Release v1.0.4 (#2186 )

This PR prepares the release `v1.0.4`.
Prepare release v1.0.4
2026-03-11 01:18:57 +00:00 · 2026-03-10 22:58:56 +01:00 · 2026-03-10 20:34:42 +00:00 · 2026-03-10 17:50:23 +01:00 · 2026-03-10 17:49:56 +01:00 · 2026-03-10 16:49:44 +00:00
41 changed files with 279 additions and 118 deletions
--- a/hack/migrate-to-version-1.0.sh
+++ b/hack/migrate-to-version-1.0.sh
@@ -32,6 +32,54 @@ if ! kubectl get namespace "$NAMESPACE" &> /dev/null; then
    exit 1
 fi

+# Step 0: Annotate critical resources to prevent Helm from deleting them
+echo "Step 0: Protect critical resources from Helm deletion"
+echo ""
+echo "The following resources will be annotated with helm.sh/resource-policy=keep"
+echo "to prevent Helm from deleting them when the installer release is removed:"
+echo "  - Namespace: $NAMESPACE"
+echo "  - ConfigMap: $NAMESPACE/cozystack-version"
+echo ""
+read -p "Do you want to annotate these resources? (y/N) " -n 1 -r
+echo ""
+
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+    echo "Annotating namespace $NAMESPACE..."
+    kubectl annotate namespace "$NAMESPACE" helm.sh/resource-policy=keep --overwrite
+    echo "Annotating ConfigMap cozystack-version..."
+    kubectl annotate configmap -n "$NAMESPACE" cozystack-version helm.sh/resource-policy=keep --overwrite 2>/dev/null || echo "  ConfigMap cozystack-version not found, skipping."
+    echo ""
+    echo "Resources annotated successfully."
+else
+    echo "WARNING: Skipping annotation. If you remove the Helm installer release,"
+    echo "the namespace and its contents may be deleted!"
+fi
+echo ""
+
+# Step 1: Check for cozy-proxy HelmRelease with conflicting releaseName
+# In v0.41.x, cozy-proxy was incorrectly configured with releaseName "cozystack",
+# which conflicts with the installer helm release name. If not suspended, cozy-proxy
+# HelmRelease will overwrite the installer release and delete cozystack-operator.
+COZY_PROXY_RELEASE_NAME=$(kubectl get hr -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.releaseName}' 2>/dev/null || true)
+if [ "$COZY_PROXY_RELEASE_NAME" = "cozystack" ]; then
+    echo "WARNING: HelmRelease cozy-proxy has releaseName 'cozystack', which conflicts"
+    echo "with the installer release. It must be suspended before proceeding, otherwise"
+    echo "it will overwrite the installer and delete cozystack-operator."
+    echo ""
+    read -p "Suspend HelmRelease cozy-proxy? (y/N) " -n 1 -r
+    echo ""
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        kubectl -n "$NAMESPACE" patch hr cozy-proxy --type=merge --field-manager=flux-client-side-apply -p '{"spec":{"suspend":true}}'
+        echo "HelmRelease cozy-proxy suspended."
+    else
+        echo "ERROR: Cannot proceed with conflicting cozy-proxy HelmRelease active."
+        echo "Please suspend it manually:"
+        echo "  kubectl -n $NAMESPACE patch hr cozy-proxy --type=merge -p '{\"spec\":{\"suspend\":true}}'"
+        exit 1
+    fi
+    echo ""
+fi
+
 # Read ConfigMap cozystack
 echo "Reading ConfigMap cozystack..."
 COZYSTACK_CM=$(kubectl get configmap -n "$NAMESPACE" cozystack -o json 2>/dev/null || echo "{}")
@@ -107,13 +155,13 @@ fi
 if [ -z "$BUNDLE_DISABLE" ]; then
    DISABLED_PACKAGES="[]"
 else
-    DISABLED_PACKAGES=$(echo "$BUNDLE_DISABLE" | sed 's/,/\n/g' | awk 'BEGIN{print}{print "          - "$0}')
+    DISABLED_PACKAGES=$(echo "$BUNDLE_DISABLE" | sed 's/,/\n/g' | awk 'BEGIN{print}{print "          - cozystack."$0}')
 fi

 if [ -z "$BUNDLE_ENABLE" ]; then
    ENABLED_PACKAGES="[]"
 else
-    ENABLED_PACKAGES=$(echo "$BUNDLE_ENABLE" | sed 's/,/\n/g' | awk 'BEGIN{print}{print "          - "$0}')
+    ENABLED_PACKAGES=$(echo "$BUNDLE_ENABLE" | sed 's/,/\n/g' | awk 'BEGIN{print}{print "          - cozystack."$0}')
 fi

 if [ -z "$EXPOSE_SERVICES" ]; then
@@ -127,7 +175,7 @@ BUNDLE_NAME=$(echo "$BUNDLE_NAME" | sed 's/paas/isp/')

 # Extract branding if available
 BRANDING=$(echo "$BRANDING_CM" | jq -r '.data // {} | to_entries[] | "\(.key): \"\(.value)\""')
-if [ -z "$BRANDING" ]; then 
+if [ -z "$BRANDING" ]; then
    BRANDING="{}"
 else
    BRANDING=$(echo "$BRANDING" | awk 'BEGIN{print}{print "          " $0}')
--- a/internal/controller/dashboard/customformsoverride.go
+++ b/internal/controller/dashboard/customformsoverride.go
@@ -195,6 +195,7 @@ func applyListInputOverrides(schema map[string]any, kind string, openAPIProps ma
 				"valueUri":    "/api/clusters/{cluster}/k8s/apis/instancetype.kubevirt.io/v1beta1/virtualmachineclusterinstancetypes",
 				"keysToValue": []any{"metadata", "name"},
 				"keysToLabel": []any{"metadata", "name"},
+				"allowEmpty":  true,
 			},
 		}
 		if prop, _ := openAPIProps["instanceType"].(map[string]any); prop != nil {
--- a/internal/controller/dashboard/customformsoverride_test.go
+++ b/internal/controller/dashboard/customformsoverride_test.go
@@ -202,6 +202,10 @@ func TestApplyListInputOverrides_VMInstance(t *testing.T) {
 		t.Errorf("expected valueUri %s, got %v", expectedURI, customProps["valueUri"])
 	}

