Release v0.34.8 (#1337)

This PR prepares the release `v0.34.8`.

.github/workflows/pull-requests.yaml

@@ -264,7 +264,8 @@ jobs:
       - uses: actions/checkout@v4
       - id: set
         run: |
-          apps=$(ls hack/e2e-apps/*.bats | cut -f3 -d/ | cut -f1 -d. | jq -R | jq -cs)
+          apps=$(find hack/e2e-apps -maxdepth 1 -mindepth 1 -name '*.bats' | \
+            awk -F/ '{sub(/\..+/, "", $NF); print $NF}' | jq -R . | jq -cs .)
           echo "matrix={\"app\":$apps}" >> "$GITHUB_OUTPUT"
 
   test_apps:

.gitignore

@@ -77,5 +77,3 @@ fabric.properties
 
 .DS_Store
 **/.DS_Store
-
-tmp/

api/v1alpha1/cozystackresourcedefinitions_types.go

@@ -1,89 +0,0 @@
-/*
-Copyright 2025.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +kubebuilder:object:root=true
-
-// CozystackResourceDefinition is the Schema for the cozystackresourcedefinitions API
-type CozystackResourceDefinition struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec CozystackResourceDefinitionSpec `json:"spec,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-
-// CozystackResourceDefinitionList contains a list of CozystackResourceDefinition
-type CozystackResourceDefinitionList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []CozystackResourceDefinition `json:"items"`
-}
-
-func init() {
-	SchemeBuilder.Register(&CozystackResourceDefinition{}, &CozystackResourceDefinitionList{})
-}
-
-type CozystackResourceDefinitionSpec struct {
-	// Application configuration
-	Application CozystackResourceDefinitionApplication `json:"application"`
-	// Release configuration
-	Release CozystackResourceDefinitionRelease `json:"release"`
-}
-
-type CozystackResourceDefinitionChart struct {
-	// Name of the Helm chart
-	Name string `json:"name"`
-	// Source reference for the Helm chart
-	SourceRef SourceRef `json:"sourceRef"`
-}
-
-type SourceRef struct {
-	// Kind of the source reference
-	// +kubebuilder:default:="HelmRepository"
-	Kind string `json:"kind"`
-	// Name of the source reference
-	Name string `json:"name"`
-	// Namespace of the source reference
-	// +kubebuilder:default:="cozy-public"
-	Namespace string `json:"namespace"`
-}
-
-type CozystackResourceDefinitionApplication struct {
-	// Kind of the application, used for UI and API
-	Kind string `json:"kind"`
-	// OpenAPI schema for the application, used for API validation
-	OpenAPISchema string `json:"openAPISchema"`
-	// Plural name of the application, used for UI and API
-	Plural string `json:"plural"`
-	// Singular name of the application, used for UI and API
-	Singular string `json:"singular"`
-}
-
-type CozystackResourceDefinitionRelease struct {
-	// Helm chart configuration
-	Chart CozystackResourceDefinitionChart `json:"chart"`
-	// Labels for the release
-	Labels map[string]string `json:"labels,omitempty"`
-	// Prefix for the release name
-	Prefix string `json:"prefix"`
-}

