Release v0.35.5 (#1407 )

This PR prepares the release `v0.35.5`.
Prepare release v0.35.5
2026-03-03 13:38:56 +00:00 · 2025-09-11 15:19:13 +02:00 · 2025-09-10 14:28:34 +00:00 · 2025-09-10 16:23:47 +02:00 · 2025-09-10 16:22:58 +02:00 · 2025-09-10 14:19:12 +00:00
295 changed files with 13016 additions and 6806 deletions
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -28,7 +28,7 @@ jobs:

      - name: Install generate
        run: |
-          curl -sSL https://github.com/cozystack/readme-generator-for-helm/releases/download/v1.0.0/readme-generator-for-helm-linux-amd64.tar.gz | tar -xzvf- -C /usr/local/bin/ readme-generator-for-helm
+          curl -sSL https://github.com/cozystack/cozyvalues-gen/releases/download/v0.8.5/cozyvalues-gen-linux-amd64.tar.gz | tar -xzvf- -C /usr/local/bin/ cozyvalues-gen

      - name: Run pre-commit hooks
        run: |
--- a/.github/workflows/pull-requests.yaml
+++ b/.github/workflows/pull-requests.yaml
@@ -254,6 +254,11 @@ jobs:
          done
          echo "✅ The task completed successfully after $attempt attempts."

+      - name: Run OpenAPI tests
+        run: |
+          cd /tmp/$SANDBOX_NAME
+          make -C packages/core/testing SANDBOX_NAME=$SANDBOX_NAME test-openapi
+
  detect_test_matrix:
    name: "Detect e2e test matrix"
    runs-on: ubuntu-latest
@@ -269,6 +274,7 @@ jobs:

  test_apps:
    strategy:
+      fail-fast: false
      matrix: ${{ fromJson(needs.detect_test_matrix.outputs.matrix) }}
    name: Test ${{ matrix.app }}
    runs-on: [self-hosted]
--- a/cmd/cozystack-controller/main.go
+++ b/cmd/cozystack-controller/main.go
@@ -206,6 +206,14 @@ func main() {
 		os.Exit(1)
 	}

+	if err = (&controller.CozystackResourceDefinitionReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "CozystackResourceDefinitionReconciler")
+		os.Exit(1)
+	}
+
 	// +kubebuilder:scaffold:builder

 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
--- a/docs/changelogs/template.md
+++ b/docs/changelogs/template.md
@@ -1,3 +1,9 @@
+Release description.
+
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0..
+-->
+
 ## Major Features and Improvements

 ## Security
--- a/docs/changelogs/v0.31.0.md
+++ b/docs/changelogs/v0.31.0.md
@@ -129,7 +129,7 @@ For more information, read the [Cozystack Release Workflow](https://github.com/c
 * [platform] Reduce requested CPU and RAM for the `kamaji` provider. (@klinch0 in https://github.com/cozystack/cozystack/pull/825)
 * [platform] Improve the reconciliation loop for the Cozystack system HelmReleases logic. (@klinch0 in https://github.com/cozystack/cozystack/pull/809 and https://github.com/cozystack/cozystack/pull/810, @kvaps in https://github.com/cozystack/cozystack/pull/811)
 * [platform] Remove extra dependencies for the Piraeus operator. (@klinch0 in https://github.com/cozystack/cozystack/pull/856)
-* [platform] Refactor dashboard values. (@kvaps in https://github.com/cozystack/cozystack/pull/928, patched by @llamnyp in https://github.com/cozystack/cozystack/pull/952)
+* [platform] Refactor dashboard values. (@kvaps in https://github.com/cozystack/cozystack/pull/928, patched by @lllamnyp in https://github.com/cozystack/cozystack/pull/952)
 * [platform] Make FluxCD artifact disabled by default. (@klinch0 in https://github.com/cozystack/cozystack/pull/964)
 * [kubernetes] Update garbage collection of HelmReleases in tenant Kubernetes clusters. (@kvaps in https://github.com/cozystack/cozystack/pull/835)
 * [kubernetes] Fix merging `valuesOverride` for tenant clusters. (@kvaps in https://github.com/cozystack/cozystack/pull/879)
--- a/docs/changelogs/v0.34.0.md
+++ b/docs/changelogs/v0.34.0.md
@@ -0,0 +1,87 @@
+Cozystack v0.34.0 is a stable release.
+It focuses on cluster reliability, virtualization capabilities, and enhancements to the Cozystack API.
+
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.34.0
+-->
+
+> [!WARNING]
+> A regression was found in this release and fixed in patch [0.34.3](https://github.com/cozystack/cozystack/releases/tag/v0.34.3).
+> When upgrading Cozystack, it's recommended to skip this version and upgrade directly to [0.34.3](https://github.com/cozystack/cozystack/releases/tag/v0.34.3).
+
+
+## Major Features and Improvements
+
+* [kubernetes] Enable users to select Kubernetes versions in tenant clusters. Supported versions range from 1.28 to 1.33, updated to the latest patches. (@lllamnyp and @IvanHunters in https://github.com/cozystack/cozystack/pull/1202)
+* [kubernetes] Enable PVC snapshot capability in tenant Kubernetes clusters. (@klinch0 in https://github.com/cozystack/cozystack/pull/1203)
+* [vpa] Implement autoscaling for the Vertical Pod Autoscaler itself, ensuring that VPA has sufficient resources and reducing the number of configuration parameters that platform administrators have to manage. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1198)
+* [vm-instance] Enable running [Windows](https://cozystack.io/docs/operations/virtualization/windows/) and [MikroTik RouterOS](https://cozystack.io/docs/operations/virtualization/mikrotik/) in Cozystack. Add `bus` option and always specify `bootOrder` for all disks. (@kvaps in https://github.com/cozystack/cozystack/pull/1168)
+* [cozystack-api] Specify OpenAPI schema for apps. (@kvaps in https://github.com/cozystack/cozystack/pull/1174)
+* [cozystack-api] Refactor OpenAPI Schema and support reading it from config. (@kvaps in https://github.com/cozystack/cozystack/pull/1173)
+* [cozystack-api] Enable using singular resource names in Cozystack API. For example, `kubectl get tenant` is now a valid command, in addition to `kubectl get tenants`. (@kvaps in https://github.com/cozystack/cozystack/pull/1169)
+* [postgres] Explain how to back up and restore PostgreSQL using Velero backups. (@klinch0 and @NickVolynkin in https://github.com/cozystack/cozystack/pull/1141)
+* [seaweedfs] Support multi-zone configuration for S3 storage. (@kvaps in https://github.com/cozystack/cozystack/pull/1194)
+* [dashboard] Put YAML editor first when deploying and upgrading applications, as a more powerful option. Fix handling multiline strings. (@kvaps in https://github.com/cozystack/cozystack/pull/1227)
+
+## Security
+
+* [seaweedfs] Ensure that JWT signing keys in the SeaweedFS security configuration remain consistent across Helm upgrades. Resolve an upstream issue. (@kvaps in https://github.com/cozystack/cozystack/pull/1193 and https://github.com/seaweedfs/seaweedfs/pull/6967)
+
+## Fixes
+
+* [cozystack-controller] Fix stale workloads not being deleted when marked for deletion. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1210, @kvaps in https://github.com/cozystack/cozystack/pull/1229)
+* [cozystack-controller] Improve reliability when updating HelmRelease objects to prevent unintended changes during reconciliation. (@klinch0 in https://github.com/cozystack/cozystack/pull/1205)
+* [kubevirt-csi] Fix a regression by updating the role of the CSI controller. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1165)
+* [virtual-machine,vm-instance] Adjusted RBAC role to let users read the service associated with the VMs they create. Consequently, users can now see details of the service in the dashboard and therefore read the IP address of the VM. (@klinch0 in https://github.com/cozystack/cozystack/pull/1161)
+* [virtual-machine] Fix cloudInit and sshKeys processing. (@kvaps in https://github.com/cozystack/cozystack/pull/1175 and https://github.com/cozystack/cozystack/commit/da3ee5d0ea9e87529c8adc4fcccffabe8782292e)
+* [cozystack-api] Fix an error with `resourceVersion` which resulted in message 'failed to update HelmRelease: helmreleases.helm.toolkit.fluxcd.io "xxx" is invalid...'. (@kvaps in https://github.com/cozystack/cozystack/pull/1170)
+* [cozystack-api] Fix an error in updating lists in Cozystack objects, which resulted in message "Warning: resource ... is missing the kubectl.kubernetes.io/last-applied-configuration annotation". (@kvaps in https://github.com/cozystack/cozystack/pull/1171)
+* [cozystack-api] Disable `strategic-json-patch` support. (@kvaps in https://github.com/cozystack/cozystack/pull/1179)
+* [cozystack-api] Fix non-existing OpenAPI references. (@kvaps in https://github.com/cozystack/cozystack/pull/1208)
+* [dashboard] Fix the code for removing dashboard comments which used to mistakenly remove shebang from `cloudInit` scripts. (@kvaps in https://github.com/cozystack/cozystack/pull/1175).
+* [applications] Reorder configuration values in application README's for better readability. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/1214)
+* [applications] Disallow selecting `resourcePreset = none` in the visual editor when deploying and upgrading applications. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/1196)
+* [applications] Fix a typo in preset resource tables in the built-in documentation of managed applications. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/1172)
+* [kubernetes] Enable deleting Velero component from a tenant Kubernetes cluster. (@klinch0 in https://github.com/cozystack/cozystack/pull/1176)
+* [kubernetes] Explicitly mention available K8s versions for tenant clusters in the README. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/1212)
+* [oidc] Enable deleting Keycloak service. (@klinch0 in https://github.com/cozystack/cozystack/pull/1178)
+* [tenant] Enable deleting extra applications from a tenant. (@klinch0 and @kvaps and in https://github.com/cozystack/cozystack/pull/1162)
+* [nats] Fix a typo in the application template. (@klinch0 in https://github.com/cozystack/cozystack/pull/1195)
+* [postgres] Resolve an issue with the visibility of PostgreSQL load balancer on the dashboard. (@klinch0 https://github.com/cozystack/cozystack/pull/1204)
+* [objectstorage] Update COSI controller and sidecar, including fixes from upstream. (@kvaps in https://github.com/cozystack/cozystack/pull/1209, https://github.com/kubernetes-sigs/container-object-storage-interface/pull/89, and https://github.com/kubernetes-sigs/container-object-storage-interface/pull/90)
+
+
+## Dependencies
+
+* Update FerretDB from v1 to v2.4.0.<br>**Breaking change:** before upgrading FerretDB instances, back up and restore the data following the [migration guide](https://docs.ferretdb.io/migration/migrating-from-v1/). (@kvaps in https://github.com/cozystack/cozystack/pull/1206)
+* Update Talos Linux to v1.10.5. (@kvaps in https://github.com/cozystack/cozystack/pull/1186)
+* Update LINSTOR to v1.31.2. (@kvaps in https://github.com/cozystack/cozystack/pull/1180)
+* Update KubeVirt to v1.5.2. (@kvaps in https://github.com/cozystack/cozystack/pull/1183)
+* Update CDI to v1.62.0. (@kvaps in https://github.com/cozystack/cozystack/pull/1183)
+* Update Flux Operator to 0.24.0. (@kingdonb in https://github.com/cozystack/cozystack/pull/1167)
+* Update Kamaji to edge-25.7.1. (@kvaps in https://github.com/cozystack/cozystack/pull/1184)
+* Update Kube-OVN to v1.13.14. (@kvaps in https://github.com/cozystack/cozystack/pull/1182)
+* Update Cilium to v1.17.5. (@kvaps in https://github.com/cozystack/cozystack/pull/1181)
+* Update MariaDB Operator to v0.38.1. (@kvaps in https://github.com/cozystack/cozystack/pull/1188)
+* Update SeaweedFS to v3.94. (@kvaps in https://github.com/cozystack/cozystack/pull/1194)
+
+
+## Documentation
+
+* [Updated Cozystack Roadmap and Backlog for 2024-2026](https://cozystack.io/docs/roadmap/). (@tym83 and @kvapsova in https://github.com/cozystack/website/pull/249)
+* [Running Windows VMs](https://cozystack.io/docs/operations/virtualization/windows/). (@kvaps and @NickVolynkin in https://github.com/cozystack/website/pull/246)
+* [Running MikroTik RouterOS VMs](https://cozystack.io/docs/operations/virtualization/mikrotik/). (@kvaps and @NickVolynkin in https://github.com/cozystack/website/pull/247)
+* [Public-network Kubernetes Deployment](https://cozystack.io/docs/operations/faq/#public-network-kubernetes-deployment). (@klinch0 and @NickVolynkin in https://github.com/cozystack/website/pull/242)
+* [How to allocate space on system disk for user storage](https://cozystack.io/docs/operations/faq/#how-to-allocate-space-on-system-disk-for-user-storage). (@klinch0 and @NickVolynkin in https://github.com/cozystack/website/pull/242)
+* [Resource Management in Cozystack](https://cozystack.io/docs/guides/resource-management/). (@NickVolynkin in https://github.com/cozystack/website/pull/233)
+* [Key Concepts of Cozystack](https://cozystack.io/docs/guides/concepts/). (@NickVolynkin in https://github.com/cozystack/website/pull/254)
+* [Cozystack Architecture and Platform Stack](https://cozystack.io/docs/guides/platform-stack/). (@NickVolynkin in https://github.com/cozystack/website/pull/252)
+* Fixed a parameter in Kubespan: `cluster.discovery.enabled = true`. (@lb0o in https://github.com/cozystack/website/pull/241)
+* Updated the Linux Foundation trademark text on the Cozystack website. (@krook in https://github.com/cozystack/website/pull/251)
+* Auto-update the managed applications reference pages. (@NickVolynkin in https://github.com/cozystack/website/pull/243 and https://github.com/cozystack/website/pull/245)
+
+## Development, Testing, and CI/CD
+
+* [ci] Improve workflow for contributors submitting PRs from forks. Use Oracle Cloud Infrastructure Registry for non-release PRs, bypassing restrictions preventing pushing to ghcr.io with default GitHub token. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1226)
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.33.0...v0.34.0
--- a/docs/changelogs/v0.34.1.md
+++ b/docs/changelogs/v0.34.1.md
@@ -0,0 +1,15 @@
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.34.1
+-->
+
+> [!WARNING]
+> A regression was found in this release and fixed in patch [0.34.3](https://github.com/cozystack/cozystack/releases/tag/v0.34.3).
+> When upgrading Cozystack, it's recommended to skip this version and upgrade directly to [0.34.3](https://github.com/cozystack/cozystack/releases/tag/v0.34.3).
+
+
+## Fixes
+
+* [kubernetes] Fix regression in `volumesnapshotclass` installation from https://github.com/cozystack/cozystack/pull/1203. (@kvaps in https://github.com/cozystack/cozystack/pull/1238)
+* [objectstorage] Fix building objectstorage images. (@kvaps in https://github.com/cozystack/cozystack/commit/a9e9dfca1fadde1bf2b4e100753e0731bbcfe923)
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.0...v0.34.1
--- a/docs/changelogs/v0.34.2.md
+++ b/docs/changelogs/v0.34.2.md
@@ -0,0 +1,14 @@
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.34.2
+-->
+
+> [!WARNING]
+> A regression was found in this release and fixed in patch [0.34.3](https://github.com/cozystack/cozystack/releases/tag/v0.34.3).
+> When upgrading Cozystack, it's recommended to skip this version and upgrade directly to [0.34.3](https://github.com/cozystack/cozystack/releases/tag/v0.34.3).
+
+
+## Fixes
+
+* [objectstorage] Fix recording image in objectstorage. (@kvaps in https://github.com/cozystack/cozystack/commit/4d9a8389d6bc7e86d63dd976ec853b374a91a637)
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.1...v0.34.2
--- a/docs/changelogs/v0.34.3.md
+++ b/docs/changelogs/v0.34.3.md
@@ -0,0 +1,13 @@
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.34.3
+-->
+
+## Fixes
+
+* [tenant] Fix tenant network policy to allow traffic to additional tenant-related services across namespace hierarchies. (@klinch0 in https://github.com/cozystack/cozystack/pull/1232, backported in https://github.com/cozystack/cozystack/pull/1272)
+* [kubernetes] Add dependency for snapshot CRD and migration to latest version. (@kvaps in https://github.com/cozystack/cozystack/pull/1275, backported in https://github.com/cozystack/cozystack/pull/1279)
+* [seaweedfs] Add support for whitelisting and exporting via nginx-ingress. Update cosi-driver. (@kvaps in https://github.com/cozystack/cozystack/pull/1277)
+* [kubevirt] Fix building Kubevirt CCM (@kvaps in 3c7e256906e1dbb0f957dc3a205fa77a147d419d)
+* [virtual-machine] Fix a regression with field `optional=true`. (@kvaps in https://github.com/cozystack/cozystack/commit/01053f7c3180d1bd045d7c5fb949984c2bdaf19d)
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.2...v0.34.3
--- a/docs/changelogs/v0.34.4.md
+++ b/docs/changelogs/v0.34.4.md
@@ -0,0 +1,21 @@
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.34.4
+-->
+
+## Security
+
+* [keycloak] Store administrative passwords in the management cluster's secrets. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1286)
+* [keycloak] Update Keycloak client redirect URI to use HTTPS instead of HTTP. Enable `cookie-secure`. (@klinch0 in https://github.com/cozystack/cozystack/pull/1287, backported in https://github.com/cozystack/cozystack/pull/1291)
+
+
+## Fixes
+
+* [kubernetes] Resolve problems with pod names exceeding allowed length by shortening the name of volume snapshot CRD from `*-volumesnapshot-crd-for-tenant-k8s` to `*-vsnap-crd`. To apply this change, update each affected tenant Kubernetes cluster after updating Cozystack. (@klinch0 in https://github.com/cozystack/cozystack/pull/1284)
+* [cozystack-api] Show correct `kind` values of `ApplicationList`. (@kvaps in https://github.com/cozystack/cozystack/pull/1290, backported in https://github.com/cozystack/cozystack/pull/1293)
+
+
+## Development, Testing, and CI/CD
+
+* [tests] Add tests for S3 buckets. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1283, backported in https://github.com/cozystack/cozystack/pull/1292)
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.3...v0.34.4
--- a/docs/changelogs/v0.34.5.md
+++ b/docs/changelogs/v0.34.5.md
@@ -0,0 +1,11 @@
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.34.5
+-->
+
+
+## Fixes
+
+* [virtual-machine] Enable using custom `instanceType` values in `virtual-machine` and `vm-instance` by disabling field validation. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1300, backported in https://github.com/cozystack/cozystack/pull/1303)
+* [kubernetes] Disable VPA for VPA in tenant Kubernetes clusters. Tenant clusters have no need for this feature, and it was not designed to work in a tenant cluster, but was enabled by mistake. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1301, backported in https://github.com/cozystack/cozystack/pull/1305)
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.4...v0.34.5
--- a/docs/changelogs/v0.34.6.md
+++ b/docs/changelogs/v0.34.6.md
@@ -0,0 +1,9 @@
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.34.6
+-->
+
+## Fixes
+
+* [dashboard] Fix filling multiline values in the visual editor. (@kvaps in https://github.com/cozystack/cozystack/commit/56fca9bd75efeca25f9483f6c514b6fec26d5d22 and https://github.com/cozystack/kubeapps/commit/4926bc68fabb0914afab574006643c85a597b371)
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.5...v0.34.6
--- a/docs/changelogs/v0.34.7.md
+++ b/docs/changelogs/v0.34.7.md
@@ -0,0 +1,11 @@
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.34.7
+-->
+
+## Fixes
+
+* [seaweedfs] Disable proxy buffering and proxy request buffering for ingress. (@kvaps in https://github.com/cozystack/cozystack/pull/1330, backported in https://github.com/cozystack/cozystack/commit/96d462e911d4458704b596533d3f10e4b5e80862)
+* [linstor] Update LINSTOR monitoring configuration to use label `controller_node` instead of `node`. (@kvaps in https://github.com/cozystack/cozystack/pull/1326, backported in https://github.com/cozystack/cozystack/pull/1327)
+* [kubernetes] Disable VPA for VPA in tenant Kubernetes clusters, patched a fix from v0.34.5. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1318, backported in https://github.com/cozystack/cozystack/pull/1319)
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.6...v0.34.7
--- a/docs/changelogs/v0.34.8.md
+++ b/docs/changelogs/v0.34.8.md
@@ -0,0 +1,11 @@
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.34.8
+-->
+
+## Fixes
+
+* [etcd] Fix `topologySpreadConstraints`. (@klinch0 in https://github.com/cozystack/cozystack/pull/1331, backported in https://github.com/cozystack/cozystack/pull/1332)
+* [linstor] Update LINSTOR monitoring configuration: switch labels on `linstor-satellite` and `linstor-controller`. (@kvaps in https://github.com/cozystack/cozystack/pull/1335, backported in https://github.com/cozystack/cozystack/pull/1336)
+* [kamaji] Fix broken migration jobs originating from missing environment variables in the in-tree build. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1338, backported in https://github.com/cozystack/cozystack/pull/1340)
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.7...v0.34.8
--- a/hack/cozytest.sh
+++ b/hack/cozytest.sh
@@ -24,7 +24,7 @@ run_one() {

  echo "╭ » Run test: $title"
  START=$(date +%s)
-  skip_next="+ $fn"      # первую строку трассировки с именем функции пропустим
+  skip_next="+ $fn"

  {
    (
@@ -83,11 +83,11 @@ awk '
    }
    printf("### %s\n", title)
    printf("%s() {\n", fname)
-    print "  set -e"           # ошибка → падение теста
+    print "  set -e"
    next
  }
  /^}$/ {
-    print "  return 0"         # если автор не сделал exit 1 — тест ОК
+    print "  return 0"
    print "}"
    next
  }
--- a/hack/e2e-apps/clickhouse.bats
+++ b/hack/e2e-apps/clickhouse.bats
@@ -27,6 +27,10 @@ spec:
    s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
    s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
    resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
+  clickhouseKeeper:
+    enabled: true
+    resourcesPreset: "micro"
+    size: "1Gi"
  resources: {}
  resourcesPreset: "nano"
 EOF
--- a/hack/e2e-apps/run-kubernetes.sh
+++ b/hack/e2e-apps/run-kubernetes.sh
@@ -57,9 +57,6 @@ spec:
      instanceType: u1.medium
      maxReplicas: 10
      minReplicas: 0
-      resources:
-        cpu: ""
-        memory: ""
      roles:
      - ingress-nginx
  storageClass: replicated
--- a/hack/e2e-apps/virtualmachine.bats
+++ b/hack/e2e-apps/virtualmachine.bats
@@ -20,9 +20,7 @@ spec:
    storage: 5Gi
    storageClass: replicated
  gpus: []
-  resources:
-    cpu: ""
-    memory: ""
+  resources: {}
  sshKeys:
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPht0dPk5qQ+54g1hSX7A6AUxXJW5T6n/3d7Ga2F8gTF
    test@test
--- a/hack/e2e-apps/vminstance.bats
+++ b/hack/e2e-apps/vminstance.bats
@@ -18,8 +18,8 @@ spec:
 EOF
  sleep 5
  kubectl -n tenant-test wait hr vm-disk-$name --timeout=5s --for=condition=ready
-  kubectl -n tenant-test wait dv vm-disk-$name --timeout=150s --for=condition=ready
-  kubectl -n tenant-test wait pvc vm-disk-$name --timeout=100s --for=jsonpath='{.status.phase}'=Bound
+  kubectl -n tenant-test wait dv vm-disk-$name --timeout=250s --for=condition=ready
+  kubectl -n tenant-test wait pvc vm-disk-$name --timeout=200s --for=jsonpath='{.status.phase}'=Bound
 }

@test "Create a VM Instance" {
@@ -42,9 +42,6 @@ spec:
  disks:
    - name: $diskName
  gpus: []
-  resources:
-    cpu: ""
-    memory: ""
  sshKeys:
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPht0dPk5qQ+54g1hSX7A6AUxXJW5T6n/3d7Ga2F8gTF
    test@test
--- a/hack/e2e-install-cozystack.bats
+++ b/hack/e2e-install-cozystack.bats
@@ -123,16 +123,23 @@ EOF

@test "Configure Tenant and wait for applications" {
  # Patch root tenant and wait for its releases
+
  kubectl patch tenants/root -n tenant-root --type merge -p '{"spec":{"host":"example.org","ingress":true,"monitoring":true,"etcd":true,"isolated":true, "seaweedfs": true}}'

  timeout 60 sh -ec 'until kubectl get hr -n tenant-root etcd ingress monitoring seaweedfs tenant-root >/dev/null 2>&1; do sleep 1; done'
  kubectl wait hr/etcd hr/ingress hr/tenant-root hr/seaweedfs -n tenant-root --timeout=4m --for=condition=ready

+  # TODO: Workaround ingress unvailability issue
  if ! kubectl wait hr/monitoring -n tenant-root --timeout=2m --for=condition=ready; then
    flux reconcile hr monitoring -n tenant-root --force
    kubectl wait hr/monitoring -n tenant-root --timeout=2m --for=condition=ready
  fi

+  if ! kubectl wait hr/seaweedfs-system -n tenant-root --timeout=2m --for=condition=ready; then
+    flux reconcile hr seaweedfs-system -n tenant-root --force
+    kubectl wait hr/seaweedfs-system -n tenant-root --timeout=2m --for=condition=ready
+  fi
+
  # Expose Cozystack services through ingress
  kubectl patch configmap/cozystack -n cozy-system --type merge -p '{"data":{"expose-services":"api,dashboard,cdi-uploadproxy,vm-exportproxy,keycloak"}}'

@@ -181,9 +188,22 @@ spec:
  ingress: false
  isolated: true
  monitoring: false
-  resourceQuotas: {}
+  resourceQuotas:
+    cpu: "60"
+    memory: "128Gi"
+    storage: "100Gi"
  seaweedfs: false
 EOF
  kubectl wait hr/tenant-test -n tenant-root --timeout=1m --for=condition=ready
  kubectl wait namespace tenant-test --timeout=20s --for=jsonpath='{.status.phase}'=Active
+  # Wait for ResourceQuota to appear and assert values
+  timeout 60 sh -ec 'until [ "$(kubectl get quota -n tenant-test --no-headers 2>/dev/null | wc -l)" -ge 1 ]; do sleep 1; done'
+  kubectl get quota -n tenant-test \
+    -o jsonpath='{range .items[*]}{.spec.hard.requests\.memory}{" "}{.spec.hard.requests\.storage}{"\n"}{end}' \
+    | grep -qx '137438953472 100Gi'
+
+  # Assert LimitRange defaults for containers
+  kubectl get limitrange -n tenant-test \
+  -o jsonpath='{range .items[*].spec.limits[*]}{.default.cpu}{" "}{.default.memory}{" "}{.defaultRequest.cpu}{" "}{.defaultRequest.memory}{"\n"}{end}' \
+  | grep -qx '250m 128Mi 25m 128Mi'
 }
--- a/hack/e2e-prepare-cluster.bats
+++ b/hack/e2e-prepare-cluster.bats
@@ -82,7 +82,7 @@ EOF
  for i in 1 2 3; do
    cp nocloud-amd64.raw srv${i}/system.img
    qemu-img resize srv${i}/system.img 50G
-    qemu-img create srv${i}/data.img 100G
+    qemu-img create srv${i}/data.img 200G
  done
 }