+	if customProps["allowEmpty"] != true {
+		t.Errorf("expected allowEmpty true, got %v", customProps["allowEmpty"])
+	}
+
 	// Check disks[].name is a listInput
 	disks, ok := specProps["disks"].(map[string]any)
 	if !ok {
--- a/internal/controller/dashboard/manager.go
+++ b/internal/controller/dashboard/manager.go
@@ -307,6 +307,10 @@ func (m *Manager) buildExpectedResourceSet(crds []cozyv1alpha1.ApplicationDefini
 			"stock-project-builtin-table",
 			"stock-project-crd-form",
 			"stock-project-crd-table",
+			"stock-instance-api-form",
+			"stock-instance-api-table",
+			"stock-instance-builtin-form",
+			"stock-instance-builtin-table",
 		}
 		for _, sidebarID := range stockSidebars {
 			expected["Sidebar"][sidebarID] = true
--- a/internal/controller/dashboard/marketplacepanel.go
+++ b/internal/controller/dashboard/marketplacepanel.go
@@ -68,31 +68,46 @@ func (m *Manager) ensureMarketplacePanel(ctx context.Context, crd *cozyv1alpha1.
 		tags[i] = t
 	}

-	specMap := map[string]any{
-		"description": d.Description,
-		"name":        displayName,
-		"type":        "nonCrd",
-		"apiGroup":    "apps.cozystack.io",
-		"apiVersion":  "v1alpha1",
-		"plural":      app.Plural, // e.g., "buckets"
-		"disabled":    false,
-		"hidden":      false,
-		"tags":        tags,
-		"icon":        d.Icon,
-	}
-
-	specBytes, err := json.Marshal(specMap)
-	if err != nil {
-		return reconcile.Result{}, err
-	}
-
-	_, err = controllerutil.CreateOrUpdate(ctx, m.Client, mp, func() error {
+	_, err := controllerutil.CreateOrUpdate(ctx, m.Client, mp, func() error {
 		if err := controllerutil.SetOwnerReference(crd, mp, m.Scheme); err != nil {
 			return err
 		}
 		// Add dashboard labels to dynamic resources
 		m.addDashboardLabels(mp, crd, ResourceTypeDynamic)

+		// Preserve user-set disabled/hidden values from existing resource
+		disabled := false
+		hidden := false
+		if mp.Spec.Raw != nil {
+			var existing map[string]any
+			if err := json.Unmarshal(mp.Spec.Raw, &existing); err == nil {
+				if v, ok := existing["disabled"].(bool); ok {
+					disabled = v
+				}
+				if v, ok := existing["hidden"].(bool); ok {
+					hidden = v
+				}
+			}
+		}
+
+		specMap := map[string]any{
+			"description": d.Description,
+			"name":        displayName,
+			"type":        "nonCrd",
+			"apiGroup":    "apps.cozystack.io",
+			"apiVersion":  "v1alpha1",
+			"plural":      app.Plural, // e.g., "buckets"
+			"disabled":    disabled,
+			"hidden":      hidden,
+			"tags":        tags,
+			"icon":        d.Icon,
+		}
+
+		specBytes, err := json.Marshal(specMap)
+		if err != nil {
+			return err
+		}
+
 		// Only update spec if it's different to avoid unnecessary updates
 		newSpec := dashv1alpha1.ArbitrarySpec{
 			JSON: apiextv1.JSON{Raw: specBytes},
--- a/internal/controller/dashboard/sidebar.go
+++ b/internal/controller/dashboard/sidebar.go
@@ -38,6 +38,23 @@ func (m *Manager) ensureSidebar(ctx context.Context, crd *cozyv1alpha1.Applicati
 	}
 	all = crdList.Items

+	// 1b) Fetch all MarketplacePanels to determine which resources are hidden
+	hiddenResources := map[string]bool{}
+	var mpList dashv1alpha1.MarketplacePanelList
+	if err := m.List(ctx, &mpList, &client.ListOptions{}); err == nil {
+		for i := range mpList.Items {
+			mp := &mpList.Items[i]
+			if mp.Spec.Raw != nil {
+				var spec map[string]any
+				if err := json.Unmarshal(mp.Spec.Raw, &spec); err == nil {
+					if hidden, ok := spec["hidden"].(bool); ok && hidden {
+						hiddenResources[mp.Name] = true
+					}
+				}
+			}
+		}
+	}
+
 	// 2) Build category -> []item map (only for CRDs with spec.dashboard != nil)
 	type item struct {
 		Key    string
@@ -63,6 +80,11 @@ func (m *Manager) ensureSidebar(ctx context.Context, crd *cozyv1alpha1.Applicati
 		plural := pickPlural(kind, def)
 		lowerKind := strings.ToLower(kind)

+		// Skip resources hidden via MarketplacePanel
+		if hiddenResources[def.Name] {
+			continue
+		}
+
 		// Check if this resource is a module
 		if def.Spec.Dashboard.Module {
 			// Special case: info should have its own keysAndTags, not be in modules
@@ -243,6 +265,11 @@ func (m *Manager) ensureSidebar(ctx context.Context, crd *cozyv1alpha1.Applicati
 		"stock-project-builtin-table",
 		"stock-project-crd-form",
 		"stock-project-crd-table",
+		// stock-instance sidebars (namespace-level pages after namespace is selected)
+		"stock-instance-api-form",
+		"stock-instance-api-table",
+		"stock-instance-builtin-form",
+		"stock-instance-builtin-table",
 	}

