT [ "/bin/kubevirt-cloud-controller-manager" ]
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.0@sha256:445c2727b04ac68595b43c988ff17b3d69a7b22b0644fde3b10c65b47a7bc036
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.3@sha256:df3a2f503b4a035567b20b81a0f105c15971274fd675101c3b3eb2413d966d2e
--- a/packages/apps/kubernetes/templates/helmreleases/csi.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/csi.yaml
@@ -35,6 +35,8 @@ spec:
    storageClass: "{{ . }}"
  {{- end }}
  dependsOn:
+  - name: {{ .Release.Name }}-vsnap-crd
+    namespace: {{ .Release.Namespace }}
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
  - name: {{ .Release.Name }}
    namespace: {{ .Release.Namespace }}
--- a/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml
@@ -3,6 +3,7 @@
 {{- $clusterDomain := (index $cozyConfig.data "cluster-domain") | default "cozy.local" }}
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $targetTenant := index $myNS.metadata.annotations "namespace.cozystack.io/monitoring" }}
+vpaForVPA: false
 vertical-pod-autoscaler:
  recommender:
    extraArgs:
--- a/packages/apps/kubernetes/templates/helmreleases/volumesnapshot_crd.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/volumesnapshot_crd.yaml
@@ -1,16 +1,16 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
-  name: {{ .Release.Name }}-volumesnapshot-crd-for-tenant-k8s
+  name: {{ .Release.Name }}-vsnap-crd
  labels:
    cozystack.io/repository: system
    cozystack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
-  releaseName: volumesnapshot-crd-for-tenant-k8s
+  releaseName: vsnap-crd
  chart:
    spec:
-      chart: cozy-volumesnapshot-crd-for-tenant-k8s
+      chart: cozy-vsnap-crd
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
@@ -21,8 +21,8 @@ spec:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
      key: super-admin.svc
-  targetNamespace: cozy-volumesnapshot-crd-for-tenant-k8s
-  storageNamespace: cozy-volumesnapshot-crd-for-tenant-k8s
+  targetNamespace: cozy-vsnap-crd
+  storageNamespace: cozy-vsnap-crd
  install:
    createNamespace: true
    remediation:
--- a/packages/apps/tenant/Chart.yaml
+++ b/packages/apps/tenant/Chart.yaml
@@ -4,4 +4,4 @@ description: Separated tenant namespace
 icon: /logos/tenant.svg

 type: application
-version: 1.11.1
+version: 1.11.2
--- a/packages/apps/tenant/templates/networkpolicy.yaml
+++ b/packages/apps/tenant/templates/networkpolicy.yaml
@@ -48,6 +48,20 @@ spec:
    {{- range $i, $v := $parts }}
    {{- if ne $i 0 }}
    - matchLabels:
+        "k8s:app.kubernetes.io/name": "vminsert"
+        "k8s:io.kubernetes.pod.namespace": {{ join "-" (slice $parts 0 (add $i 1)) }}
+    {{- end }}
+    {{- end }}
+    {{- end }}
+  {{- end }}    
+  {{- if ne (include "tenant.name" .) "tenant-root" }}
+  - toEndpoints:
+    {{- if hasPrefix "tenant-" .Release.Namespace }}
+    {{- $parts := splitList "-" .Release.Namespace }}
+    {{- range $i, $v := $parts }}
+    {{- if ne $i 0 }}
+    - matchLabels:
+        "k8s:app.kubernetes.io/instance": "etcd"
        "k8s:io.kubernetes.pod.namespace": {{ join "-" (slice $parts 0 (add $i 1)) }}
    {{- end }}
    {{- end }}
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -61,7 +61,10 @@ kubernetes 0.24.0 62cb694d
 kubernetes 0.25.0 70f82667
 kubernetes 0.25.1 acd4663a
 kubernetes 0.25.2 08cb7c0f
-kubernetes 0.26.0 HEAD
+kubernetes 0.26.0 9584e5f5
+kubernetes 0.26.1 0e47e1e8
+kubernetes 0.26.2 8ddbe32e
+kubernetes 0.26.3 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e
@@ -151,7 +154,8 @@ tcp-balancer 0.5.0 08cb7c0f
 tcp-balancer 0.5.1 HEAD
 tenant 1.10.0 4369b031
 tenant 1.11.0 08cb7c0f
-tenant 1.11.1 HEAD
+tenant 1.11.1 28c9fcd6
+tenant 1.11.2 HEAD
 virtual-machine 0.1.4 f2015d65
 virtual-machine 0.1.5 263e47be
 virtual-machine 0.2.0 c0685f43
@@ -171,7 +175,8 @@ virtual-machine 0.10.2 632224a3
 virtual-machine 0.11.0 4369b031
 virtual-machine 0.12.0 acd4663a
 virtual-machine 0.12.1 909208ba
-virtual-machine 0.12.2 HEAD
+virtual-machine 0.12.2 8ddbe32e
+virtual-machine 0.12.3 HEAD
 vm-disk 0.1.0 d971f2ff
 vm-disk 0.1.1 6130f43d
 vm-disk 0.1.2 632224a3
@@ -190,7 +195,8 @@ vm-instance 0.7.2 632224a3
 vm-instance 0.8.0 4369b031
 vm-instance 0.9.0 acd4663a
 vm-instance 0.10.0 909208ba
-vm-instance 0.10.1 HEAD
+vm-instance 0.10.1 8ddbe32e
+vm-instance 0.10.2 HEAD
 vpn 0.1.0 263e47be
 vpn 0.2.0 53f2365e
 vpn 0.3.0 6c5cf5bf
--- a/packages/apps/virtual-machine/Chart.yaml
+++ b/packages/apps/virtual-machine/Chart.yaml
@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.12.2
+version: 0.12.3

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/virtual-machine/Makefile
+++ b/packages/apps/virtual-machine/Makefile
@@ -3,10 +3,10 @@ include ../../../scripts/package.mk
 generate:
 	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
 	yq -o json -i '.properties.gpus.items.type = "object" | .properties.gpus.default = []' values.schema.json
-	INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
-	  && yq -i -o json ".properties.instanceType.optional=true | .properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
+	# INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
+	#  && yq -i -o json ".properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
 	PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \
-	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
+	  && yq -i -o json ".properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
 	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
 	yq -i -o json '.properties.systemDisk.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' values.schema.json
 	yq -i -o json '.properties.externalMethod.enum = ["PortList", "WholeIP"]' values.schema.json
--- a/packages/apps/virtual-machine/values.schema.json
+++ b/packages/apps/virtual-machine/values.schema.json
@@ -44,7 +44,6 @@
      "default": "ubuntu",
      "description": "Virtual Machine preferences profile",
      "type": "string",
-      "optional": true,
      "enum": [
        "alpine",
        "centos.7",
@@ -94,59 +93,7 @@
    "instanceType": {
      "default": "u1.medium",
      "description": "Virtual Machine instance type",
-      "type": "string",
-      "optional": true,
-      "enum": [
-        "cx1.2xlarge",
-        "cx1.4xlarge",
-        "cx1.8xlarge",
-        "cx1.large",
-        "cx1.medium",
-        "cx1.xlarge",
-        "gn1.2xlarge",
-        "gn1.4xlarge",
-        "gn1.8xlarge",
-        "gn1.xlarge",
-        "m1.2xlarge",
-        "m1.4xlarge",
-        "m1.8xlarge",
-        "m1.large",
-        "m1.xlarge",
-        "n1.2xlarge",
-        "n1.4xlarge",
-        "n1.8xlarge",
-        "n1.large",
-        "n1.medium",
-        "n1.xlarge",
-        "o1.2xlarge",
-        "o1.4xlarge",
-        "o1.8xlarge",
-        "o1.large",
-        "o1.medium",
-        "o1.micro",
-        "o1.nano",
-        "o1.small",
-        "o1.xlarge",
-        "rt1.2xlarge",
-        "rt1.4xlarge",
-        "rt1.8xlarge",
-        "rt1.large",
-        "rt1.medium",
-        "rt1.micro",
-        "rt1.small",
-        "rt1.xlarge",
-        "u1.2xlarge",
-        "u1.2xmedium",
-        "u1.4xlarge",
-        "u1.8xlarge",
-        "u1.large",
-        "u1.medium",
-        "u1.micro",
-        "u1.nano",
-        "u1.small",
-        "u1.xlarge",
-        ""
-      ]
+      "type": "string"
    },
    "resources": {
      "properties": {
--- a/packages/apps/vm-instance/Chart.yaml
+++ b/packages/apps/vm-instance/Chart.yaml
@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.10.1
+version: 0.10.2