@@ -132,29 +132,30 @@ machine:
        - usermode_helper=disabled
    - name: zfs
    - name: spl
+    - name: lldpd
  registries:
    mirrors:
      docker.io:
        endpoints:
-        - https://dockerio.nexus.lllamnyp.su
+        - https://dockerio.nexus.aenix.org
      cr.fluentbit.io:
        endpoints:
-        - https://fluentbit.nexus.lllamnyp.su
+        - https://fluentbit.nexus.aenix.org
      docker-registry3.mariadb.com:
        endpoints:
-        - https://mariadb.nexus.lllamnyp.su
+        - https://mariadb.nexus.aenix.org
      gcr.io:
        endpoints:
-        - https://gcr.nexus.lllamnyp.su
+        - https://gcr.nexus.aenix.org
      ghcr.io:
        endpoints:
-        - https://ghcr.nexus.lllamnyp.su
+        - https://ghcr.nexus.aenix.org
      quay.io:
        endpoints:
-        - https://quay.nexus.lllamnyp.su
+        - https://quay.nexus.aenix.org
      registry.k8s.io:
        endpoints:
-        - https://k8s.nexus.lllamnyp.su
+        - https://k8s.nexus.aenix.org
  files:
  - content: |
      [plugins]
--- a/hack/e2e-test-openapi.bats
+++ b/hack/e2e-test-openapi.bats
@@ -0,0 +1,20 @@
+#!/usr/bin/env bats
+# -----------------------------------------------------------------------------
+# Test OpenAPI endpoints in a Kubernetes cluster
+# -----------------------------------------------------------------------------
+
+@test "Test OpenAPI v2 endpoint" {
+  kubectl get -v7 --raw '/openapi/v2?timeout=32s' > /dev/null
+}
+
+@test "Test OpenAPI v3 endpoint" {
+  kubectl get -v7 --raw '/openapi/v3/apis/apps.cozystack.io/v1alpha1' > /dev/null
+}
+
+@test "Test OpenAPI v2 endpoint (protobuf)" {
+  (
+    kubectl proxy --port=21234 & sleep 0.5
+    trap "kill $!" EXIT
+    curl -sS --fail 'http://localhost:21234/openapi/v2?timeout=32s' -H 'Accept: application/com.github.proto-openapi.spec.v2@v1.0+protobuf' > /dev/null
+  )
+}
--- a/internal/controller/cozystackresource_controller.go
+++ b/internal/controller/cozystackresource_controller.go
@@ -0,0 +1,117 @@
+package controller
+
+import (
+	"context"
+	"sync"
+	"time"
+
+	cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
+	appsv1 "k8s.io/api/apps/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+type CozystackResourceDefinitionReconciler struct {
+	client.Client
+	Scheme *runtime.Scheme
+
+	// Configurable debounce duration
+	Debounce time.Duration
+
+	// Internal state for debouncing
+	mu          sync.Mutex
+	lastEvent   time.Time // Time of last CRUD event on CozystackResourceDefinition
+	lastHandled time.Time // Last time the Deployment was actually restarted
+}
+
+// Reconcile handles the logic to restart the target Deployment only once,
+// even if multiple events occur close together
+func (r *CozystackResourceDefinitionReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	log := log.FromContext(ctx)
+
+	// Only respond to our target deployment
+	if req.Namespace != "cozy-system" || req.Name != "cozystack-api" {
+		return ctrl.Result{}, nil
+	}
+
+	r.mu.Lock()
+	le := r.lastEvent
+	lh := r.lastHandled
+	debounce := r.Debounce
+	r.mu.Unlock()
+
+	if debounce <= 0 {
+		debounce = 5 * time.Second
+	}
+
+	// No events received yet — nothing to do
+	if le.IsZero() {
+		return ctrl.Result{}, nil
+	}
+
+	// Wait until the debounce duration has passed since the last event
+	if d := time.Since(le); d < debounce {
+		return ctrl.Result{RequeueAfter: debounce - d}, nil
+	}
+
+	// Already handled this event — skip restart
+	if !lh.Before(le) {
+		return ctrl.Result{}, nil
+	}
+
+	// Perform the restart by patching the deployment annotation
+	deploy := &appsv1.Deployment{}
+	if err := r.Get(ctx, types.NamespacedName{Namespace: "cozy-system", Name: "cozystack-api"}, deploy); err != nil {
+		log.Error(err, "Failed to get Deployment cozy-system/cozystack-api")
+		return ctrl.Result{}, client.IgnoreNotFound(err)
+	}
+
+	patch := client.MergeFrom(deploy.DeepCopy())
+	if deploy.Spec.Template.Annotations == nil {
+		deploy.Spec.Template.Annotations = make(map[string]string)
+	}
+	deploy.Spec.Template.Annotations["kubectl.kubernetes.io/restartedAt"] = time.Now().Format(time.RFC3339)
+
+	if err := r.Patch(ctx, deploy, patch); err != nil {
+		log.Error(err, "Failed to patch Deployment annotation")
+		return ctrl.Result{}, err
+	}
+
+	// Mark this event as handled
+	r.mu.Lock()
+	r.lastHandled = le
+	r.mu.Unlock()
+
+	log.Info("Deployment cozy-system/cozystack-api successfully restarted")
+	return ctrl.Result{}, nil
+}
+
+// SetupWithManager configures how the controller listens to events
+func (r *CozystackResourceDefinitionReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	if r.Debounce == 0 {
+		r.Debounce = 5 * time.Second
+	}
+
+	return ctrl.NewControllerManagedBy(mgr).
+		Named("cozystack-restart-controller").
+		Watches(
+			&cozyv1alpha1.CozystackResourceDefinition{},
+			handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []reconcile.Request {
+				r.mu.Lock()
+				r.lastEvent = time.Now()
+				r.mu.Unlock()
+				return []reconcile.Request{{
+					NamespacedName: types.NamespacedName{
+						Namespace: "cozy-system",
+						Name:      "cozystack-api",
+					},
+				}}
+			}),
+		).
+		Complete(r)
+}
--- a/internal/controller/system_helm_reconciler.go
+++ b/internal/controller/system_helm_reconciler.go
@@ -33,6 +33,7 @@ const requestedAt = "reconcile.fluxcd.io/requestedAt"

 func (r *CozystackConfigReconciler) Reconcile(ctx context.Context, _ ctrl.Request) (ctrl.Result, error) {
 	log := log.FromContext(ctx)
+	time.Sleep(2 * time.Second)

 	digest, err := r.computeDigest(ctx)
 	if err != nil {
--- a/internal/controller/tenant_helm_reconciler.go
+++ b/internal/controller/tenant_helm_reconciler.go
@@ -26,6 +26,7 @@ type TenantHelmReconciler struct {

 func (r *TenantHelmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
+	time.Sleep(2 * time.Second)