 	// Add details sidebars for all CRDs with dashboard config
--- a/internal/controller/dashboard/static_refactored.go
+++ b/internal/controller/dashboard/static_refactored.go
@@ -1936,12 +1936,12 @@ func CreateAllFactories() []*dashboardv1alpha1.Factory {
 				map[string]any{
 					"type": "EnrichedTable",
 					"data": map[string]any{
-						"id":                   "external-ips-table",
-						"fetchUrl":             "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/services",
-						"clusterNamePartOfUrl": "{2}",
-						"baseprefix":           "/openapi-ui",
-						"customizationId":      "factory-details-v1.services",
-						"pathToItems":          []any{"items"},
+						"id":              "external-ips-table",
+						"fetchUrl":        "/api/clusters/{2}/k8s/api/v1/namespaces/{3}/services",
+						"cluster":         "{2}",
+						"baseprefix":      "/openapi-ui",
+						"customizationId": "factory-details-v1.services",
+						"pathToItems":     ".items",
 						"fieldSelector": map[string]any{
 							"spec.type": "LoadBalancer",
 						},
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:434aa3b8e2a3cbf6681426b174e1c4fde23bafd12a6cccd046b5cb1749092ec4
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:1c8c842277f45f189a5c645fcf7b2023c8ed7189f44029ce8b988019000da14c
--- a/packages/apps/vm-instance/templates/vm.yaml
+++ b/packages/apps/vm-instance/templates/vm.yaml
@@ -34,6 +34,12 @@ spec:
    metadata:
      annotations:
        kubevirt.io/allow-pod-bridge-network-live-migration: "true"
+        {{- $ovnIPName := printf "%s.%s" (include "virtual-machine.fullname" .) .Release.Namespace }}
+        {{- $ovnIP := lookup "kubeovn.io/v1" "IP" "" $ovnIPName }}
+        {{- if $ovnIP }}
+        ovn.kubernetes.io/mac_address: {{ $ovnIP.spec.macAddress | quote }}
+        ovn.kubernetes.io/ip_address: {{ $ovnIP.spec.ipAddress | quote }}
+        {{- end }}
      labels:
        {{- include "virtual-machine.labels" . | nindent 8 }}
    spec:
--- a/packages/core/installer/templates/cozystack-operator.yaml
+++ b/packages/core/installer/templates/cozystack-operator.yaml
@@ -10,6 +10,8 @@ metadata:
  labels:
    cozystack.io/system: "true"
    pod-security.kubernetes.io/enforce: privileged
+  annotations:
+    helm.sh/resource-policy: keep
 ---
 apiVersion: v1
 kind: ServiceAccount
--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,9 +1,9 @@
 cozystackOperator:
  # Deployment variant: talos, generic, hosted
  variant: talos
-  image: ghcr.io/cozystack/cozystack/cozystack-operator:v1.0.0@sha256:9e5229764b6077809a1c16566881a524c33e8986e36597e6833f8857a7e6a335
+  image: ghcr.io/cozystack/cozystack/cozystack-operator:v1.0.4@sha256:7e4c3268c81828f78d923614e5e1a2a6ebc8261d5338cd5a5dfbbdf16279f540
  platformSourceUrl: 'oci://ghcr.io/cozystack/cozystack/cozystack-packages'
-  platformSourceRef: 'digest=sha256:ef3e4ba7d21572a61794d8be594805f063aa04f4a8c3753351fc89c7804d337e'
+  platformSourceRef: 'digest=sha256:bb8ed9628eb390e9d80fd7da017fc0a88ea1901e26406a5d5beb8a85548a3d7f'
 # Generic variant configuration (only used when cozystackOperator.variant=generic)
 cozystack:
  # Kubernetes API server host (IP only, no protocol/port)
--- a/packages/core/platform/images/migrations/run-migrations.sh
+++ b/packages/core/platform/images/migrations/run-migrations.sh
@@ -24,7 +24,7 @@ if [ "$CURRENT_VERSION" -ge "$TARGET_VERSION" ]; then
 fi

 # Run migrations sequentially from current version to target version
-for i in $(seq $((CURRENT_VERSION + 1)) $TARGET_VERSION); do
+for i in $(seq $CURRENT_VERSION $((TARGET_VERSION - 1))); do
  if [ -f "/migrations/$i" ]; then
    echo "Running migration $i"
    chmod +x /migrations/$i
--- a/packages/core/platform/templates/cozystack-version.yaml
+++ b/packages/core/platform/templates/cozystack-version.yaml
@@ -6,6 +6,8 @@ kind: ConfigMap
 metadata:
  name: cozystack-version
  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/resource-policy: keep
 data:
  version: {{ .Values.migrations.targetVersion | quote }}
 {{- end }}
--- a/packages/core/platform/values.yaml
+++ b/packages/core/platform/values.yaml
@@ -5,7 +5,7 @@ sourceRef:
  path: /
 migrations:
  enabled: false
-  image: ghcr.io/cozystack/cozystack/platform-migrations:v1.0.0@sha256:68dabdebc38ac439228ae07031cc70e0fa184a24bd4e5b3b22c17466b2a55201
+  image: ghcr.io/cozystack/cozystack/platform-migrations:v1.0.4@sha256:d43c6f26c65edd448f586a29969ff76718338f1f1f78b24d3ad54c6c8977c748
  targetVersion: 34
 # Bundle deployment configuration
 bundles:
--- a/packages/core/testing/values.yaml
+++ b/packages/core/testing/values.yaml
@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v1.0.0@sha256:0eae9f519669667d60b160ebb93c127843c470ad9ca3447fceaa54604503a7ba
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v1.0.4@sha256:0eae9f519669667d60b160ebb93c127843c470ad9ca3447fceaa54604503a7ba
--- a/packages/extra/bootbox/images/matchbox.tag
+++ b/packages/extra/bootbox/images/matchbox.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v1.0.0@sha256:c48eb7b23f01a8ff58d409fdb51c88e771f819cb914eee03da89471e62302f33
+ghcr.io/cozystack/cozystack/matchbox:v1.0.4@sha256:cd3fb85878903e9c74fbdc10f7238bf24bee7dba71b7108ac4981ba11285859b
--- a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag
+++ b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/objectstorage-sidecar:v1.0.0@sha256:2a3595cd88b30af55b2000d3ca204899beecef0012b0e0402754c3914aad1f7f
+ghcr.io/cozystack/cozystack/objectstorage-sidecar:v1.0.4@sha256:2a3595cd88b30af55b2000d3ca204899beecef0012b0e0402754c3914aad1f7f
--- a/packages/system/backup-controller/values.yaml
+++ b/packages/system/backup-controller/values.yaml
@@ -1,5 +1,5 @@
 backupController:
-  image: "ghcr.io/cozystack/cozystack/backup-controller:v1.0.0@sha256:e1a6c8ac7ba64442812464b59c53e782e373a339c18b379c2692921b44c6edb5"
+  image: "ghcr.io/cozystack/cozystack/backup-controller:v1.0.4@sha256:dcc16c1b28a5839b8cad6f46ba6cb4b4779ae623babb4f1a6ab1177dccc6468b"
  replicas: 2
  debug: false
  metrics:
--- a/packages/system/backupstrategy-controller/values.yaml
+++ b/packages/system/backupstrategy-controller/values.yaml
@@ -1,5 +1,5 @@
 backupStrategyController:
-  image: "ghcr.io/cozystack/cozystack/backupstrategy-controller:v1.0.0@sha256:29735d945c69c6bbaab21068bf4ea30f6b63f4c71a7a8d95590f370abcb4b328"
+  image: "ghcr.io/cozystack/cozystack/backupstrategy-controller:v1.0.4@sha256:6486a75725a05ae735f2574c6b2c9d3184ea8301b127c4bcb1adaee51564e1a0"
  replicas: 2
  debug: false
  metrics:
--- a/packages/system/bucket/images/s3manager.tag
+++ b/packages/system/bucket/images/s3manager.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:279008f87460d709e99ed25ee8a1e4568a290bb9afa0e3dd3a06d524163a132b
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:1f03fde12124b94b646532e3ebdebf62b8d87e42e0aa5576cd07c4559ce66403
--- a/packages/system/cozystack-api/values.yaml
+++ b/packages/system/cozystack-api/values.yaml
@@ -1,3 +1,3 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v1.0.0@sha256:bd70ecb944bde9a0d6b88114aea89bdbbe2d07e33f03175cfd885de013e88294
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v1.0.4@sha256:5b2f268084dd8ab854741a1883cc9c2851b62175093d75b128bc1a0965f6a24d
  replicas: 2
--- a/packages/system/cozystack-controller/values.yaml
+++ b/packages/system/cozystack-controller/values.yaml
@@ -1,4 +1,4 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v1.0.0@sha256:da01085026a4a01514ae435c7bfb48cca2cf00eb17feb2ed7ae88711f82693e0
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v1.0.4@sha256:bed46993a60cf129288a3435cb44c1597ae97780164a89922a89ecb89949ebda
  debug: false
  disableTelemetry: false
--- a/packages/system/dashboard/images/openapi-ui/Dockerfile
+++ b/packages/system/dashboard/images/openapi-ui/Dockerfile
@@ -6,7 +6,7 @@ FROM node:${NODE_VERSION}-alpine AS openapi-k8s-toolkit-builder
 RUN apk add git
 WORKDIR /src
 # release/1.4.0
-ARG COMMIT=c67029cc7b7495c65ee0406033576e773a73bb01
+ARG COMMIT=d6b9e4ad0d1eb9d3730f7f0c664792c8dda3214d
 RUN wget -O- https://github.com/PRO-Robotech/openapi-k8s-toolkit/archive/${COMMIT}.tar.gz | tar -xzvf- --strip-components=1