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/vm-instance/Makefile
+++ b/packages/apps/vm-instance/Makefile
@@ -4,9 +4,9 @@ generate:
 	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
 	yq -o json -i '.properties.disks.items.type = "object" | .properties.disks.default = []' values.schema.json
 	yq -o json -i '.properties.gpus.items.type = "object" | .properties.gpus.default = []' values.schema.json
-	INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
-	  && yq -i -o json ".properties.instanceType.optional=true | .properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
+	#INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
+	#  && yq -i -o json ".properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
 	PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \
-	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
+	  && yq -i -o json ".properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
 	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
 	yq -i -o json '.properties.externalMethod.enum = ["PortList", "WholeIP"]' values.schema.json
--- a/packages/apps/vm-instance/values.schema.json
+++ b/packages/apps/vm-instance/values.schema.json
@@ -52,7 +52,6 @@
      "default": "ubuntu",
      "description": "Virtual Machine preferences profile",
      "type": "string",
-      "optional": true,
      "enum": [
        "alpine",
        "centos.7",
@@ -102,59 +101,7 @@
    "instanceType": {
      "default": "u1.medium",
      "description": "Virtual Machine instance type",
-      "type": "string",
-      "optional": true,
-      "enum": [
-        "cx1.2xlarge",
-        "cx1.4xlarge",
-        "cx1.8xlarge",
-        "cx1.large",
-        "cx1.medium",
-        "cx1.xlarge",
-        "gn1.2xlarge",
-        "gn1.4xlarge",
-        "gn1.8xlarge",
-        "gn1.xlarge",
-        "m1.2xlarge",
-        "m1.4xlarge",
-        "m1.8xlarge",
-        "m1.large",
-        "m1.xlarge",
-        "n1.2xlarge",
-        "n1.4xlarge",
-        "n1.8xlarge",
-        "n1.large",
-        "n1.medium",
-        "n1.xlarge",
-        "o1.2xlarge",
-        "o1.4xlarge",
-        "o1.8xlarge",
-        "o1.large",
-        "o1.medium",
-        "o1.micro",
-        "o1.nano",
-        "o1.small",
-        "o1.xlarge",
-        "rt1.2xlarge",
-        "rt1.4xlarge",
-        "rt1.8xlarge",
-        "rt1.large",
-        "rt1.medium",
-        "rt1.micro",
-        "rt1.small",
-        "rt1.xlarge",
-        "u1.2xlarge",
-        "u1.2xmedium",
-        "u1.4xlarge",
-        "u1.8xlarge",
-        "u1.large",
-        "u1.medium",
-        "u1.micro",
-        "u1.nano",
-        "u1.small",
-        "u1.xlarge",
-        ""
-      ]
+      "type": "string"
    },
    "resources": {
      "properties": {
--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.34.0@sha256:3716c495c7d5c1f321e59cdc445e0853e8219932ee40e07ffcec99da7fcc7c6c
+  image: ghcr.io/cozystack/cozystack/installer:v0.34.8@sha256:c9dae64d1cbb3882749aae3af47e63152a835cb603af12ba573618c0d0940437
--- a/packages/core/testing/images/e2e-sandbox/Dockerfile
+++ b/packages/core/testing/images/e2e-sandbox/Dockerfile
@@ -19,6 +19,7 @@ RUN curl -sSL "https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_${TA
 && chmod +x /usr/local/bin/yq
 RUN curl -sSL "https://fluxcd.io/install.sh" | bash
 RUN curl -sSL "https://github.com/cozystack/cozypkg/raw/refs/heads/main/hack/install.sh" | sh -s -- -v "${COZYPKG_VERSION}"
-
+RUN curl https://dl.min.io/client/mc/release/${TARGETOS}-${TARGETARCH}/mc --create-dirs -o  /usr/local/bin/mc \
+&& chmod +x /usr/local/bin/mc
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
--- a/packages/core/testing/values.yaml
+++ b/packages/core/testing/values.yaml
@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.34.0@sha256:2c7dab87c149b63f74f18a591f38b1253ab581055351aec81816519245bc04aa
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.34.8@sha256:f88293295f95419e0ec5484430ae3b46c58dc07050ccb12104b7b0e7902b1712
--- a/packages/extra/bootbox/images/matchbox.tag
+++ b/packages/extra/bootbox/images/matchbox.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.34.0@sha256:22a11dd07e3eaed843c1ab4f589b629740159a65aeeec9afc495ddd818868dfc
+ghcr.io/cozystack/cozystack/matchbox:v0.34.8@sha256:9280492dad668db1aeb678e1d5d5cf29a86ada26776fbcbe36bbfa1fc1e9d311
--- a/packages/extra/etcd/Chart.yaml
+++ b/packages/extra/etcd/Chart.yaml
@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: /logos/etcd.svg
 type: application
-version: 2.9.0
+version: 2.9.1
--- a/packages/extra/etcd/templates/etcd-cluster.yaml
+++ b/packages/extra/etcd/templates/etcd-cluster.yaml
@@ -49,6 +49,14 @@ spec:
        {{- with .Values.resources }}
        resources: {{- include "cozy-lib.resources.sanitize" (list . $) | nindent 10 }}
        {{- end }}
+    {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }}
+    {{- $rawConstraints := "" }}
+    {{- if $configMap }}
+      {{- $rawConstraints = get $configMap.data "globalAppTopologySpreadConstraints" }}
+    {{- end }}
+    {{- if $rawConstraints }}
+      {{- $rawConstraints | fromYaml | toYaml | nindent 6 }}
+    {{- else }}
      topologySpreadConstraints:
      - maxSkew: 1
        topologyKey: "kubernetes.io/hostname"
@@ -56,6 +64,7 @@ spec:
        labelSelector:
          matchLabels:
            app.kubernetes.io/instance: etcd
+    {{- end }}
  podDisruptionBudgetTemplate: {}
 ---
 apiVersion: cert-manager.io/v1
--- a/packages/extra/seaweedfs/Chart.yaml
+++ b/packages/extra/seaweedfs/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.0
+version: 0.6.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/extra/seaweedfs/Makefile
+++ b/packages/extra/seaweedfs/Makefile
@@ -4,4 +4,4 @@ include ../../../scripts/package.mk