api/v1alpha1/zz_generated.deepcopy.go

@@ -25,135 +25,6 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CozystackResourceDefinition) DeepCopyInto(out *CozystackResourceDefinition) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinition.
-func (in *CozystackResourceDefinition) DeepCopy() *CozystackResourceDefinition {
-	if in == nil {
-		return nil
-	}
-	out := new(CozystackResourceDefinition)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *CozystackResourceDefinition) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CozystackResourceDefinitionApplication) DeepCopyInto(out *CozystackResourceDefinitionApplication) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionApplication.
-func (in *CozystackResourceDefinitionApplication) DeepCopy() *CozystackResourceDefinitionApplication {
-	if in == nil {
-		return nil
-	}
-	out := new(CozystackResourceDefinitionApplication)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CozystackResourceDefinitionChart) DeepCopyInto(out *CozystackResourceDefinitionChart) {
-	*out = *in
-	out.SourceRef = in.SourceRef
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionChart.
-func (in *CozystackResourceDefinitionChart) DeepCopy() *CozystackResourceDefinitionChart {
-	if in == nil {
-		return nil
-	}
-	out := new(CozystackResourceDefinitionChart)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CozystackResourceDefinitionList) DeepCopyInto(out *CozystackResourceDefinitionList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]CozystackResourceDefinition, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionList.
-func (in *CozystackResourceDefinitionList) DeepCopy() *CozystackResourceDefinitionList {
-	if in == nil {
-		return nil
-	}
-	out := new(CozystackResourceDefinitionList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *CozystackResourceDefinitionList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CozystackResourceDefinitionRelease) DeepCopyInto(out *CozystackResourceDefinitionRelease) {
-	*out = *in
-	out.Chart = in.Chart
-	if in.Labels != nil {
-		in, out := &in.Labels, &out.Labels
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionRelease.
-func (in *CozystackResourceDefinitionRelease) DeepCopy() *CozystackResourceDefinitionRelease {
-	if in == nil {
-		return nil
-	}
-	out := new(CozystackResourceDefinitionRelease)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CozystackResourceDefinitionSpec) DeepCopyInto(out *CozystackResourceDefinitionSpec) {
-	*out = *in
-	out.Application = in.Application
-	in.Release.DeepCopyInto(&out.Release)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionSpec.
-func (in *CozystackResourceDefinitionSpec) DeepCopy() *CozystackResourceDefinitionSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(CozystackResourceDefinitionSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in Selector) DeepCopyInto(out *Selector) {
 	{
@@ -175,21 +46,6 @@ func (in Selector) DeepCopy() Selector {
 	return *out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SourceRef) DeepCopyInto(out *SourceRef) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceRef.
-func (in *SourceRef) DeepCopy() *SourceRef {
-	if in == nil {
-		return nil
-	}
-	out := new(SourceRef)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Workload) DeepCopyInto(out *Workload) {
 	*out = *in

cmd/token-proxy/Dockerfile

@@ -1,15 +0,0 @@
-FROM golang:1.24-alpine as builder
-
-ARG TARGETOS
-ARG TARGETARCH
-
-COPY main.go go.mod go.sum /src/
-WORKDIR /src
-
-RUN go build -o /token-proxy -ldflags '-extldflags "-static" -w -s' main.go
-
-FROM scratch
-
-COPY --from=builder /token-proxy /token-proxy
-
-ENTRYPOINT ["/token-proxy"]

cmd/token-proxy/example_args.yaml

@@ -1,8 +0,0 @@
-args:
-- --upstream=http://incloud-web-nginx.incloud-web.svc:8080
-- --http-address=0.0.0.0:8000
-- --cookie-refresh=1h
-- --cookie-name=kc-access
-- --cookie-secure=true
-- --cookie-secret=$(OAUTH2_PROXY_COOKIE_SECRET)
-- --token-check-url=http://incloud-web-nginx.incloud-web.svc:8080/api/clusters/cozydev4/k8s/apis/core.cozystack.io/v1alpha1/tenantnamespaces

cmd/token-proxy/go.mod

@@ -1,8 +0,0 @@
-module token-proxy
-
-go 1.24.0
-
-require (
-	github.com/golang-jwt/jwt/v5 v5.3.0
-	github.com/gorilla/securecookie v1.1.2
-)

cmd/token-proxy/go.sum

@@ -1,6 +0,0 @@
-github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
-github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
-github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=