 COPY openapi-k8s-toolkit/patches /patches
--- a/packages/system/dashboard/images/openapi-ui/openapi-k8s-toolkit/patches/formlistinput-allow-empty.diff
+++ b/packages/system/dashboard/images/openapi-ui/openapi-k8s-toolkit/patches/formlistinput-allow-empty.diff
@@ -0,0 +1,37 @@
+diff --git a/src/localTypes/formExtensions.ts b/src/localTypes/formExtensions.ts
+--- a/src/localTypes/formExtensions.ts
+++ b/src/localTypes/formExtensions.ts
+@@ -59,2 +59,4 @@
+   relatedValuePath?: string
+  allowEmpty?: boolean
+  persistType?: 'str' | 'number' | 'arr' | 'obj'
+ }
+diff --git a/src/components/molecules/BlackholeForm/molecules/FormListInput/FormListInput.tsx b/src/components/molecules/BlackholeForm/molecules/FormListInput/FormListInput.tsx
+--- a/src/components/molecules/BlackholeForm/molecules/FormListInput/FormListInput.tsx
+++ b/src/components/molecules/BlackholeForm/molecules/FormListInput/FormListInput.tsx
+@@ -149,3 +149,10 @@
+   }, [relatedPath, form, arrName, fixedName, relatedFieldValue, onValuesChangeCallBack, isTouchedPeristed])
+
+  // When allowEmpty is set, auto-persist the field so the BFF preserves empty values
+  useEffect(() => {
+    if (customProps.allowEmpty) {
+      persistedControls.onPersistMark(persistName || name, customProps.persistType ?? 'str')
+    }
+  }, [customProps.allowEmpty, customProps.persistType, persistedControls, persistName, name])
+
+   const uri = prepareTemplate({
+@@ -267,5 +274,14 @@
+           validateTrigger="onBlur"
+           hasFeedback={designNewLayout ? { icons: feedbackIcons } : true}
+           style={{ flex: 1 }}
+          normalize={(value: unknown) => {
+            if (customProps.allowEmpty && (value === undefined || value === null)) {
+              if (customProps.persistType === 'number') return 0
+              if (customProps.persistType === 'arr') return []
+              if (customProps.persistType === 'obj') return {}
+              return ''
+            }
+            return value
+          }}
+         >
+           <Select
--- a/packages/system/dashboard/images/openapi-ui/openapi-k8s-toolkit/patches/formlistinput-value-binding.diff
+++ b/packages/system/dashboard/images/openapi-ui/openapi-k8s-toolkit/patches/formlistinput-value-binding.diff
@@ -1,49 +0,0 @@
-diff --git a/src/components/molecules/BlackholeForm/molecules/FormListInput/FormListInput.tsx b/src/components/molecules/BlackholeForm/molecules/FormListInput/FormListInput.tsx
-index d5e5230..9038dbb 100644
--- a/src/components/molecules/BlackholeForm/molecules/FormListInput/FormListInput.tsx
-+++ b/src/components/molecules/BlackholeForm/molecules/FormListInput/FormListInput.tsx
-@@ -259,14 +259,15 @@ export const FormListInput: FC<TFormListInputProps> = ({
-           <PersistedCheckbox formName={persistName || name} persistedControls={persistedControls} type="arr" />
-         </Flex>
-       </Flex>
-      <ResetedFormItem
-        key={arrKey !== undefined ? arrKey : Array.isArray(name) ? name.slice(-1)[0] : name}
-        name={arrName || fixedName}
-        rules={[getRequiredRule(forceNonRequired === false && !!required?.includes(getStringByName(name)), name)]}
-        validateTrigger="onBlur"
-        hasFeedback={designNewLayout ? { icons: feedbackIcons } : true}
-      >
-        <Flex gap={8} align="center">
-+      <Flex gap={8} align="center">
-+        <ResetedFormItem
-+          key={arrKey !== undefined ? arrKey : Array.isArray(name) ? name.slice(-1)[0] : name}
-+          name={arrName || fixedName}
-+          rules={[getRequiredRule(forceNonRequired === false && !!required?.includes(getStringByName(name)), name)]}
-+          validateTrigger="onBlur"
-+          hasFeedback={designNewLayout ? { icons: feedbackIcons } : true}
-+          style={{ flex: 1 }}
-+        >
-           <Select
-             mode={customProps.mode}
-             placeholder="Select"
-@@ -277,13 +278,13 @@ export const FormListInput: FC<TFormListInputProps> = ({
-             showSearch
-             style={{ width: '100%' }}
-           />
-          {relatedValueTooltip && (
-            <Tooltip title={relatedValueTooltip}>
-              <QuestionCircleOutlined />
-            </Tooltip>
-          )}
-        </Flex>
-      </ResetedFormItem>
-+        </ResetedFormItem>
-+        {relatedValueTooltip && (
-+          <Tooltip title={relatedValueTooltip}>
-+            <QuestionCircleOutlined />
-+          </Tooltip>
-+        )}
-+      </Flex>
-     </HiddenContainer>
-   )
- }
--- a/packages/system/dashboard/images/openapi-ui/openapi-k8s-toolkit/patches/secret-copy-preserve-newlines.diff
+++ b/packages/system/dashboard/images/openapi-ui/openapi-k8s-toolkit/patches/secret-copy-preserve-newlines.diff
@@ -0,0 +1,29 @@
+diff --git a/src/components/organisms/DynamicComponents/molecules/SecretBase64Plain/SecretBase64Plain.tsx b/src/components/organisms/DynamicComponents/molecules/SecretBase64Plain/SecretBase64Plain.tsx
+--- a/src/components/organisms/DynamicComponents/molecules/SecretBase64Plain/SecretBase64Plain.tsx
+++ b/src/components/organisms/DynamicComponents/molecules/SecretBase64Plain/SecretBase64Plain.tsx
+@@ -145,6 +145,12 @@
+               <Styled.DisabledInput
+                 $hidden={effectiveHidden}
+                 onClick={e => handleInputClick(e, effectiveHidden, value)}
+                onCopy={e => {
+                  if (!effectiveHidden) {
+                    e.preventDefault()
+                    e.clipboardData?.setData('text/plain', value)
+                  }
+                }}
+                 value={shownValue}
+                 readOnly
+               />
+@@ -161,6 +167,12 @@
+             <Styled.DisabledInput
+               $hidden={effectiveHidden}
+               onClick={e => handleInputClick(e, effectiveHidden, value)}
+              onCopy={e => {
+                if (!effectiveHidden) {
+                  e.preventDefault()
+                  e.clipboardData?.setData('text/plain', value)
+                }
+              }}
+               value={shownValue}
+               readOnly
+             />
--- a/packages/system/dashboard/templates/configmap.yaml
+++ b/packages/system/dashboard/templates/configmap.yaml
@@ -1,6 +1,6 @@
 {{- $brandingConfig := .Values._cluster.branding | default dict }}