 generate:
 	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -o json -i '.properties.topology.enum = ["Simple","MultiZone"]' values.schema.json
+	yq -o json -i '.properties.topology.enum = ["Simple","MultiZone","Client"]' values.schema.json
--- a/packages/extra/seaweedfs/README.md
+++ b/packages/extra/seaweedfs/README.md
@@ -7,9 +7,12 @@
 | Name                | Description                                                                                            | Value    |
 | ------------------- | ------------------------------------------------------------------------------------------------------ | -------- |
 | `host`              | The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host). | `""`     |
-| `topology`          | The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone)                             | `Simple` |
+| `topology`          | The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone, Client)                     | `Simple` |
 | `replicationFactor` | The number of replicas for each volume in the SeaweedFS cluster.                                       | `2`      |
 | `replicas`          | Persistent Volume size for SeaweedFS                                                                   | `2`      |
 | `size`              | Persistent Volume size                                                                                 | `10Gi`   |
 | `storageClass`      | StorageClass used to store the data                                                                    | `""`     |
 | `zones`             | A map of zones for MultiZone topology. Each zone can have its own number of replicas and size.         | `{}`     |
+| `filer.grpcHost`    | The hostname used to expose or access the filer service externally.                                    | `""`     |
+| `filer.grpcPort`    | The port used to access the filer service externally.                                                  | `443`    |
+| `filer.whitelist`   | A list of IP addresses or CIDR ranges that are allowed to access the filer service.                    | `[]`     |
--- a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag
+++ b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag
@@ -0,0 +1 @@
+ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.35.0-alpha.1@sha256:e4f9a7302285ea9febeb28fc2fa97cb7c01bb91e602f975c31aad1fe46f778f7
--- a/packages/extra/seaweedfs/images/seaweedfs-cosi-driver.tag
+++ b/packages/extra/seaweedfs/images/seaweedfs-cosi-driver.tag
@@ -0,0 +1 @@
+ghcr.io/seaweedfs/seaweedfs-cosi-driver:v0.2.0
--- a/packages/extra/seaweedfs/templates/client/cosi-bucket-class.yaml
+++ b/packages/extra/seaweedfs/templates/client/cosi-bucket-class.yaml
@@ -0,0 +1,16 @@
+{{- if eq .Values.topology "Client" }}
+---
+kind: BucketClass
+apiVersion: objectstorage.k8s.io/v1alpha1
+metadata:
+  name: {{ .Release.Namespace }}
+driverName: {{ .Release.Namespace }}.seaweedfs.objectstorage.k8s.io
+deletionPolicy: Delete
+---
+kind: BucketAccessClass
+apiVersion: objectstorage.k8s.io/v1alpha1
+metadata:
+  name: {{ .Release.Namespace }}
+driverName: {{ .Release.Namespace }}.seaweedfs.objectstorage.k8s.io
+authenticationType: KEY
+{{- end }}
--- a/packages/extra/seaweedfs/templates/client/cosi-cluster-role.yaml
+++ b/packages/extra/seaweedfs/templates/client/cosi-cluster-role.yaml
@@ -0,0 +1,61 @@
+{{- if eq .Values.topology "Client" }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Release.Namespace }}-objectstorage-provisioner
+rules:
+- apiGroups: ["objectstorage.k8s.io"]
+  resources:
+    - "buckets"
+    - "bucketaccesses"
+    - "bucketclaims"
+    - "bucketclasses"
+    - "bucketclasses/status"
+    - "bucketaccessclasses"
+    - "buckets/status"
+    - "bucketaccesses/status"
+    - "bucketclaims/status"
+    - "bucketaccessclasses/status"
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "update"
+    - "create"
+    - "delete"
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs:
+    - "get"
+    - "watch"
+    - "list"
+    - "delete"
+    - "update"
+    - "create"
+- apiGroups: [""]
+  resources:
+    - "secrets"
+    - "events"
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "update"
+    - "create"
+    - "delete"
+    - "patch"
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Release.Namespace }}-objectstorage-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}-objectstorage-provisioner
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Release.Namespace }}-objectstorage-provisioner
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
--- a/packages/extra/seaweedfs/templates/client/cosi-deployment.yaml
+++ b/packages/extra/seaweedfs/templates/client/cosi-deployment.yaml
@@ -0,0 +1,88 @@
+{{- if eq .Values.topology "Client" }}
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $.Release.Name }}-objectstorage-provisioner
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: objectstorage-provisioner
+    app.kubernetes.io/instance: seaweedfs
+    app.kubernetes.io/name: {{ $.Release.Name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: objectstorage-provisioner
+      app.kubernetes.io/instance: seaweedfs
+      app.kubernetes.io/name: {{ $.Release.Name }}
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        policy.cozystack.io/allow-to-apiserver: "true"
+        app.kubernetes.io/component: objectstorage-provisioner
+        app.kubernetes.io/instance: seaweedfs
+        app.kubernetes.io/name: {{ $.Release.Name }}
+    spec:
+      containers:
+      - name: seaweedfs-cosi-driver
+        image: "{{ $.Files.Get "images/seaweedfs-cosi-driver.tag" | trim }}"
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: DRIVERNAME
+          value: {{ .Release.Namespace }}.seaweedfs.objectstorage.k8s.io
+        - name: ENDPOINT
+          value: https://{{ .Values.host | default (printf "s3.%s" $host) }}
+        - name: SEAWEEDFS_FILER
+          value: "{{ .Values.filer.grpcHost }}:{{ .Values.filer.grpcPort }}"
+        - name: WEED_GRPC_CLIENT_KEY
+          value: /usr/local/share/ca-certificates/client/tls.key
+        - name: WEED_GRPC_CLIENT_CERT
+          value: /usr/local/share/ca-certificates/client/tls.crt
+        - name: WEED_GRPC_CA
+          value: /usr/local/share/ca-certificates/client/ca.crt
+        resources:
+          limits:
+            cpu: 500m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
+        volumeMounts:
+        - mountPath: /var/lib/cosi
+          name: socket
+        - mountPath: /usr/local/share/ca-certificates/client/
+          name: client-cert
+          readOnly: true
+      - name: seaweedfs-cosi-sidecar
+        image: "{{ $.Files.Get "images/objectstorage-sidecar.tag" | trim }}"
+        imagePullPolicy: IfNotPresent
+        args:
+        - --v=5
+        env:
+        - name: POD_NAMESPACE
+          value: {{ .Release.Namespace }}
+        volumeMounts:
+        - mountPath: /var/lib/cosi
+          name: socket
+      enableServiceLinks: false
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 10
+      serviceAccountName: {{ .Release.Name }}-objectstorage-provisioner
+      volumes:
+      - name: socket
+        emptyDir: {}
+      - name: client-cert
+        secret:
+          defaultMode: 420
+          secretName: seaweedfs-client-cert
+{{- end }}
--- a/packages/extra/seaweedfs/templates/client/cosi-service-account.yaml
+++ b/packages/extra/seaweedfs/templates/client/cosi-service-account.yaml
@@ -0,0 +1,8 @@
+{{- if eq .Values.topology "Client" }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}-objectstorage-provisioner
+  namespace: {{ .Release.Namespace }}
+automountServiceAccountToken: true
+{{- end }}
--- a/packages/extra/seaweedfs/templates/cm.yaml
+++ b/packages/extra/seaweedfs/templates/cm.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ .Release.Name }}-deployed-topology"
+data:
+  topology: {{ quote .Values.topology }}
--- a/packages/extra/seaweedfs/templates/dashboard-resourcemap.yaml
+++ b/packages/extra/seaweedfs/templates/dashboard-resourcemap.yaml
@@ -3,6 +3,7 @@ kind: Role
 metadata:
  name: {{ .Release.Name }}-dashboard-resources
 rules:
+{{- if not (eq .Values.topology "Client") }}
 - apiGroups:
  - ""
  resources:
@@ -27,13 +28,15 @@ rules:
  - {{ $.Release.Name }}-volume
  - {{ $.Release.Name }}-db
  verbs: ["get", "list", "watch"]
+{{- end }}
+
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: {{ .Release.Name }}-dashboard-resources
 subjects:
-{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "admin" .Release.Namespace) }}
+{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "super-admin" .Release.Namespace) }}
 roleRef:
  kind: Role
  name: {{ .Release.Name }}-dashboard-resources
--- a/packages/extra/seaweedfs/templates/ingress.yaml
+++ b/packages/extra/seaweedfs/templates/ingress.yaml
@@ -0,0 +1,44 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
+
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+{{- if and (not (eq .Values.topology "Client")) (.Values.filer.grpcHost) }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: GRPCS
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," (.Values.filer.whitelist | default "0.0.0.0/32") }}"
+  name: seaweedfs-filer-external
+spec:
+  ingressClassName: tenant-root
+  rules:
+  - host: {{ .Values.filer.grpcHost | default (printf "filer.%s" $host) }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ $.Release.Name }}-filer-external
+            port:
+              number: 18888
+        path: /
+        pathType: ImplementationSpecific
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $.Release.Name }}-filer-external
+spec:
+  ports:
+  - name: swfs-filer-grpc
+    port: 18888
+    protocol: TCP
+    targetPort: 18888
+  selector:
+    app.kubernetes.io/component: filer
+    app.kubernetes.io/name: {{ $.Release.Name }}
+{{- end }}
--- a/packages/extra/seaweedfs/templates/seaweedfs.yaml
+++ b/packages/extra/seaweedfs/templates/seaweedfs.yaml
@@ -1,6 +1,9 @@
 {{- /* Preflight checks for Helm template */ -}}
-{{- if not (has .Values.topology (list "Simple" "MultiZone")) }}
-{{-   fail "Invalid value for .Values.topology. Must be one of 'Simple' or 'MultiZone'." }}
+{{- if not (has .Values.topology (list "Simple" "MultiZone" "Client")) }}
+{{-   fail "Invalid value for .Values.topology. Must be one of 'Simple', 'MultiZone' or 'Client'." }}
+{{- end }}
+{{- if and (eq .Values.topology "Client") (not .Values.filer.grpcHost) }}
+{{-   fail "When topology is 'Client', .Values.filer.grpcHost must be set to a valid remote filer GRPC service endpoint." }}
 {{- end }}
 {{- if lt (int .Values.replicationFactor) 1 }}
 {{-   fail "Invalid value for .Values.replicationFactor. Must be at least 1." }}
@@ -13,16 +16,24 @@
 {{-     fail "replicationFactor must be less than or equal to the number of zones defined in .Values.zones." }}
 {{-   end }}
 {{- end }}
-{{- if lookup "v1" "PersistentVolumeClaim" "" (printf "%s-data1-seaweedfs-volume-0" .Release.Name) }}
-{{-   if eq .Values.topology "MultiZone" }}
-{{-     fail "Not allowed to switch between Simple and MultiZone topologies after the first deployment." }}
-{{-   end }}
+
+{{- $detectedTopology := "Unknown" }}
+{{- $configMap := lookup "v1" "ConfigMap" .Release.Namespace (printf "%s-deployed-topology" .Release.Name) }}
+{{- if $configMap }}
+{{-   $detectedTopology = dig "data" "topology" "Unknown" $configMap }}
 {{- else }}
-{{-   if and (eq .Values.topology "Simple") (.Release.IsUpgrade) }}
-{{-     fail "Not allowed to switch between Simple and MultiZone topologies after the first deployment." }}
+{{-   if lookup "v1" "PersistentVolumeClaim" .Release.Namespace (printf "data1-%s-volume-0" .Release.Name) }}
+{{-     $detectedTopology = "Simple" }}
+{{-   else if lookup "apps/v1" "StatefulSet" .Release.Namespace (printf "%s-master" .Release.Name) }}
+{{-     $detectedTopology = "MultiZone" }}
 {{-   end }}
 {{- end }}