cmd/token-proxy/main.go

@@ -1,259 +0,0 @@
-package main
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"flag"
-	"fmt"
-	"html/template"
-	"log"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"os"
-	"path"
-	"strings"
-	"time"
-
-	"github.com/golang-jwt/jwt/v5"
-	"github.com/gorilla/securecookie"
-)
-
-/* ----------------------------- flags ------------------------------------ */
-
-var (
-	upstream, httpAddr, proxyPrefix string
-	cookieName, cookieSecretB64     string
-	cookieSecure                    bool
-	cookieRefresh                   time.Duration
-	tokenCheckURL                   string
-)
-
-func init() {
-	flag.StringVar(&upstream, "upstream", "", "Upstream URL to proxy to (required)")
-	flag.StringVar(&httpAddr, "http-address", "0.0.0.0:8000", "Listen address")
-	flag.StringVar(&proxyPrefix, "proxy-prefix", "/oauth2", "URL prefix for control endpoints")
-
-	flag.StringVar(&cookieName, "cookie-name", "_oauth2_proxy_0", "Cookie name")
-	flag.StringVar(&cookieSecretB64, "cookie-secret", "", "Base64-encoded cookie secret")
-	flag.BoolVar(&cookieSecure, "cookie-secure", false, "Set Secure flag on cookie")
-	flag.DurationVar(&cookieRefresh, "cookie-refresh", 0, "Cookie refresh interval (e.g. 1h)")
-	flag.StringVar(&tokenCheckURL, "token-check-url", "", "URL for external token validation")
-}
-
-/* ----------------------------- templates -------------------------------- */
-
-var loginTmpl = template.Must(template.New("login").Parse(`
-<!doctype html><html><head><title>Login</title></head>
-<body>
-	<h2>Enter ServiceAccount / OIDC token</h2>
-	{{if .Err}}<p style="color:red">{{.Err}}</p>{{end}}
-	<form method="POST" action="{{.Action}}">
-		<input style="width:420px" name="token" placeholder="Paste token" autofocus/>
-		<button type="submit">Login</button>
-	</form>
-</body></html>`))
-
-/* ----------------------------- helpers ---------------------------------- */
-
-func decodeJWT(raw string) jwt.MapClaims {
-	tkn, _ := jwt.Parse(raw, nil)
-	if c, ok := tkn.Claims.(jwt.MapClaims); ok {
-		return c
-	}
-	return jwt.MapClaims{}
-}
-
-func externalTokenCheck(raw string) error {
-	if tokenCheckURL == "" {
-		return nil
-	}
-	req, _ := http.NewRequest(http.MethodGet, tokenCheckURL, nil)
-	req.Header.Set("Authorization", "Bearer "+raw)
-	cli := &http.Client{Timeout: 5 * time.Second}
-	resp, err := cli.Do(req)
-	if err != nil {
-		return err
-	}
-	resp.Body.Close()
-	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("status %d", resp.StatusCode)
-	}
-	return nil
-}
-
-func encodeSession(sc *securecookie.SecureCookie, token string, exp, issued int64) (string, error) {
-	v := map[string]interface{}{
-		"access_token": token,
-		"expires":      exp,
-		"issued":       issued,
-	}
-	return sc.Encode(cookieName, v)
-}
-
-/* ----------------------------- main ------------------------------------- */
-
-func main() {
-	flag.Parse()
-	if upstream == "" {
-		log.Fatal("--upstream is required")
-	}
-	upURL, err := url.Parse(upstream)
-	if err != nil {
-		log.Fatalf("invalid upstream url: %v", err)
-	}
-
-	if cookieSecretB64 == "" {
-		cookieSecretB64 = os.Getenv("COOKIE_SECRET")
-	}
-	if cookieSecretB64 == "" {
-		log.Fatal("--cookie-secret or $COOKIE_SECRET is required")
-	}
-	secret, err := base64.StdEncoding.DecodeString(cookieSecretB64)
-	if err != nil {
-		log.Fatalf("cookie-secret: %v", err)
-	}
-	sc := securecookie.New(secret, nil)
-
-	// control paths
-	signIn := path.Join(proxyPrefix, "sign_in")
-	signOut := path.Join(proxyPrefix, "sign_out")
-	userInfo := path.Join(proxyPrefix, "userinfo")
-
-	proxy := httputil.NewSingleHostReverseProxy(upURL)
-
-	/* ------------------------- /sign_in ---------------------------------- */
-
-	http.HandleFunc(signIn, func(w http.ResponseWriter, r *http.Request) {
-		switch r.Method {
-		case http.MethodGet:
-			_ = loginTmpl.Execute(w, struct {
-				Action string
-				Err    string
-			}{Action: signIn})
-		case http.MethodPost:
-			token := strings.TrimSpace(r.FormValue("token"))
-			if token == "" {
-				_ = loginTmpl.Execute(w, struct {
-					Action string
-					Err    string
-				}{Action: signIn, Err: "Token required"})
-				return
-			}
-			if err := externalTokenCheck(token); err != nil {
-				_ = loginTmpl.Execute(w, struct {
-					Action string
-					Err    string
-				}{Action: signIn, Err: "Invalid token"})
-				return
-			}
-
-			exp := time.Now().Add(24 * time.Hour).Unix()
-			claims := decodeJWT(token)
-			if v, ok := claims["exp"].(float64); ok {
-				exp = int64(v)
-			}
-			session, _ := encodeSession(sc, token, exp, time.Now().Unix())
-			http.SetCookie(w, &http.Cookie{
-				Name:     cookieName,
-				Value:    session,
-				Path:     "/",
-				Expires:  time.Unix(exp, 0),
-				Secure:   cookieSecure,
-				HttpOnly: true,
-				SameSite: http.SameSiteLaxMode,
-			})
-			http.Redirect(w, r, "/", http.StatusSeeOther)
-		}
-	})
-
-	/* ------------------------- /sign_out --------------------------------- */
-
-	http.HandleFunc(signOut, func(w http.ResponseWriter, r *http.Request) {
-		http.SetCookie(w, &http.Cookie{
-			Name:     cookieName,
-			Value:    "",
-			Path:     "/",
-			MaxAge:   -1,
-			Secure:   cookieSecure,
-			HttpOnly: true,
-		})
-		http.Redirect(w, r, signIn, http.StatusSeeOther)
-	})
-
-	/* ------------------------- /userinfo --------------------------------- */
-
-	http.HandleFunc(userInfo, func(w http.ResponseWriter, r *http.Request) {
-		c, err := r.Cookie(cookieName)
-		if err != nil {
-			http.Error(w, "unauthorized", http.StatusUnauthorized)
-			return
-		}
-		var sess map[string]interface{}
-		if err := sc.Decode(cookieName, c.Value, &sess); err != nil {
-			http.Error(w, "unauthorized", http.StatusUnauthorized)
-			return
-		}
-		token, _ := sess["access_token"].(string)
-		claims := decodeJWT(token)
-
-		out := map[string]interface{}{
-			"token":                 token,
-			"sub":                   claims["sub"],
-			"email":                 claims["email"],
-			"preferred_username":    claims["preferred_username"],
-			"groups":                claims["groups"],
-			"expires":               sess["expires"],
-			"issued":                sess["issued"],
-			"cookie_refresh_enable": cookieRefresh > 0,
-		}
-		w.Header().Set("Content-Type", "application/json")
-		_ = json.NewEncoder(w).Encode(out)
-	})
-
-	/* ----------------------------- proxy --------------------------------- */
-
-	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		c, err := r.Cookie(cookieName)
-		if err != nil {
-			http.Redirect(w, r, signIn, http.StatusFound)
-			return
-		}
-		var sess map[string]interface{}
-		if err := sc.Decode(cookieName, c.Value, &sess); err != nil {
-			http.Redirect(w, r, signIn, http.StatusFound)
-			return
-		}
-		token, _ := sess["access_token"].(string)
-		if token == "" {
-			http.Redirect(w, r, signIn, http.StatusFound)
-			return
-		}
-
-		// cookie refresh
-		if cookieRefresh > 0 {
-			if issued, ok := sess["issued"].(float64); ok {
-				if time.Since(time.Unix(int64(issued), 0)) > cookieRefresh {
-					enc, _ := encodeSession(sc, token, int64(sess["expires"].(float64)), time.Now().Unix())
-					http.SetCookie(w, &http.Cookie{
-						Name:     cookieName,
-						Value:    enc,
-						Path:     "/",
-						Expires:  time.Unix(int64(sess["expires"].(float64)), 0),
-						Secure:   cookieSecure,
-						HttpOnly: true,
-						SameSite: http.SameSiteLaxMode,
-					})
-				}
-			}
-		}
-
-		r.Header.Set("Authorization", "Bearer "+token)
-		proxy.ServeHTTP(w, r)
-	})
-
-	log.Printf("Listening on %s → %s (control prefix %s)", httpAddr, upURL, proxyPrefix)
-	if err := http.ListenAndServe(httpAddr, nil); err != nil {
-		log.Fatal(err)
-	}
-}