-{{- $tenantText := "v1.0.0" }}
+{{- $tenantText := "v1.0.4" }}
 {{- $footerText := "Cozystack" }}
 {{- $titleText := "Cozystack Dashboard" }}
 {{- $logoText := "" }}
--- a/packages/system/dashboard/templates/flowschema.yaml
+++ b/packages/system/dashboard/templates/flowschema.yaml
@@ -0,0 +1,20 @@
+apiVersion: flowcontrol.apiserver.k8s.io/v1
+kind: FlowSchema
+metadata:
+  name: cozy-dashboard-exempt
+spec:
+  matchingPrecedence: 2
+  priorityLevelConfiguration:
+    name: exempt
+  rules:
+    - subjects:
+        - kind: ServiceAccount
+          serviceAccount:
+            name: incloud-web-web
+            namespace: {{ .Release.Namespace }}
+      resourceRules:
+        - verbs: ["*"]
+          apiGroups: ["*"]
+          resources: ["*"]
+          namespaces: ["*"]
+          clusterScope: true
--- a/packages/system/dashboard/values.yaml
+++ b/packages/system/dashboard/values.yaml
@@ -1,6 +1,6 @@
 openapiUI:
-  image: ghcr.io/cozystack/cozystack/openapi-ui:v1.0.0@sha256:73a8bd4283a46a99d22536eece9c2059fa2fb1c17b43ddefe6716e8960e4731e
+  image: ghcr.io/cozystack/cozystack/openapi-ui:v1.0.4@sha256:b3eaac88111a7e2d252d381fbc01a11263864ad49c5a0bd7d5bc8d6f0f3e27a4
 openapiUIK8sBff:
-  image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v1.0.0@sha256:c938fee904acd948800d4dc5e121c4c5cd64cb4a3160fb8d2f9dbff0e5168740
+  image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v1.0.4@sha256:dbd5ab63536ad16777db429f7b1c7417932168b6b1cdd234f0e8c656f91b7086
 tokenProxy:
-  image: ghcr.io/cozystack/cozystack/token-proxy:v1.0.0@sha256:2e280991e07853ea48f97b0a42946afffa10d03d6a83d41099ed83e6ffc94fdc
+  image: ghcr.io/cozystack/cozystack/token-proxy:v1.0.4@sha256:2e280991e07853ea48f97b0a42946afffa10d03d6a83d41099ed83e6ffc94fdc
--- a/packages/system/etcd-operator/charts/etcd-operator/README.md
+++ b/packages/system/etcd-operator/charts/etcd-operator/README.md
@@ -38,8 +38,8 @@
 | kubeRbacProxy.args[2] | string | `"--logtostderr=true"` |  |
 | kubeRbacProxy.args[3] | string | `"--v=0"` |  |
 | kubeRbacProxy.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
-| kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | Image repository |
-| kubeRbacProxy.image.tag | string | `"v0.16.0"` | Version of image |
+| kubeRbacProxy.image.repository | string | `"quay.io/brancz/kube-rbac-proxy"` | Image repository |
+| kubeRbacProxy.image.tag | string | `"v0.18.1"` | Version of image |
 | kubeRbacProxy.livenessProbe | object | `{}` | https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
 | kubeRbacProxy.readinessProbe | object | `{}` | https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
 | kubeRbacProxy.resources | object | `{"limits":{"cpu":"250m","memory":"128Mi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
--- a/packages/system/etcd-operator/charts/etcd-operator/values.yaml
+++ b/packages/system/etcd-operator/charts/etcd-operator/values.yaml
@@ -98,13 +98,13 @@ kubeRbacProxy:
  image:

    # -- Image repository
-    repository: gcr.io/kubebuilder/kube-rbac-proxy
+    repository: quay.io/brancz/kube-rbac-proxy