 	hr := &helmv2.HelmRelease{}
 	if err := r.Get(ctx, req.NamespacedName, hr); err != nil {
--- a/packages/apps/README.md
+++ b/packages/apps/README.md
@@ -4,6 +4,5 @@
 cd packages/core/installer
 make image-cozystack REGISTRY=YOUR_CUSTOM_REGISTRY
 make apply
-kubectl delete pod dashboard-redis-master-0 -n cozy-dashboard
 kubectl delete po -l app=source-controller -n cozy-fluxcd
 ```
--- a/packages/apps/bucket/Makefile
+++ b/packages/apps/bucket/Makefile
@@ -1,4 +1,5 @@
 include ../../../scripts/package.mk

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
+	yq -o json -i '.properties = {}' values.schema.json
--- a/packages/apps/bucket/values.schema.json
+++ b/packages/apps/bucket/values.schema.json
@@ -1,5 +1,5 @@
 {
-    "properties": {},
-    "title": "Chart Values",
-    "type": "object"
-}
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {}
+}
--- a/packages/apps/clickhouse/Chart.yaml
+++ b/packages/apps/clickhouse/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.11.1
+version: 0.13.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/clickhouse/Makefile
+++ b/packages/apps/clickhouse/Makefile
@@ -1,25 +1,18 @@
 CLICKHOUSE_BACKUP_TAG = $(shell awk '$$0 ~ /^version:/ {print $$2}' Chart.yaml)
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 include ../../../scripts/common-envs.mk
 include ../../../scripts/package.mk

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 4 '.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md

 image:
 	docker buildx build images/clickhouse-backup \
-		--provenance false \
-		--builder=$(BUILDER) \
-		--platform=$(PLATFORM) \
 		--tag $(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/clickhouse-backup:latest \
 		--cache-to type=inline \
 		--metadata-file images/clickhouse-backup.json \
-		--push=$(PUSH) \
-		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
-		--load=$(LOAD)
+		$(BUILDX_ARGS)
 	echo "$(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/clickhouse-backup.json -o json -r)" \
 		> images/clickhouse-backup.tag
 	rm -f images/clickhouse-backup.json
--- a/packages/apps/clickhouse/README.md
+++ b/packages/apps/clickhouse/README.md
@@ -23,35 +23,54 @@ For more details, read [Restic: Effective Backup from Stdin](https://blog.aenix.

 ### Common parameters

-| Name              | Description                                                                                                                             | Value   |
-| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `replicas`        | Number of Clickhouse replicas                                                                                                           | `2`     |
-| `shards`          | Number of Clickhouse shards                                                                                                             | `1`     |
-| `resources`       | Explicit CPU and memory configuration for each ClickHouse replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.             | `small` |
-| `size`            | Persistent Volume Claim size, available for application data                                                                            | `10Gi`  |
-| `storageClass`    | StorageClass used to store the application data                                                                                         | `""`    |
+| Name               | Description                                                                                                                               | Type        | Value   |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `replicas`         | Number of Clickhouse replicas                                                                                                             | `int`       | `2`     |
+| `shards`           | Number of Clickhouse shards                                                                                                               | `int`       | `1`     |
+| `resources`        | Explicit CPU and memory configuration for each Clickhouse replica. When left empty, the preset defined in `resourcesPreset` is applied.   | `*object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
+| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `small` |
+| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
+

 ### Application-specific parameters

-| Name             | Description                                              | Value |
-| ---------------- | -------------------------------------------------------- | ----- |
-| `logStorageSize` | Size of Persistent Volume for logs                       | `2Gi` |
-| `logTTL`         | TTL (expiration time) for query_log and query_thread_log | `15`  |
-| `users`          | Users configuration                                      | `{}`  |
+| Name                   | Description                                                  | Type                | Value   |
+| ---------------------- | ------------------------------------------------------------ | ------------------- | ------- |
+| `logStorageSize`       | Size of Persistent Volume for logs                           | `quantity`          | `2Gi`   |
+| `logTTL`               | TTL (expiration time) for `query_log` and `query_thread_log` | `int`               | `15`    |
+| `users`                | Users configuration                                          | `map[string]object` | `{...}` |
+| `users[name].password` | Password for the user                                        | `*string`           | `null`  |
+| `users[name].readonly` | User is `readonly`, default is `false`.                      | `*bool`             | `null`  |
+

 ### Backup parameters

-| Name                     | Description                                    | Value                                                  |
-| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ |
-| `backup.enabled`         | Enable periodic backups                        | `false`                                                |
-| `backup.s3Region`        | AWS S3 region where backups are stored         | `us-east-1`                                            |
-| `backup.s3Bucket`        | S3 bucket used for storing backups             | `s3.example.org/clickhouse-backups`                    |
-| `backup.schedule`        | Cron schedule for automated backups            | `0 2 * * *`                                            |
-| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
-| `backup.s3AccessKey`     | Access key for S3, used for authentication     | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
-| `backup.s3SecretKey`     | Secret key for S3, used for authentication     | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
-| `backup.resticPassword`  | Password for Restic backup encryption          | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
+| Name                     | Description                                    | Type     | Value                                                  |
+| ------------------------ | ---------------------------------------------- | -------- | ------------------------------------------------------ |
+| `backup`                 | Backup configuration                           | `object` | `{}`                                                   |
+| `backup.enabled`         | Enable regular backups, default is `false`     | `bool`   | `false`                                                |
+| `backup.s3Region`        | AWS S3 region where backups are stored         | `string` | `us-east-1`                                            |
+| `backup.s3Bucket`        | S3 bucket used for storing backups             | `string` | `s3.example.org/clickhouse-backups`                    |
+| `backup.schedule`        | Cron schedule for automated backups            | `string` | `0 2 * * *`                                            |
+| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups | `string` | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.s3AccessKey`     | Access key for S3, used for authentication     | `string` | `<your-access-key>`                                    |
+| `backup.s3SecretKey`     | Secret key for S3, used for authentication     | `string` | `<your-secret-key>`                                    |
+| `backup.resticPassword`  | Password for Restic backup encryption          | `string` | `<password>`                                           |
+
+
+### Clickhouse Keeper parameters
+
+| Name                               | Description                                                                                                                               | Type        | Value   |
+| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `clickhouseKeeper`                 | Clickhouse Keeper configuration                                                                                                           | `*object`   | `{}`    |
+| `clickhouseKeeper.enabled`         | Deploy ClickHouse Keeper for cluster coordination                                                                                         | `*bool`     | `true`  |
+| `clickhouseKeeper.size`            | Persistent Volume Claim size, available for application data                                                                              | `*quantity` | `1Gi`   |
+| `clickhouseKeeper.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro` |
+| `clickhouseKeeper.replicas`        | Number of Keeper replicas                                                                                                                 | `*int`      | `3`     |
+

 ## Parameter examples and reference

--- a/packages/apps/clickhouse/images/clickhouse-backup.tag
+++ b/packages/apps/clickhouse/images/clickhouse-backup.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/clickhouse-backup:0.11.1@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205
+ghcr.io/cozystack/cozystack/clickhouse-backup:0.13.0@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205
--- a/packages/apps/clickhouse/templates/chkeeper.yaml
+++ b/packages/apps/clickhouse/templates/chkeeper.yaml
@@ -0,0 +1,96 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $clusterDomain := (index $cozyConfig.data "cluster-domain") | default "cozy.local" }}
+
+{{- if .Values.clickhouseKeeper.enabled }}
+apiVersion: "clickhouse-keeper.altinity.com/v1"
+kind: "ClickHouseKeeperInstallation"
+metadata:
+  name: "{{ .Release.Name }}-keeper"
+  annotations:
+    prometheus.io/port: "7000"
+    prometheus.io/scrape: "true"
+spec:
+  namespaceDomainPattern: "%s.svc.{{ $clusterDomain }}"
+  configuration:
+    clusters:
+      - name: "cluster1"
+        layout:
+          replicasCount: {{ .Values.clickhouseKeeper.replicas }}
+    settings:
+      logger/level: "trace"
+      logger/console: "true"
+      listen_host: "0.0.0.0"
+      keeper_server/four_letter_word_white_list: "*"
+      keeper_server/coordination_settings/raft_logs_level: "information"
+      prometheus/endpoint: "/metrics"
+      prometheus/port: "7000"
+      prometheus/metrics: "true"
+      prometheus/events: "true"
+      prometheus/asynchronous_metrics: "true"
+      prometheus/status_info: "false"
+
+  defaults:
+    templates:
+      # Templates are specified as default for all clusters
+      podTemplate: default
+      dataVolumeClaimTemplate: default
+
+  templates:
+    podTemplates:
+      - name: default
+        metadata:
+          labels:
+            app: "{{ .Release.Name }}-keeper"
+          annotations:
+            prometheus.io/port: "7000"
+            prometheus.io/scrape: "true"
+        spec:
+          affinity:
+            podAntiAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+                - labelSelector:
+                    matchExpressions:
+                      - key: "app"
+                        operator: In
+                        values:
+                          - "{{ .Release.Name }}-keeper"
+                  topologyKey: "kubernetes.io/hostname"
+          containers:
+            - name: clickhouse-keeper
+              imagePullPolicy: IfNotPresent
+              image: clickhouse/clickhouse-keeper:24.9.2.42
+              resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.clickhouseKeeper.resourcesPreset .Values.resources $) | nindent 20 }}  
+          securityContext:
+            fsGroup: 101
+
+    volumeClaimTemplates:
+      - name: default
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: "{{ .Values.clickhouseKeeper.size }}"
+---
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMPodScrape
+metadata:
+  name: {{ .Release.Name }}-keeper
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-keeper
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  podMetricsEndpoints:
+    - port: metrics
+      path: /metrics
+      interval: 30s
+      scheme: http
+      relabelConfigs:
+        - action: replace
+          sourceLabels: [__meta_kubernetes_pod_node_name]
+          targetLabel: instance
+{{- end }}
--- a/packages/apps/clickhouse/templates/clickhouse.yaml
+++ b/packages/apps/clickhouse/templates/clickhouse.yaml
@@ -91,6 +91,18 @@ spec:
        layout:
          shardsCount: {{ .Values.shards }}
          replicasCount: {{ .Values.replicas }}
+    {{- if .Values.clickhouseKeeper.enabled }}
+    zookeeper:
+      nodes:
+        {{- $replicas := int .Values.clickhouseKeeper.replicas }}
+        {{- $release := .Release.Name }}
+        {{- $namespace := .Release.Namespace }}
+        {{- $clusterDomain := .Values.clusterDomain }}
+        {{- range $i := until $replicas }}
+        - host: "chk-{{ $release }}-keeper-cluster1-0-{{ $i }}.{{ $namespace }}.svc.{{ $clusterDomain }}"
+          port: 2181
+        {{- end }}
+    {{- end }}
  templates:
    volumeClaimTemplates:
      - name: data-volume-template
--- a/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml
@@ -23,6 +23,9 @@ rules:
  - workloadmonitors
  resourceNames:
  - {{ .Release.Name }}
+  {{- if .Values.clickhouseKeeper.enabled }}
+  - {{ .Release.Name }}-keeper
+  {{- end }}
  verbs: ["get", "list", "watch"]
 ---
 kind: RoleBinding
--- a/packages/apps/clickhouse/templates/workloadmonitor.yaml
+++ b/packages/apps/clickhouse/templates/workloadmonitor.yaml
@@ -11,3 +11,18 @@ spec:
  selector:
    app.kubernetes.io/instance: {{ $.Release.Name }}
  version: {{ $.Chart.Version }}
+{{- if .Values.clickhouseKeeper.enabled }}
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}-keeper
+spec:
+  replicas: {{ .Values.clickhouseKeeper.replicas }}
+  minReplicas: 1
+  kind: clickhouse
+  type: clickhouse
+  selector:
+    app: {{ $.Release.Name }}-keeper
+  version: {{ $.Chart.Version }}
+{{- end }}
--- a/packages/apps/clickhouse/values.schema.json
+++ b/packages/apps/clickhouse/values.schema.json
@@ -1,100 +1,237 @@
 {
-    "properties": {
-        "backup": {
-            "properties": {
-                "cleanupStrategy": {
-                    "default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m",
-                    "description": "Retention strategy for cleaning up old backups",
-                    "type": "string"
-                },
-                "enabled": {
-                    "default": false,
-                    "description": "Enable periodic backups",
-                    "type": "boolean"
-                },
-                "resticPassword": {
-                    "default": "ChaXoveekoh6eigh4siesheeda2quai0",
-                    "description": "Password for Restic backup encryption",
-                    "type": "string"
-                },
-                "s3AccessKey": {
-                    "default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu",
-                    "description": "Access key for S3, used for authentication",
-                    "type": "string"
-                },
-                "s3Bucket": {
-                    "default": "s3.example.org/clickhouse-backups",
-                    "description": "S3 bucket used for storing backups",
-                    "type": "string"
-                },
-                "s3Region": {
-                    "default": "us-east-1",
-                    "description": "AWS S3 region where backups are stored",
-                    "type": "string"
-                },
-                "s3SecretKey": {
-                    "default": "ju3eum4dekeich9ahM1te8waeGai0oog",
-                    "description": "Secret key for S3, used for authentication",
-                    "type": "string"
-                },
-                "schedule": {
-                    "default": "0 2 * * *",
-                    "description": "Cron schedule for automated backups",
-                    "type": "string"
-                }
-            },
-            "type": "object"
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "backup": {
+      "description": "Backup configuration",
+      "type": "object",
+      "default": {
+        "cleanupStrategy": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m",
+        "enabled": false,
+        "resticPassword": "\u003cpassword\u003e",
+        "s3AccessKey": "\u003cyour-access-key\u003e",
+        "s3Bucket": "s3.example.org/clickhouse-backups",
+        "s3Region": "us-east-1",
+        "s3SecretKey": "\u003cyour-secret-key\u003e",
+        "schedule": "0 2 * * *"
+      },
+      "required": [
+        "cleanupStrategy",
+        "enabled",
+        "resticPassword",
+        "s3AccessKey",
+        "s3Bucket",
+        "s3Region",
+        "s3SecretKey",
+        "schedule"
+      ],
+      "properties": {
+        "cleanupStrategy": {
+          "description": "Retention strategy for cleaning up old backups",
+          "type": "string",
+          "default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
        },
-        "logStorageSize": {
-            "default": "2Gi",
-            "description": "Size of Persistent Volume for logs",
-            "type": "string"
+        "enabled": {
+          "description": "Enable regular backups, default is `false`",
+          "type": "boolean",
+          "default": false
        },
-        "logTTL": {
-            "default": 15,
-            "description": "TTL (expiration time) for query_log and query_thread_log",
-            "type": "number"
+        "resticPassword": {
+          "description": "Password for Restic backup encryption",
+          "type": "string",
+          "default": "\u003cpassword\u003e"
+        },
+        "s3AccessKey": {
+          "description": "Access key for S3, used for authentication",
+          "type": "string",
+          "default": "\u003cyour-access-key\u003e"
+        },
+        "s3Bucket": {
+          "description": "S3 bucket used for storing backups",
+          "type": "string",
+          "default": "s3.example.org/clickhouse-backups"
+        },
+        "s3Region": {
+          "description": "AWS S3 region where backups are stored",
+          "type": "string",
+          "default": "us-east-1"
+        },
+        "s3SecretKey": {
+          "description": "Secret key for S3, used for authentication",
+          "type": "string",
+          "default": "\u003cyour-secret-key\u003e"
+        },
+        "schedule": {
+          "description": "Cron schedule for automated backups",
+          "type": "string",
+          "default": "0 2 * * *"
+        }
+      }
+    },
+    "clickhouseKeeper": {
+      "description": "Clickhouse Keeper configuration",
+      "type": "object",
+      "default": {
+        "enabled": true,
+        "replicas": 3,
+        "resourcesPreset": "micro",
+        "size": "1Gi"
+      },
+      "required": [
+        "resourcesPreset"
+      ],
+      "properties": {
+        "enabled": {
+          "description": "Deploy ClickHouse Keeper for cluster coordination",
+          "type": "boolean",
+          "default": true
        },
        "replicas": {
-            "default": 2,
-            "description": "Number of Clickhouse replicas",
-            "type": "number"
-        },
-        "resources": {
-            "default": {},
-            "description": "Explicit CPU and memory configuration for each ClickHouse replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-            "type": "object"
+          "description": "Number of Keeper replicas",
+          "type": "integer",
+          "default": 3
        },
        "resourcesPreset": {
-            "default": "small",
-            "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-            "type": "string",
-            "enum": [
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-            ]
-        },
-        "shards": {
-            "default": 1,
-            "description": "Number of Clickhouse shards",
-            "type": "number"
+          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "type": "string",
+          "default": "micro",
+          "enum": [
+            "nano",
+            "micro",
+            "small",
+            "medium",
+            "large",
+            "xlarge",
+            "2xlarge"
+          ]
        },
        "size": {
-            "default": "10Gi",
-            "description": "Persistent Volume Claim size, available for application data",
-            "type": "string"
-        },
-        "storageClass": {
-            "default": "",
-            "description": "StorageClass used to store the application data",
-            "type": "string"
+          "description": "Persistent Volume Claim size, available for application data",
+          "default": "1Gi",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
        }
+      }
    },
-    "title": "Chart Values",
-    "type": "object"
-}
+    "logStorageSize": {
+      "description": "Size of Persistent Volume for logs",
+      "default": "2Gi",
+      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+      "anyOf": [
+        {
+          "type": "integer"
+        },
+        {
+          "type": "string"
+        }
+      ],
+      "x-kubernetes-int-or-string": true
+    },
+    "logTTL": {
+      "description": "TTL (expiration time) for `query_log` and `query_thread_log`",
+      "type": "integer",
+      "default": 15
+    },
+    "replicas": {
+      "description": "Number of Clickhouse replicas",
+      "type": "integer",
+      "default": 2
+    },
+    "resources": {
+      "description": "Explicit CPU and memory configuration for each Clickhouse replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "type": "object",
+      "default": {},
+      "properties": {
+        "cpu": {
+          "description": "CPU available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "memory": {
+          "description": "Memory (RAM) available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        }
+      }
+    },
+    "resourcesPreset": {
+      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "type": "string",
+      "default": "small",
+      "enum": [
+        "nano",
+        "micro",
+        "small",
+        "medium",
+        "large",
+        "xlarge",
+        "2xlarge"
+      ]
+    },
+    "shards": {
+      "description": "Number of Clickhouse shards",
+      "type": "integer",
+      "default": 1
+    },
+    "size": {
+      "description": "Persistent Volume Claim size, available for application data",
+      "default": "10Gi",
+      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+      "anyOf": [
+        {
+          "type": "integer"
+        },
+        {
+          "type": "string"
+        }
+      ],
+      "x-kubernetes-int-or-string": true
+    },
+    "storageClass": {
+      "description": "StorageClass used to store the data",
+      "type": "string"
+    },
+    "users": {
+      "description": "Users configuration",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "properties": {
+          "password": {
+            "description": "Password for the user",
+            "type": "string"
+          },
+          "readonly": {
+            "description": "User is `readonly`, default is `false`.",
+            "type": "boolean"
+          }
+        }
+      }
+    }
+  }
+}
--- a/packages/apps/clickhouse/values.yaml
+++ b/packages/apps/clickhouse/values.yaml
@@ -1,30 +1,36 @@
 ## @section Common parameters
 ##
-## @param replicas Number of Clickhouse replicas
+## @param replicas {int} Number of Clickhouse replicas
 replicas: 2
-## @param shards Number of Clickhouse shards
+## @param shards {int} Number of Clickhouse shards
 shards: 1
-## @param resources Explicit CPU and memory configuration for each ClickHouse replica. When left empty, the preset defined in `resourcesPreset` is applied.
-resources: {}
+## @param resources {*resources} Explicit CPU and memory configuration for each Clickhouse replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @field resources.cpu {*quantity} CPU available to each replica
+## @field resources.memory {*quantity} Memory (RAM) available to each replica
 #  resources:
 #    cpu: 4000m
 #    memory: 4Gi
+resources: {}

-## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+
+
+## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
 resourcesPreset: "small"
-## @param size Persistent Volume Claim size, available for application data
+## @param size {quantity} Persistent Volume Claim size, available for application data
 size: 10Gi
-## @param storageClass StorageClass used to store the application data
+## @param storageClass {string} StorageClass used to store the data
 storageClass: ""


 ## @section Application-specific parameters
 ##
-## @param logStorageSize Size of Persistent Volume for logs
+## @param logStorageSize {quantity} Size of Persistent Volume for logs
 logStorageSize: 2Gi
-## @param logTTL TTL (expiration time) for query_log and query_thread_log
+## @param logTTL {int} TTL (expiration time) for `query_log` and `query_thread_log`
 logTTL: 15
-## @param users [object] Users configuration
+## @param users {map[string]user} Users configuration
+## @field user.password {*string} Password for the user
+## @field user.readonly {*bool} User is `readonly`, default is `false`.
 ## Example:
 ## users:
 ##   user1:
@@ -38,21 +44,34 @@ users: {}

 ## @section Backup parameters

-## @param backup.enabled Enable periodic backups
-## @param backup.s3Region AWS S3 region where backups are stored
-## @param backup.s3Bucket S3 bucket used for storing backups
-## @param backup.schedule Cron schedule for automated backups
-## @param backup.cleanupStrategy Retention strategy for cleaning up old backups
-## @param backup.s3AccessKey Access key for S3, used for authentication
-## @param backup.s3SecretKey Secret key for S3, used for authentication
-## @param backup.resticPassword Password for Restic backup encryption
+## @param backup {backup} Backup configuration
+## @field backup.enabled {bool} Enable regular backups, default is `false`
+## @field backup.s3Region {string} AWS S3 region where backups are stored
+## @field backup.s3Bucket {string} S3 bucket used for storing backups
+## @field backup.schedule {string} Cron schedule for automated backups
+## @field backup.cleanupStrategy {string} Retention strategy for cleaning up old backups
+## @field backup.s3AccessKey {string} Access key for S3, used for authentication
+## @field backup.s3SecretKey {string} Secret key for S3, used for authentication
+## @field backup.resticPassword {string} Password for Restic backup encryption
 backup:
  enabled: false
  s3Region: us-east-1
-  s3Bucket: s3.example.org/clickhouse-backups
+  s3Bucket: "s3.example.org/clickhouse-backups"
  schedule: "0 2 * * *"
  cleanupStrategy: "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
-  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
-  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
-  resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
+  s3AccessKey: "<your-access-key>"
+  s3SecretKey: "<your-secret-key>"
+  resticPassword: "<password>"

+
+## @section Clickhouse Keeper parameters
+## @param clickhouseKeeper {*clickhouseKeeper} Clickhouse Keeper configuration
+## @field clickhouseKeeper.enabled {*bool} Deploy ClickHouse Keeper for cluster coordination
+## @field clickhouseKeeper.size {*quantity} Persistent Volume Claim size, available for application data
+## @field clickhouseKeeper.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+## @field clickhouseKeeper.replicas {*int} Number of Keeper replicas
+clickhouseKeeper:
+  enabled: true
+  size: 1Gi
+  resourcesPreset: micro
+  replicas: 3
--- a/packages/apps/ferretdb/Chart.yaml
+++ b/packages/apps/ferretdb/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.0
+version: 1.1.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/ferretdb/Makefile
+++ b/packages/apps/ferretdb/Makefile
@@ -1,9 +1,7 @@
 include ../../../scripts/package.mk
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 4 '.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md

 update:
 	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/FerretDB/FerretDB | awk -F'[/^]' '{sub("^v", "", $$3)} END{print $$3}') && \
--- a/packages/apps/ferretdb/README.md
+++ b/packages/apps/ferretdb/README.md
@@ -8,42 +8,52 @@ Internally, FerretDB service is backed by Postgres.

 ### Common parameters

-| Name              | Description                                                                                                                           | Value   |
-| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `replicas`        | Number of replicas                                                                                                                    | `2`     |
-| `resources`       | Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.     | `micro` |
-| `size`            | Persistent Volume size                                                                                                                | `10Gi`  |
-| `storageClass`    | StorageClass used to store the data                                                                                                   | `""`    |
-| `external`        | Enable external access from outside the cluster                                                                                       | `false` |
+| Name               | Description                                                                                                                               | Type        | Value   |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `replicas`         | Number of replicas                                                                                                                        | `int`       | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.     | `*object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
+| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro` |
+| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
+| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+

 ### Application-specific parameters

-| Name                     | Description                                                                                                                 | Value |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------- | ----- |
-| `quorum.minSyncReplicas` | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed                | `0`   |
-| `quorum.maxSyncReplicas` | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas) | `0`   |
-| `users`                  | Users configuration                                                                                                         | `{}`  |
+| Name                     | Description                                                                                                                 | Type                | Value   |
+| ------------------------ | --------------------------------------------------------------------------------------------------------------------------- | ------------------- | ------- |
+| `quorum`                 | Configuration for the quorum-based synchronous replication                                                                  | `object`            | `{}`    |
+| `quorum.minSyncReplicas` | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed                | `int`               | `0`     |
+| `quorum.maxSyncReplicas` | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas) | `int`               | `0`     |
+| `users`                  | Users configuration                                                                                                         | `map[string]object` | `{...}` |
+| `users[name].password`   | Password for the user                                                                                                       | `*string`           | `null`  |
+

 ### Backup parameters

-| Name                     | Description                                                | Value                               |
-| ------------------------ | ---------------------------------------------------------- | ----------------------------------- |
-| `backup.enabled`         | Enable regular backups                                     | `false`                             |
-| `backup.schedule`        | Cron schedule for automated backups                        | `0 2 * * * *`                       |
-| `backup.retentionPolicy` | Retention policy                                           | `30d`                               |
-| `backup.destinationPath` | Path to store the backup (i.e. s3://bucket/path/to/folder) | `s3://bucket/path/to/folder/`       |
-| `backup.endpointURL`     | S3 Endpoint used to upload data to the cloud               | `http://minio-gateway-service:9000` |
-| `backup.s3AccessKey`     | Access key for S3, used for authentication                 | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`  |
-| `backup.s3SecretKey`     | Secret key for S3, used for authentication                 | `ju3eum4dekeich9ahM1te8waeGai0oog`  |
+| Name                     | Description                                                | Type     | Value                               |
+| ------------------------ | ---------------------------------------------------------- | -------- | ----------------------------------- |
+| `backup`                 | Backup configuration                                       | `object` | `{}`                                |
+| `backup.enabled`         | Enable regular backups, default is `false`.                | `bool`   | `false`                             |
+| `backup.schedule`        | Cron schedule for automated backups                        | `string` | `0 2 * * * *`                       |
+| `backup.retentionPolicy` | Retention policy                                           | `string` | `30d`                               |
+| `backup.endpointURL`     | S3 Endpoint used to upload data to the cloud               | `string` | `http://minio-gateway-service:9000` |
+| `backup.destinationPath` | Path to store the backup (i.e. s3://bucket/path/to/folder) | `string` | `s3://bucket/path/to/folder/`       |
+| `backup.s3AccessKey`     | Access key for S3, used for authentication                 | `string` | `<your-access-key>`                 |
+| `backup.s3SecretKey`     | Secret key for S3, used for authentication                 | `string` | `<your-secret-key>`                 |
+

 ### Bootstrap (recovery) parameters

-| Name                     | Description                                                                                                          | Value   |
-| ------------------------ | -------------------------------------------------------------------------------------------------------------------- | ------- |
-| `bootstrap.enabled`      | Restore database cluster from a backup                                                                               | `false` |
-| `bootstrap.recoveryTime` | Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest | `""`    |
-| `bootstrap.oldName`      | Name of database cluster before deleting                                                                             | `""`    |
+| Name                     | Description                                                                                                           | Type      | Value   |
+| ------------------------ | --------------------------------------------------------------------------------------------------------------------- | --------- | ------- |
+| `bootstrap`              | Bootstrap (recovery) configuration                                                                                    | `object`  | `{}`    |
+| `bootstrap.enabled`      | Restore database cluster from a backup                                                                                | `*bool`   | `false` |
+| `bootstrap.recoveryTime` | Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest. | `*string` | `""`    |
+| `bootstrap.oldName`      | Name of database cluster before deleting                                                                              | `*string` | `""`    |
+

 ## Parameter examples and reference

--- a/packages/apps/ferretdb/values.schema.json
+++ b/packages/apps/ferretdb/values.schema.json
@@ -1,120 +1,202 @@
 {
-    "properties": {
-        "backup": {
-            "properties": {
-                "destinationPath": {
-                    "default": "s3://bucket/path/to/folder/",
-                    "description": "Path to store the backup (i.e. s3://bucket/path/to/folder)",
-                    "type": "string"
-                },
-                "enabled": {
-                    "default": false,
-                    "description": "Enable regular backups",
-                    "type": "boolean"
-                },
-                "endpointURL": {
-                    "default": "http://minio-gateway-service:9000",
-                    "description": "S3 Endpoint used to upload data to the cloud",
-                    "type": "string"
-                },
-                "retentionPolicy": {
-                    "default": "30d",
-                    "description": "Retention policy",
-                    "type": "string"
-                },
-                "s3AccessKey": {
-                    "default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu",
-                    "description": "Access key for S3, used for authentication",
-                    "type": "string"
-                },
-                "s3SecretKey": {
-                    "default": "ju3eum4dekeich9ahM1te8waeGai0oog",
-                    "description": "Secret key for S3, used for authentication",
-                    "type": "string"
-                },
-                "schedule": {
-                    "default": "0 2 * * * *",
-                    "description": "Cron schedule for automated backups",
-                    "type": "string"
-                }
-            },
-            "type": "object"
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "backup": {
+      "description": "Backup configuration",
+      "type": "object",
+      "default": {
+        "destinationPath": "s3://bucket/path/to/folder/",
+        "enabled": false,
+        "endpointURL": "http://minio-gateway-service:9000",
+        "retentionPolicy": "30d",
+        "s3AccessKey": "\u003cyour-access-key\u003e",
+        "s3SecretKey": "\u003cyour-secret-key\u003e",
+        "schedule": "0 2 * * * *"
+      },
+      "required": [
+        "destinationPath",
+        "enabled",
+        "endpointURL",
+        "retentionPolicy",
+        "s3AccessKey",
+        "s3SecretKey",
+        "schedule"
+      ],
+      "properties": {
+        "destinationPath": {
+          "description": "Path to store the backup (i.e. s3://bucket/path/to/folder)",
+          "type": "string",
+          "default": "s3://bucket/path/to/folder/"
        },
-        "bootstrap": {
-            "properties": {
-                "enabled": {
-                    "default": false,
-                    "description": "Restore database cluster from a backup",
-                    "type": "boolean"
-                },
-                "oldName": {
-                    "default": "",
-                    "description": "Name of database cluster before deleting",
-                    "type": "string"
-                },
-                "recoveryTime": {
-                    "default": "",
-                    "description": "Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest",
-                    "type": "string"
-                }
-            },
-            "type": "object"
+        "enabled": {
+          "description": "Enable regular backups, default is `false`.",
+          "type": "boolean",
+          "default": false
        },
-        "external": {
-            "default": false,
-            "description": "Enable external access from outside the cluster",
-            "type": "boolean"
+        "endpointURL": {
+          "description": "S3 Endpoint used to upload data to the cloud",
+          "type": "string",
+          "default": "http://minio-gateway-service:9000"
        },
-        "quorum": {
-            "properties": {
-                "maxSyncReplicas": {
-                    "default": 0,
-                    "description": "Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas)",
-                    "type": "number"
-                },
-                "minSyncReplicas": {
-                    "default": 0,
-                    "description": "Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed",
-                    "type": "number"
-                }
-            },
-            "type": "object"
+        "retentionPolicy": {
+          "description": "Retention policy",
+          "type": "string",
+          "default": "30d"
        },
-        "replicas": {
-            "default": 2,
-            "description": "Number of replicas",
-            "type": "number"
+        "s3AccessKey": {
+          "description": "Access key for S3, used for authentication",
+          "type": "string",
+          "default": "\u003cyour-access-key\u003e"
        },
-        "resources": {
-            "default": {},
-            "description": "Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-            "type": "object"
+        "s3SecretKey": {
+          "description": "Secret key for S3, used for authentication",
+          "type": "string",
+          "default": "\u003cyour-secret-key\u003e"
        },
-        "resourcesPreset": {
-            "default": "micro",
-            "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
-            "type": "string",
-            "enum": [
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-            ]
-        },
-        "size": {
-            "default": "10Gi",
-            "description": "Persistent Volume size",
-            "type": "string"
-        },
-        "storageClass": {
-            "default": "",
-            "description": "StorageClass used to store the data",
-            "type": "string"
+        "schedule": {
+          "description": "Cron schedule for automated backups",
+          "type": "string",
+          "default": "0 2 * * * *"
        }
+      }
    },
-    "title": "Chart Values",
-    "type": "object"
-}
+    "bootstrap": {
+      "description": "Bootstrap (recovery) configuration",
+      "type": "object",
+      "default": {
+        "enabled": false,
+        "oldName": "",
+        "recoveryTime": ""
+      },
+      "properties": {
+        "enabled": {
+          "description": "Restore database cluster from a backup",
+          "type": "boolean",
+          "default": false
+        },
+        "oldName": {
+          "description": "Name of database cluster before deleting",
+          "type": "string"
+        },
+        "recoveryTime": {
+          "description": "Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest.",
+          "type": "string"
+        }
+      }
+    },
+    "external": {
+      "description": "Enable external access from outside the cluster",
+      "type": "boolean",
+      "default": false
+    },
+    "quorum": {
+      "description": "Configuration for the quorum-based synchronous replication",
+      "type": "object",
+      "default": {
+        "maxSyncReplicas": 0,
+        "minSyncReplicas": 0
+      },
+      "required": [
+        "maxSyncReplicas",
+        "minSyncReplicas"
+      ],
+      "properties": {
+        "maxSyncReplicas": {
+          "description": "Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas)",
+          "type": "integer",
+          "default": 0
+        },
+        "minSyncReplicas": {
+          "description": "Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed",
+          "type": "integer",
+          "default": 0
+        }
+      }
+    },
+    "replicas": {
+      "description": "Number of replicas",
+      "type": "integer",
+      "default": 2
+    },
+    "resources": {
+      "description": "Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "type": "object",
+      "default": {},
+      "properties": {
+        "cpu": {
+          "description": "CPU available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "memory": {
+          "description": "Memory (RAM) available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        }
+      }
+    },
+    "resourcesPreset": {
+      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "type": "string",
+      "default": "micro",
+      "enum": [
+        "nano",
+        "micro",
+        "small",
+        "medium",
+        "large",
+        "xlarge",
+        "2xlarge"
+      ]
+    },
+    "size": {
+      "description": "Persistent Volume Claim size, available for application data",
+      "default": "10Gi",
+      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+      "anyOf": [
+        {
+          "type": "integer"
+        },
+        {
+          "type": "string"
+        }
+      ],
+      "x-kubernetes-int-or-string": true
+    },
+    "storageClass": {
+      "description": "StorageClass used to store the data",
+      "type": "string"
+    },
+    "users": {
+      "description": "Users configuration",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "properties": {
+          "password": {
+            "description": "Password for the user",
+            "type": "string"
+          }
+        }
+      }
+    }
+  }
+}
--- a/packages/apps/ferretdb/values.yaml
+++ b/packages/apps/ferretdb/values.yaml
@@ -1,31 +1,35 @@
 ## @section Common parameters
 ##
-## @param replicas Number of replicas
+## @param replicas {int} Number of replicas
 replicas: 2
-## @param resources Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.
-resources: {}
+## @param resources {*resources} Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @field resources.cpu {*quantity} CPU available to each replica
+## @field resources.memory {*quantity} Memory (RAM) available to each replica
 #  resources:
 #    cpu: 4000m
 #    memory: 4Gi
-## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
-resourcesPreset: "micro"
-## @param size Persistent Volume size
-size: 10Gi
-## @param storageClass StorageClass used to store the data
-storageClass: ""
-## @param external Enable external access from outside the cluster
-external: false
+resources: {}

+## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+resourcesPreset: "micro"
+## @param size {quantity} Persistent Volume Claim size, available for application data
+size: 10Gi
+## @param storageClass {string} StorageClass used to store the data
+storageClass: ""
+## @param external {bool} Enable external access from outside the cluster
+external: false

 ## @section Application-specific parameters
 ##
-## Configuration for the quorum-based synchronous replication
-## @param quorum.minSyncReplicas Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed
-## @param quorum.maxSyncReplicas Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas)
+## @param quorum {quorum} Configuration for the quorum-based synchronous replication
+## @field quorum.minSyncReplicas {int} Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed
+## @field quorum.maxSyncReplicas {int} Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas)
 quorum:
  minSyncReplicas: 0
  maxSyncReplicas: 0
-## @param users [object] Users configuration
+
+## @param users {map[string]user} Users configuration
+## @field user.password {*string} Password for the user
 ## Example:
 ## users:
 ##   user1:
@@ -36,30 +40,34 @@ quorum:
 users: {}


+
 ## @section Backup parameters
 ##
-## @param backup.enabled Enable regular backups
-## @param backup.schedule Cron schedule for automated backups
-## @param backup.retentionPolicy Retention policy
-## @param backup.destinationPath Path to store the backup (i.e. s3://bucket/path/to/folder)
-## @param backup.endpointURL S3 Endpoint used to upload data to the cloud
-## @param backup.s3AccessKey Access key for S3, used for authentication
-## @param backup.s3SecretKey Secret key for S3, used for authentication
+
+## @param backup {backup} Backup configuration
+## @field backup.enabled {bool} Enable regular backups, default is `false`.
+## @field backup.schedule {string} Cron schedule for automated backups