+{{- if not (has $detectedTopology (list .Values.topology "Unknown")) }}
+{{-   fail (printf "Not allowed to switch between topologies after the first deployment: %s" $detectedTopology) }}
+{{- end }}
+
+{{- if not (eq .Values.topology "Client") }}
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
 {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
@@ -99,6 +110,7 @@ spec:
            {{- else if $.Values.storageClass }}
            storageClass: {{ $.Values.storageClass }}
            {{- end }}
+            maxVolumes: 0
          nodeSelector: |
            topology.kubernetes.io/zone: {{ $zoneName }}
          dataCenter: {{ $zone.dataCenter | default $zoneName }}
@@ -198,3 +210,4 @@ spec:
    cnpg.io/cluster: seaweedfs-db
    cnpg.io/podRole: instance
  version: {{ $.Chart.Version }}
+{{- end }}
--- a/packages/extra/seaweedfs/templates/vpa.yaml
+++ b/packages/extra/seaweedfs/templates/vpa.yaml
@@ -1,3 +1,4 @@
+{{- if not (eq .Values.topology "Client") }}
 apiVersion: autoscaling.k8s.io/v1
 kind: VerticalPodAutoscaler
 metadata:
@@ -64,3 +65,4 @@ spec:
        maxAllowed:
          cpu: "1"
          memory: 2048Mi
+{{- end }}
--- a/packages/extra/seaweedfs/values.schema.json
+++ b/packages/extra/seaweedfs/values.schema.json
@@ -1,5 +1,26 @@
 {
  "properties": {
+    "filer": {
+      "properties": {
+        "grpcHost": {
+          "default": "",
+          "description": "The hostname used to expose or access the filer service externally.",
+          "type": "string"
+        },
+        "grpcPort": {
+          "default": 443,
+          "description": "The port used to access the filer service externally.",
+          "type": "number"
+        },
+        "whitelist": {
+          "default": [],
+          "description": "A list of IP addresses or CIDR ranges that are allowed to access the filer service.",
+          "items": {},
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
    "host": {
      "default": "",
      "description": "The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host).",
@@ -27,11 +48,12 @@
    },
    "topology": {
      "default": "Simple",
-      "description": "The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone)",
+      "description": "The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone, Client)",
      "type": "string",
      "enum": [
        "Simple",
-        "MultiZone"
+        "MultiZone",
+        "Client"
      ]
    },
    "zones": {
--- a/packages/extra/seaweedfs/values.yaml
+++ b/packages/extra/seaweedfs/values.yaml
@@ -3,7 +3,7 @@
 ## @param host The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host).
 host: ""

-## @param topology The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone)
+## @param topology The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone, Client)
 ##
 topology: Simple