    # -- Image pull policy
    pullPolicy: IfNotPresent

    # -- Version of image
-    tag: v0.16.0
+    tag: v0.18.1

  args:
    - --secure-listen-address=0.0.0.0:8443
--- a/packages/system/grafana-operator/images/grafana-dashboards.tag
+++ b/packages/system/grafana-operator/images/grafana-dashboards.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/grafana-dashboards:v1.0.0@sha256:7a3c9af59f8d74d5a23750bbc845c7de64610dbd4d4f84011e10be037b3ce2a0
+ghcr.io/cozystack/cozystack/grafana-dashboards:v1.0.4@sha256:7a3c9af59f8d74d5a23750bbc845c7de64610dbd4d4f84011e10be037b3ce2a0
--- a/packages/system/kamaji/values.yaml
+++ b/packages/system/kamaji/values.yaml
@@ -3,7 +3,7 @@ kamaji:
    deploy: false
  image:
    pullPolicy: IfNotPresent
-    tag: v1.0.0@sha256:50db517ebe7698083dd32223a96c987b6ed0c88d3a093969beb571e4a96d18e4
+    tag: v1.0.4@sha256:914d04f7442f0faecf18f8282c192dee9fe244a711494a8c892e2f9e2ad415f7
    repository: ghcr.io/cozystack/cozystack/kamaji
  resources:
    limits:
@@ -13,4 +13,4 @@ kamaji:
      cpu: 100m
      memory: 100Mi
  extraArgs:
-    - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v1.0.0@sha256:50db517ebe7698083dd32223a96c987b6ed0c88d3a093969beb571e4a96d18e4
+    - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v1.0.4@sha256:914d04f7442f0faecf18f8282c192dee9fe244a711494a8c892e2f9e2ad415f7
--- a/packages/system/keycloak/templates/sts.yaml
+++ b/packages/system/keycloak/templates/sts.yaml
@@ -76,14 +76,18 @@ spec:
            {{- end }}
            - name: KC_METRICS_ENABLED
              value: "true"
+            - name: KC_HEALTH_ENABLED
+              value: "true"
            - name: KC_LOG_LEVEL
              value: "info"
            - name: KC_CACHE
              value: "ispn"
            - name: KC_CACHE_STACK
              value: "kubernetes"
-            - name: KC_PROXY
-              value: "edge"
+            - name: KC_PROXY_HEADERS
+              value: "xforwarded"
+            - name: KC_HTTP_ENABLED
+              value: "true"
            - name: KEYCLOAK_ADMIN
              value: admin
            - name: KEYCLOAK_ADMIN_PASSWORD
@@ -128,16 +132,27 @@ spec:
            - name: http
              containerPort: 8080
              protocol: TCP
+            - name: management
+              containerPort: 9000
+              protocol: TCP
+          startupProbe:
+            httpGet:
+              path: /health/ready
+              port: management
+            failureThreshold: 30
+            periodSeconds: 10
          livenessProbe:
            httpGet:
-              path: /
-              port: http
-            initialDelaySeconds: 120
+              path: /health/live
+              port: management
+            periodSeconds: 15
            timeoutSeconds: 5
+            failureThreshold: 5
          readinessProbe:
            httpGet:
-              path: /realms/master
-              port: http
-            initialDelaySeconds: 60
-            timeoutSeconds: 1
+              path: /health/ready
+              port: management
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
      terminationGracePeriodSeconds: 60
--- a/packages/system/kubeovn-plunger/values.yaml
+++ b/packages/system/kubeovn-plunger/values.yaml
@@ -1,4 +1,4 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v1.0.0@sha256:b6045fdb4f324b9b1cb44a218c40422aafbbc600b085c819ff58809bb6e97220
+image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v1.0.4@sha256:38e53a2f1ee69b820eb420ba5d91e25609c32e0f07270012e06a0d6022047847
 ovnCentralName: ovn-central
--- a/packages/system/kubeovn-webhook/values.yaml
+++ b/packages/system/kubeovn-webhook/values.yaml
@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v1.0.0@sha256:e18f9fd679e38f65362a8d0042f25468272f6d081136ad47027168d8e7e07a4a
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v1.0.4@sha256:e6334c29d3aaf0dea766c88e3e05b53ad623d1bb497b3c836e6f76adade45b29
--- a/packages/system/kubevirt-csi-node/values.yaml
+++ b/packages/system/kubevirt-csi-node/values.yaml
@@ -1,3 +1,3 @@
 storageClass: replicated
 csiDriver:
-  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:434aa3b8e2a3cbf6681426b174e1c4fde23bafd12a6cccd046b5cb1749092ec4
+  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:1c8c842277f45f189a5c645fcf7b2023c8ed7189f44029ce8b988019000da14c
--- a/packages/system/lineage-controller-webhook/values.yaml
+++ b/packages/system/lineage-controller-webhook/values.yaml
@@ -1,5 +1,5 @@
 lineageControllerWebhook:
-  image: ghcr.io/cozystack/cozystack/lineage-controller-webhook:v1.0.0@sha256:af765c2829db4f513084522a384710acc321bd4a332eaf7fe814fecacea1022f
+  image: ghcr.io/cozystack/cozystack/lineage-controller-webhook:v1.0.4@sha256:07984201e39a1febef5bbe94969ccdc7ddc381fc25d4ad798b04a940c0a7214b
  debug: false
  localK8sAPIEndpoint:
    enabled: true
--- a/packages/system/linstor/values.yaml
+++ b/packages/system/linstor/values.yaml
@@ -13,4 +13,4 @@ linstor:
 linstorCSI:
  image:
    repository: ghcr.io/cozystack/cozystack/linstor-csi
-    tag: v1.10.5@sha256:c87b6f6dadaa6e3a3643d3279e81742830147f6c38f99e9232d9780abbcac897
+    tag: v1.10.5@sha256:8213ec5fb7829415edd9584787f9b08b19f776b05fb69c858359136425ccd730
--- a/packages/system/objectstorage-controller/values.yaml
+++ b/packages/system/objectstorage-controller/values.yaml
@@ -1,3 +1,3 @@
 objectstorage:
  controller:
-    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v1.0.0@sha256:e40e94f3014cfd04cce4230597315a1acfcca2daa8051b987614d0c05da6d928"
+    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v1.0.4@sha256:e40e94f3014cfd04cce4230597315a1acfcca2daa8051b987614d0c05da6d928"
--- a/packages/system/seaweedfs/values.yaml
+++ b/packages/system/seaweedfs/values.yaml
@@ -177,7 +177,7 @@ seaweedfs:
    bucketClassName: "seaweedfs"
    region: ""
    sidecar:
-      image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v1.0.0@sha256:2a3595cd88b30af55b2000d3ca204899beecef0012b0e0402754c3914aad1f7f"
+      image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v1.0.4@sha256:2a3595cd88b30af55b2000d3ca204899beecef0012b0e0402754c3914aad1f7f"
  certificates:
    commonName: "SeaweedFS CA"
    ipAddresses: []
Author	SHA1	Message	Date
Andrei Kvapil	92bf13a9fc	Release v1.0.4 (#2186 ) This PR prepares the release `v1.0.4`.	2026-03-10 22:58:56 +01:00
cozystack-bot	c055fcbb48	Prepare release v1.0.4 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2026-03-10 20:34:42 +00:00
Andrei Kvapil	81f2546f44	[Backport release-1.0] fix(dashboard): exclude hidden MarketplacePanel resources from sidebar menu (#2204 ) # Description Backport of #2177 to `release-1.0`.	2026-03-10 17:50:23 +01:00