+## @field backup.retentionPolicy {string} Retention policy
+## @field backup.endpointURL {string} S3 Endpoint used to upload data to the cloud
+## @field backup.destinationPath {string} Path to store the backup (i.e. s3://bucket/path/to/folder)
+## @field backup.s3AccessKey {string} Access key for S3, used for authentication
+## @field backup.s3SecretKey {string} Secret key for S3, used for authentication
 backup:
  enabled: false
-  retentionPolicy: 30d
-  destinationPath: s3://bucket/path/to/folder/
-  endpointURL: http://minio-gateway-service:9000
  schedule: "0 2 * * * *"
-  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
-  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
+  retentionPolicy: 30d
+  endpointURL: http://minio-gateway-service:9000
+  destinationPath: s3://bucket/path/to/folder/
+  s3AccessKey: "<your-access-key>"
+  s3SecretKey: "<your-secret-key>"


 ## @section Bootstrap (recovery) parameters
 ##
-## @param bootstrap.enabled Restore database cluster from a backup
-## @param bootstrap.recoveryTime Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest
-## @param bootstrap.oldName Name of database cluster before deleting
+## @param bootstrap {bootstrap} Bootstrap (recovery) configuration
+## @field bootstrap.enabled {*bool} Restore database cluster from a backup
+## @field bootstrap.recoveryTime {*string} Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest.
+## @field bootstrap.oldName {*string} Name of database cluster before deleting
 ##
 bootstrap:
  enabled: false
--- a/packages/apps/http-cache/Chart.yaml
+++ b/packages/apps/http-cache/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.1
+version: 0.7.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/http-cache/Makefile
+++ b/packages/apps/http-cache/Makefile
@@ -1,5 +1,4 @@
 NGINX_CACHE_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 include ../../../scripts/common-envs.mk
 include ../../../scripts/package.mk
@@ -8,24 +7,17 @@ image: image-nginx

 image-nginx:
 	docker buildx build images/nginx-cache \
-		--provenance false \
-		--builder=$(BUILDER) \
-		--platform=$(PLATFORM) \
 		--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/nginx-cache:latest \
 		--cache-to type=inline \
 		--metadata-file images/nginx-cache.json \
-		--push=$(PUSH) \
-		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
-		--load=$(LOAD)
+		$(BUILDX_ARGS)
 	echo "$(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG))@$$(yq e '."containerimage.digest"' images/nginx-cache.json -o json -r)" \
 		> images/nginx-cache.tag
 	rm -f images/nginx-cache.json

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 4 '.properties.haproxy.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
-	yq -i -o json --indent 4 '.properties.nginx.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md

 update:
 	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/chrislim2888/IP2Location-C-Library | awk -F'[/^]' 'END{print $$3}') && \
--- a/packages/apps/http-cache/README.md
+++ b/packages/apps/http-cache/README.md
@@ -60,33 +60,43 @@ The deployment architecture is illustrated in the diagram below:

 ### Common parameters

-| Name           | Description                                     | Value   |
-| -------------- | ----------------------------------------------- | ------- |
-| `size`         | Persistent Volume size                          | `10Gi`  |
-| `storageClass` | StorageClass used to store the data             | `""`    |
-| `external`     | Enable external access from outside the cluster | `false` |
+| Name           | Description                                                  | Type       | Value   |
+| -------------- | ------------------------------------------------------------ | ---------- | ------- |
+| `size`         | Persistent Volume Claim size, available for application data | `quantity` | `10Gi`  |
+| `storageClass` | StorageClass used to store the data                          | `string`   | `""`    |
+| `external`     | Enable external access from outside the cluster              | `bool`     | `false` |
+

 ### Application-specific parameters

-| Name        | Description             | Value |
-| ----------- | ----------------------- | ----- |
-| `endpoints` | Endpoints configuration | `[]`  |
+| Name        | Description                                     | Type       | Value |
+| ----------- | ----------------------------------------------- | ---------- | ----- |
+| `endpoints` | Endpoints configuration, as a list of <ip:port> | `[]string` | `[]`  |
+

 ### HAProxy parameters

-| Name                      | Description                                                                                                                          | Value  |
-| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------ |
-| `haproxy.replicas`        | Number of HAProxy replicas                                                                                                           | `2`    |
-| `haproxy.resources`       | Explicit CPU and memory configuration for each HAProxy replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`   |
-| `haproxy.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.          | `nano` |
+| Name                       | Description                                                                                                                               | Type        | Value  |
+| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------ |
+| `haproxy`                  | HAProxy configuration                                                                                                                     | `object`    | `{}`   |
+| `haproxy.replicas`         | Number of HAProxy replicas                                                                                                                | `int`       | `2`    |
+| `haproxy.resources`        | Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.              | `object`    | `{}`   |
+| `haproxy.resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null` |
+| `haproxy.resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null` |
+| `haproxy.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano` |
+

 ### Nginx parameters

-| Name                    | Description                                                                                                                        | Value  |
-| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------ |
-| `nginx.replicas`        | Number of Nginx replicas                                                                                                           | `2`    |
-| `nginx.resources`       | Explicit CPU and memory configuration for each nginx replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`   |
-| `nginx.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.        | `nano` |
+| Name                     | Description                                                                                                                               | Type        | Value  |
+| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------ |
+| `nginx`                  | Nginx configuration                                                                                                                       | `object`    | `{}`   |
+| `nginx.replicas`         | Number of Nginx replicas                                                                                                                  | `int`       | `2`    |
+| `nginx.resources`        | Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.              | `*object`   | `null` |
+| `nginx.resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null` |
+| `nginx.resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null` |
+| `nginx.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano` |
+

 ## Parameter examples and reference

--- a/packages/apps/http-cache/images/nginx-cache.tag
+++ b/packages/apps/http-cache/images/nginx-cache.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.6.1@sha256:b7633717cd7449c0042ae92d8ca9b36e4d69566561f5c7d44e21058e7d05c6d5
+ghcr.io/cozystack/cozystack/nginx-cache:0.7.0@sha256:b7633717cd7449c0042ae92d8ca9b36e4d69566561f5c7d44e21058e7d05c6d5
--- a/packages/apps/http-cache/values.schema.json
+++ b/packages/apps/http-cache/values.schema.json
@@ -1,85 +1,172 @@
 {
-    "properties": {
-        "endpoints": {
-            "default": [],
-            "description": "Endpoints configuration",
-            "items": {},
-            "type": "array"
-        },
-        "external": {
-            "default": false,
-            "description": "Enable external access from outside the cluster",
-            "type": "boolean"
-        },
-        "haproxy": {
-            "properties": {
-                "replicas": {
-                    "default": 2,
-                    "description": "Number of HAProxy replicas",
-                    "type": "number"
-                },
-                "resources": {
-                    "default": {},
-                    "description": "Explicit CPU and memory configuration for each HAProxy replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-                    "type": "object"
-                },
-                "resourcesPreset": {
-                    "default": "nano",
-                    "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-                    "type": "string",
-                    "enum": [
-                        "nano",
-                        "micro",
-                        "small",
-                        "medium",
-                        "large",
-                        "xlarge",
-                        "2xlarge"
-                    ]
-                }
-            },
-            "type": "object"
-        },
-        "nginx": {
-            "properties": {
-                "replicas": {
-                    "default": 2,
-                    "description": "Number of Nginx replicas",
-                    "type": "number"
-                },
-                "resources": {
-                    "default": {},
-                    "description": "Explicit CPU and memory configuration for each nginx replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-                    "type": "object"
-                },
-                "resourcesPreset": {
-                    "default": "nano",
-                    "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-                    "type": "string",
-                    "enum": [
-                        "nano",
-                        "micro",
-                        "small",
-                        "medium",
-                        "large",
-                        "xlarge",
-                        "2xlarge"
-                    ]
-                }
-            },
-            "type": "object"
-        },
-        "size": {
-            "default": "10Gi",
-            "description": "Persistent Volume size",
-            "type": "string"
-        },
-        "storageClass": {
-            "default": "",
-            "description": "StorageClass used to store the data",
-            "type": "string"
-        }
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "endpoints": {
+      "description": "Endpoints configuration, as a list of \u003cip:port\u003e",
+      "type": "array",
+      "default": [],
+      "items": {
+        "type": "string"
+      }
    },
-    "title": "Chart Values",
-    "type": "object"
-}
+    "external": {
+      "description": "Enable external access from outside the cluster",
+      "type": "boolean",
+      "default": false
+    },
+    "haproxy": {
+      "description": "HAProxy configuration",
+      "type": "object",
+      "default": {
+        "replicas": 2,
+        "resources": {},
+        "resourcesPreset": "nano"
+      },
+      "required": [
+        "replicas",
+        "resources",
+        "resourcesPreset"
+      ],
+      "properties": {
+        "replicas": {
+          "description": "Number of HAProxy replicas",
+          "type": "integer",
+          "default": 2
+        },
+        "resources": {
+          "description": "Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+          "type": "object",
+          "default": {},
+          "properties": {
+            "cpu": {
+              "description": "CPU available to each replica",
+              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+              "anyOf": [
+                {
+                  "type": "integer"
+                },
+                {
+                  "type": "string"
+                }
+              ],
+              "x-kubernetes-int-or-string": true
+            },
+            "memory": {
+              "description": "Memory (RAM) available to each replica",
+              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+              "anyOf": [
+                {
+                  "type": "integer"
+                },
+                {
+                  "type": "string"
+                }
+              ],
+              "x-kubernetes-int-or-string": true
+            }
+          }
+        },
+        "resourcesPreset": {
+          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "type": "string",
+          "default": "nano",
+          "enum": [
+            "nano",
+            "micro",
+            "small",
+            "medium",
+            "large",
+            "xlarge",
+            "2xlarge"
+          ]
+        }
+      }
+    },
+    "nginx": {
+      "description": "Nginx configuration",
+      "type": "object",
+      "default": {
+        "replicas": 2,
+        "resources": {},
+        "resourcesPreset": "nano"
+      },
+      "required": [
+        "replicas",
+        "resourcesPreset"
+      ],
+      "properties": {
+        "replicas": {
+          "description": "Number of Nginx replicas",
+          "type": "integer",
+          "default": 2
+        },
+        "resources": {
+          "description": "Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+          "type": "object",
+          "default": {},
+          "properties": {
+            "cpu": {
+              "description": "CPU available to each replica",
+              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+              "anyOf": [
+                {
+                  "type": "integer"
+                },
+                {
+                  "type": "string"
+                }
+              ],
+              "x-kubernetes-int-or-string": true
+            },
+            "memory": {
+              "description": "Memory (RAM) available to each replica",
+              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+              "anyOf": [
+                {
+                  "type": "integer"
+                },
+                {
+                  "type": "string"
+                }
+              ],
+              "x-kubernetes-int-or-string": true
+            }
+          }
+        },
+        "resourcesPreset": {
+          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "type": "string",
+          "default": "nano",
+          "enum": [
+            "nano",
+            "micro",
+            "small",
+            "medium",
+            "large",
+            "xlarge",
+            "2xlarge"
+          ]
+        }
+      }
+    },
+    "size": {
+      "description": "Persistent Volume Claim size, available for application data",
+      "default": "10Gi",
+      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+      "anyOf": [
+        {
+          "type": "integer"
+        },
+        {
+          "type": "string"
+        }
+      ],
+      "x-kubernetes-int-or-string": true
+    },
+    "storageClass": {
+      "description": "StorageClass used to store the data",
+      "type": "string"
+    }
+  }
+}
--- a/packages/apps/http-cache/values.yaml
+++ b/packages/apps/http-cache/values.yaml
@@ -1,14 +1,14 @@
 ## @section Common parameters
 ##
-## @param size Persistent Volume size
+## @param size {quantity} Persistent Volume Claim size, available for application data
 size: 10Gi
-## @param storageClass StorageClass used to store the data
+## @param storageClass {string} StorageClass used to store the data
 storageClass: ""
-## @param external Enable external access from outside the cluster
+## @param external {bool} Enable external access from outside the cluster
 external: false
 ## @section Application-specific parameters

-## @param endpoints Endpoints configuration
+## @param endpoints {[]string} Endpoints configuration, as a list of <ip:port>
 ## Example:
 ## endpoints:
 ##   - 10.100.3.1:80
@@ -20,28 +20,34 @@ external: false
 ##
 endpoints: []

+
 ## @section HAProxy parameters
+##
+## @param haproxy {haproxy} HAProxy configuration
 haproxy:
-  ## @param haproxy.replicas Number of HAProxy replicas
+  ## @field haproxy.replicas {int} Number of HAProxy replicas
  replicas: 2
-  ## @param haproxy.resources Explicit CPU and memory configuration for each HAProxy replica. When left empty, the preset defined in `resourcesPreset` is applied.
+  ## @field haproxy.resources {resources} Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.
+  ## @field resources.cpu {*quantity} CPU available to each replica
+  ## @field resources.memory {*quantity} Memory (RAM) available to each replica
  resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
-
-  ## @param haproxy.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+  ## @field haproxy.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
  resourcesPreset: "nano"

 ## @section Nginx parameters
+##
+## @param nginx {nginx} Nginx configuration
 nginx:
-  ## @param nginx.replicas Number of Nginx replicas
+  ## @field nginx.replicas {int} Number of Nginx replicas
  replicas: 2
-  ## @param nginx.resources Explicit CPU and memory configuration for each nginx replica. When left empty, the preset defined in `resourcesPreset` is applied.
-  resources: {}
+  ## @field nginx.resources {*resources} Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
+  resources: {}

-  ## @param nginx.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+  ## @field nginx.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
  resourcesPreset: "nano"
--- a/packages/apps/kafka/Makefile
+++ b/packages/apps/kafka/Makefile
@@ -2,6 +2,4 @@ include ../../../scripts/package.mk
 PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 4 '.properties.kafka.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
-	yq -i -o json --indent 4 '.properties.zookeeper.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/kafka/README.md
+++ b/packages/apps/kafka/README.md
@@ -4,35 +4,49 @@

 ### Common parameters

-| Name       | Description                                     | Value   |
-| ---------- | ----------------------------------------------- | ------- |
-| `external` | Enable external access from outside the cluster | `false` |
+| Name       | Description                                     | Type   | Value   |
+| ---------- | ----------------------------------------------- | ------ | ------- |
+| `external` | Enable external access from outside the cluster | `bool` | `false` |
+

 ### Application-specific parameters

-| Name     | Description                        | Value |
-| -------- | ---------------------------------- | ----- |
-| `topics` | Topics configuration (see example) | `[]`  |
+| Name                   | Description          | Type       | Value |
+| ---------------------- | -------------------- | ---------- | ----- |
+| `topics`               | Topics configuration | `[]object` | `[]`  |
+| `topics[i].name`       | Topic name           | `string`   | `""`  |
+| `topics[i].partitions` | Number of partitions | `int`      | `0`   |
+| `topics[i].replicas`   | Number of replicas   | `int`      | `0`   |
+| `topics[i].config`     | Topic configuration  | `object`   | `{}`  |
+

 ### Kafka configuration

-| Name                    | Description                                                                                                                        | Value   |
-| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `kafka.replicas`        | Number of Kafka replicas                                                                                                           | `3`     |
-| `kafka.resources`       | Explicit CPU and memory configuration for each Kafka replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `kafka.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.        | `small` |
-| `kafka.size`            | Persistent Volume size for Kafka                                                                                                   | `10Gi`  |
-| `kafka.storageClass`    | StorageClass used to store the Kafka data                                                                                          | `""`    |
+| Name                     | Description                                                                                                                               | Type        | Value   |
+| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `kafka`                  | Kafka configuration                                                                                                                       | `object`    | `{}`    |
+| `kafka.replicas`         | Number of Kafka replicas                                                                                                                  | `int`       | `3`     |
+| `kafka.resources`        | Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.              | `*object`   | `null`  |
+| `kafka.resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
+| `kafka.resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
+| `kafka.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `small` |
+| `kafka.size`             | Persistent Volume size for Kafka                                                                                                          | `quantity`  | `10Gi`  |
+| `kafka.storageClass`     | StorageClass used to store the Kafka data                                                                                                 | `string`    | `""`    |
+

 ### Zookeeper configuration

-| Name                        | Description                                                                                                                            | Value   |
-| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `zookeeper.replicas`        | Number of ZooKeeper replicas                                                                                                           | `3`     |
-| `zookeeper.resources`       | Explicit CPU and memory configuration for each Zookeeper replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `zookeeper.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.            | `small` |
-| `zookeeper.size`            | Persistent Volume size for ZooKeeper                                                                                                   | `5Gi`   |
-| `zookeeper.storageClass`    | StorageClass used to store the ZooKeeper data                                                                                          | `""`    |
+| Name                         | Description                                                                                                                               | Type        | Value   |
+| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `zookeeper`                  | Zookeeper configuration                                                                                                                   | `object`    | `{}`    |
+| `zookeeper.replicas`         | Number of ZooKeeper replicas                                                                                                              | `int`       | `3`     |
+| `zookeeper.resources`        | Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.              | `*object`   | `null`  |
+| `zookeeper.resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
+| `zookeeper.resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
+| `zookeeper.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `small` |
+| `zookeeper.size`             | Persistent Volume size for ZooKeeper                                                                                                      | `quantity`  | `5Gi`   |
+| `zookeeper.storageClass`     | StorageClass used to store the ZooKeeper data                                                                                             | `string`    | `""`    |
+

 ## Parameter examples and reference

--- a/packages/apps/kafka/values.schema.json
+++ b/packages/apps/kafka/values.schema.json
@@ -1,95 +1,222 @@
 {
-    "properties": {
-        "external": {
-            "default": false,
-            "description": "Enable external access from outside the cluster",
-            "type": "boolean"
-        },
-        "kafka": {
-            "properties": {
-                "replicas": {
-                    "default": 3,
-                    "description": "Number of Kafka replicas",
-                    "type": "number"
-                },
-                "resources": {
-                    "default": {},
-                    "description": "Explicit CPU and memory configuration for each Kafka replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-                    "type": "object"
-                },
-                "resourcesPreset": {
-                    "default": "small",
-                    "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-                    "type": "string",
-                    "enum": [
-                        "nano",
-                        "micro",
-                        "small",
-                        "medium",
-                        "large",
-                        "xlarge",
-                        "2xlarge"
-                    ]
-                },
-                "size": {
-                    "default": "10Gi",
-                    "description": "Persistent Volume size for Kafka",
-                    "type": "string"
-                },
-                "storageClass": {
-                    "default": "",
-                    "description": "StorageClass used to store the Kafka data",
-                    "type": "string"
-                }
-            },
-            "type": "object"
-        },
-        "topics": {
-            "default": [],
-            "description": "Topics configuration (see example)",
-            "items": {},
-            "type": "array"
-        },
-        "zookeeper": {
-            "properties": {
-                "replicas": {
-                    "default": 3,
-                    "description": "Number of ZooKeeper replicas",
-                    "type": "number"
-                },
-                "resources": {
-                    "default": {},
-                    "description": "Explicit CPU and memory configuration for each Zookeeper replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-                    "type": "object"
-                },
-                "resourcesPreset": {
-                    "default": "small",
-                    "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-                    "type": "string",
-                    "enum": [
-                        "nano",
-                        "micro",
-                        "small",
-                        "medium",
-                        "large",
-                        "xlarge",
-                        "2xlarge"
-                    ]
-                },
-                "size": {
-                    "default": "5Gi",
-                    "description": "Persistent Volume size for ZooKeeper",
-                    "type": "string"
-                },
-                "storageClass": {
-                    "default": "",
-                    "description": "StorageClass used to store the ZooKeeper data",
-                    "type": "string"
-                }
-            },
-            "type": "object"
-        }
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "external": {
+      "description": "Enable external access from outside the cluster",
+      "type": "boolean",
+      "default": false
    },
-    "title": "Chart Values",
-    "type": "object"
-}
+    "kafka": {
+      "description": "Kafka configuration",
+      "type": "object",
+      "default": {
+        "replicas": 3,
+        "resources": {},
+        "resourcesPreset": "small",
+        "size": "10Gi",
+        "storageClass": ""
+      },
+      "required": [
+        "replicas",
+        "resourcesPreset",
+        "size",
+        "storageClass"
+      ],
+      "properties": {
+        "replicas": {
+          "description": "Number of Kafka replicas",
+          "type": "integer",
+          "default": 3
+        },
+        "resources": {
+          "description": "Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+          "type": "object",
+          "default": {},
+          "properties": {
+            "cpu": {
+              "description": "CPU available to each replica",
+              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+              "anyOf": [
+                {
+                  "type": "integer"
+                },
+                {
+                  "type": "string"
+                }
+              ],
+              "x-kubernetes-int-or-string": true
+            },
+            "memory": {
+              "description": "Memory (RAM) available to each replica",
+              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+              "anyOf": [
+                {
+                  "type": "integer"
+                },
+                {
+                  "type": "string"
+                }
+              ],
+              "x-kubernetes-int-or-string": true
+            }
+          }
+        },
+        "resourcesPreset": {
+          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "type": "string",
+          "default": "small",
+          "enum": [
+            "nano",
+            "micro",
+            "small",
+            "medium",
+            "large",
+            "xlarge",
+            "2xlarge"
+          ]
+        },
+        "size": {
+          "description": "Persistent Volume size for Kafka",
+          "default": "10Gi",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "storageClass": {
+          "description": "StorageClass used to store the Kafka data",
+          "type": "string"
+        }
+      }
+    },
+    "topics": {
+      "description": "Topics configuration",
+      "type": "array",
+      "default": [],
+      "items": {
+        "type": "object",
+        "required": [
+          "config",
+          "name",
+          "partitions",
+          "replicas"
+        ],
+        "properties": {
+          "config": {
+            "description": "Topic configuration",
+            "type": "object",
+            "x-kubernetes-preserve-unknown-fields": true
+          },
+          "name": {
+            "description": "Topic name",
+            "type": "string"
+          },
+          "partitions": {
+            "description": "Number of partitions",
+            "type": "integer"
+          },
+          "replicas": {
+            "description": "Number of replicas",
+            "type": "integer"
+          }
+        }
+      }
+    },
+    "zookeeper": {
+      "description": "Zookeeper configuration",
+      "type": "object",
+      "default": {
+        "replicas": 3,
+        "resources": {},
+        "resourcesPreset": "small",
+        "size": "5Gi",
+        "storageClass": ""
+      },
+      "required": [
+        "replicas",
+        "resourcesPreset",
+        "size",
+        "storageClass"
+      ],
+      "properties": {
+        "replicas": {
+          "description": "Number of ZooKeeper replicas",
+          "type": "integer",
+          "default": 3
+        },
+        "resources": {
+          "description": "Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+          "type": "object",
+          "default": {},
+          "properties": {
+            "cpu": {
+              "description": "CPU available to each replica",
+              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+              "anyOf": [
+                {
+                  "type": "integer"
+                },
+                {
+                  "type": "string"
+                }
+              ],
+              "x-kubernetes-int-or-string": true
+            },
+            "memory": {
+              "description": "Memory (RAM) available to each replica",
+              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+              "anyOf": [
+                {
+                  "type": "integer"
+                },
+                {
+                  "type": "string"
+                }
+              ],
+              "x-kubernetes-int-or-string": true
+            }
+          }
+        },
+        "resourcesPreset": {
+          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "type": "string",
+          "default": "small",
+          "enum": [
+            "nano",
+            "micro",
+            "small",
+            "medium",
+            "large",
+            "xlarge",
+            "2xlarge"
+          ]
+        },
+        "size": {
+          "description": "Persistent Volume size for ZooKeeper",
+          "default": "5Gi",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "storageClass": {
+          "description": "StorageClass used to store the ZooKeeper data",
+          "type": "string"
+        }
+      }
+    }
+  }
+}
--- a/packages/apps/kafka/values.yaml
+++ b/packages/apps/kafka/values.yaml
@@ -1,12 +1,17 @@
 ## @section Common parameters
 ##
-## @param external Enable external access from outside the cluster
+## @param external {bool} Enable external access from outside the cluster
 external: false


 ## @section Application-specific parameters
 ##
-## @param topics Topics configuration (see example)
+## @param topics {[]topic} Topics configuration
+## @field topic {topic} Topic
+## @field topic.name {string} Topic name
+## @field topic.partitions {int} Number of partitions
+## @field topic.replicas {int} Number of replicas
+## @field topic.config {object} Topic configuration
 ## Example:
 ## topics:
 ##   - name: Results
@@ -27,38 +32,41 @@ topics: []

 ## @section Kafka configuration
 ##
+## @param kafka {kafka} Kafka configuration
 kafka:
-  ## @param kafka.replicas Number of Kafka replicas
+  ## @field kafka.replicas {int} Number of Kafka replicas
  replicas: 3
-  ## @param kafka.resources Explicit CPU and memory configuration for each Kafka replica. When left empty, the preset defined in `resourcesPreset` is applied.
-  resources: {}
+  ## @field kafka.resources {*resources} Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.
+  ## @field resources.cpu {*quantity} CPU available to each replica
+  ## @field resources.memory {*quantity} Memory (RAM) available to each replica
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
-  ## @param kafka.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+  resources: {}
+  ## @field kafka.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
  resourcesPreset: "small"
-  ## @param kafka.size Persistent Volume size for Kafka
+  ## @field kafka.size {quantity} Persistent Volume size for Kafka
  size: 10Gi
-  ## @param kafka.storageClass StorageClass used to store the Kafka data
+  ## @field kafka.storageClass {string} StorageClass used to store the Kafka data
  storageClass: ""


 ## @section Zookeeper configuration
 ##
+## @param zookeeper {zookeeper} Zookeeper configuration
 zookeeper:
-  ## @param zookeeper.replicas Number of ZooKeeper replicas
+  ## @field zookeeper.replicas {int} Number of ZooKeeper replicas
  replicas: 3
-  ## @param zookeeper.resources Explicit CPU and memory configuration for each Zookeeper replica. When left empty, the preset defined in `resourcesPreset` is applied.
-  resources: {}
+  ## @field zookeeper.resources {*resources} Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
-  ## @param zookeeper.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+  resources: {}
+
+  ## @field zookeeper.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
  resourcesPreset: "small"
-  ## @param zookeeper.size Persistent Volume size for ZooKeeper
+  ## @field zookeeper.size {quantity} Persistent Volume size for ZooKeeper
  size: 5Gi
-  ## @param zookeeper.storageClass StorageClass used to store the ZooKeeper data
+  ## @field zookeeper.storageClass {string} StorageClass used to store the ZooKeeper data
  storageClass: ""

-
-
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.26.3
+version: 0.27.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/kubernetes/Makefile
+++ b/packages/apps/kubernetes/Makefile
@@ -1,69 +1,48 @@
 KUBERNETES_VERSION = v1.32
 KUBERNETES_PKG_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 include ../../../scripts/common-envs.mk
 include ../../../scripts/package.mk

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
 	yq -o=json -i '.properties.version.enum = (load("files/versions.yaml") | keys)' values.schema.json
-	yq -o json -i '.properties.addons.properties.ingressNginx.properties.exposeMethod.enum = ["Proxied","LoadBalancer"]' values.schema.json
-	yq -o json -i '.properties.controlPlane.properties.apiServer.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
-	yq -o json -i '.properties.controlPlane.properties.controllerManager.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
-	yq -o json -i '.properties.controlPlane.properties.scheduler.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
-	yq -o json -i '.properties.controlPlane.properties.konnectivity.properties.server.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json

 image: image-ubuntu-container-disk image-kubevirt-cloud-provider image-kubevirt-csi-driver image-cluster-autoscaler

 image-ubuntu-container-disk:
 	docker buildx build images/ubuntu-container-disk \
-		--provenance false \
-		--builder=$(BUILDER) \
-		--platform=$(PLATFORM) \
 		--build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
 		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)) \
 		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)-$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:latest \
 		--cache-to type=inline \
 		--metadata-file images/ubuntu-container-disk.json \
-		--push=$(PUSH) \
-		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
-		--load=$(LOAD)
+		$(BUILDX_ARGS)
 	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \
 		> images/ubuntu-container-disk.tag
 	rm -f images/ubuntu-container-disk.json

 image-kubevirt-cloud-provider:
 	docker buildx build images/kubevirt-cloud-provider \
-		--provenance false \
-		--builder=$(BUILDER) \
-		--platform=$(PLATFORM) \
 		--tag $(REGISTRY)/kubevirt-cloud-provider:$(call settag,$(KUBERNETES_PKG_TAG)) \
 		--tag $(REGISTRY)/kubevirt-cloud-provider:$(call settag,$(KUBERNETES_PKG_TAG)-$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/kubevirt-cloud-provider:latest \
 		--cache-to type=inline \
 		--metadata-file images/kubevirt-cloud-provider.json \
-		--push=$(PUSH) \
-		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
-		--load=$(LOAD)
+		$(BUILDX_ARGS)
 	echo "$(REGISTRY)/kubevirt-cloud-provider:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-cloud-provider.json -o json -r)" \
 		> images/kubevirt-cloud-provider.tag
 	rm -f images/kubevirt-cloud-provider.json

 image-kubevirt-csi-driver:
 	docker buildx build images/kubevirt-csi-driver \
-		--provenance false \
-		--builder=$(BUILDER) \
-		--platform=$(PLATFORM) \
 		--tag $(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG)) \
 		--tag $(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG)-$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/kubevirt-csi-driver:latest \
 		--cache-to type=inline \
 		--metadata-file images/kubevirt-csi-driver.json \
-		--push=$(PUSH) \
-		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
-		--load=$(LOAD)
+		$(BUILDX_ARGS)
 	echo "$(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-csi-driver.json -o json -r)" \
 		> images/kubevirt-csi-driver.tag
 	IMAGE=$$(cat images/kubevirt-csi-driver.tag) \
@@ -73,17 +52,12 @@ image-kubevirt-csi-driver:

 image-cluster-autoscaler:
 	docker buildx build images/cluster-autoscaler \
-		--provenance false \
-		--builder=$(BUILDER) \
-		--platform=$(PLATFORM) \
 		--tag $(REGISTRY)/cluster-autoscaler:$(call settag,$(KUBERNETES_PKG_TAG)) \
 		--tag $(REGISTRY)/cluster-autoscaler:$(call settag,$(KUBERNETES_PKG_TAG)-$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/cluster-autoscaler:latest \
 		--cache-to type=inline \
 		--metadata-file images/cluster-autoscaler.json \
-		--push=$(PUSH) \
-		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
-		--load=$(LOAD)
+		$(BUILDX_ARGS)
 	echo "$(REGISTRY)/cluster-autoscaler:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/cluster-autoscaler.json -o json -r)" \
 		> images/cluster-autoscaler.tag
 	rm -f images/cluster-autoscaler.json
--- a/packages/apps/kubernetes/README.md
+++ b/packages/apps/kubernetes/README.md
@@ -84,53 +84,91 @@ See the reference for components utilized in this service:

 ### Common Parameters

-| Name           | Description                           | Value        |
-| -------------- | ------------------------------------- | ------------ |
-| `storageClass` | StorageClass used to store user data. | `replicated` |
+| Name           | Description                         | Type     | Value        |
+| -------------- | ----------------------------------- | -------- | ------------ |
+| `storageClass` | StorageClass used to store the data | `string` | `replicated` |
+

 ### Application-specific parameters

-| Name         | Description                                                                                                       | Value   |
-| ------------ | ----------------------------------------------------------------------------------------------------------------- | ------- |
-| `version`    | Kubernetes version given as vMAJOR.MINOR. Available are versions from 1.28 to 1.33.                               | `v1.32` |
-| `host`       | Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty. | `""`    |
-| `nodeGroups` | Worker nodes configuration (see example)                                                                          | `{}`    |
+| Name                                | Description                                                                                                       | Type                | Value   |
+| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- | ------- |
+| `version`                           | Kubernetes version given as vMAJOR.MINOR. Available are versions from 1.28 to 1.33.                               | `string`            | `v1.32` |
+| `host`                              | Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty. | `string`            | `""`    |
+| `nodeGroups`                        | Worker nodes configuration                                                                                        | `map[string]object` | `{...}` |
+| `nodeGroups[name].minReplicas`      | Minimum amount of replicas                                                                                        | `int`               | `0`     |
+| `nodeGroups[name].maxReplicas`      | Maximum amount of replicas                                                                                        | `int`               | `0`     |
+| `nodeGroups[name].instanceType`     | Virtual machine instance type                                                                                     | `string`            | `""`    |
+| `nodeGroups[name].ephemeralStorage` | Ephemeral storage size                                                                                            | `quantity`          | `""`    |
+| `nodeGroups[name].roles`            | List of node's roles                                                                                              | `[]string`          | `[]`    |
+| `nodeGroups[name].resources`        | Resources available to each worker node                                                                           | `object`            | `{}`    |
+| `nodeGroups[name].resources.cpu`    | CPU available to each worker node                                                                                 | `*quantity`         | `null`  |
+| `nodeGroups[name].resources.memory` | Memory (RAM) available to each worker node                                                                        | `*quantity`         | `null`  |
+| `nodeGroups[name].gpus`             | List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)                                       | `[]object`          | `[]`    |
+| `nodeGroups[name].gpus.name`        | Name of GPU, such as "nvidia.com/AD102GL_L40S"                                                                    | `string`            | `""`    |
+

 ### Cluster Addons

-| Name                                          | Description                                                                                                                                                                       | Value     |
-| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- |
-| `addons.certManager.enabled`                  | Enable cert-manager, which automatically creates and manages SSL/TLS certificates.                                                                                                | `false`   |
-| `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                                         | `{}`      |
-| `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                                         | `{}`      |
-| `addons.gatewayAPI.enabled`                   | Enable the Gateway API                                                                                                                                                            | `false`   |
-| `addons.ingressNginx.enabled`                 | Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).                                                                                       | `false`   |
-| `addons.ingressNginx.exposeMethod`            | Method to expose the Ingress-NGINX controller. (allowed values: Proxied, LoadBalancer)                                                                                            | `Proxied` |
-| `addons.ingressNginx.hosts`                   | List of domain names that the parent cluster should route to this tenant cluster. Taken into account only when `exposeMethod` is set to `Proxied`.                                | `[]`      |
-| `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                                         | `{}`      |
-| `addons.gpuOperator.enabled`                  | Enable the GPU-operator                                                                                                                                                           | `false`   |
-| `addons.gpuOperator.valuesOverride`           | Custom values to override                                                                                                                                                         | `{}`      |
-| `addons.fluxcd.enabled`                       | Enable FluxCD                                                                                                                                                                     | `false`   |
-| `addons.fluxcd.valuesOverride`                | Custom values to override                                                                                                                                                         | `{}`      |
-| `addons.monitoringAgents.enabled`             | Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage. | `false`   |
-| `addons.monitoringAgents.valuesOverride`      | Custom values to override                                                                                                                                                         | `{}`      |
-| `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override                                                                                                                                                         | `{}`      |
-| `addons.velero.enabled`                       | Enable velero for backup and restore k8s cluster.                                                                                                                                 | `false`   |
-| `addons.velero.valuesOverride`                | Custom values to override                                                                                                                                                         | `{}`      |
+| Name                                          | Description                                                                                                                                                                       | Type       | Value     |
+| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | --------- |
+| `addons`                                      | Cluster addons configuration                                                                                                                                                      | `object`   | `{}`      |
+| `addons.certManager`                          | Cert-manager: automatically creates and manages SSL/TLS certificate                                                                                                               | `object`   | `{}`      |
+| `addons.certManager.enabled`                  | Enable cert-manager, which automatically creates and manages SSL/TLS certificates.                                                                                                | `bool`     | `false`   |
+| `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
+| `addons.cilium`                               | Cilium CNI plugin                                                                                                                                                                 | `object`   | `{}`      |
+| `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
+| `addons.gatewayAPI`                           | Gateway API                                                                                                                                                                       | `object`   | `{}`      |
+| `addons.gatewayAPI.enabled`                   | Enable the Gateway API                                                                                                                                                            | `bool`     | `false`   |
+| `addons.ingressNginx`                         | Ingress-NGINX Controller                                                                                                                                                          | `object`   | `{}`      |
+| `addons.ingressNginx.enabled`                 | Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).                                                                                       | `bool`     | `false`   |
+| `addons.ingressNginx.exposeMethod`            | Method to expose the Ingress-NGINX controller. Allowed values: `Proxied`, `LoadBalancer`.                                                                                         | `string`   | `Proxied` |
+| `addons.ingressNginx.hosts`                   | List of domain names that the parent cluster should route to this tenant cluster. Taken into account only when `exposeMethod` is set to `Proxied`.                                | `[]string` | `[]`      |
+| `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
+| `addons.gpuOperator`                          | GPU-operator: NVIDIA GPU Operator                                                                                                                                                 | `object`   | `{}`      |
+| `addons.gpuOperator.enabled`                  | Enable the GPU-operator                                                                                                                                                           | `bool`     | `false`   |
+| `addons.gpuOperator.valuesOverride`           | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
+| `addons.fluxcd`                               | Flux CD                                                                                                                                                                           | `object`   | `{}`      |
+| `addons.fluxcd.enabled`                       | Enable FluxCD                                                                                                                                                                     | `bool`     | `false`   |
+| `addons.fluxcd.valuesOverride`                | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
+| `addons.monitoringAgents`                     | MonitoringAgents                                                                                                                                                                  | `object`   | `{}`      |
+| `addons.monitoringAgents.enabled`             | Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage. | `bool`     | `false`   |
+| `addons.monitoringAgents.valuesOverride`      | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
+| `addons.verticalPodAutoscaler`                | VerticalPodAutoscaler                                                                                                                                                             | `object`   | `{}`      |
+| `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
+| `addons.velero`                               | Velero                                                                                                                                                                            | `object`   | `{}`      |
+| `addons.velero.enabled`                       | Enable Velero for backup and recovery of a tenant Kubernetes cluster.                                                                                                             | `bool`     | `false`   |
+| `addons.velero.valuesOverride`                | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
+

 ### Kubernetes Control Plane Configuration

-| Name                                               | Description                                                                                                                            | Value    |
-| -------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -------- |
-| `controlPlane.replicas`                            | Number of replicas for Kubernetes control-plane components.                                                                            | `2`      |
-| `controlPlane.apiServer.resources`                 | Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.         | `{}`     |
-| `controlPlane.apiServer.resourcesPreset`           | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.            | `medium` |
-| `controlPlane.controllerManager.resources`         | Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`     |
-| `controlPlane.controllerManager.resourcesPreset`   | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.            | `micro`  |
-| `controlPlane.scheduler.resources`                 | Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.          | `{}`     |
-| `controlPlane.scheduler.resourcesPreset`           | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.            | `micro`  |
-| `controlPlane.konnectivity.server.resources`       | Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.           | `{}`     |
-| `controlPlane.konnectivity.server.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.            | `micro`  |
+| Name                                                | Description                                                                                                                               | Type        | Value    |
+| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -------- |
+| `controlPlane`                                      | Control Plane Configuration                                                                                                               | `object`    | `{}`     |
+| `controlPlane.replicas`                             | Number of replicas for Kubernetes control plane components.                                                                               | `int`       | `2`      |
+| `controlPlane.apiServer`                            | Control plane API server configuration.                                                                                                   | `object`    | `{}`     |
+| `controlPlane.apiServer.resources`                  | Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.            | `object`    | `{}`     |
+| `controlPlane.apiServer.resources.cpu`              | CPU available to each worker node                                                                                                         | `*quantity` | `null`   |
+| `controlPlane.apiServer.resources.memory`           | Memory (RAM) available to each worker node                                                                                                | `*quantity` | `null`   |
+| `controlPlane.apiServer.resourcesPreset`            | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `medium` |
+| `controlPlane.controllerManager`                    | Controller Manager configuration.                                                                                                         | `object`    | `{}`     |
+| `controlPlane.controllerManager.resources`          | Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.    | `object`    | `{}`     |
+| `controlPlane.controllerManager.resources.cpu`      | CPU available to each worker node                                                                                                         | `*quantity` | `null`   |
+| `controlPlane.controllerManager.resources.memory`   | Memory (RAM) available to each worker node                                                                                                | `*quantity` | `null`   |
+| `controlPlane.controllerManager.resourcesPreset`    | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro`  |
+| `controlPlane.scheduler`                            | Scheduler configuration.                                                                                                                  | `object`    | `{}`     |
+| `controlPlane.scheduler.resources`                  | Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.             | `object`    | `{}`     |
+| `controlPlane.scheduler.resources.cpu`              | CPU available to each worker node                                                                                                         | `*quantity` | `null`   |
+| `controlPlane.scheduler.resources.memory`           | Memory (RAM) available to each worker node                                                                                                | `*quantity` | `null`   |
+| `controlPlane.scheduler.resourcesPreset`            | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro`  |
+| `controlPlane.konnectivity`                         | Konnectivity configuration.                                                                                                               | `object`    | `{}`     |
+| `controlPlane.konnectivity.server`                  | Konnectivity server configuration.                                                                                                        | `object`    | `{}`     |
+| `controlPlane.konnectivity.server.resources`        | Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.              | `object`    | `{}`     |
+| `controlPlane.konnectivity.server.resources.cpu`    | CPU available to each worker node                                                                                                         | `*quantity` | `null`   |
+| `controlPlane.konnectivity.server.resources.memory` | Memory (RAM) available to each worker node                                                                                                | `*quantity` | `null`   |
+| `controlPlane.konnectivity.server.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro`  |
+

 ## Parameter examples and reference

--- a/packages/apps/kubernetes/images/cluster-autoscaler.tag
+++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.26.2@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.27.0@sha256:2d39989846c3579dd020b9f6c77e6e314cc81aa344eaac0f6d633e723c17196d
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.26.2@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.27.0@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.2@sha256:761e7235ff9cb7f6f223f00954943e6a5af32ed6624ee592a8610122f96febb0
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.27.0@sha256:3a3bc912f70ccba1e9f92a0754179dbdc4c01f24073467b6d1406c77da794863
--- a/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml
@@ -3,8 +3,8 @@
 {{- $clusterDomain := (index $cozyConfig.data "cluster-domain") | default "cozy.local" }}
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $targetTenant := index $myNS.metadata.annotations "namespace.cozystack.io/monitoring" }}
+vpaForVPA: false
 vertical-pod-autoscaler:
-  vpaForVPA: false
  recommender:
    extraArgs:
      container-name-label: container
--- a/packages/apps/kubernetes/values.schema.json
+++ b/packages/apps/kubernetes/values.schema.json
@@ -1,182 +1,365 @@
 {
+  "title": "Chart Values",
+  "type": "object",
  "properties": {
    "addons": {
-      "properties": {
+      "description": "Cluster addons configuration",
+      "type": "object",
+      "default": {
        "certManager": {
-          "properties": {
-            "enabled": {
-              "default": false,
-              "description": "Enable cert-manager, which automatically creates and manages SSL/TLS certificates.",
-              "type": "boolean"
-            },
-            "valuesOverride": {
-              "default": {},
-              "description": "Custom values to override",
-              "type": "object"
-            }
-          },
-          "type": "object"
+          "enabled": false,
+          "valuesOverride": {}
        },
        "cilium": {
-          "properties": {
-            "valuesOverride": {
-              "default": {},
-              "description": "Custom values to override",
-              "type": "object"
-            }
-          },
-          "type": "object"
+          "valuesOverride": {}
        },
        "fluxcd": {
-          "properties": {
-            "enabled": {
-              "default": false,
-              "description": "Enable FluxCD",
-              "type": "boolean"
-            },
-            "valuesOverride": {
-              "default": {},
-              "description": "Custom values to override",
-              "type": "object"
-            }
-          },
-          "type": "object"
+          "enabled": false,
+          "valuesOverride": {}
        },
        "gatewayAPI": {
-          "properties": {
-            "enabled": {
-              "default": false,
-              "description": "Enable the Gateway API",
-              "type": "boolean"
-            }
-          },
-          "type": "object"
+          "enabled": false
        },
        "gpuOperator": {
-          "properties": {
-            "enabled": {
-              "default": false,
-              "description": "Enable the GPU-operator",
-              "type": "boolean"
-            },
-            "valuesOverride": {
-              "default": {},
-              "description": "Custom values to override",
-              "type": "object"
-            }
-          },
-          "type": "object"
+          "enabled": false,
+          "valuesOverride": {}
        },
        "ingressNginx": {
+          "enabled": false,
+          "exposeMethod": "Proxied",
+          "hosts": {},
+          "valuesOverride": {}
+        },
+        "monitoringAgents": {
+          "enabled": false,
+          "valuesOverride": {}
+        },
+        "velero": {
+          "enabled": false,
+          "valuesOverride": {}
+        },
+        "verticalPodAutoscaler": {
+          "valuesOverride": {}
+        }
+      },
+      "required": [
+        "certManager",
+        "cilium",
+        "fluxcd",
+        "gatewayAPI",
+        "gpuOperator",
+        "ingressNginx",
+        "monitoringAgents",
+        "velero",
+        "verticalPodAutoscaler"
+      ],
+      "properties": {
+        "certManager": {
+          "description": "Cert-manager: automatically creates and manages SSL/TLS certificate",
+          "type": "object",
+          "default": {
+            "enabled": false,
+            "valuesOverride": {}
+          },
+          "required": [
+            "enabled",
+            "valuesOverride"
+          ],
+          "properties": {
+            "enabled": {
+              "description": "Enable cert-manager, which automatically creates and manages SSL/TLS certificates.",
+              "type": "boolean",
+              "default": false
+            },
+            "valuesOverride": {
+              "description": "Custom values to override",
+              "type": "object",
+              "default": {},
+              "x-kubernetes-preserve-unknown-fields": true
+            }
+          }
+        },
+        "cilium": {
+          "description": "Cilium CNI plugin",
+          "type": "object",
+          "default": {
+            "valuesOverride": {}
+          },
+          "required": [
+            "valuesOverride"
+          ],
+          "properties": {
+            "valuesOverride": {
+              "description": "Custom values to override",
+              "type": "object",
+              "default": {},
+              "x-kubernetes-preserve-unknown-fields": true
+            }
+          }
+        },
+        "fluxcd": {
+          "description": "Flux CD",
+          "type": "object",
+          "default": {
+            "enabled": false,
+            "valuesOverride": {}
+          },
+          "required": [
+            "enabled",
+            "valuesOverride"
+          ],
+          "properties": {
+            "enabled": {
+              "description": "Enable FluxCD",
+              "type": "boolean",
+              "default": false
+            },
+            "valuesOverride": {
+              "description": "Custom values to override",
+              "type": "object",
+              "default": {},
+              "x-kubernetes-preserve-unknown-fields": true
+            }
+          }
+        },
+        "gatewayAPI": {
+          "description": "Gateway API",
+          "type": "object",
+          "default": {
+            "enabled": false
+          },
+          "required": [
+            "enabled"
+          ],
+          "properties": {
+            "enabled": {
+              "description": "Enable the Gateway API",
+              "type": "boolean",
+              "default": false
+            }
+          }
+        },
+        "gpuOperator": {
+          "description": "GPU-operator: NVIDIA GPU Operator",
+          "type": "object",
+          "default": {
+            "enabled": false,
+            "valuesOverride": {}
+          },
+          "required": [
+            "enabled",
+            "valuesOverride"
+          ],
+          "properties": {
+            "enabled": {
+              "description": "Enable the GPU-operator",
+              "type": "boolean",
+              "default": false
+            },
+            "valuesOverride": {
+              "description": "Custom values to override",
+              "type": "object",
+              "default": {},
+              "x-kubernetes-preserve-unknown-fields": true
+            }
+          }
+        },
+        "ingressNginx": {
+          "description": "Ingress-NGINX Controller",
+          "type": "object",
+          "default": {
+            "enabled": false,
+            "exposeMethod": "Proxied",
+            "hosts": {},
+            "valuesOverride": {}
+          },
+          "required": [
+            "enabled",
+            "exposeMethod",
+            "valuesOverride"
+          ],
          "properties": {
            "enabled": {
-              "default": false,
              "description": "Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).",
-              "type": "boolean"
+              "type": "boolean",
+              "default": false
            },
            "exposeMethod": {
-              "default": "Proxied",
-              "description": "Method to expose the Ingress-NGINX controller. (allowed values: Proxied, LoadBalancer)",
+              "description": "Method to expose the Ingress-NGINX controller. Allowed values: `Proxied`, `LoadBalancer`.",
              "type": "string",
+              "default": "Proxied",
              "enum": [
                "Proxied",
                "LoadBalancer"
              ]
            },
            "hosts": {
-              "default": [],
              "description": "List of domain names that the parent cluster should route to this tenant cluster. Taken into account only when `exposeMethod` is set to `Proxied`.",
-              "items": {},
-              "type": "array"
+              "type": "array",
+              "default": [],
+              "items": {
+                "type": "string"
+              }
            },
            "valuesOverride": {
-              "default": {},
              "description": "Custom values to override",
-              "type": "object"
+              "type": "object",
+              "default": {},
+              "x-kubernetes-preserve-unknown-fields": true
            }
-          },
-          "type": "object"
+          }
        },
        "monitoringAgents": {
+          "description": "MonitoringAgents",
+          "type": "object",
+          "default": {
+            "enabled": false,
+            "valuesOverride": {}
+          },
+          "required": [
+            "enabled",
+            "valuesOverride"
+          ],
          "properties": {
            "enabled": {
-              "default": false,
              "description": "Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage.",
-              "type": "boolean"
+              "type": "boolean",
+              "default": false
            },
            "valuesOverride": {
-              "default": {},
              "description": "Custom values to override",
-              "type": "object"
+              "type": "object",
+              "default": {},
+              "x-kubernetes-preserve-unknown-fields": true
            }
-          },
-          "type": "object"
+          }
        },
        "velero": {
+          "description": "Velero",
+          "type": "object",
+          "default": {
+            "enabled": false,
+            "valuesOverride": {}
+          },
+          "required": [
+            "enabled",
+            "valuesOverride"
+          ],
          "properties": {
            "enabled": {
-              "default": false,
-              "description": "Enable velero for backup and restore k8s cluster.",
-              "type": "boolean"
+              "description": "Enable Velero for backup and recovery of a tenant Kubernetes cluster.",
+              "type": "boolean",
+              "default": false
            },
            "valuesOverride": {
-              "default": {},
              "description": "Custom values to override",
-              "type": "object"
+              "type": "object",
+              "default": {},
+              "x-kubernetes-preserve-unknown-fields": true
            }
-          },
-          "type": "object"
+          }
        },
        "verticalPodAutoscaler": {
+          "description": "VerticalPodAutoscaler",
+          "type": "object",
+          "default": {
+            "valuesOverride": {}
+          },
+          "required": [
+            "valuesOverride"
+          ],
          "properties": {
            "valuesOverride": {
-              "default": {},
              "description": "Custom values to override",
-              "type": "object"
+              "type": "object",
+              "default": {},
+              "x-kubernetes-preserve-unknown-fields": true
            }
-          },
-          "type": "object"
+          }
        }
-      },
-      "type": "object"
+      }
    },
    "controlPlane": {
-      "properties": {
+      "description": "Control Plane Configuration",
+      "type": "object",
+      "default": {
        "apiServer": {
-          "properties": {
-            "resources": {
-              "default": {},
-              "description": "Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.",
-              "type": "object"
-            },
-            "resourcesPreset": {
-              "default": "medium",
-              "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-              "type": "string",
-              "enum": [
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-              ]
-            }
-          },
-          "type": "object"
+          "resources": {},
+          "resourcesPreset": "medium"
        },
        "controllerManager": {
+          "resources": {},
+          "resourcesPreset": "micro"
+        },
+        "konnectivity": {
+          "server": {
+            "resources": {},
+            "resourcesPreset": "micro"
+          }
+        },
+        "replicas": 2,
+        "scheduler": {
+          "resources": {},
+          "resourcesPreset": "micro"
+        }
+      },
+      "required": [
+        "apiServer",
+        "controllerManager",
+        "konnectivity",
+        "replicas",
+        "scheduler"
+      ],
+      "properties": {
+        "apiServer": {
+          "description": "Control plane API server configuration.",
+          "type": "object",
+          "default": {
+            "resources": {},
+            "resourcesPreset": "medium"
+          },
+          "required": [
+            "resources",
+            "resourcesPreset"
+          ],
          "properties": {
            "resources": {
+              "description": "Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.",
+              "type": "object",
              "default": {},
-              "description": "Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.",
-              "type": "object"
+              "properties": {
+                "cpu": {
+                  "description": "CPU available to each worker node",
+                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                  "anyOf": [
+                    {
+                      "type": "integer"
+                    },
+                    {
+                      "type": "string"
+                    }
+                  ],
+                  "x-kubernetes-int-or-string": true
+                },
+                "memory": {
+                  "description": "Memory (RAM) available to each worker node",
+                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                  "anyOf": [
+                    {
+                      "type": "integer"
+                    },
+                    {
+                      "type": "string"
+                    }
+                  ],
+                  "x-kubernetes-int-or-string": true
+                }
+              }
            },
            "resourcesPreset": {
-              "default": "micro",
-              "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
+              "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
              "type": "string",
+              "default": "medium",
              "enum": [
                "nano",
                "micro",
@@ -187,22 +370,131 @@
                "2xlarge"
              ]
            }
+          }
+        },
+        "controllerManager": {
+          "description": "Controller Manager configuration.",
+          "type": "object",
+          "default": {
+            "resources": {},
+            "resourcesPreset": "micro"
          },
-          "type": "object"
+          "required": [
+            "resources",
+            "resourcesPreset"
+          ],
+          "properties": {
+            "resources": {
+              "description": "Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.",
+              "type": "object",
+              "default": {},
+              "properties": {
+                "cpu": {
+                  "description": "CPU available to each worker node",
+                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                  "anyOf": [
+                    {
+                      "type": "integer"
+                    },
+                    {
+                      "type": "string"
+                    }
+                  ],
+                  "x-kubernetes-int-or-string": true
+                },
+                "memory": {
+                  "description": "Memory (RAM) available to each worker node",
+                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                  "anyOf": [
+                    {
+                      "type": "integer"
+                    },
+                    {
+                      "type": "string"
+                    }
+                  ],
+                  "x-kubernetes-int-or-string": true
+                }
+              }
+            },
+            "resourcesPreset": {
+              "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+              "type": "string",
+              "default": "micro",
+              "enum": [
+                "nano",
+                "micro",
+                "small",
+                "medium",
+                "large",
+                "xlarge",
+                "2xlarge"
+              ]
+            }
+          }
        },
        "konnectivity": {
+          "description": "Konnectivity configuration.",
+          "type": "object",
+          "default": {
+            "server": {
+              "resources": {},
+              "resourcesPreset": "micro"
+            }
+          },
+          "required": [
+            "server"
+          ],
          "properties": {
            "server": {
+              "description": "Konnectivity server configuration.",
+              "type": "object",
+              "default": {
+                "resources": {},
+                "resourcesPreset": "micro"
+              },
+              "required": [
+                "resources",
+                "resourcesPreset"
+              ],
              "properties": {
                "resources": {
-                  "default": {},
                  "description": "Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.",
-                  "type": "object"
+                  "type": "object",
+                  "default": {},
+                  "properties": {
+                    "cpu": {
+                      "description": "CPU available to each worker node",
+                      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                      "anyOf": [
+                        {
+                          "type": "integer"
+                        },
+                        {
+                          "type": "string"
+                        }
+                      ],
+                      "x-kubernetes-int-or-string": true
+                    },
+                    "memory": {
+                      "description": "Memory (RAM) available to each worker node",
+                      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                      "anyOf": [
+                        {
+                          "type": "integer"
+                        },
+                        {
+                          "type": "string"
+                        }
+                      ],
+                      "x-kubernetes-int-or-string": true
+                    }
+                  }
                },
                "resourcesPreset": {
-                  "default": "micro",
-                  "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
+                  "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
                  "type": "string",
+                  "default": "micro",
                  "enum": [
                    "nano",
                    "micro",
@@ -213,28 +505,64 @@
                    "2xlarge"
                  ]
                }
-              },
-              "type": "object"
+              }
            }
-          },
-          "type": "object"
+          }
        },
        "replicas": {
-          "default": 2,
-          "description": "Number of replicas for Kubernetes control-plane components.",
-          "type": "number"
+          "description": "Number of replicas for Kubernetes control plane components.",
+          "type": "integer",
+          "default": 2
        },
        "scheduler": {
+          "description": "Scheduler configuration.",
+          "type": "object",
+          "default": {
+            "resources": {},
+            "resourcesPreset": "micro"
+          },
+          "required": [
+            "resources",
+            "resourcesPreset"
+          ],
          "properties": {
            "resources": {
-              "default": {},
              "description": "Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.",
-              "type": "object"
+              "type": "object",
+              "default": {},
+              "properties": {
+                "cpu": {
+                  "description": "CPU available to each worker node",
+                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                  "anyOf": [
+                    {
+                      "type": "integer"
+                    },
+                    {
+                      "type": "string"
+                    }
+                  ],
+                  "x-kubernetes-int-or-string": true
+                },
+                "memory": {
+                  "description": "Memory (RAM) available to each worker node",
+                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                  "anyOf": [
+                    {
+                      "type": "integer"
+                    },
+                    {
+                      "type": "string"
+                    }
+                  ],
+                  "x-kubernetes-int-or-string": true
+                }
+              }
            },
            "resourcesPreset": {
-              "default": "micro",
-              "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
+              "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
              "type": "string",
+              "default": "micro",
              "enum": [
                "nano",
                "micro",
@@ -245,26 +573,132 @@
                "2xlarge"
              ]
            }
-          },
-          "type": "object"
+          }
        }
-      },
-      "type": "object"
+      }
    },
    "host": {
-      "default": "",
      "description": "Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty.",
      "type": "string"
    },
+    "nodeGroups": {
+      "description": "Worker nodes configuration",
+      "type": "object",
+      "default": {
+        "md0": {
+          "ephemeralStorage": "20Gi",
+          "gpus": {},
+          "instanceType": "u1.medium",
+          "maxReplicas": 10,
+          "minReplicas": 0,
+          "resources": {},
+          "roles": [
+            "ingress-nginx"
+          ]
+        }
+      },
+      "additionalProperties": {
+        "type": "object",
+        "required": [
+          "ephemeralStorage",
+          "instanceType",
+          "maxReplicas",
+          "minReplicas",
+          "resources"
+        ],
+        "properties": {
+          "ephemeralStorage": {
+            "description": "Ephemeral storage size",
+            "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+            "anyOf": [
+              {
+                "type": "integer"
+              },
+              {
+                "type": "string"
+              }
+            ],
+            "x-kubernetes-int-or-string": true
+          },
+          "gpus": {
+            "description": "List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)",
+            "type": "array",
+            "items": {
+              "type": "object",
+              "required": [
+                "name"
+              ],
+              "properties": {
+                "name": {
+                  "description": "Name of GPU, such as \"nvidia.com/AD102GL_L40S\"",
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "instanceType": {
+            "description": "Virtual machine instance type",
+            "type": "string"
+          },
+          "maxReplicas": {
+            "description": "Maximum amount of replicas",
+            "type": "integer"
+          },
+          "minReplicas": {
+            "description": "Minimum amount of replicas",
+            "type": "integer"
+          },
+          "resources": {
+            "description": "Resources available to each worker node",
+            "type": "object",
+            "properties": {
+              "cpu": {
+                "description": "CPU available to each worker node",
+                "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                "anyOf": [
+                  {
+                    "type": "integer"
+                  },
+                  {
+                    "type": "string"
+                  }
+                ],
+                "x-kubernetes-int-or-string": true
+              },
+              "memory": {
+                "description": "Memory (RAM) available to each worker node",
+                "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+                "anyOf": [
+                  {
+                    "type": "integer"
+                  },
+                  {
+                    "type": "string"
+                  }
+                ],
+                "x-kubernetes-int-or-string": true
+              }
+            }
+          },
+          "roles": {
+            "description": "List of node's roles",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        }
+      }
+    },
    "storageClass": {
-      "default": "replicated",
-      "description": "StorageClass used to store user data.",
-      "type": "string"
+      "description": "StorageClass used to store the data",
+      "type": "string",
+      "default": "replicated"
    },
    "version": {
-      "default": "v1.32",
      "description": "Kubernetes version given as vMAJOR.MINOR. Available are versions from 1.28 to 1.33.",
      "type": "string",
+      "default": "v1.32",
      "enum": [
        "v1.28",
        "v1.29",
@@ -274,7 +708,5 @@
        "v1.33"
      ]
    }
-  },
-  "title": "Chart Values",
-  "type": "object"
+  }
 }
--- a/packages/apps/kubernetes/values.yaml
+++ b/packages/apps/kubernetes/values.yaml
@@ -1,14 +1,26 @@
 ## @section Common Parameters

-## @param storageClass StorageClass used to store user data.
+## @param storageClass {string} StorageClass used to store the data
 storageClass: replicated

 ## @section Application-specific parameters
-## @param version Kubernetes version given as vMAJOR.MINOR. Available are versions from 1.28 to 1.33.
+## @param version {string} Kubernetes version given as vMAJOR.MINOR. Available are versions from 1.28 to 1.33.
 version: "v1.32"
-## @param host Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty.
+## @param host {string} Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty.
 host: ""
-## @param nodeGroups [object] Worker nodes configuration (see example)
+
+## @param nodeGroups {map[string]node} Worker nodes configuration
+## @field node {node} Node configuration
+## @field node.minReplicas {int} Minimum amount of replicas
+## @field node.maxReplicas {int} Maximum amount of replicas
+## @field node.instanceType {string} Virtual machine instance type
+## @field node.ephemeralStorage {quantity} Ephemeral storage size
+## @field node.roles {[]string} List of node's roles
+## @field node.resources {resources} Resources available to each worker node
+## @field resources.cpu {*quantity} CPU available to each worker node
+## @field resources.memory {*quantity} Memory (RAM) available to each worker node
+## @field node.gpus {[]gpu} List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)
+## @field gpu.name {string} Name of GPU, such as "nvidia.com/AD102GL_L40S"
 ##
 nodeGroups:
  md0:
@@ -18,11 +30,7 @@ nodeGroups:
    ephemeralStorage: 20Gi
    roles:
    - ingress-nginx
-
-    resources:
-      cpu: ""
-      memory: ""
-
+    resources: {}
    ## List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)
    ## e.g:
    ## instanceType: "u1.xlarge"
@@ -33,117 +41,124 @@ nodeGroups:

 ## @section Cluster Addons
 ##
+## @param addons {addons} Cluster addons configuration
 addons:
-  ## Cert-manager: automatically creates and manages SSL/TLS certificate
+  ## @field addons.certManager {certManager} Cert-manager: automatically creates and manages SSL/TLS certificate
  ##
  certManager:
-    ## @param addons.certManager.enabled Enable cert-manager, which automatically creates and manages SSL/TLS certificates.
+    ## @field certManager.enabled {bool} Enable cert-manager, which automatically creates and manages SSL/TLS certificates.
    enabled: false
-    ## @param addons.certManager.valuesOverride Custom values to override
+    ## @field certManager.valuesOverride {object} Custom values to override
    valuesOverride: {}

-  ## Cilium CNI plugin
+  ## @field addons.cilium {cilium} Cilium CNI plugin
  ##
  cilium:
-    ## @param addons.cilium.valuesOverride Custom values to override
+    ## @field cilium.valuesOverride {object} Custom values to override
    valuesOverride: {}

-  ## Gateway API
+  ## @field addons.gatewayAPI {gatewayAPI} Gateway API
  ##
  gatewayAPI:
-    ## @param addons.gatewayAPI.enabled Enable the Gateway API
+    ## @field gatewayAPI.enabled {bool} Enable the Gateway API
    enabled: false

-  ## Ingress-NGINX Controller
+  ## @field addons.ingressNginx {ingressNginx} Ingress-NGINX Controller
  ##
  ingressNginx:
-    ## @param addons.ingressNginx.enabled Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).
+    ## @field ingressNginx.enabled {bool} Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).
    enabled: false
-    ## @param addons.ingressNginx.exposeMethod Method to expose the Ingress-NGINX controller. (allowed values: Proxied, LoadBalancer)
+    ## @field ingressNginx.exposeMethod {string enum:"Proxied,LoadBalancer"} Method to expose the Ingress-NGINX controller. Allowed values: `Proxied`, `LoadBalancer`.
    exposeMethod: Proxied
-    ## @param addons.ingressNginx.hosts List of domain names that the parent cluster should route to this tenant cluster. Taken into account only when `exposeMethod` is set to `Proxied`.
+    ## @field ingressNginx.hosts {[]string} List of domain names that the parent cluster should route to this tenant cluster. Taken into account only when `exposeMethod` is set to `Proxied`.
    ## e.g:
    ## hosts:
    ## - example.org
    ## - foo.example.net
    ##
    hosts: []
-    ## @param addons.ingressNginx.valuesOverride Custom values to override
+    ## @field ingressNginx.valuesOverride {object} Custom values to override
    valuesOverride: {}

-  ## GPU-operator: NVIDIA GPU Operator
+  ## @field addons.gpuOperator {gpuOperator} GPU-operator: NVIDIA GPU Operator
  ##
  gpuOperator:
-    ## @param addons.gpuOperator.enabled Enable the GPU-operator
-    ## @param addons.gpuOperator.valuesOverride Custom values to override
+    ## @field gpuOperator.enabled {bool} Enable the GPU-operator
+    ## @field gpuOperator.valuesOverride {object} Custom values to override
    enabled: false
    valuesOverride: {}

-  ## Flux CD
+  ## @field addons.fluxcd {fluxcd} Flux CD
  ##
  fluxcd:
-    ## @param addons.fluxcd.enabled Enable FluxCD
-    ## @param addons.fluxcd.valuesOverride Custom values to override
+    ## @field fluxcd.enabled {bool} Enable FluxCD
+    ## @field fluxcd.valuesOverride {object} Custom values to override
    ##
    enabled: false
    valuesOverride: {}

-  ## MonitoringAgents
+  ## @field addons.monitoringAgents {monitoringAgents} MonitoringAgents
  ##
  monitoringAgents:
-    ## @param addons.monitoringAgents.enabled Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage.
-    ## @param addons.monitoringAgents.valuesOverride Custom values to override
+    ## @field monitoringAgents.enabled {bool} Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage.
+    ## @field monitoringAgents.valuesOverride {object} Custom values to override
    ##
    enabled: false
    valuesOverride: {}

-  ## VerticalPodAutoscaler
+  ## @field addons.verticalPodAutoscaler {verticalPodAutoscaler} VerticalPodAutoscaler
  ##
  verticalPodAutoscaler:
-    ## @param addons.verticalPodAutoscaler.valuesOverride Custom values to override
+    ## @field verticalPodAutoscaler.valuesOverride {object} Custom values to override
    ##
    valuesOverride: {}

-  ## Velero
+  ## @field addons.velero {velero} Velero
  ##
  velero:
-    ## @param addons.velero.enabled Enable velero for backup and restore k8s cluster.
-    ## @param addons.velero.valuesOverride Custom values to override
+    ## @field velero.enabled {bool} Enable Velero for backup and recovery of a tenant Kubernetes cluster.
+    ## @field velero.valuesOverride {object} Custom values to override
    ##
    enabled: false
    valuesOverride: {}

 ## @section Kubernetes Control Plane Configuration
 ##
+## @param controlPlane {controlPlane} Control Plane Configuration
 controlPlane:
-  ## @param controlPlane.replicas Number of replicas for Kubernetes control-plane components.
+  ## @field controlPlane.replicas {int} Number of replicas for Kubernetes control plane components.
  replicas: 2
+  ## @field controlPlane.apiServer {apiServer} Control plane API server configuration.
  apiServer:
-    ## @param controlPlane.apiServer.resources Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.
-    resources: {}
-    ## @param controlPlane.apiServer.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+    ## @field apiServer.resources {resources} Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.
    ## e.g:
    ## resources:
    ##   cpu: 4000m
    ##   memory: 4Gi
    ##
+    resources: {}
+    ## @field apiServer.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
    resourcesPreset: "medium"

+  ## @field controlPlane.controllerManager {controllerManager} Controller Manager configuration.
  controllerManager:
-    ## @param controlPlane.controllerManager.resources Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.
-    ## @param controlPlane.controllerManager.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+    ## @field controllerManager.resources {resources} Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.
+    ## @field controllerManager.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
    resourcesPreset: "micro"
    resources: {}

+  ## @field controlPlane.scheduler {scheduler} Scheduler configuration.
  scheduler:
-    ## @param controlPlane.scheduler.resources Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.
-    ## @param controlPlane.scheduler.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+    ## @field scheduler.resources {resources} Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.
+    ## @field scheduler.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
    resourcesPreset: "micro"
    resources: {}

+  ## @field controlPlane.konnectivity {konnectivity} Konnectivity configuration.
  konnectivity:
+    ## @field konnectivity.server {konnectivityServer} Konnectivity server configuration.
    server:
-      ## @param controlPlane.konnectivity.server.resources Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.
-      ## @param controlPlane.konnectivity.server.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+      ## @field konnectivityServer.resources {resources} Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.
+      ## @field konnectivityServer.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
      resourcesPreset: "micro"
      resources: {}
--- a/packages/apps/mysql/Chart.yaml
+++ b/packages/apps/mysql/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.9.1
+version: 0.10.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/mysql/Makefile
+++ b/packages/apps/mysql/Makefile
@@ -1,25 +1,18 @@
 MARIADB_BACKUP_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 include ../../../scripts/common-envs.mk
 include ../../../scripts/package.mk

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 4 '.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md

 image:
 	docker buildx build images/mariadb-backup \
-		--provenance false \
-		--builder=$(BUILDER) \
-		--platform=$(PLATFORM) \
 		--tag $(REGISTRY)/mariadb-backup:$(call settag,$(MARIADB_BACKUP_TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/mariadb-backup:latest \
 		--cache-to type=inline \
 		--metadata-file images/mariadb-backup.json \
-		--push=$(PUSH) \
-		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
-		--load=$(LOAD)
+		$(BUILDX_ARGS)
 	echo "$(REGISTRY)/mariadb-backup:$(call settag,$(MARIADB_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/mariadb-backup.json -o json -r)" \
 		> images/mariadb-backup.tag
 	rm -f images/mariadb-backup.json
--- a/packages/apps/mysql/README.md
+++ b/packages/apps/mysql/README.md
@@ -14,12 +14,12 @@ This managed service is controlled by mariadb-operator, ensuring efficient manag

 ### How to switch master/slave replica

-```
+```bash
 kubectl edit mariadb <instnace>
 ```
 update:

-```
+```bash
 spec:
  replication:
    primary:
@@ -28,7 +28,7 @@ spec:

 check status:

-```
+```bash
 NAME        READY   STATUS    PRIMARY POD   AGE
 <instance>  True    Running   app-db1-1     41d
 ```
@@ -36,13 +36,13 @@ NAME        READY   STATUS    PRIMARY POD   AGE
 ### How to restore backup:

 find snapshot:
-```
+```bash
 restic -r s3:s3.example.org/mariadb-backups/database_name snapshots
 ```


 restore:
-```
+```bash
 restic -r s3:s3.example.org/mariadb-backups/database_name restore latest --target /tmp/
 ```

@@ -51,15 +51,16 @@ more details:

 ### Known issues

- **Replication can't not be finished with various errors**
- **Replication can't be finised in case if binlog purged**
-  Until mariadbbackup is not used to bootstrap a node by mariadb-operator (this feature is not inmplemented yet), follow these manual steps to fix it:
+- **Replication can't be finished with various errors**
+- **Replication can't be finished in case if `binlog` purged**
+
+  Until `mariadbbackup` is not used to bootstrap a node by mariadb-operator (this feature is not inmplemented yet), follow these manual steps to fix it:
  https://github.com/mariadb-operator/mariadb-operator/issues/141#issuecomment-1804760231

 - **Corrupted indicies**
  Sometimes some indecies can be corrupted on master replica, you can recover them from slave:

-  ```
+  ```bash
  mysqldump -h <slave> -P 3306 -u<user> -p<password> --column-statistics=0 <database> <table> ~/tmp/fix-table.sql
  mysql -h <master> -P 3306 -u<user> -p<password> <database> < ~/tmp/fix-table.sql
  ```
@@ -68,34 +69,45 @@ more details:

 ### Common parameters

-| Name              | Description                                                                                                                          | Value   |
-| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| `replicas`        | Number of MariaDB replicas                                                                                                           | `2`     |
-| `resources`       | Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.          | `nano`  |
-| `size`            | Persistent Volume size                                                                                                               | `10Gi`  |
-| `storageClass`    | StorageClass used to store the data                                                                                                  | `""`    |
-| `external`        | Enable external access from outside the cluster                                                                                      | `false` |
+| Name               | Description                                                                                                                               | Type        | Value   |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `replicas`         | Number of MariaDB replicas                                                                                                                | `int`       | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.      | `*object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
+| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano`  |
+| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
+| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+

 ### Application-specific parameters

-| Name        | Description             | Value |
-| ----------- | ----------------------- | ----- |
-| `users`     | Users configuration     | `{}`  |
-| `databases` | Databases configuration | `{}`  |
+| Name                             | Description                             | Type                | Value   |
+| -------------------------------- | --------------------------------------- | ------------------- | ------- |
+| `users`                          | Users configuration                     | `map[string]object` | `{...}` |
+| `users[name].password`           | Password for the user                   | `string`            | `""`    |
+| `users[name].maxUserConnections` | Maximum amount of connections           | `int`               | `0`     |
+| `databases`                      | Databases configuration                 | `map[string]object` | `{...}` |
+| `databases[name].roles`          | Roles for the database                  | `*object`           | `null`  |
+| `databases[name].roles.admin`    | List of users with admin privileges     | `[]string`          | `[]`    |
+| `databases[name].roles.readonly` | List of users with read-only privileges | `[]string`          | `[]`    |
+

 ### Backup parameters

-| Name                     | Description                                    | Value                                                  |
-| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ |
-| `backup.enabled`         | Enable periodic backups                        | `false`                                                |
-| `backup.s3Region`        | The AWS S3 region where backups are stored     | `us-east-1`                                            |
-| `backup.s3Bucket`        | The S3 bucket used for storing backups         | `s3.example.org/postgres-backups`                      |
-| `backup.schedule`        | Cron schedule for automated backups            | `0 2 * * *`                                            |
-| `backup.cleanupStrategy` | The strategy for cleaning up old backups       | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
-| `backup.s3AccessKey`     | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
-| `backup.s3SecretKey`     | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
-| `backup.resticPassword`  | The password for Restic backup encryption      | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
+| Name                     | Description                                    | Type     | Value                                                  |
+| ------------------------ | ---------------------------------------------- | -------- | ------------------------------------------------------ |
+| `backup`                 | Backup configuration                           | `object` | `{}`                                                   |
+| `backup.enabled`         | Enable regular backups, default is `false`.    | `bool`   | `false`                                                |
+| `backup.s3Region`        | AWS S3 region where backups are stored         | `string` | `us-east-1`                                            |
+| `backup.s3Bucket`        | S3 bucket used for storing backups             | `string` | `s3.example.org/mysql-backups`                         |
+| `backup.schedule`        | Cron schedule for automated backups            | `string` | `0 2 * * *`                                            |
+| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups | `string` | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.s3AccessKey`     | Access key for S3, used for authentication     | `string` | `<your-access-key>`                                    |
+| `backup.s3SecretKey`     | Secret key for S3, used for authentication     | `string` | `<your-secret-key>`                                    |
+| `backup.resticPassword`  | Password for Restic backup encryption          | `string` | `<password>`                                           |
+

 ## Parameter examples and reference

--- a/packages/apps/mysql/images/mariadb-backup.tag
+++ b/packages/apps/mysql/images/mariadb-backup.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/mariadb-backup:0.9.1@sha256:a3789db9e9e065ff60cbac70771b4a8aa1460db3194307cf5ca5d4fe1b412b6b
+ghcr.io/cozystack/cozystack/mariadb-backup:0.10.0@sha256:a3789db9e9e065ff60cbac70771b4a8aa1460db3194307cf5ca5d4fe1b412b6b
--- a/packages/apps/mysql/values.schema.json
+++ b/packages/apps/mysql/values.schema.json
@@ -1,90 +1,199 @@
 {
-    "properties": {
-        "backup": {
-            "properties": {
-                "cleanupStrategy": {
-                    "default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m",
-                    "description": "The strategy for cleaning up old backups",
-                    "type": "string"
-                },
-                "enabled": {
-                    "default": false,
-                    "description": "Enable periodic backups",
-                    "type": "boolean"
-                },
-                "resticPassword": {
-                    "default": "ChaXoveekoh6eigh4siesheeda2quai0",
-                    "description": "The password for Restic backup encryption",
-                    "type": "string"
-                },
-                "s3AccessKey": {
-                    "default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu",
-                    "description": "The access key for S3, used for authentication",
-                    "type": "string"
-                },
-                "s3Bucket": {
-                    "default": "s3.example.org/postgres-backups",
-                    "description": "The S3 bucket used for storing backups",
-                    "type": "string"
-                },
-                "s3Region": {
-                    "default": "us-east-1",
-                    "description": "The AWS S3 region where backups are stored",
-                    "type": "string"
-                },
-                "s3SecretKey": {
-                    "default": "ju3eum4dekeich9ahM1te8waeGai0oog",
-                    "description": "The secret key for S3, used for authentication",
-                    "type": "string"
-                },
-                "schedule": {
-                    "default": "0 2 * * *",
-                    "description": "Cron schedule for automated backups",
-                    "type": "string"
-                }
-            },
-            "type": "object"
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "backup": {
+      "description": "Backup configuration",
+      "type": "object",
+      "default": {
+        "cleanupStrategy": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m",
+        "enabled": false,
+        "resticPassword": "\u003cpassword\u003e",
+        "s3AccessKey": "\u003cyour-access-key\u003e",
+        "s3Bucket": "s3.example.org/mysql-backups",
+        "s3Region": "us-east-1",
+        "s3SecretKey": "\u003cyour-secret-key\u003e",
+        "schedule": "0 2 * * *"
+      },
+      "required": [
+        "cleanupStrategy",
+        "enabled",
+        "resticPassword",
+        "s3AccessKey",
+        "s3Bucket",
+        "s3Region",
+        "s3SecretKey",
+        "schedule"
+      ],
+      "properties": {
+        "cleanupStrategy": {
+          "description": "Retention strategy for cleaning up old backups",
+          "type": "string",
+          "default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
        },
-        "external": {
-            "default": false,
-            "description": "Enable external access from outside the cluster",
-            "type": "boolean"
+        "enabled": {
+          "description": "Enable regular backups, default is `false`.",
+          "type": "boolean",
+          "default": false
        },
-        "replicas": {
-            "default": 2,
-            "description": "Number of MariaDB replicas",
-            "type": "number"
+        "resticPassword": {
+          "description": "Password for Restic backup encryption",
+          "type": "string",
+          "default": "\u003cpassword\u003e"
        },
-        "resources": {
-            "default": {},
-            "description": "Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-            "type": "object"
+        "s3AccessKey": {
+          "description": "Access key for S3, used for authentication",
+          "type": "string",
+          "default": "\u003cyour-access-key\u003e"
        },
-        "resourcesPreset": {
-            "default": "nano",
-            "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-            "type": "string",
-            "enum": [
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-            ]
+        "s3Bucket": {
+          "description": "S3 bucket used for storing backups",
+          "type": "string",
+          "default": "s3.example.org/mysql-backups"
        },
-        "size": {
-            "default": "10Gi",
-            "description": "Persistent Volume size",
-            "type": "string"
+        "s3Region": {
+          "description": "AWS S3 region where backups are stored",
+          "type": "string",
+          "default": "us-east-1"
        },
-        "storageClass": {
-            "default": "",
-            "description": "StorageClass used to store the data",
-            "type": "string"
+        "s3SecretKey": {
+          "description": "Secret key for S3, used for authentication",
+          "type": "string",
+          "default": "\u003cyour-secret-key\u003e"
+        },
+        "schedule": {
+          "description": "Cron schedule for automated backups",
+          "type": "string",
+          "default": "0 2 * * *"
        }
+      }
    },
-    "title": "Chart Values",
-    "type": "object"
-}
+    "databases": {
+      "description": "Databases configuration",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "properties": {
+          "roles": {
+            "description": "Roles for the database",
+            "type": "object",
+            "properties": {
+              "admin": {
+                "description": "List of users with admin privileges",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "readonly": {
+                "description": "List of users with read-only privileges",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "external": {
+      "description": "Enable external access from outside the cluster",
+      "type": "boolean",
+      "default": false
+    },
+    "replicas": {
+      "description": "Number of MariaDB replicas",
+      "type": "integer",
+      "default": 2
+    },
+    "resources": {
+      "description": "Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "type": "object",
+      "default": {},
+      "properties": {
+        "cpu": {
+          "description": "CPU available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "memory": {
+          "description": "Memory (RAM) available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        }
+      }
+    },
+    "resourcesPreset": {
+      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "type": "string",
+      "default": "nano",
+      "enum": [
+        "nano",
+        "micro",
+        "small",
+        "medium",
+        "large",
+        "xlarge",
+        "2xlarge"
+      ]
+    },
+    "size": {
+      "description": "Persistent Volume Claim size, available for application data",
+      "default": "10Gi",
+      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+      "anyOf": [
+        {
+          "type": "integer"
+        },
+        {
+          "type": "string"
+        }
+      ],
+      "x-kubernetes-int-or-string": true
+    },
+    "storageClass": {
+      "description": "StorageClass used to store the data",
+      "type": "string"
+    },
+    "users": {
+      "description": "Users configuration",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "required": [
+          "maxUserConnections",
+          "password"
+        ],
+        "properties": {
+          "maxUserConnections": {
+            "description": "Maximum amount of connections",
+            "type": "integer"
+          },
+          "password": {
+            "description": "Password for the user",
+            "type": "string"
+          }
+        }
+      }
+    }
+  }
+}
--- a/packages/apps/mysql/values.yaml
+++ b/packages/apps/mysql/values.yaml
@@ -1,24 +1,28 @@
 ## @section Common parameters
 ##
-## @param replicas Number of MariaDB replicas
+## @param replicas {int} Number of MariaDB replicas
 replicas: 2
-## @param resources Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @param resources {*resources} Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @field resources.cpu {*quantity} CPU available to each replica
+## @field resources.memory {*quantity} Memory (RAM) available to each replica
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
-## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
 resourcesPreset: "nano"
-## @param size Persistent Volume size
+## @param size {quantity} Persistent Volume Claim size, available for application data
 size: 10Gi
-## @param storageClass StorageClass used to store the data
+## @param storageClass {string} StorageClass used to store the data
 storageClass: ""
-## @param external Enable external access from outside the cluster
+## @param external {bool} Enable external access from outside the cluster
 external: false

 ## @section Application-specific parameters
 ##
-## @param users [object] Users configuration
+## @param users {map[string]user} Users configuration
+## @field user.password {string} Password for the user
+## @field user.maxUserConnections {int} Maximum amount of connections
 ## Example:
 ## users:
 ##   user1:
@@ -30,7 +34,12 @@ external: false
 ##
 users: {}

-## @param databases [object] Databases configuration
+
+## @param databases {map[string]database} Databases configuration
+## @field database.roles {*databaseRoles} Roles for the database
+## @field databaseRoles.admin {[]string} List of users with admin privileges
+## @field databaseRoles.readonly {[]string} List of users with read-only privileges
+##
 ## Example:
 ## databases:
 ##   myapp1:
@@ -43,21 +52,22 @@ databases: {}

 ## @section Backup parameters
 ##
-## @param backup.enabled Enable periodic backups
-## @param backup.s3Region The AWS S3 region where backups are stored
-## @param backup.s3Bucket The S3 bucket used for storing backups
-## @param backup.schedule Cron schedule for automated backups
-## @param backup.cleanupStrategy The strategy for cleaning up old backups
-## @param backup.s3AccessKey The access key for S3, used for authentication
-## @param backup.s3SecretKey The secret key for S3, used for authentication
-## @param backup.resticPassword The password for Restic backup encryption
+## @param backup {backup} Backup configuration
+## @field backup.enabled {bool} Enable regular backups, default is `false`.
+## @field backup.s3Region {string} AWS S3 region where backups are stored
+## @field backup.s3Bucket {string} S3 bucket used for storing backups
+## @field backup.schedule {string} Cron schedule for automated backups
+## @field backup.cleanupStrategy {string} Retention strategy for cleaning up old backups
+## @field backup.s3AccessKey {string} Access key for S3, used for authentication
+## @field backup.s3SecretKey {string} Secret key for S3, used for authentication
+## @field backup.resticPassword {string} Password for Restic backup encryption
 backup:
  enabled: false
  s3Region: us-east-1
-  s3Bucket: s3.example.org/postgres-backups
+  s3Bucket: "s3.example.org/mysql-backups"
  schedule: "0 2 * * *"
  cleanupStrategy: "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
-  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
-  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
-  resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
+  s3AccessKey: "<your-access-key>"
+  s3SecretKey: "<your-secret-key>"
+  resticPassword: "<password>"

--- a/packages/apps/nats/Chart.yaml
+++ b/packages/apps/nats/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.1
+version: 0.9.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/nats/Makefile
+++ b/packages/apps/nats/Makefile
@@ -1,6 +1,4 @@
 include ../../../scripts/package.mk
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 4 '.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/nats/README.md
+++ b/packages/apps/nats/README.md
@@ -7,23 +7,30 @@ It provides a data layer for cloud native applications, IoT messaging, and micro

 ### Common parameters

-| Name              | Description                                                                                                                       | Value   |
-| ----------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `replicas`        | Number of replicas                                                                                                                | `2`     |
-| `resources`       | Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.       | `nano`  |
-| `storageClass`    | StorageClass used to store the data                                                                                               | `""`    |
-| `external`        | Enable external access from outside the cluster                                                                                   | `false` |
+| Name               | Description                                                                                                                               | Type        | Value   |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `replicas`         | Number of replicas                                                                                                                        | `int`       | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.         | `*object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
+| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano`  |
+| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
+| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+

 ### Application-specific parameters

-| Name                | Description                                                               | Value  |
-| ------------------- | ------------------------------------------------------------------------- | ------ |
-| `users`             | Users configuration (see example)                                         | `{}`   |
-| `jetstream.enabled` | Enable or disable Jetstream                                               | `true` |
-| `jetstream.size`    | Jetstream persistent storage size                                         | `10Gi` |
-| `config.merge`      | Additional configuration to merge into NATS config (see example)          | `{}`   |
-| `config.resolver`   | Additional resolver configuration to merge into NATS config (see example) | `{}`   |
+| Name                   | Description                                                                                                    | Type                | Value   |
+| ---------------------- | -------------------------------------------------------------------------------------------------------------- | ------------------- | ------- |
+| `users`                | Users configuration                                                                                            | `map[string]object` | `{...}` |
+| `users[name].password` | Password for the user                                                                                          | `*string`           | `null`  |
+| `jetstream`            | Jetstream configuration                                                                                        | `object`            | `{}`    |
+| `jetstream.enabled`    | Enable or disable Jetstream. Set to `true` (default) to enable Jetstream for persistent messaging in NATS.     | `bool`              | `true`  |
+| `jetstream.size`       | Jetstream persistent storage size. Specifies the size of the persistent storage for Jetstream (message store). | `quantity`          | `10Gi`  |
+| `config`               | NATS configuration                                                                                             | `object`            | `{}`    |
+| `config.merge`         | Additional configuration to merge into NATS config (see example)                                               | `*object`           | `{}`    |
+| `config.resolver`      | Additional resolver configuration to merge into NATS config (see example)                                      | `*object`           | `{}`    |
+