@@ -31,3 +31,11 @@ storageClass: ""
 ##     replicas: 2
 ##     size: 10Gi
 zones: {}
+
+## @param filer.grpcHost The hostname used to expose or access the filer service externally.
+## @param filer.grpcPort The port used to access the filer service externally.
+## @param filer.whitelist A list of IP addresses or CIDR ranges that are allowed to access the filer service.
+filer:
+  grpcHost: ""
+  grpcPort: 443
+  whitelist: []
--- a/packages/extra/versions_map
+++ b/packages/extra/versions_map
@@ -13,7 +13,8 @@ etcd 2.6.0 8c460528
 etcd 2.6.1 45a7416c
 etcd 2.7.0 632224a3
 etcd 2.8.0 4369b031
-etcd 2.9.0 HEAD
+etcd 2.9.0 8ddbe32e
+etcd 2.9.1 HEAD
 info 1.0.0 93bdf411
 info 1.0.1 632224a3
 info 1.1.0 HEAD
@@ -54,4 +55,5 @@ seaweedfs 0.2.1 fde4bcfa
 seaweedfs 0.3.0 45a7416c
 seaweedfs 0.4.0 632224a3
 seaweedfs 0.4.1 8c86905b
-seaweedfs 0.5.0 HEAD
+seaweedfs 0.5.0 9584e5f5
+seaweedfs 0.6.0 HEAD
--- a/packages/system/bucket/images/s3manager.tag
+++ b/packages/system/bucket/images/s3manager.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:208d8ea43b4b493ee0bea80606f6b3041a02460be79c52ed12aecccd35ec2a02
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:a9c0a5d5519b2da200d7d035fe30087ea4834fc8013a482848c160610b5b9716
--- a/packages/system/cozystack-api/values.yaml
+++ b/packages/system/cozystack-api/values.yaml
@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.34.0@sha256:dad88c168719dcaa0b2e6bab352a90f44f4e23c58f525f96841cfce357920bdf
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.34.8@sha256:86ef89a7be84761038cc25507a1b6e195c9f86c8051ac8aca8044dd8de39dedb
--- a/packages/system/cozystack-controller/values.yaml
+++ b/packages/system/cozystack-controller/values.yaml
@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.34.0@sha256:ef725447d1ddadbceb5218d6a2eb68b5fbace838173fbe00eb67ba72662ad171
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.34.8@sha256:cd4082e3672e793cbead467041ffb372d465085653614885f109fc7c582cd112
  debug: false
  disableTelemetry: false
-  cozystackVersion: "v0.34.0"
+  cozystackVersion: "v0.34.8"
--- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
@@ -76,7 +76,7 @@ data:
      "kubeappsNamespace": {{ .Release.Namespace | quote }},
      "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
      "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.34.0",
+      "appVersion": "v0.34.8",
      "authProxyEnabled": {{ .Values.authProxy.enabled }},
      "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
      "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
--- a/packages/system/dashboard/images/dashboard/Dockerfile
+++ b/packages/system/dashboard/images/dashboard/Dockerfile
@@ -1,7 +1,7 @@
 FROM bitnami/node:20.15.1 AS build
 WORKDIR /app

-ARG COMMIT_REF=cdf9095f50c74505870de337725d2a9d0bd20947
+ARG COMMIT_REF=4926bc68fabb0914afab574006643c85a597b371
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=2 kubeapps-${COMMIT_REF}/dashboard

 RUN yarn install --frozen-lockfile
--- a/packages/system/dashboard/images/kubeapps-apis/Dockerfile
+++ b/packages/system/dashboard/images/kubeapps-apis/Dockerfile
@@ -4,7 +4,7 @@
 # syntax = docker/dockerfile:1

 FROM alpine AS source
-ARG COMMIT_REF=cdf9095f50c74505870de337725d2a9d0bd20947
+ARG COMMIT_REF=4926bc68fabb0914afab574006643c85a597b371
 RUN apk add --no-cache patch
 WORKDIR /source
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1
--- a/packages/system/dashboard/values.yaml
+++ b/packages/system/dashboard/values.yaml
@@ -19,8 +19,8 @@ kubeapps:
    image:
      registry: ghcr.io/cozystack/cozystack
      repository: dashboard
-      tag: v0.34.0
-      digest: "sha256:ad4b95660b6c5c1b9736ca4768a3f9648705c2855d0a08880d570b4e480dba78"
+      tag: v0.34.8
+      digest: "sha256:54906b3d2492c8603a347a5938b6db36e5ed5c4149111cae1804ac9110361947"
  redis:
    master:
      resourcesPreset: "none"
@@ -37,8 +37,8 @@ kubeapps:
    image:
      registry: ghcr.io/cozystack/cozystack
      repository: kubeapps-apis
-      tag: v0.34.0
-      digest: "sha256:9f376d82db6802af32d137fef722237e1037e92ac8feb39131fcdfb5a0b02d30"
+      tag: v0.34.8
+      digest: "sha256:6a02c7ef1e851118472e80ec7dac961e7637a6d32f4bd35dc1d2f0b32bf217a3"
    pluginConfig:
      flux:
        packages:
--- a/packages/system/kamaji/Makefile
+++ b/packages/system/kamaji/Makefile
@@ -27,4 +27,5 @@ image:
 		yq -i '.kamaji.image.repository = strenv(REPOSITORY)' values.yaml
 	TAG=$(TAG)@$$(yq e '."containerimage.digest"' images/kamaji.json -o json -r) \
 		yq -i '.kamaji.image.tag = strenv(TAG)' values.yaml
+	yq -i '.kamaji.extraArgs[0] = "--migrate-image=" + .kamaji.image.repository + ":" + .kamaji.image.tag' values.yaml
 	rm -f images/kamaji.json
--- a/packages/system/kamaji/values.yaml
+++ b/packages/system/kamaji/values.yaml
@@ -3,7 +3,7 @@ kamaji:
    deploy: false
  image:
    pullPolicy: IfNotPresent
-    tag: v0.34.0@sha256:09465ae8285b4ae43203581e443409cd4e1e119dde62a5c14d63ce064fb840b0
+    tag: v0.34.8@sha256:908dc829ce8493607dffcf6de95e4993ff2bfc0d65949c501bd7119fad45127a
    repository: ghcr.io/cozystack/cozystack/kamaji
  resources:
    limits:
@@ -12,3 +12,5 @@ kamaji:
    requests:
      cpu: 100m
      memory: 100Mi
+  extraArgs:
+    - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.34.8@sha256:908dc829ce8493607dffcf6de95e4993ff2bfc0d65949c501bd7119fad45127a
--- a/packages/system/keycloak-configure/templates/configure-kk.yaml
+++ b/packages/system/keycloak-configure/templates/configure-kk.yaml
@@ -200,7 +200,7 @@ spec:
    - groups
    - kubernetes-client
  redirectUris:
-    - "http://dashboard.{{ $host }}/oauth2/callback/*"
+    - "https://dashboard.{{ $host }}/oauth2/callback/*"
    {{- range $i, $v := $extraRedirectUris }}
    - "{{ $v }}"
    {{- end }}
@@ -223,8 +223,7 @@ data:
        clientSecret: {{ $kubeappsClient }}
        cookieSecret: {{ $cookieSecret }}
        extraFlags:
-          - --ssl-insecure-skip-verify
-          - --cookie-secure=false
+          - --cookie-secure
          - --scope=openid email groups
          - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy

--- a/packages/system/kubeovn-webhook/values.yaml
+++ b/packages/system/kubeovn-webhook/values.yaml
@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.34.0@sha256:b7841916659646823f556b7ce299f6ed55a2d10ca81736c19e721a890efd4694
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.34.8@sha256:e6c845b65142d554d34187aef29afcbd8f67fae7dcc787255fb53de2b6103386
--- a/packages/system/kubeovn/values.yaml
+++ b/packages/system/kubeovn/values.yaml
@@ -64,4 +64,4 @@ global:
  images:
    kubeovn:
      repository: kubeovn
-      tag: v1.13.14@sha256:8409b093deada39a210784fd96461f16c1b1d5ae50e8a2285416b36a8ff6e13e
+      tag: v1.13.14@sha256:0f27c268300fe30fe3ad61d145fdb276d5dddba2d792aacc26f3f512f7ef205d
--- a/packages/system/volumesnapshot-crd-for-tenant-k8s/templates/volumesnapshotclass.yaml
+++ b/packages/system/volumesnapshot-crd-for-tenant-k8s/templates/volumesnapshotclass.yaml
--- a/packages/system/kubevirt-csi-node/values.yaml
+++ b/packages/system/kubevirt-csi-node/values.yaml
@@ -1,3 +1,3 @@
 storageClass: replicated
 csiDriver:
-  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.0@sha256:445c2727b04ac68595b43c988ff17b3d69a7b22b0644fde3b10c65b47a7bc036
+  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.3@sha256:df3a2f503b4a035567b20b81a0f105c15971274fd675101c3b3eb2413d966d2e
--- a/packages/system/linstor/templates/podscrape.yaml
+++ b/packages/system/linstor/templates/podscrape.yaml
@@ -37,7 +37,7 @@ spec:
    - replacement: linstor-satellite
      targetLabel: job
    - sourceLabels: [__meta_kubernetes_pod_node_name]
-      targetLabel: node
+      targetLabel: controller_node
    - targetLabel: tier
      replacement: cluster
  selector:
--- a/packages/system/objectstorage-controller/Makefile
+++ b/packages/system/objectstorage-controller/Makefile
@@ -24,6 +24,6 @@ image-controller image-sidecar:
 		--metadata-file images/$(TARGET).json \
 		--push=$(PUSH) --provenance=false --load=$(LOAD) \
 		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack"
-	IMAGE="$(REGISTRY)/objectstorage-$(TARGET):$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/$(TARGET).json -r)" && \
+	IMAGE="$(REGISTRY)/objectstorage-$(TARGET):$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/$(TARGET).json -r)" \
 		yq -i '$(YAML_PATH) = strenv(IMAGE)' $(VALUES_FILE)
 	rm -f images/$(TARGET).json
--- a/packages/system/objectstorage-controller/values.yaml
+++ b/packages/system/objectstorage-controller/values.yaml
@@ -1,3 +1,3 @@
 objectstorage:
  controller:
-    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:latest@sha256:173067339794fbf94534132eec5968b5fb6718037b77aefa00fd70b7413a8d4c"
+    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.34.8@sha256:5891c7fb46fb7c6ada4abc4e78e69b34631d13e32a30a86c0abc15cc17675450"
--- a/packages/system/seaweedfs/values.yaml
+++ b/packages/system/seaweedfs/values.yaml
@@ -4,34 +4,28 @@ global:
  extraEnvironmentVars:
    WEED_CLUSTER_SW_MASTER: "seaweedfs-master:9333"
    WEED_CLUSTER_SW_FILER: "seaweedfs-filer-client:8888"
-
 seaweedfs:
  master:
+    volumeSizeLimitMB: 30000
    replicas: 3
-    volumeSizeLimitMB: 100
    #  replication type is XYZ:
    # X number of replica in other data centers
    # Y number of replica in other racks in the same data center
    # Z number of replica in other servers in the same rack
    defaultReplication: "001"
-  
    data:
      type: "emptyDir"
-  
    logs:
      type: ""
-  
  volume:
    replicas: 2
    # minimum free disk space(in percents). If free disk space lower this value - all volumes marks as ReadOnly
    minFreeSpacePercent: 5
-  
    dataDirs:
-    - name: data1
-      type: "persistentVolumeClaim"
-      size: "10Gi"
-      maxVolumes: 0
-  
+      - name: data1
+        type: "persistentVolumeClaim"
+        size: "10Gi"
+        maxVolumes: 0
  filer:
    replicas: 2
    #  replication type is XYZ:
@@ -41,10 +35,8 @@ seaweedfs:
    defaultReplicaPlacement: "001"
    data:
      type: "emptyDir"
-  
    logs:
      type: ""
-  
    extraEnvironmentVars:
      WEED_LEVELDB2_ENABLED: "false"
      WEED_POSTGRES2_ENABLED: "true"
@@ -73,7 +65,6 @@ seaweedfs:
        secretKeyRef:
          key: password
          name: seaweedfs-db-app
-
    s3:
      enabled: true
      port: 8333
@@ -86,27 +77,25 @@ seaweedfs:
      # should have a secret key called seaweedfs_s3_config with an inline json configure
      existingConfigSecret: null
      auditLogConfig: {}
-  
  s3:
    enableAuth: true
-  
    logs:
      type: ""
-   
    ingress:
      enabled: true
      className: "tenant-root"
      host: "seaweedfs2.demo.cozystack.io"
      annotations:
        nginx.ingress.kubernetes.io/proxy-body-size: "0"
+        nginx.ingress.kubernetes.io/proxy-buffering: "off"
+        nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
        acme.cert-manager.io/http01-ingress-class: tenant-root
        cert-manager.io/cluster-issuer: letsencrypt-prod
      tls:
        - hosts:
-          - seaweedfs.demo.cozystack.io
+            - seaweedfs.demo.cozystack.io
          secretName: seaweedfs-s3-ingress-tls
-
  cosi:
    enabled: true
    podLabels:
@@ -114,14 +103,12 @@ seaweedfs:
    driverName: "seaweedfs.objectstorage.k8s.io"
    bucketClassName: "seaweedfs"
    region: ""
-  
    sidecar:
-      image: "ghcr.io/kvaps/test:cosi-provisioner-sidecar-25"
-  
+      image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.34.8@sha256:ccc7ec31b2beebf09413b9a41ffa8fd06899510127572c9e1c1e30ddab45ebe9"
  certificates:
    commonName: "SeaweedFS CA"
    ipAddresses: []
    keyAlgorithm: RSA
    keySize: 2048
-    duration: 2160h  # 90d
-    renewBefore: 360h  # 15d
+    duration: 2160h # 90d
+    renewBefore: 360h # 15d
--- a/packages/system/volumesnapshot-crd-for-tenant-k8s/Chart.yaml
+++ b/packages/system/volumesnapshot-crd-for-tenant-k8s/Chart.yaml
@@ -1,3 +1,3 @@
 apiVersion: v2
-name: cozy-volumesnapshot-crd-for-tenant-k8s
+name: cozy-vsnap-crd
 version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/system/volumesnapshot-crd-for-tenant-k8s/Makefile
+++ b/packages/system/volumesnapshot-crd-for-tenant-k8s/Makefile
@@ -1,4 +1,4 @@
-export NAME=volumesnapshot-crd-for-tenant-k8s
+export NAME=vsnap-crd
 export NAMESPACE=cozy-$(NAME)

 include ../../../scripts/package.mk
--- a/pkg/registry/apps/application/rest.go
+++ b/pkg/registry/apps/application/rest.go
@@ -254,7 +254,6 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption
 			klog.Errorf("Invalid field selector: %v", err)
 			return nil, fmt.Errorf("invalid field selector: %v", err)
 		}
-
 		// Check if selector is for metadata.name
 		if name, exists := fs.RequiresExactMatch("metadata.name"); exists {
 			// Convert Application name to HelmRelease name
@@ -304,17 +303,8 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption
 		return nil, err
 	}

-	// Initialize empty Application list
-	appList := &appsv1alpha1.ApplicationList{
-		TypeMeta: metav1.TypeMeta{
-			APIVersion: "apps.cozystack.io/v1alpha1",
-			Kind:       "ApplicationList",
-		},
-		ListMeta: metav1.ListMeta{
-			ResourceVersion: hrList.GetResourceVersion(),
-		},
-		Items: []appsv1alpha1.Application{},
-	}
+	// Initialize unstructured items array
+	items := make([]unstructured.Unstructured, 0)