hack/download-dashboards.sh

@@ -81,7 +81,6 @@ modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/capacity-p
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//flux/flux-control-plane.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//flux/flux-stats.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//kafka/strimzi-kafka.json
-modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//seaweedfs/seaweedfs.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//goldpinger/goldpinger.json
 EOT
 

hack/e2e-apps/clickhouse.bats

@@ -38,5 +38,4 @@ EOF
   timeout 100 sh -ec "until kubectl -n tenant-test get svc chi-clickhouse-$name-clickhouse-0-0 -o jsonpath='{.spec.ports[*].port}' | grep -q '9000 8123 9009'; do sleep 10; done"
   timeout 80 sh -ec "until kubectl -n tenant-test get sts chi-clickhouse-$name-clickhouse-0-1 ; do sleep 10; done"
   kubectl -n tenant-test wait statefulset.apps/chi-clickhouse-$name-clickhouse-0-1 --timeout=140s --for=jsonpath='{.status.replicas}'=1
-  kubectl -n tenant-test delete clickhouse $name
 }

hack/e2e-apps/kubernetes-latest.bats

@@ -1,6 +0,0 @@
-#!/usr/bin/env bats
-
-@test "Create a tenant Kubernetes control plane with latest version" {
-  . hack/e2e-apps/run-kubernetes.sh
-  run_kubernetes_test 'keys | sort_by(.) | .[-1]' 'test-latest-version' '59991'
-}

hack/e2e-apps/kubernetes-previous.bats

@@ -1,6 +0,0 @@
-#!/usr/bin/env bats
-
-@test "Create a tenant Kubernetes control plane with previous version" {
-  . hack/e2e-apps/run-kubernetes.sh
-  run_kubernetes_test 'keys | sort_by(.) | .[-2]' 'test-previous-version' '59992'
-}

hack/e2e-apps/kubernetes.bats

@@ -1,3 +1,5 @@
+#!/usr/bin/env bats
+
 run_kubernetes_test() {
     local version_expr="$1"
     local test_name="$2"
@@ -102,3 +104,10 @@ EOF
   kubectl -n tenant-test delete kuberneteses.apps.cozystack.io $test_name
 
 }
+
+@test "Create a tenant Kubernetes control plane with latest version" {
+  run_kubernetes_test 'keys | sort_by(.) | .[-1]' 'test-latest-version' '59991'
+}
+@test "Create a tenant Kubernetes control plane with previous version" {
+  run_kubernetes_test 'keys | sort_by(.) | .[-2]' 'test-previous-version' '59992'
+}

hack/update-codegen.sh

@@ -32,10 +32,6 @@ kube::codegen::gen_helpers \
     --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
     "${SCRIPT_ROOT}/pkg/apis"
 
-kube::codegen::gen_helpers \
-    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
-    "${SCRIPT_ROOT}/api"
-
 if [[ -n "${API_KNOWN_VIOLATIONS_DIR:-}" ]]; then
     report_filename="${API_KNOWN_VIOLATIONS_DIR}/cozystack_api_violation_exceptions.list"
     if [[ "${UPDATE_API_KNOWN_VIOLATIONS:-}" == "true" ]]; then

packages/apps/ferretdb/templates/external-svc.yaml

@@ -8,9 +8,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   ports:
   - name: ferretdb

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.6.1@sha256:b7633717cd7449c0042ae92d8ca9b36e4d69566561f5c7d44e21058e7d05c6d5
+ghcr.io/cozystack/cozystack/nginx-cache:0.6.1@sha256:50ac1581e3100bd6c477a71161cb455a341ffaf9e5e2f6086802e4e25271e8af

packages/apps/http-cache/templates/haproxy/service.yaml

@@ -10,9 +10,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   selector:
     app: {{ .Release.Name }}-haproxy