 ## Parameter examples and reference

--- a/packages/apps/nats/values.schema.json
+++ b/packages/apps/nats/values.schema.json
@@ -1,70 +1,136 @@
 {
-    "properties": {
-        "config": {
-            "properties": {
-                "merge": {
-                    "default": {},
-                    "description": "Additional configuration to merge into NATS config (see example)",
-                    "type": "object"
-                },
-                "resolver": {
-                    "default": {},
-                    "description": "Additional resolver configuration to merge into NATS config (see example)",
-                    "type": "object"
-                }
-            },
-            "type": "object"
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "config": {
+      "description": "NATS configuration",
+      "type": "object",
+      "default": {
+        "merge": {},
+        "resolver": {}
+      },
+      "properties": {
+        "merge": {
+          "description": "Additional configuration to merge into NATS config (see example)",
+          "type": "object",
+          "default": {},
+          "x-kubernetes-preserve-unknown-fields": true
        },
-        "external": {
-            "default": false,
-            "description": "Enable external access from outside the cluster",
-            "type": "boolean"
-        },
-        "jetstream": {
-            "properties": {
-                "enabled": {
-                    "default": true,
-                    "description": "Enable or disable Jetstream",
-                    "type": "boolean"
-                },
-                "size": {
-                    "default": "10Gi",
-                    "description": "Jetstream persistent storage size",
-                    "type": "string"
-                }
-            },
-            "type": "object"
-        },
-        "replicas": {
-            "default": 2,
-            "description": "Number of replicas",
-            "type": "number"
-        },
-        "resources": {
-            "default": {},
-            "description": "Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-            "type": "object"
-        },
-        "resourcesPreset": {
-            "default": "nano",
-            "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-            "type": "string",
-            "enum": [
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-            ]
-        },
-        "storageClass": {
-            "default": "",
-            "description": "StorageClass used to store the data",
-            "type": "string"
+        "resolver": {
+          "description": "Additional resolver configuration to merge into NATS config (see example)",
+          "type": "object",
+          "default": {},
+          "x-kubernetes-preserve-unknown-fields": true
        }
+      }
    },
-    "title": "Chart Values",
-    "type": "object"
-}
+    "external": {
+      "description": "Enable external access from outside the cluster",
+      "type": "boolean",
+      "default": false
+    },
+    "jetstream": {
+      "description": "Jetstream configuration",
+      "type": "object",
+      "default": {
+        "enabled": true,
+        "size": "10Gi"
+      },
+      "required": [
+        "enabled",
+        "size"
+      ],
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable Jetstream. Set to `true` (default) to enable Jetstream for persistent messaging in NATS.",
+          "type": "boolean",
+          "default": true
+        },
+        "size": {
+          "description": "Jetstream persistent storage size. Specifies the size of the persistent storage for Jetstream (message store).",
+          "default": "10Gi",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        }
+      }
+    },
+    "replicas": {
+      "description": "Number of replicas",
+      "type": "integer",
+      "default": 2
+    },
+    "resources": {
+      "description": "Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "type": "object",
+      "default": {},
+      "properties": {
+        "cpu": {
+          "description": "CPU available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "memory": {
+          "description": "Memory (RAM) available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        }
+      }
+    },
+    "resourcesPreset": {
+      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "type": "string",
+      "default": "nano",
+      "enum": [
+        "nano",
+        "micro",
+        "small",
+        "medium",
+        "large",
+        "xlarge",
+        "2xlarge"
+      ]
+    },
+    "storageClass": {
+      "description": "StorageClass used to store the data",
+      "type": "string"
+    },
+    "users": {
+      "description": "Users configuration",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "properties": {
+          "password": {
+            "description": "Password for the user",
+            "type": "string"
+          }
+        }
+      }
+    }
+  }
+}
--- a/packages/apps/nats/values.yaml
+++ b/packages/apps/nats/values.yaml
@@ -1,22 +1,25 @@
 ## @section Common parameters
 ##
-## @param replicas Number of replicas
+## @param replicas {int} Number of replicas
 replicas: 2
-## @param resources Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @param resources {*resources} Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @field resources.cpu {*quantity} CPU available to each replica
+## @field resources.memory {*quantity} Memory (RAM) available to each replica
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
-## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
 resourcesPreset: "nano"
-## @param storageClass StorageClass used to store the data
+## @param storageClass {string} StorageClass used to store the data
 storageClass: ""
-## @param external Enable external access from outside the cluster
+## @param external {bool} Enable external access from outside the cluster
 external: false

 ## @section Application-specific parameters
 ##
-## @param users [object] Users configuration (see example)
+## @param users {map[string]user} Users configuration
+## @field user.password {*string} Password for the user
 ## Example:
 ## users:
 ##   user1:
@@ -24,18 +27,19 @@ external: false
 ##   user2: {}
 users: {}

+## @param jetstream {jetstream} Jetstream configuration
 jetstream:
-  ## @param jetstream.enabled Enable or disable Jetstream
-  ## Set to true to enable Jetstream for persistent messaging in NATS.
+  ## @field jetstream.enabled {bool} Enable or disable Jetstream. Set to `true` (default) to enable Jetstream for persistent messaging in NATS.
+  ##
  ## Default: true
  enabled: true
-  ## @param jetstream.size Jetstream persistent storage size
-  ## Specifies the size of the persistent storage for Jetstream (message store).
-  ## Default: 10Gi
+  ## @field jetstream.size {quantity} Jetstream persistent storage size. Specifies the size of the persistent storage for Jetstream (message store).
+  ##
  size: 10Gi

+## @param config {config} NATS configuration
 config:
-  ## @param config.merge Additional configuration to merge into NATS config (see example)
+  ## @field config.merge {*object} Additional configuration to merge into NATS config (see example)
  ## Allows you to customize NATS server settings by merging additional configurations.
  ## For example, you can add extra parameters, configure authentication, or set custom settings.
  ## Default: {}
@@ -63,7 +67,7 @@ config:
  ##   include ./my-config-last.conf;
  ## }
  merge: {}
-  ## @param config.resolver Additional resolver configuration to merge into NATS config (see example)
+  ## @field config.resolver {*object} Additional resolver configuration to merge into NATS config (see example)
  ## Allows you to customize NATS server settings by merging resolver configurations.
  ## Default: {}
  ## Example: https://github.com/nats-io/k8s/blob/94414664c254b0bbac3a07fc9693f6c4f8f88709/helm/charts/nats/values.yaml#L248-L270
--- a/packages/apps/postgres/Chart.yaml
+++ b/packages/apps/postgres/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.17.3
+version: 0.18.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/postgres/Makefile
+++ b/packages/apps/postgres/Makefile
@@ -1,6 +1,4 @@
 include ../../../scripts/package.mk
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 4 '.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/postgres/README.md
+++ b/packages/apps/postgres/README.md
@@ -66,44 +66,61 @@ See:

 ### Common parameters

-| Name              | Description                                                                                                                             | Value   |
-| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `replicas`        | Number of Postgres replicas                                                                                                             | `2`     |
-| `resources`       | Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.             | `micro` |
-| `size`            | Persistent Volume size                                                                                                                  | `10Gi`  |
-| `storageClass`    | StorageClass used to store the data                                                                                                     | `""`    |
-| `external`        | Enable external access from outside the cluster                                                                                         | `false` |
+| Name               | Description                                                                                                                               | Type        | Value   |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `replicas`         | Number of Postgres replicas                                                                                                               | `int`       | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.   | `*object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
+| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro` |
+| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
+| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+

 ### Application-specific parameters

-| Name                                    | Description                                                                                                              | Value |
-| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----- |
-| `postgresql.parameters.max_connections` | Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections | `100` |
-| `quorum.minSyncReplicas`                | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.            | `0`   |
-| `quorum.maxSyncReplicas`                | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).  | `0`   |
-| `users`                                 | Users configuration                                                                                                      | `{}`  |
-| `databases`                             | Databases configuration                                                                                                  | `{}`  |
+| Name                                    | Description                                                                                                              | Type                | Value   |
+| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------- | ------- |
+| `postgresql`                            | PostgreSQL server configuration                                                                                          | `object`            | `{}`    |
+| `postgresql.parameters`                 | PostgreSQL server parameters                                                                                             | `object`            | `{}`    |
+| `postgresql.parameters.max_connections` | Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections | `int`               | `100`   |
+| `quorum`                                | Quorum configuration for synchronous replication                                                                         | `object`            | `{}`    |
+| `quorum.minSyncReplicas`                | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.            | `int`               | `0`     |
+| `quorum.maxSyncReplicas`                | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).  | `int`               | `0`     |
+| `users`                                 | Users configuration                                                                                                      | `map[string]object` | `{...}` |
+| `users[name].password`                  | Password for the user                                                                                                    | `*string`           | `null`  |
+| `users[name].replication`               | Whether the user has replication privileges                                                                              | `*bool`             | `null`  |
+| `databases`                             | Databases configuration                                                                                                  | `map[string]object` | `{...}` |
+| `databases[name].roles`                 | Roles for the database                                                                                                   | `*object`           | `null`  |
+| `databases[name].roles.admin`           | List of users with admin privileges                                                                                      | `[]string`          | `[]`    |
+| `databases[name].roles.readonly`        | List of users with read-only privileges                                                                                  | `[]string`          | `[]`    |
+| `databases[name].extensions`            | Extensions enabled for the database                                                                                      | `[]string`          | `[]`    |
+

 ### Backup parameters

-| Name                     | Description                                                | Value                               |
-| ------------------------ | ---------------------------------------------------------- | ----------------------------------- |
-| `backup.enabled`         | Enable regular backups                                     | `false`                             |
-| `backup.schedule`        | Cron schedule for automated backups                        | `0 2 * * * *`                       |
-| `backup.retentionPolicy` | Retention policy                                           | `30d`                               |
-| `backup.destinationPath` | Path to store the backup (i.e. s3://bucket/path/to/folder) | `s3://bucket/path/to/folder/`       |
-| `backup.endpointURL`     | S3 Endpoint used to upload data to the cloud               | `http://minio-gateway-service:9000` |
-| `backup.s3AccessKey`     | Access key for S3, used for authentication                 | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`  |
-| `backup.s3SecretKey`     | Secret key for S3, used for authentication                 | `ju3eum4dekeich9ahM1te8waeGai0oog`  |
+| Name                     | Description                                                | Type      | Value                               |
+| ------------------------ | ---------------------------------------------------------- | --------- | ----------------------------------- |
+| `backup`                 | Backup configuration                                       | `object`  | `{}`                                |
+| `backup.enabled`         | Enable regular backups                                     | `*bool`   | `false`                             |
+| `backup.schedule`        | Cron schedule for automated backups                        | `*string` | `0 2 * * * *`                       |
+| `backup.retentionPolicy` | Retention policy                                           | `*string` | `30d`                               |
+| `backup.destinationPath` | Path to store the backup (i.e. s3://bucket/path/to/folder) | `*string` | `s3://bucket/path/to/folder/`       |
+| `backup.endpointURL`     | S3 Endpoint used to upload data to the cloud               | `*string` | `http://minio-gateway-service:9000` |
+| `backup.s3AccessKey`     | Access key for S3, used for authentication                 | `*string` | `<your-access-key>`                 |
+| `backup.s3SecretKey`     | Secret key for S3, used for authentication                 | `*string` | `<your-secret-key>`                 |
+

 ### Bootstrap (recovery) parameters

-| Name                     | Description                                                                                                          | Value   |
-| ------------------------ | -------------------------------------------------------------------------------------------------------------------- | ------- |
-| `bootstrap.enabled`      | Restore database cluster from a backup                                                                               | `false` |
-| `bootstrap.recoveryTime` | Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest | `""`    |
-| `bootstrap.oldName`      | Name of database cluster before deleting                                                                             | `""`    |
+| Name                     | Description                                                                                                          | Type      | Value   |
+| ------------------------ | -------------------------------------------------------------------------------------------------------------------- | --------- | ------- |
+| `bootstrap`              | Bootstrap configuration                                                                                              | `object`  | `{}`    |
+| `bootstrap.enabled`      | Restore database cluster from a backup                                                                               | `bool`    | `false` |
+| `bootstrap.recoveryTime` | Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest | `*string` | `""`    |
+| `bootstrap.oldName`      | Name of database cluster before deleting                                                                             | `string`  | `""`    |
+

 ## Parameter examples and reference

--- a/packages/apps/postgres/values.schema.json
+++ b/packages/apps/postgres/values.schema.json
@@ -1,140 +1,269 @@
 {
-    "properties": {
-        "backup": {
-            "properties": {
-                "destinationPath": {
-                    "default": "s3://bucket/path/to/folder/",
-                    "description": "Path to store the backup (i.e. s3://bucket/path/to/folder)",
-                    "type": "string"
-                },
-                "enabled": {
-                    "default": false,
-                    "description": "Enable regular backups",
-                    "type": "boolean"
-                },
-                "endpointURL": {
-                    "default": "http://minio-gateway-service:9000",
-                    "description": "S3 Endpoint used to upload data to the cloud",
-                    "type": "string"
-                },
-                "retentionPolicy": {
-                    "default": "30d",
-                    "description": "Retention policy",
-                    "type": "string"
-                },
-                "s3AccessKey": {
-                    "default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu",
-                    "description": "Access key for S3, used for authentication",
-                    "type": "string"
-                },
-                "s3SecretKey": {
-                    "default": "ju3eum4dekeich9ahM1te8waeGai0oog",
-                    "description": "Secret key for S3, used for authentication",
-                    "type": "string"
-                },
-                "schedule": {
-                    "default": "0 2 * * * *",
-                    "description": "Cron schedule for automated backups",
-                    "type": "string"
-                }
-            },
-            "type": "object"
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "backup": {
+      "description": "Backup configuration",
+      "type": "object",
+      "default": {
+        "destinationPath": "s3://bucket/path/to/folder/",
+        "enabled": false,
+        "endpointURL": "http://minio-gateway-service:9000",
+        "retentionPolicy": "30d",
+        "s3AccessKey": "\u003cyour-access-key\u003e",
+        "s3SecretKey": "\u003cyour-secret-key\u003e",
+        "schedule": "0 2 * * * *"
+      },
+      "properties": {
+        "destinationPath": {
+          "description": "Path to store the backup (i.e. s3://bucket/path/to/folder)",
+          "type": "string",
+          "default": "s3://bucket/path/to/folder/"
        },
-        "bootstrap": {
-            "properties": {
-                "enabled": {
-                    "default": false,
-                    "description": "Restore database cluster from a backup",
-                    "type": "boolean"
-                },
-                "oldName": {
-                    "default": "",
-                    "description": "Name of database cluster before deleting",
-                    "type": "string"
-                },
-                "recoveryTime": {
-                    "default": "",
-                    "description": "Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest",
-                    "type": "string"
-                }
-            },
-            "type": "object"
+        "enabled": {
+          "description": "Enable regular backups",
+          "type": "boolean",
+          "default": false
        },
-        "databases": {
-            "default": {},
-            "description": "Databases configuration",
-            "type": "object"
+        "endpointURL": {
+          "description": "S3 Endpoint used to upload data to the cloud",
+          "type": "string",
+          "default": "http://minio-gateway-service:9000"
        },
-        "external": {
-            "default": false,
-            "description": "Enable external access from outside the cluster",
-            "type": "boolean"
+        "retentionPolicy": {
+          "description": "Retention policy",
+          "type": "string",
+          "default": "30d"
        },
-        "postgresql": {
-            "properties": {
-                "parameters": {
-                    "properties": {
-                        "max_connections": {
-                            "default": 100,
-                            "description": "Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections",
-                            "type": "number"
-                        }
-                    },
-                    "type": "object"
-                }
-            },
-            "type": "object"
+        "s3AccessKey": {
+          "description": "Access key for S3, used for authentication",
+          "type": "string",
+          "default": "\u003cyour-access-key\u003e"
        },
-        "quorum": {
-            "properties": {
-                "maxSyncReplicas": {
-                    "default": 0,
-                    "description": "Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).",
-                    "type": "number"
-                },
-                "minSyncReplicas": {
-                    "default": 0,
-                    "description": "Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.",
-                    "type": "number"
-                }
-            },
-            "type": "object"
+        "s3SecretKey": {
+          "description": "Secret key for S3, used for authentication",
+          "type": "string",
+          "default": "\u003cyour-secret-key\u003e"
        },
-        "replicas": {
-            "default": 2,
-            "description": "Number of Postgres replicas",
-            "type": "number"
-        },
-        "resources": {
-            "default": {},
-            "description": "Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-            "type": "object"
-        },
-        "resourcesPreset": {
-            "default": "micro",
-            "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-            "type": "string",
-            "enum": [
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-            ]
-        },
-        "size": {
-            "default": "10Gi",
-            "description": "Persistent Volume size",
-            "type": "string"
-        },
-        "storageClass": {
-            "default": "",
-            "description": "StorageClass used to store the data",
-            "type": "string"
+        "schedule": {
+          "description": "Cron schedule for automated backups",
+          "type": "string",
+          "default": "0 2 * * * *"
        }
+      }
    },
-    "title": "Chart Values",
-    "type": "object"
-}
+    "bootstrap": {
+      "description": "Bootstrap configuration",
+      "type": "object",
+      "default": {
+        "enabled": false,
+        "oldName": "",
+        "recoveryTime": ""
+      },
+      "required": [
+        "enabled",
+        "oldName"
+      ],
+      "properties": {
+        "enabled": {
+          "description": "Restore database cluster from a backup",
+          "type": "boolean",
+          "default": false
+        },
+        "oldName": {
+          "description": "Name of database cluster before deleting",
+          "type": "string"
+        },
+        "recoveryTime": {
+          "description": "Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest",
+          "type": "string"
+        }
+      }
+    },
+    "databases": {
+      "description": "Databases configuration",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "properties": {
+          "extensions": {
+            "description": "Extensions enabled for the database",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "roles": {
+            "description": "Roles for the database",
+            "type": "object",
+            "properties": {
+              "admin": {
+                "description": "List of users with admin privileges",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "readonly": {
+                "description": "List of users with read-only privileges",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "external": {
+      "description": "Enable external access from outside the cluster",
+      "type": "boolean",
+      "default": false
+    },
+    "postgresql": {
+      "description": "PostgreSQL server configuration",
+      "type": "object",
+      "default": {
+        "parameters": {
+          "max_connections": 100
+        }
+      },
+      "required": [
+        "parameters"
+      ],
+      "properties": {
+        "parameters": {
+          "description": "PostgreSQL server parameters",
+          "type": "object",
+          "default": {
+            "max_connections": 100
+          },
+          "required": [
+            "max_connections"
+          ],
+          "properties": {
+            "max_connections": {
+              "description": "Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections",
+              "type": "integer",
+              "default": 100
+            }
+          }
+        }
+      }
+    },
+    "quorum": {
+      "description": "Quorum configuration for synchronous replication",
+      "type": "object",
+      "default": {
+        "maxSyncReplicas": 0,
+        "minSyncReplicas": 0
+      },
+      "required": [
+        "maxSyncReplicas",
+        "minSyncReplicas"
+      ],
+      "properties": {
+        "maxSyncReplicas": {
+          "description": "Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).",
+          "type": "integer",
+          "default": 0
+        },
+        "minSyncReplicas": {
+          "description": "Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.",
+          "type": "integer",
+          "default": 0
+        }
+      }
+    },
+    "replicas": {
+      "description": "Number of Postgres replicas",
+      "type": "integer",
+      "default": 2
+    },
+    "resources": {
+      "description": "Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "type": "object",
+      "default": {},
+      "properties": {
+        "cpu": {
+          "description": "CPU available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "memory": {
+          "description": "Memory (RAM) available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        }
+      }
+    },
+    "resourcesPreset": {
+      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "type": "string",
+      "default": "micro",
+      "enum": [
+        "nano",
+        "micro",
+        "small",
+        "medium",
+        "large",
+        "xlarge",
+        "2xlarge"
+      ]
+    },
+    "size": {
+      "description": "Persistent Volume Claim size, available for application data",
+      "default": "10Gi",
+      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+      "anyOf": [
+        {
+          "type": "integer"
+        },
+        {
+          "type": "string"
+        }
+      ],
+      "x-kubernetes-int-or-string": true
+    },
+    "storageClass": {
+      "description": "StorageClass used to store the data",
+      "type": "string"
+    },
+    "users": {
+      "description": "Users configuration",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "properties": {
+          "password": {
+            "description": "Password for the user",
+            "type": "string"
+          },
+          "replication": {
+            "description": "Whether the user has replication privileges",
+            "type": "boolean"
+          }
+        }
+      }
+    }
+  }
+}
--- a/packages/apps/postgres/values.yaml
+++ b/packages/apps/postgres/values.yaml
@@ -1,36 +1,44 @@
 ## @section Common parameters
 ##
-## @param replicas Number of Postgres replicas
+## @param replicas {int} Number of Postgres replicas
 replicas: 2
-## @param resources Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @param resources {*resources} Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @field resources.cpu {*quantity} CPU available to each replica
+## @field resources.memory {*quantity} Memory (RAM) available to each replica
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
-## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
 resourcesPreset: "micro"
-## @param size Persistent Volume size
+## @param size {quantity} Persistent Volume Claim size, available for application data
 size: 10Gi
-## @param storageClass StorageClass used to store the data
+## @param storageClass {string} StorageClass used to store the data
 storageClass: ""
-## @param external Enable external access from outside the cluster
+## @param external {bool} Enable external access from outside the cluster
 external: false

-
 ## @section Application-specific parameters
+## @param postgresql {postgresql} PostgreSQL server configuration
+## @field postgresql.parameters {postgresqlParameters} PostgreSQL server parameters
+## @field postgresqlParameters.max_connections {int} Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections
 ##
-## @param postgresql.parameters.max_connections Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections
 postgresql:
  parameters:
    max_connections: 100

-## @param quorum.minSyncReplicas Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.
-## @param quorum.maxSyncReplicas Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).
+## Configuration for the quorum-based synchronous replication
+## @param quorum {quorum} Quorum configuration for synchronous replication
+## @field quorum.minSyncReplicas {int} Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.
+## @field quorum.maxSyncReplicas {int} Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).
 quorum:
  minSyncReplicas: 0
  maxSyncReplicas: 0

-## @param users [object] Users configuration
+## @param users {map[string]user} Users configuration
+## @field user.password {*string} Password for the user
+## @field user.replication {*bool} Whether the user has replication privileges
+##
 ## Example:
 ## users:
 ##   user1:
@@ -44,7 +52,12 @@ quorum:
 ##
 users: {}

-## @param databases Databases configuration
+## @param databases {map[string]database} Databases configuration
+## @field database.roles {*databaseRoles} Roles for the database
+## @field databaseRoles.admin {[]string} List of users with admin privileges
+## @field databaseRoles.readonly {[]string} List of users with read-only privileges
+## @field database.extensions {[]string} Extensions enabled for the database
+##
 ## Example:
 ## databases:
 ##   myapp:
@@ -64,27 +77,29 @@ databases: {}

 ## @section Backup parameters

-## @param backup.enabled Enable regular backups
-## @param backup.schedule Cron schedule for automated backups
-## @param backup.retentionPolicy Retention policy
-## @param backup.destinationPath Path to store the backup (i.e. s3://bucket/path/to/folder)
-## @param backup.endpointURL S3 Endpoint used to upload data to the cloud
-## @param backup.s3AccessKey Access key for S3, used for authentication
-## @param backup.s3SecretKey Secret key for S3, used for authentication
+## @param backup {backup} Backup configuration
+## @field backup.enabled {*bool} Enable regular backups
+## @field backup.schedule {*string} Cron schedule for automated backups
+## @field backup.retentionPolicy {*string} Retention policy
+## @field backup.destinationPath {*string} Path to store the backup (i.e. s3://bucket/path/to/folder)
+## @field backup.endpointURL {*string} S3 Endpoint used to upload data to the cloud
+## @field backup.s3AccessKey {*string} Access key for S3, used for authentication
+## @field backup.s3SecretKey {*string} Secret key for S3, used for authentication
 backup:
  enabled: false
  retentionPolicy: 30d
-  destinationPath: s3://bucket/path/to/folder/
-  endpointURL: http://minio-gateway-service:9000
+  destinationPath: "s3://bucket/path/to/folder/"
+  endpointURL: "http://minio-gateway-service:9000"
  schedule: "0 2 * * * *"
-  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
-  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
+  s3AccessKey: "<your-access-key>"
+  s3SecretKey: "<your-secret-key>"

 ## @section Bootstrap (recovery) parameters

-## @param bootstrap.enabled Restore database cluster from a backup
-## @param bootstrap.recoveryTime Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest
-## @param bootstrap.oldName Name of database cluster before deleting
+## @param bootstrap {bootstrap} Bootstrap configuration
+## @field bootstrap.enabled {bool} Restore database cluster from a backup
+## @field bootstrap.recoveryTime {*string} Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest
+## @field bootstrap.oldName {string} Name of database cluster before deleting
 ##
 bootstrap:
  enabled: false
--- a/packages/apps/rabbitmq/Chart.yaml
+++ b/packages/apps/rabbitmq/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.1
+version: 0.9.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/rabbitmq/Makefile
+++ b/packages/apps/rabbitmq/Makefile
@@ -1,6 +1,4 @@
 include ../../../scripts/package.mk
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 4 '.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/rabbitmq/README.md
+++ b/packages/apps/rabbitmq/README.md
@@ -13,21 +13,29 @@ The service utilizes official RabbitMQ operator. This ensures the reliability an

 ### Common parameters

-| Name              | Description                                                                                                                           | Value   |
-| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `replicas`        | Number of RabbitMQ replicas                                                                                                           | `3`     |
-| `resources`       | Explicit CPU and memory configuration for each RabbitMQ replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.           | `nano`  |
-| `size`            | Persistent Volume size                                                                                                                | `10Gi`  |
-| `storageClass`    | StorageClass used to store the data                                                                                                   | `""`    |
-| `external`        | Enable external access from outside the cluster                                                                                       | `false` |
+| Name               | Description                                                                                                                               | Type        | Value   |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `replicas`         | Number of RabbitMQ replicas                                                                                                               | `int`       | `3`     |
+| `resources`        | Explicit CPU and memory configuration for each RabbitMQ replica.  When left empty, the preset defined in `resourcesPreset` is applied.    | `*object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
+| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano`  |
+| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
+| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+