 	// Iterate over HelmReleases and convert to Applications
 	for _, hr := range hrList.Items {
@@ -352,7 +342,6 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption
 				klog.Errorf("Invalid field selector: %v", err)
 				continue
 			}
-
 			fieldsSet := fields.Set{
 				"metadata.name":      app.Name,
 				"metadata.namespace": app.Namespace,
@@ -362,10 +351,23 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption
 			}
 		}

-		appList.Items = append(appList.Items, app)
+		// Convert Application to unstructured
+		unstructuredApp, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&app)
+		if err != nil {
+			klog.Errorf("Error converting Application %s to unstructured: %v", app.Name, err)
+			continue
+		}
+		items = append(items, unstructured.Unstructured{Object: unstructuredApp})
 	}

-	klog.V(6).Infof("Successfully listed %d Application resources in namespace %s", len(appList.Items), namespace)
+	// Explicitly set apiVersion and kind in unstructured object
+	appList := &unstructured.UnstructuredList{}
+	appList.SetAPIVersion("apps.cozystack.io/v1alpha1")
+	appList.SetKind(r.kindName + "List")
+	appList.SetResourceVersion(hrList.GetResourceVersion())
+	appList.Items = items
+
+	klog.V(6).Infof("Successfully listed %d Application resources in namespace %s", len(items), namespace)
 	return appList, nil
 }

@@ -1015,6 +1017,19 @@ func (r *REST) ConvertToTable(ctx context.Context, object runtime.Object, tableO
 	case *appsv1alpha1.Application:
 		table = r.buildTableFromApplication(*obj)
 		table.ListMeta.ResourceVersion = obj.GetResourceVersion()
+	case *unstructured.UnstructuredList:
+		apps := make([]appsv1alpha1.Application, 0, len(obj.Items))
+		for _, u := range obj.Items {
+			var a appsv1alpha1.Application
+			err := runtime.DefaultUnstructuredConverter.FromUnstructured(u.Object, &a)
+			if err != nil {
+				klog.Errorf("Failed to convert Unstructured to Application: %v", err)
+				continue
+			}
+			apps = append(apps, a)
+		}
+		table = r.buildTableFromApplications(apps)
+		table.ListMeta.ResourceVersion = obj.GetResourceVersion()
 	case *unstructured.Unstructured:
 		var app appsv1alpha1.Application
 		err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &app)
@@ -1046,7 +1061,6 @@ func (r *REST) ConvertToTable(ctx context.Context, object runtime.Object, tableO
 	}

 	klog.V(6).Infof("ConvertToTable: returning table with %d rows", len(table.Rows))
-
 	return &table, nil
 }