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.26.2@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.26.3@sha256:e4fbb7d2043f25b90cc8840468d0880e9d3d72ae8b1c8801bf8c35f944cc485d

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.26.2@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.26.3@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.2@sha256:761e7235ff9cb7f6f223f00954943e6a5af32ed6624ee592a8610122f96febb0
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.3@sha256:df3a2f503b4a035567b20b81a0f105c15971274fd675101c3b3eb2413d966d2e

packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml

@@ -3,8 +3,8 @@
 {{- $clusterDomain := (index $cozyConfig.data "cluster-domain") | default "cozy.local" }}
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $targetTenant := index $myNS.metadata.annotations "namespace.cozystack.io/monitoring" }}
+vpaForVPA: false
 vertical-pod-autoscaler:
-  vpaForVPA: false
   recommender:
     extraArgs:
       container-name-label: container

packages/apps/postgres/templates/external-svc.yaml

@@ -7,9 +7,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   ports:
   - name: postgres

packages/apps/redis/templates/service.yaml

@@ -11,9 +11,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   selector:
     app.kubernetes.io/component: redis

packages/apps/tcp-balancer/templates/service.yaml

@@ -10,9 +10,7 @@ spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   {{- if .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   {{- end }}
   selector:
     app: {{ .Release.Name }}-haproxy

packages/apps/virtual-machine/templates/service.yaml

@@ -13,9 +13,7 @@ metadata:
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   selector:
     {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
   ports:

packages/apps/vm-instance/templates/service.yaml

@@ -13,9 +13,7 @@ metadata:
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
-    {{- if (include "cozy-lib.network.disableLoadBalancerNodePorts" $ | fromYaml) }}
   allocateLoadBalancerNodePorts: false
-    {{- end }}
   selector:
     {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
   ports:

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.35.0-alpha.3@sha256:b43615350697dbbc377d31152b290722c2bba7a053fd7c69403d666e6c7d53ee
+  image: ghcr.io/cozystack/cozystack/installer:v0.34.8@sha256:c9dae64d1cbb3882749aae3af47e63152a835cb603af12ba573618c0d0940437

packages/core/platform/bundles/distro-full.yaml

@@ -258,10 +258,3 @@ releases:
   privileged: true
   optional: true
   dependsOn: [cilium]
-
-- name: hetzner-robotlb
-  releaseName: robotlb
-  optional: true
-  chart: cozy-hetzner-robotlb
-  namespace: cozy-hetzner-robotlb
-  dependsOn: [cilium]

packages/core/platform/bundles/distro-hosted.yaml

@@ -171,9 +171,3 @@ releases:
   namespace: cozy-velero
   privileged: true
   optional: true
-
-- name: hetzner-robotlb
-  releaseName: robotlb
-  optional: true
-  chart: cozy-hetzner-robotlb
-  namespace: cozy-hetzner-robotlb

packages/core/platform/bundles/paas-full.yaml

@@ -415,10 +415,3 @@ releases:
   privileged: true
   optional: true
   dependsOn: [monitoring-agents]
-
-- name: hetzner-robotlb
-  releaseName: robotlb
-  optional: true
-  chart: cozy-hetzner-robotlb
-  namespace: cozy-hetzner-robotlb
-  dependsOn: [cilium, kubeovn]

packages/core/platform/bundles/paas-hosted.yaml

@@ -238,9 +238,3 @@ releases:
   privileged: true
   optional: true
   dependsOn: [monitoring-agents]
-
-- name: hetzner-robotlb
-  releaseName: robotlb
-  optional: true
-  chart: cozy-hetzner-robotlb
-  namespace: cozy-hetzner-robotlb