 ### Application-specific parameters

-| Name     | Description                 | Value |
-| -------- | --------------------------- | ----- |
-| `users`  | Users configuration         | `{}`  |
-| `vhosts` | Virtual Hosts configuration | `{}`  |
+| Name                          | Description                 | Type                | Value   |
+| ----------------------------- | --------------------------- | ------------------- | ------- |
+| `users`                       | Users configuration         | `map[string]object` | `{...}` |
+| `users[name].password`        | Password for the user       | `*string`           | `null`  |
+| `vhosts`                      | Virtual Hosts configuration | `map[string]object` | `{...}` |
+| `vhosts[name].roles`          | Virtual host roles list     | `object`            | `{}`    |
+| `vhosts[name].roles.admin`    | List of admin users         | `[]string`          | `[]`    |
+| `vhosts[name].roles.readonly` | List of readonly users      | `[]string`          | `[]`    |
+

 ## Parameter examples and reference

--- a/packages/apps/rabbitmq/values.schema.json
+++ b/packages/apps/rabbitmq/values.schema.json
@@ -1,50 +1,128 @@
 {
-    "properties": {
-        "external": {
-            "default": false,
-            "description": "Enable external access from outside the cluster",
-            "type": "boolean"
-        },
-        "replicas": {
-            "default": 3,
-            "description": "Number of RabbitMQ replicas",
-            "type": "number"
-        },
-        "resources": {
-            "default": {},
-            "description": "Explicit CPU and memory configuration for each RabbitMQ replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-            "type": "object"
-        },
-        "resourcesPreset": {
-            "default": "nano",
-            "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-            "type": "string",
-            "enum": [
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-            ]
-        },
-        "size": {
-            "default": "10Gi",
-            "description": "Persistent Volume size",
-            "type": "string"
-        },
-        "storageClass": {
-            "default": "",
-            "description": "StorageClass used to store the data",
-            "type": "string"
-        },
-        "vhosts": {
-            "default": {},
-            "description": "Virtual Hosts configuration",
-            "type": "object"
-        }
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "external": {
+      "description": "Enable external access from outside the cluster",
+      "type": "boolean",
+      "default": false
    },
-    "title": "Chart Values",
-    "type": "object"
-}
+    "replicas": {
+      "description": "Number of RabbitMQ replicas",
+      "type": "integer",
+      "default": 3
+    },
+    "resources": {
+      "description": "Explicit CPU and memory configuration for each RabbitMQ replica.  When left empty, the preset defined in `resourcesPreset` is applied.",
+      "type": "object",
+      "default": {},
+      "properties": {
+        "cpu": {
+          "description": "CPU available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "memory": {
+          "description": "Memory (RAM) available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        }
+      }
+    },
+    "resourcesPreset": {
+      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "type": "string",
+      "default": "nano",
+      "enum": [
+        "nano",
+        "micro",
+        "small",
+        "medium",
+        "large",
+        "xlarge",
+        "2xlarge"
+      ]
+    },
+    "size": {
+      "description": "Persistent Volume Claim size, available for application data",
+      "default": "10Gi",
+      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+      "anyOf": [
+        {
+          "type": "integer"
+        },
+        {
+          "type": "string"
+        }
+      ],
+      "x-kubernetes-int-or-string": true
+    },
+    "storageClass": {
+      "description": "StorageClass used to store the data",
+      "type": "string"
+    },
+    "users": {
+      "description": "Users configuration",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "properties": {
+          "password": {
+            "description": "Password for the user",
+            "type": "string"
+          }
+        }
+      }
+    },
+    "vhosts": {
+      "description": "Virtual Hosts configuration",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "required": [
+          "roles"
+        ],
+        "properties": {
+          "roles": {
+            "description": "Virtual host roles list",
+            "type": "object",
+            "properties": {
+              "admin": {
+                "description": "List of admin users",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "readonly": {
+                "description": "List of readonly users",
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
--- a/packages/apps/rabbitmq/values.yaml
+++ b/packages/apps/rabbitmq/values.yaml
@@ -1,25 +1,29 @@
 ## @section Common parameters
 ##
-## @param replicas Number of RabbitMQ replicas
+## @param replicas {int} Number of RabbitMQ replicas
 replicas: 3
-## @param resources Explicit CPU and memory configuration for each RabbitMQ replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @param resources {*resources} Explicit CPU and memory configuration for each RabbitMQ replica.  When left empty, the preset defined in `resourcesPreset` is applied.
+## @field resources.cpu {*quantity} CPU available to each replica
+## @field resources.memory {*quantity} Memory (RAM) available to each replica
+# resources:
+#   cpu: 4000m
+#   memory: 4Gi
 resources: {}
-  # resources:
-  #   cpu: 4000m
-  #   memory: 4Gi
-## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+
+## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
 resourcesPreset: "nano"
-## @param size Persistent Volume size
+## @param size {quantity} Persistent Volume Claim size, available for application data
 size: 10Gi
-## @param storageClass StorageClass used to store the data
+## @param storageClass {string} StorageClass used to store the data
 storageClass: ""
-## @param external Enable external access from outside the cluster
+## @param external {bool} Enable external access from outside the cluster
 external: false


 ## @section Application-specific parameters
 ##
-## @param users [object] Users configuration
+## @param users {map[string]user} Users configuration
+## @field user.password {*string} Password for the user
 ## Example:
 ## users:
 ##   user1:
@@ -31,7 +35,11 @@ external: false
 ##
 users: {}

-## @param vhosts Virtual Hosts configuration
+## @param vhosts {map[string]vhost} Virtual Hosts configuration
+## @field vhost.roles {roles} Virtual host roles list
+## @field roles.admin {[]string} List of admin users
+## @field roles.readonly {[]string} List of readonly users
+##
 ## Example:
 ## vhosts:
 ##   myapp:
--- a/packages/apps/redis/Chart.yaml
+++ b/packages/apps/redis/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.9.1
+version: 0.10.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/redis/Makefile
+++ b/packages/apps/redis/Makefile
@@ -1,6 +1,4 @@
 include ../../../scripts/package.mk
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 4 '.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/redis/README.md
+++ b/packages/apps/redis/README.md
@@ -13,20 +13,24 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche

 ### Common parameters

-| Name              | Description                                                                                                                        | Value   |
-| ----------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `replicas`        | Number of Redis replicas                                                                                                           | `2`     |
-| `resources`       | Explicit CPU and memory configuration for each Redis replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.        | `nano`  |
-| `size`            | Persistent Volume size                                                                                                             | `1Gi`   |
-| `storageClass`    | StorageClass used to store the data                                                                                                | `""`    |
-| `external`        | Enable external access from outside the cluster                                                                                    | `false` |
+| Name               | Description                                                                                                                               | Type        | Value   |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
+| `replicas`         | Number of Redis replicas                                                                                                                  | `int`       | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each Redis replica.  When left empty, the preset defined in `resourcesPreset` is applied.       | `*object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
+| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano`  |
+| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `1Gi`   |
+| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
+| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+

 ### Application-specific parameters

-| Name          | Description                | Value  |
-| ------------- | -------------------------- | ------ |
-| `authEnabled` | Enable password generation | `true` |
+| Name          | Description                | Type   | Value  |
+| ------------- | -------------------------- | ------ | ------ |
+| `authEnabled` | Enable password generation | `bool` | `true` |
+

 ## Parameter examples and reference

--- a/packages/apps/redis/values.schema.json
+++ b/packages/apps/redis/values.schema.json
@@ -1,50 +1,86 @@
 {
-    "properties": {
-        "authEnabled": {
-            "default": true,
-            "description": "Enable password generation",
-            "type": "boolean"
-        },
-        "external": {
-            "default": false,
-            "description": "Enable external access from outside the cluster",
-            "type": "boolean"
-        },
-        "replicas": {
-            "default": 2,
-            "description": "Number of Redis replicas",
-            "type": "number"
-        },
-        "resources": {
-            "default": {},
-            "description": "Explicit CPU and memory configuration for each Redis replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-            "type": "object"
-        },
-        "resourcesPreset": {
-            "default": "nano",
-            "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
-            "type": "string",
-            "enum": [
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-            ]
-        },
-        "size": {
-            "default": "1Gi",
-            "description": "Persistent Volume size",
-            "type": "string"
-        },
-        "storageClass": {
-            "default": "",
-            "description": "StorageClass used to store the data",
-            "type": "string"
-        }
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "authEnabled": {
+      "description": "Enable password generation",
+      "type": "boolean",
+      "default": true
    },
-    "title": "Chart Values",
-    "type": "object"
-}
+    "external": {
+      "description": "Enable external access from outside the cluster",
+      "type": "boolean",
+      "default": false
+    },
+    "replicas": {
+      "description": "Number of Redis replicas",
+      "type": "integer",
+      "default": 2
+    },
+    "resources": {
+      "description": "Explicit CPU and memory configuration for each Redis replica.  When left empty, the preset defined in `resourcesPreset` is applied.",
+      "type": "object",
+      "default": {},
+      "properties": {
+        "cpu": {
+          "description": "CPU available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "memory": {
+          "description": "Memory (RAM) available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        }
+      }
+    },
+    "resourcesPreset": {
+      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "type": "string",
+      "default": "nano",
+      "enum": [
+        "nano",
+        "micro",
+        "small",
+        "medium",
+        "large",
+        "xlarge",
+        "2xlarge"
+      ]
+    },
+    "size": {
+      "description": "Persistent Volume Claim size, available for application data",
+      "default": "1Gi",
+      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+      "anyOf": [
+        {
+          "type": "integer"
+        },
+        {
+          "type": "string"
+        }
+      ],
+      "x-kubernetes-int-or-string": true
+    },
+    "storageClass": {
+      "description": "StorageClass used to store the data",
+      "type": "string"
+    }
+  }
+}
--- a/packages/apps/redis/values.yaml
+++ b/packages/apps/redis/values.yaml
@@ -1,23 +1,25 @@
 ## @section Common parameters
 ##
-## @param replicas Number of Redis replicas
+## @param replicas {int} Number of Redis replicas
 replicas: 2
-## @param resources Explicit CPU and memory configuration for each Redis replica. When left empty, the preset defined in `resourcesPreset` is applied.
+## @param resources {*resources} Explicit CPU and memory configuration for each Redis replica.  When left empty, the preset defined in `resourcesPreset` is applied.
+## @field resources.cpu {*quantity} CPU available to each replica
+## @field resources.memory {*quantity} Memory (RAM) available to each replica
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
-## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
 resourcesPreset: "nano"
-## @param size Persistent Volume size
+## @param size {quantity} Persistent Volume Claim size, available for application data
 size: 1Gi
-## @param storageClass StorageClass used to store the data
+## @param storageClass {string} StorageClass used to store the data
 storageClass: ""
-## @param external Enable external access from outside the cluster
+## @param external {bool} Enable external access from outside the cluster
 external: false


 ## @section Application-specific parameters
 ##
-## @param authEnabled Enable password generation
+## @param authEnabled {bool} Enable password generation
 authEnabled: true
--- a/packages/apps/tcp-balancer/Chart.yaml
+++ b/packages/apps/tcp-balancer/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.1
+version: 0.6.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/tcp-balancer/Makefile
+++ b/packages/apps/tcp-balancer/Makefile
@@ -1,8 +1,4 @@
 include ../../../scripts/package.mk
-PRESET_ENUM := ["nano","micro","small","medium","large","xlarge","2xlarge"]

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
-	yq -i -o json --indent 2 '.properties.httpAndHttps.properties.mode.enum = ["tcp","tcp-with-proxy"]' values.schema.json
-	yq -i -o json --indent 2 '.properties.resourcesPreset.enum = $(PRESET_ENUM)' values.schema.json
-	rm -f values.schema.json.tmp
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/tcp-balancer/README.md
+++ b/packages/apps/tcp-balancer/README.md
@@ -12,23 +12,29 @@ Managed TCP Load Balancer Service efficiently utilizes HAProxy for load balancin

 ### Common parameters

-| Name              | Description                                                                                                                               | Value   |
-| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `replicas`        | Number of HAProxy replicas                                                                                                                | `2`     |
-| `resources`       | Explicit CPU and memory configuration for each TCP Balancer replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
-| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.               | `nano`  |
-| `external`        | Enable external access from outside the cluster                                                                                           | `false` |
+| Name               | Description                                                                                                                                | Type        | Value   |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | ------- |
+| `replicas`         | Number of HAProxy replicas                                                                                                                 | `int`       | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each TCP Balancer replica.  When left empty, the preset defined in `resourcesPreset` is applied. | `*object`   | `null`  |
+| `resources.cpu`    | CPU available to each replica                                                                                                              | `*quantity` | `null`  |
+| `resources.memory` | Memory (RAM) available to each replica                                                                                                     | `*quantity` | `null`  |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.  | `string`    | `nano`  |
+| `external`         | Enable external access from outside the cluster                                                                                            | `bool`      | `false` |
+

 ### Application-specific parameters

-| Name                             | Description                                                   | Value   |
-| -------------------------------- | ------------------------------------------------------------- | ------- |
-| `httpAndHttps.mode`              | Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy` | `tcp`   |
-| `httpAndHttps.targetPorts.http`  | HTTP port number.                                             | `80`    |
-| `httpAndHttps.targetPorts.https` | HTTPS port number.                                            | `443`   |
-| `httpAndHttps.endpoints`         | Endpoint addresses list                                       | `[]`    |
-| `whitelistHTTP`                  | Secure HTTP by whitelisting client networks                   | `false` |
-| `whitelist`                      | List of client networks                                       | `[]`    |
+| Name                             | Description                                                      | Type       | Value   |
+| -------------------------------- | ---------------------------------------------------------------- | ---------- | ------- |
+| `httpAndHttps`                   | HTTP and HTTPS configuration                                     | `object`   | `{}`    |
+| `httpAndHttps.mode`              | Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`    | `string`   | `tcp`   |
+| `httpAndHttps.targetPorts`       | Target ports configuration                                       | `object`   | `{}`    |
+| `httpAndHttps.targetPorts.http`  | HTTP port number.                                                | `int`      | `80`    |
+| `httpAndHttps.targetPorts.https` | HTTPS port number.                                               | `int`      | `443`   |
+| `httpAndHttps.endpoints`         | Endpoint addresses list                                          | `[]string` | `[]`    |
+| `whitelistHTTP`                  | Secure HTTP by whitelisting client networks, `false` by default. | `bool`     | `false` |
+| `whitelist`                      | List of allowed client networks                                  | `[]string` | `[]`    |
+

 ## Parameter examples and reference

--- a/packages/apps/tcp-balancer/values.schema.json
+++ b/packages/apps/tcp-balancer/values.schema.json
@@ -1,59 +1,112 @@
 {
+  "title": "Chart Values",
+  "type": "object",
  "properties": {
    "external": {
-      "default": false,
      "description": "Enable external access from outside the cluster",
-      "type": "boolean"
+      "type": "boolean",
+      "default": false
    },
    "httpAndHttps": {
+      "description": "HTTP and HTTPS configuration",
+      "type": "object",
+      "default": {
+        "endpoints": {},
+        "mode": "tcp",
+        "targetPorts": {
+          "http": 80,
+          "https": 443
+        }
+      },
+      "required": [
+        "mode",
+        "targetPorts"
+      ],
      "properties": {
        "endpoints": {
-          "default": [],
          "description": "Endpoint addresses list",
-          "items": {},
-          "type": "array"
+          "type": "array",
+          "default": [],
+          "items": {
+            "type": "string"
+          }
        },
        "mode": {
-          "default": "tcp",
          "description": "Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`",
          "type": "string",
+          "default": "tcp",
          "enum": [
            "tcp",
            "tcp-with-proxy"
          ]
        },
        "targetPorts": {
+          "description": "Target ports configuration",
+          "type": "object",
+          "default": {
+            "http": 80,
+            "https": 443
+          },
+          "required": [
+            "http",
+            "https"
+          ],
          "properties": {
            "http": {
-              "default": 80,
              "description": "HTTP port number.",
-              "type": "number"
+              "type": "integer",
+              "default": 80
            },
            "https": {
-              "default": 443,
              "description": "HTTPS port number.",
-              "type": "number"
+              "type": "integer",
+              "default": 443
            }
-          },
-          "type": "object"
+          }
        }
-      },
-      "type": "object"
+      }
    },
    "replicas": {
-      "default": 2,
      "description": "Number of HAProxy replicas",
-      "type": "number"
+      "type": "integer",
+      "default": 2
    },
    "resources": {
-      "default": {},
-      "description": "Explicit CPU and memory configuration for each TCP Balancer replica. When left empty, the preset defined in `resourcesPreset` is applied.",
-      "type": "object"
+      "description": "Explicit CPU and memory configuration for each TCP Balancer replica.  When left empty, the preset defined in `resourcesPreset` is applied.",
+      "type": "object",
+      "properties": {
+        "cpu": {
+          "description": "CPU available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        },
+        "memory": {
+          "description": "Memory (RAM) available to each replica",
+          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+          "anyOf": [
+            {
+              "type": "integer"
+            },
+            {
+              "type": "string"
+            }
+          ],
+          "x-kubernetes-int-or-string": true
+        }
+      }
    },
    "resourcesPreset": {
-      "default": "nano",
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.",
+      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
      "type": "string",
+      "default": "nano",
      "enum": [
        "nano",
        "micro",
@@ -65,17 +118,17 @@
      ]
    },
    "whitelist": {
+      "description": "List of allowed client networks",
+      "type": "array",
      "default": [],
-      "description": "List of client networks",
-      "items": {},
-      "type": "array"
+      "items": {
+        "type": "string"
+      }
    },
    "whitelistHTTP": {
-      "default": false,
-      "description": "Secure HTTP by whitelisting client networks",
-      "type": "boolean"
+      "description": "Secure HTTP by whitelisting client networks, `false` by default.",
+      "type": "boolean",
+      "default": false
    }
-  },
-  "title": "Chart Values",
-  "type": "object"
-}
+  }
+}
--- a/packages/apps/tcp-balancer/values.yaml
+++ b/packages/apps/tcp-balancer/values.yaml
@@ -1,25 +1,29 @@
 ## @section Common parameters
 ##
-## @param replicas Number of HAProxy replicas
+## @param replicas {int} Number of HAProxy replicas
 replicas: 2
-## @param resources Explicit CPU and memory configuration for each TCP Balancer replica. When left empty, the preset defined in `resourcesPreset` is applied.
-resources: {}
+## @param resources {*resources} Explicit CPU and memory configuration for each TCP Balancer replica.  When left empty, the preset defined in `resourcesPreset` is applied.
+## @field resources.cpu {*quantity} CPU available to each replica
+## @field resources.memory {*quantity} Memory (RAM) available to each replica
+#resources: {}
 # resources:
 #   cpu: 4000m
 #   memory: 4Gi
-## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: nano, micro, small, medium, large, xlarge, 2xlarge.
+## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
 resourcesPreset: "nano"
 ##
-## @param external Enable external access from outside the cluster
+## @param external {bool} Enable external access from outside the cluster
 external: false


 ## @section Application-specific parameters
 ##
-## @param httpAndHttps.mode Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`
-## @param httpAndHttps.targetPorts.http HTTP port number.
-## @param httpAndHttps.targetPorts.https HTTPS port number.
-## @param httpAndHttps.endpoints Endpoint addresses list
+## @param httpAndHttps {httpAndHttps} HTTP and HTTPS configuration
+## @field httpAndHttps.mode {string enum:"tcp,tcp-with-proxy"} Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`
+## @field httpAndHttps.targetPorts {targetPorts} Target ports configuration
+## @field targetPorts.http {int} HTTP port number.
+## @field targetPorts.https {int} HTTPS port number.
+## @field httpAndHttps.endpoints {[]string} Endpoint addresses list
 ## Example:
 ##
 ## httpAndHttps:
@@ -42,8 +46,8 @@ httpAndHttps:
    https: 443
  endpoints: []

-## @param whitelistHTTP Secure HTTP by whitelisting client networks
-## @param whitelist List of client networks
+## @param whitelistHTTP {bool} Secure HTTP by whitelisting client networks, `false` by default.
+## @param whitelist {[]string} List of allowed client networks
 ## Example:
 ## whitelistHTTP: true
 ## whitelist:
--- a/packages/apps/tenant/Chart.yaml
+++ b/packages/apps/tenant/Chart.yaml
@@ -4,4 +4,4 @@ description: Separated tenant namespace
 icon: /logos/tenant.svg

 type: application
-version: 1.11.2
+version: 1.12.1
--- a/packages/apps/tenant/Makefile
+++ b/packages/apps/tenant/Makefile
@@ -1,4 +1,4 @@
 include ../../../scripts/package.mk

 generate:
-	readme-generator-for-helm -v values.yaml -s values.schema.json -r README.md
+	cozyvalues-gen -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/tenant/README.md
+++ b/packages/apps/tenant/README.md
@@ -69,12 +69,13 @@ tenant-u1

 ### Common parameters

-| Name             | Description                                                                                                                 | Value   |
-| ---------------- | --------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `host`           | The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host). | `""`    |
-| `etcd`           | Deploy own Etcd cluster                                                                                                     | `false` |
-| `monitoring`     | Deploy own Monitoring Stack                                                                                                 | `false` |
-| `ingress`        | Deploy own Ingress Controller                                                                                               | `false` |
-| `seaweedfs`      | Deploy own SeaweedFS                                                                                                        | `false` |
-| `isolated`       | Enforce tenant namespace with network policies                                                                              | `true`  |
-| `resourceQuotas` | Define resource quotas for the tenant                                                                                       | `{}`    |
+| Name             | Description                                                                                                                 | Type                  | Value   |
+| ---------------- | --------------------------------------------------------------------------------------------------------------------------- | --------------------- | ------- |
+| `host`           | The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host). | `*string`             | `""`    |
+| `etcd`           | Deploy own Etcd cluster                                                                                                     | `bool`                | `false` |
+| `monitoring`     | Deploy own Monitoring Stack                                                                                                 | `bool`                | `false` |
+| `ingress`        | Deploy own Ingress Controller                                                                                               | `bool`                | `false` |
+| `seaweedfs`      | Deploy own SeaweedFS                                                                                                        | `bool`                | `false` |
+| `isolated`       | Enforce tenant namespace with network policies, `true` by default                                                           | `bool`                | `true`  |
+| `resourceQuotas` | Define resource quotas for the tenant                                                                                       | `map[string]quantity` | `{}`    |
+
--- a/packages/apps/tenant/templates/monitoring.yaml
+++ b/packages/apps/tenant/templates/monitoring.yaml
@@ -17,6 +17,12 @@ spec:
        kind: HelmRepository
        name: cozystack-extra
        namespace: cozy-public
+  install:
+    remediation:
+      retries: 10
+  upgrade:
+    remediation:
+      retries: 10
  interval: 1m0s
-  timeout: 5m0s
+  timeout: 10m0s
 {{- end }}
--- a/packages/apps/tenant/templates/quota.yaml
+++ b/packages/apps/tenant/templates/quota.yaml
@@ -7,4 +7,21 @@ metadata:
 spec:
  hard:
    {{- include "cozy-lib.resources.flatten" (list .Values.resourceQuotas $) | nindent 6 }}
+---
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: tenant-range-limits
+  namespace: {{ include "tenant.name" . }}
+spec:
+  limits:
+    - default:
+        cpu: "250m"
+        memory: "128Mi"
+        ephemeral-storage: "2Gi"
+      defaultRequest:
+        cpu: "25m"
+        memory: "128Mi"
+        ephemeral-storage: "50Mi"
+      type: Container
 {{- end }}
--- a/packages/apps/tenant/values.schema.json
+++ b/packages/apps/tenant/values.schema.json
@@ -1,41 +1,52 @@
 {
-    "properties": {
-        "etcd": {
-            "default": false,
-            "description": "Deploy own Etcd cluster",
-            "type": "boolean"
-        },
-        "host": {
-            "default": "",
-            "description": "The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host).",
-            "type": "string"
-        },
-        "ingress": {
-            "default": false,
-            "description": "Deploy own Ingress Controller",
-            "type": "boolean"
-        },
-        "isolated": {
-            "default": true,
-            "description": "Enforce tenant namespace with network policies",
-            "type": "boolean"
-        },
-        "monitoring": {
-            "default": false,
-            "description": "Deploy own Monitoring Stack",
-            "type": "boolean"
-        },
-        "resourceQuotas": {
-            "default": {},
-            "description": "Define resource quotas for the tenant",
-            "type": "object"
-        },
-        "seaweedfs": {
-            "default": false,
-            "description": "Deploy own SeaweedFS",
-            "type": "boolean"
-        }
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "etcd": {
+      "description": "Deploy own Etcd cluster",
+      "type": "boolean",
+      "default": false
    },
-    "title": "Chart Values",
-    "type": "object"
+    "host": {
+      "description": "The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host).",
+      "type": "string"
+    },
+    "ingress": {
+      "description": "Deploy own Ingress Controller",
+      "type": "boolean",
+      "default": false
+    },
+    "isolated": {
+      "description": "Enforce tenant namespace with network policies, `true` by default",
+      "type": "boolean",
+      "default": true
+    },
+    "monitoring": {
+      "description": "Deploy own Monitoring Stack",
+      "type": "boolean",
+      "default": false
+    },
+    "resourceQuotas": {
+      "description": "Define resource quotas for the tenant",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
+        "anyOf": [
+          {
+            "type": "integer"
+          },
+          {
+            "type": "string"
+          }
+        ],
+        "x-kubernetes-int-or-string": true
+      }
+    },
+    "seaweedfs": {
+      "description": "Deploy own SeaweedFS",
+      "type": "boolean",
+      "default": false
+    }
+  }
 }
--- a/packages/apps/tenant/values.yaml
+++ b/packages/apps/tenant/values.yaml
@@ -1,18 +1,18 @@
 ## @section Common parameters

-## @param host The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host).
-## @param etcd Deploy own Etcd cluster
-## @param monitoring Deploy own Monitoring Stack
-## @param ingress Deploy own Ingress Controller
-## @param seaweedfs Deploy own SeaweedFS
-## @param isolated Enforce tenant namespace with network policies
-## @param resourceQuotas Define resource quotas for the tenant
+## @param host {*string} The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host).
+## @param etcd {bool} Deploy own Etcd cluster
+## @param monitoring {bool} Deploy own Monitoring Stack
+## @param ingress {bool} Deploy own Ingress Controller
+## @param seaweedfs {bool} Deploy own SeaweedFS
+## @param isolated {bool} Enforce tenant namespace with network policies, `true` by default
 host: ""
 etcd: false
 monitoring: false
 ingress: false
 seaweedfs: false
 isolated: true
+## @param resourceQuotas {map[string]quantity} Define resource quotas for the tenant
 resourceQuotas: {}
 # resourceQuotas:
 #   cpu: "1"
--- a/Show More
+++ b/Show More