--- a/scripts/migrations/17
+++ b/scripts/migrations/17
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Migration 17 --> 18
+
+# Upgrade kubernetes.apps to new chart version
+kubectl get kuberneteses.apps.cozystack.io -A --no-headers --output=custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name' | while read NAMESPACE NAME; do
+  kubectl patch kuberneteses.apps.cozystack.io -n "$NAMESPACE" "$NAME" --type merge -p '{"appVersion":"0.26.1"}'
+done
+
+# Write version to cozystack-version config
+kubectl create configmap -n cozy-system cozystack-version --from-literal=version=18 --dry-run=client -o yaml | kubectl apply -f-
Author	SHA1	Message	Date
Andrei Kvapil	effbd57349	Release v0.34.8 (#1337 ) This PR prepares the release `v0.34.8`.	2025-08-12 19:52:37 +03:00
cozystack-bot	c64f616eae	Prepare release v0.34.8 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-08-12 12:42:46 +00:00
Andrei Kvapil	513d352afa	[Backport release-0.34] [kamaji] Pass in-tree image as migrate-image (#1340 ) # Description Backport of #1338 to `release-0.34`.	2025-08-12 15:36:20 +03:00
Timofei Larkin	824eccdbf1	[kamaji] Pass in-tree image as migrate-image The in-tree build of the Kamaji image lacks the appropriate ldflags, resulting in invalid flags of the Kamaji controller manager binary. When a migration job starts, it tries to pull an image with an explicit empty string as a tag, which is invalid. This patch sets the in-tree image as the image for the migration job, both working around this issue, as well as being consistent in the image used. Signed-off-by: Timofei Larkin <lllamnyp@gmail.com> (cherry picked from commit `fbc2c45e7f`)	2025-08-12 12:35:57 +00:00
Andrei Kvapil	89b0934fe0	[Backport release-0.34] Fix linstor metrics node label (#1336 ) # Description Backport of #1335 to `release-0.34`.	2025-08-12 14:09:23 +03:00
Andrei Kvapil	003aeac317	Fix linstor metrics node label Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `21d6c69f73`)	2025-08-12 11:09:03 +00:00
Andrei Kvapil	b58c4067bc	[Backport release-0.34] fix etcd topologySpreadConstraints (#1332 ) # Description Backport of #1331 to `release-0.34`.	2025-08-11 13:02:44 +03:00
kklinch0	60dd5778a1	fix etcd topologySpreadConstraints Signed-off-by: kklinch0 <kklinch0@gmail.com> (cherry picked from commit `92f206cb93`)	2025-08-11 09:22:20 +00:00
Andrei Kvapil	ecd6ed9b79	Release v0.34.7 (#1323 ) This PR prepares the release `v0.34.7`.	2025-08-09 00:28:45 +02:00
cozystack-bot	859d760a75	Prepare release v0.34.7 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-08-08 21:34:10 +00:00
Andrei Kvapil	96d462e911	[seaweedfs] disable proxy-buffering for ingress (#1330 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [seaweedfs] disable proxy-buffering for ingress ```	2025-08-08 23:28:55 +02:00
Andrei Kvapil	9dbd1a1f1b	[Backport release-0.34] [seaweedfs] Fix seaweedfs volumes configuration (#1329 ) # Description Backport of #1328 to `release-0.34`.	2025-08-08 23:09:47 +02:00
Andrei Kvapil	8f390a0e8c	[seaweedfs] Add SeaweedFS tewaks Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `a32de78c7c`)	2025-08-08 21:09:31 +00:00
Andrei Kvapil	2ace05ec72	[Backport release-0.34] Fix linstor metrics node label (#1327 ) # Description Backport of #1326 to `release-0.34`.	2025-08-08 12:57:26 +02:00
Andrei Kvapil	4f52af2547	Fix linstor metrics node label Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `19baa7b14f`)	2025-08-08 10:57:17 +00:00
Andrei Kvapil	3bca686ad9	[Backport release-0.34] [fix] Disable VPA for VPA (#1319 ) # Description Backport of #1318 to `release-0.34`.	2025-08-07 12:54:11 +02:00
Timofei Larkin	202e8d011c	[fix] Disable VPA for VPA The earlier PR was erroneously merged without including an amendment to the existing commits, so now this amendment must be included as a separate patch. See #1301 for details. Signed-off-by: Timofei Larkin <lllamnyp@gmail.com> (cherry picked from commit `ff3305f43c`)	2025-08-07 10:53:57 +00:00
Andrei Kvapil	2d8a14cfef	Release v0.34.6 (#1311 ) This PR prepares the release `v0.34.6`.	2025-08-05 15:28:43 +02:00
cozystack-bot	255964bbe4	Prepare release v0.34.6 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-08-05 11:57:37 +00:00
Andrei Kvapil	56fca9bd75	[dashboard] fix diff editor Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-08-05 12:55:09 +02:00
Andrei Kvapil	cda689451a	Release v0.34.5 (#1306 ) This PR prepares the release `v0.34.5`.	2025-08-04 18:18:37 +02:00
cozystack-bot	d1e430dc6c	Prepare release v0.34.5 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-08-04 14:56:40 +00:00
Andrei Kvapil	5cb5a0dbf0	[Backport release-0.34] [kubernetes] Disable VPA for VPA in tenant k8s (#1305 ) # Description Backport of #1301 to `release-0.34`.	2025-08-04 16:51:13 +02:00
Andrei Kvapil	4cd64e0531	[Backport release-0.34] [virtual-machine] Disable instanceType validation (#1303 ) # Description Backport of #1300 to `release-0.34`.	2025-08-04 16:51:04 +02:00
Timofei Larkin	6e05e1275c	[virtual-machine] Disable instanceType validation Workaround for #1299. If a Cozystack installation provides custom instance types for virtual machines, the static validation rules prevent such instance types from being used, as they are included in the OpenAPI schema of the Cozystack API server and then once more applied in the dependent HelmRelease, offering users no easy way to remedy this in runtime. [virtual-machine] Disable instanceType validation to enable using custom instance types. Signed-off-by: Timofei Larkin <lllamnyp@gmail.com> (cherry picked from commit `44fabd4abc`)	2025-08-04 16:50:18 +02:00
Timofei Larkin	278e512afd	[kubernetes] Disable VPA for VPA in tenant k8s This patch disables the VPA for VPA deployment in tenant kubernetes clusters. This feature was never designed for deployment in tenant clusters and causes unexpected errors. [kubernetes] Disable VPA for VPA feature for tenant clusters, fixing an unintended regression. Signed-off-by: Timofei Larkin <lllamnyp@gmail.com> (cherry picked from commit `080289fa00`)	2025-08-04 14:46:48 +00:00
Andrei Kvapil	b5e125b870	Release v0.34.4 (#1304 ) This PR prepares the release `v0.34.4`.	2025-08-04 16:13:17 +02:00
cozystack-bot	8eebbd2a23	Prepare release v0.34.4 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-08-04 13:04:53 +00:00
Andrei Kvapil	d82a6a7809	[ci] Fix creating draft release Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-08-01 18:52:56 +02:00
klinch0	7d19b0306e	k8s make volumesnapshot crd name shorter (#1284 ) <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note - k8s make volumesnapshot crd name shorter ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Chores * Updated chart version for the Kubernetes application. * Changed Helm chart and namespace references to use a new, shorter name. * Updated version mapping to reflect the latest Kubernetes package version. * Renamed the Helm chart for volume snapshot resources to a shorter name. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-08-01 15:01:12 +02:00
Andrei Kvapil	f806ff91ec	[Backport release-0.34] [cozystack-api] fix type for ApplicationList (#1293 ) # Description Backport of #1290 to `release-0.34`.	2025-08-01 14:59:31 +02:00
Andrei Kvapil	beb993c62c	[cozystack-api] fix type for ApplicationList Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `f057d92a4d`)	2025-08-01 12:34:58 +00:00
Andrei Kvapil	a9b660399b	[Backport release-0.34] [seaweed] add tests for S3 buckets (#1292 ) # Description Backport of #1283 to `release-0.34`.	2025-08-01 12:54:10 +02:00
Andrei Kvapil	1c62037cc7	[Backport release-0.34] dashboard auth-proxy enable cookie-secure (#1291 ) # Description Backport of #1287 to `release-0.34`.	2025-08-01 12:53:58 +02:00
IvanHunters	1e3d1c79a4	[seaweed] add tests Signed-off-by: IvanHunters <xorokhotnikov@gmail.com> (cherry picked from commit `730584bd15`)	2025-08-01 10:52:42 +00:00
klinch0	5b2310e6fb	Update packages/system/keycloak-configure/templates/configure-kk.yaml Co-authored-by: Timofei Larkin <lllamnyp@gmail.com> Signed-off-by: klinch0 <68821526+klinch0@users.noreply.github.com> (cherry picked from commit `1ab63187c9`)	2025-08-01 10:50:35 +00:00
kklinch0	af7a8a67cc	keycloak enable cookie-secure Signed-off-by: kklinch0 <kklinch0@gmail.com> (cherry picked from commit `7918e282bf`)	2025-08-01 10:50:35 +00:00
Andrei Kvapil	9508c98bed	Release v0.34.3 (#1273 ) This PR prepares the release `v0.34.3`.	2025-07-25 21:39:51 +02:00
cozystack-bot	86bc540ba5	Prepare release v0.34.3 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-07-25 16:42:24 +00:00
Andrei Kvapil	3c7e256906	Fix building Kubevirt CCM Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-25 17:48:45 +02:00
Andrei Kvapil	01053f7c31	Fix regression with optiona=true field Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-25 17:44:16 +02:00
Andrei Kvapil	ec41826251	[seaweedfs] Client mode refactoring and fix issues (#1277 ) - update cosi-driver - add support exporting via nginx-ingress - add support for whitelist Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [seaweedfs] Client mode refactoring and fix issues - update cosi-driver - add support exporting via nginx-ingress - add support for whitelist ```	2025-07-25 17:14:39 +02:00
Andrei Kvapil	5541f7400e	[Backport release-0.34] [kubernetes] Add dependency for snapshot CRD and migration to latest version (#1279 ) # Description Backport of #1275 to `release-0.34`.	2025-07-25 17:12:24 +02:00
Andrei Kvapil	b66843f023	[kubernetes] Add dependency for snapshot CRD and migration to latest version Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `02436f312f`)	2025-07-25 15:11:16 +00:00
Andrei Kvapil	9584e5f5fc	[Backport release-0.34] fix net pod policy (#1272 ) # Description Backport of #1232 to `release-0.34`.	2025-07-24 17:31:39 +02:00
kklinch0	958aca2b32	fix net pod policy Signed-off-by: kklinch0 <kklinch0@gmail.com> (cherry picked from commit `6598213b58`)	2025-07-24 15:25:51 +00:00
Andrei Kvapil	c8eece2609	Release v0.34.2 (#1270 ) This PR prepares the release `v0.34.2`.	2025-07-24 16:17:05 +02:00
cozystack-bot	d80a4a34f6	Prepare release v0.34.2 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-07-24 13:21:49 +00:00
Andrei Kvapil	4d9a8389d6	Fix recording image for objectstorage Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-24 15:17:35 +02:00
Andrei Kvapil	056b729ec6	Release v0.34.1 (#1240 ) This PR prepares the release `v0.34.1`.	2025-07-24 13:07:33 +02:00
cozystack-bot	e67c55bc7c	Prepare release v0.34.1 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-07-23 23:48:00 +00:00
Andrei Kvapil	a9e9dfca1f	[cosi] fix building objectstorage images Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-24 01:27:06 +02:00
Andrei Kvapil	4ea3b37600	[kubernetes] fix volumesnapshotclass installation (#1238 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does This PR fixes regression introduced by https://github.com/cozystack/cozystack/pull/1203 error: ``` Helm install failed for release cozy-volumesnapshot-crd-for-tenant-k8s/volumesnapshot-crd-for-tenant-k8s with chart cozy-volumesnapshot-crd-for-tenant-k8s@0.34.0: unable to build kubernetes objects from release manifest: resource mapping not found for name: "kubevirt-snapshots" namespace: "" from "": no matches for kind "VolumeSnapshotClass" in version "snapshot.storage.k8s.io/v1"... ``` ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [kubernetes] fix volumesnapshotclass installation ```	2025-07-24 01:26:57 +02:00
				`@@ -0,0 +1 @@`
				`ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.35.0-alpha.1@sha256:e4f9a7302285ea9febeb28fc2fa97cb7c01bb91e602f975c31aad1fe46f778f7`
				`@@ -0,0 +1 @@`
				`ghcr.io/seaweedfs/seaweedfs-cosi-driver:v0.2.0`