Andrei Kvapil	3251991014	[Backport release-1.0] fix(dashboard): preserve disabled/hidden state on MarketplacePanel reconciliation (#2202 ) # Description Backport of #2176 to `release-1.0`.	2026-03-10 17:49:56 +01:00
IvanHunters	1f0df5fbcd	fix(dashboard): exclude hidden MarketplacePanel resources from sidebar menu The sidebar was generated independently from MarketplacePanels, always showing all resources regardless of their hidden state. Fetch MarketplacePanels during sidebar reconciliation and skip resources where hidden=true, so hiding a resource from the marketplace also removes it from the sidebar navigation. Signed-off-by: IvanHunters <xorokhotnikov@gmail.com> (cherry picked from commit `318079bf66`)	2026-03-10 16:49:44 +00:00
IvanHunters	d412bd54f2	fix(dashboard): preserve disabled/hidden state on MarketplacePanel reconciliation The controller was hardcoding disabled=false and hidden=false on every reconciliation, overwriting any user changes made through the dashboard UI. Move spec building inside the CreateOrUpdate mutate function to read and preserve current disabled/hidden values from the existing resource. Signed-off-by: IvanHunters <xorokhotnikov@gmail.com> (cherry picked from commit `e69efd80c4`)	2026-03-10 16:48:33 +00:00
Andrei Kvapil	ca0282d3c7	[Backport release-1.0] fix(dashboard): fix External IPs factory EnrichedTable rendering (#2192 ) # Description Backport of #2175 to `release-1.0`.	2026-03-10 15:19:33 +01:00
Andrei Kvapil	4389b60571	[Backport release-1.0] [platform] Fix VM MAC address not preserved during migration (#2191 ) # Description Backport of #2169 to `release-1.0`.	2026-03-10 15:19:23 +01:00
IvanHunters	1eaf32812d	fix(dashboard): fix External IPs factory EnrichedTable rendering The external-ips factory used incorrect EnrichedTable properties causing empty rows in the dashboard. Replace `clusterNamePartOfUrl` with `cluster` and change `pathToItems` from array to dot-path string format to match the convention used by all other working EnrichedTable instances. Signed-off-by: IvanHunters <xorokhotnikov@gmail.com> (cherry picked from commit `49601b166d`)	2026-03-10 14:19:13 +00:00
Kirill Ilin	2658bfabda	fix(migration): preserve VM MAC address during virtual-machine to vm-instance migration Kube-OVN reads MAC address exclusively from the pod annotation ovn.kubernetes.io/mac_address, not from the IP resource spec.macAddress. Without pod-level annotations, migrated VMs receive a new random MAC, breaking OS-level network config that matches by MAC (e.g. netplan). Add a Helm lookup for the Kube-OVN IP resource in the vm-instance chart template. When the IP resource exists, its macAddress and ipAddress are automatically injected as pod annotations. This removes the need for fragile Flux postRenderers on the HelmRelease — the chart itself handles MAC/IP preservation based on actual cluster state. Remove the postRenderers approach from migration 29 since the chart now handles this natively. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Kirill Ilin <stitch14@yandex.ru> (cherry picked from commit `9a4f49238c`)	2026-03-10 14:18:35 +00:00
Andrei Kvapil	448b4d9c80	[Backport release-1.0] fix(etcd-operator): replace deprecated kube-rbac-proxy image (#2183 ) # Description Backport of #2181 to `release-1.0`.	2026-03-10 12:39:09 +01:00
Andrei Kvapil	80a62bd3ee	fix(etcd-operator): replace deprecated kube-rbac-proxy image The gcr.io/kubebuilder/kube-rbac-proxy image is no longer available since GCR was deprecated. Replace it with quay.io/brancz/kube-rbac-proxy from the original upstream author. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `4946383cf1`)	2026-03-10 11:37:08 +00:00
Andrei Kvapil	ca330b2aca	[Backport release-1.0] fix(keycloak): use management port health endpoints for probes (#2178 ) # Description Backport of #2162 to `release-1.0`.	2026-03-10 08:17:23 +01:00
mattia-eleuteri	352be923ae	fix(keycloak): add startupProbe, remove initialDelaySeconds Use a startupProbe to defer liveness/readiness checks until Keycloak has fully started, instead of relying on initialDelaySeconds. This is more robust for applications with variable startup times. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: mattia-eleuteri <mattia@hidora.io> (cherry picked from commit `d18ed79382`)	2026-03-10 07:15:32 +00:00
mattia-eleuteri	5356a5260a	fix(keycloak): use management port health endpoints for probes Keycloak 26.x exposes dedicated health endpoints on the management port (9000) via /health/live and /health/ready. The previous probes used GET / on port 8080 which redirects to the configured KC_HOSTNAME (HTTPS), causing kubelet to fail the probe with "Probe terminated redirects" and eventually kill the pod in a crashloop. Changes: - Add KC_HEALTH_ENABLED=true to activate health endpoints - Expose management port 9000 in container ports - Switch liveness probe to /health/live on port 9000 - Switch readiness probe to /health/ready on port 9000 - Increase failure thresholds for more tolerance during startup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: mattia-eleuteri <mattia@hidora.io> (cherry picked from commit `0873691913`)	2026-03-10 07:15:32 +00:00
IvanHunters	64b4be5c78	Release v1.0.3 (#2159 ) This PR prepares the release `v1.0.3`.	2026-03-06 12:21:14 +03:00
cozystack-bot	c79545ba04	Prepare release v1.0.3 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2026-03-06 01:37:07 +00:00
Andrei Kvapil	eda0e8ee50	[Backport release-1.0] Fixed packages name conversion in migration script (#2148 ) # Description Backport of #2144 to `release-1.0`.	2026-03-05 17:25:11 +01:00
Myasnikov Daniil	f68fc0c921	Fixed packages name conversion in migration script Signed-off-by: Myasnikov Daniil <myasnikovdaniil2001@gmail.com> (cherry picked from commit `780af33ee1`)	2026-03-03 23:22:55 +00:00
Andrei Kvapil	48ce08f584	Release v1.0.2 (#2140 ) This PR prepares the release `v1.0.2`.	2026-03-02 21:48:54 +01:00
cozystack-bot	2675ff326a	Prepare release v1.0.2 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2026-03-02 18:38:46 +00:00
Andrei Kvapil	51a5073175	[Backport release-1.0] [dashboard] fix: restore stock-instance sidebars for namespace-level pages (#2138 ) # Description Backport of #2136 to `release-1.0`.	2026-03-02 19:29:25 +01:00
Kirill Ilin	05d1c02eff	fix(dashboard): restore stock-instance sidebars for namespace-level pages PR #2106 removed stock-instance-* sidebar resources to fix broken URLs on the main page before namespace selection. However, these sidebars are required for rendering namespace-level pages (api-table, api-form, etc.) such as the Backup Plans page. Without stock-instance-api-table, the frontend cannot find the sidebar for namespace-scoped api-table pages and renders an empty page instead. The original bug (broken URLs with empty namespace placeholder) is already fixed by CUSTOMIZATION_SIDEBAR_FALLBACK_ID="" in web.yaml, so re-adding stock-instance-* sidebars does not reintroduce it. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Kirill Ilin <stitch14@yandex.ru> (cherry picked from commit `45b61f812d`)	2026-03-02 18:28:56 +00:00
Andrei Kvapil	f06817d4e8	[Backport release-1.0] [dashboard] fix: allow clearing instanceType and preserve secret copy newlines (#2137 ) # Description Backport of #2135 to `release-1.0`.	2026-03-02 19:28:55 +01:00
Kirill Ilin	0fefaa246f	fix(dashboard): preserve newlines when copying secrets with CMD+C Add onCopy handler to SecretBase64Plain inputs to intercept native browser copy events and explicitly write the full decoded text (including newlines) to the clipboard. Without this, input[type=text] strips newlines on copy. Upstream PR: https://github.com/PRO-Robotech/openapi-k8s-toolkit/pull/339 Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Kirill Ilin <stitch14@yandex.ru> (cherry picked from commit `99ee0e34bf`)	2026-03-02 18:27:55 +00:00
Kirill Ilin	7cea11e57b	feat(dashboard): set allowEmpty on instanceType and update openapi-ui toolkit Update openapi-k8s-toolkit commit to d6b9e4ad (release/1.4.0) which includes the FormListInput layout refactor, making formlistinput-value-binding.diff obsolete. Set allowEmpty: true on the VMInstance instanceType field so users can explicitly clear the selection and override the default instance type. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Kirill Ilin <stitch14@yandex.ru> (cherry picked from commit `6e8ce65e49`)	2026-03-02 18:27:55 +00:00
Kirill Ilin	31ae2bb826	feat(dashboard): allow clearing instanceType field in VMInstance form Update openapi-k8s-toolkit to release/1.4.0 (d6b9e4ad). The previous value-binding layout refactor is already included upstream, so drop the formlistinput-value-binding.diff patch. Add formlistinput-allow-empty.diff patch which introduces two props to the listInput component: - allowEmpty: when set, auto-persists the field so BFF sends an empty value instead of falling back to the schema default - persistType: controls the type of empty value ('str' \| 'number' \| 'arr' \| 'obj'), allowing the feature to work correctly for any field type Set allowEmpty: true on the VMInstance instanceType field so users can explicitly clear the selection and override the default instance type. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Kirill Ilin <stitch14@yandex.ru> (cherry picked from commit `a3ccb4f87d`)	2026-03-02 18:27:55 +00:00
Andrei Kvapil	c976378f2f	[Backport release-1.0] [system] Fix Keycloak proxy configuration for v26.x (#2134 ) # Description Backport of #2125 to `release-1.0`.	2026-03-02 18:56:45 +01:00
Kirill Ilin	edc32eec51	fix(keycloak): replace deprecated KC_PROXY with KC_PROXY_HEADERS KC_PROXY=edge was deprecated and removed in Keycloak 26.x, causing "Non-secure context detected" warnings and broken cookie handling behind reverse proxy. Replace with KC_PROXY_HEADERS=xforwarded and KC_HTTP_ENABLED=true. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Kirill Ilin <stitch14@yandex.ru> (cherry picked from commit `14228aa0d7`)	2026-03-02 17:30:05 +00:00
Andrei Kvapil	e51f05d850	[Backport release-1.0] [platform] Fixed run-migrations script (#2132 ) # Description Backport of #2126 to `release-1.0`.	2026-03-02 17:54:10 +01:00
Myasnikov Daniil	dac1a375e2	[platform] Fixed run-migrations script Signed-off-by: Myasnikov Daniil <myasnikovdaniil2001@gmail.com> (cherry picked from commit `79c57874bb`)	2026-03-02 16:53:58 +00:00
Andrei Kvapil	2a956eb0f9	[Backport release-1.0] fix(migration): suspend cozy-proxy if it conflicts with installer release (#2130 ) # Description Backport of #2128 to `release-1.0`.	2026-03-02 16:34:02 +01:00
Andrei Kvapil	6fbe026927	fix(migration): suspend cozy-proxy if it conflicts with installer release In v0.41.x, cozy-proxy HelmRelease was configured with releaseName: cozystack, which collides with the installer helm release. If not suspended before upgrade, the cozy-proxy HR reconciles and overwrites the installer release, deleting cozystack-operator. Add a check in the migration script that detects this conflict and suspends the cozy-proxy HelmRelease before proceeding. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `14a9017932`)	2026-03-02 15:31:21 +00:00
Andrei Kvapil	4c3a6987c5	Release v1.0.1 (#2117 ) This PR prepares the release `v1.0.1`.	2026-02-28 15:16:04 +01:00
cozystack-bot	30c5696541	Prepare release v1.0.1 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2026-02-28 11:00:44 +00:00
Andrei Kvapil	42780f26d2	[Backport release-1.0] fix(dashboard): add FlowSchema to exempt BFF from API throttling (#2124 ) # Description Backport of #2121 to `release-1.0`.	2026-02-28 11:56:50 +01:00
Andrei Kvapil	e9e2121153	fix(dashboard): add FlowSchema to exempt BFF from API throttling The dashboard BFF service account (incloud-web-web) falls under the default "service-accounts" FlowSchema which maps to the "workload-low" priority level. Under load, this causes API Priority and Fairness to return 429 (Too Many Requests) responses to the BFF, resulting in 500 errors for dashboard users. Add a FlowSchema that maps the BFF service account to the "exempt" priority level to prevent APF throttling of dashboard API requests. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `161b5be8c2`)	2026-02-28 10:55:27 +00:00
Andrei Kvapil	3033e718dd	[Backport release-1.0] fix(installer): add keep annotation to Namespace and update migration script (#2123 ) # Description Backport of #2122 to `release-1.0`.	2026-02-28 11:53:44 +01:00
Andrei Kvapil	aa8a7eae47	fix(installer): add keep annotation to Namespace and update migration script Add helm.sh/resource-policy=keep annotation to the cozy-system Namespace in the installer helm chart. This prevents Helm from deleting the namespace when the HelmRelease is removed, which would otherwise destroy all other HelmReleases within it. Update the migration script to annotate the cozy-system namespace and cozystack-version ConfigMap with helm.sh/resource-policy=keep before generating the Package resource. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `c83e41ea14`)	2026-02-28 10:53:06 +00:00
Andrei Kvapil	5a14dc6f54	[Backport release-1.0] [platform] Prevent version cm from deletion (#2114 ) # Description Backport of #2112 to `release-1.0`.	2026-02-27 13:05:06 +01:00
Myasnikov Daniil	2b59d4fc97	[platform] Prevent version cm from deletion Signed-off-by: Myasnikov Daniil <myasnikovdaniil2001@gmail.com> (cherry picked from commit `c05dd5e7b1`)	2026-02-27 12:03:48 +00:00