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.35.0-alpha.3@sha256:cd6d65230150171c0e3934f71fcc270718f2bfec7509989b9d4d996ddef916d9
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.34.8@sha256:f88293295f95419e0ec5484430ae3b46c58dc07050ccb12104b7b0e7902b1712

packages/extra/bootbox/images/matchbox.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.35.0-alpha.3@sha256:043051d7c368b73943051b51bacfb3e383541b53190f74452d552ea2f30e420e
+ghcr.io/cozystack/cozystack/matchbox:v0.34.8@sha256:9280492dad668db1aeb678e1d5d5cf29a86ada26776fbcbe36bbfa1fc1e9d311

packages/extra/etcd/Chart.yaml

@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: /logos/etcd.svg
 type: application
-version: 2.9.0
+version: 2.9.1

packages/extra/etcd/templates/etcd-cluster.yaml

@@ -49,6 +49,14 @@ spec:
         {{- with .Values.resources }}
         resources: {{- include "cozy-lib.resources.sanitize" (list . $) | nindent 10 }}
         {{- end }}
+    {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }}
+    {{- $rawConstraints := "" }}
+    {{- if $configMap }}
+      {{- $rawConstraints = get $configMap.data "globalAppTopologySpreadConstraints" }}
+    {{- end }}
+    {{- if $rawConstraints }}
+      {{- $rawConstraints | fromYaml | toYaml | nindent 6 }}
+    {{- else }}
       topologySpreadConstraints:
       - maxSkew: 1
         topologyKey: "kubernetes.io/hostname"
@@ -56,6 +64,7 @@ spec:
         labelSelector:
           matchLabels:
             app.kubernetes.io/instance: etcd
+    {{- end }}
   podDisruptionBudgetTemplate: {}
 ---
 apiVersion: cert-manager.io/v1

packages/extra/monitoring/Chart.yaml

@@ -3,4 +3,4 @@ name: monitoring
 description: Monitoring and observability stack
 icon: /logos/monitoring.svg
 type: application
-version: 1.12.1
+version: 1.12.0

packages/extra/monitoring/dashboards.list

@@ -37,5 +37,4 @@ flux/flux-stats
 kafka/strimzi-kafka
 goldpinger/goldpinger
 clickhouse/altinity-clickhouse-operator-dashboard
-storage/linstor
-seaweedfs/seaweedfs
+storage/linstor

packages/extra/monitoring/images/grafana.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/grafana:1.12.1@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399
+ghcr.io/cozystack/cozystack/grafana:1.12.0@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399

packages/extra/seaweedfs/images/objectstorage-sidecar.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.35.0-alpha.3@sha256:4a67ec40c13bf912151957dc0e7409f7e01a2859905285c98c20baae7b667ae2
+ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.35.0-alpha.1@sha256:e4f9a7302285ea9febeb28fc2fa97cb7c01bb91e602f975c31aad1fe46f778f7

packages/extra/seaweedfs/templates/seaweedfs.yaml

@@ -110,6 +110,7 @@ spec:
             {{- else if $.Values.storageClass }}
             storageClass: {{ $.Values.storageClass }}
             {{- end }}
+            maxVolumes: 0
           nodeSelector: |
             topology.kubernetes.io/zone: {{ $zoneName }}
           dataCenter: {{ $zone.dataCenter | default $zoneName }}

packages/extra/versions_map

@@ -13,7 +13,8 @@ etcd 2.6.0 8c460528
 etcd 2.6.1 45a7416c
 etcd 2.7.0 632224a3
 etcd 2.8.0 4369b031
-etcd 2.9.0 HEAD
+etcd 2.9.0 8ddbe32e
+etcd 2.9.1 HEAD
 info 1.0.0 93bdf411
 info 1.0.1 632224a3
 info 1.1.0 HEAD
@@ -47,8 +48,7 @@ monitoring 1.9.2 f9f8bb2f
 monitoring 1.10.0 632224a3
 monitoring 1.10.1 8c86905b
 monitoring 1.11.0 4369b031
-monitoring 1.12.0 0e47e1e8
-monitoring 1.12.1 HEAD
+monitoring 1.12.0 HEAD
 seaweedfs 0.1.0 71514249
 seaweedfs 0.2.0 5fb9cfe3
 seaweedfs 0.2.1 fde4bcfa

packages/library/cozy-lib/templates/_network.tpl

@@ -1,23 +0,0 @@
-{{- define "cozy-lib.network.defaultDisableLoadBalancerNodePorts" }}
-{{/* Default behavior prior to introduction */}}
-{{-   `true` }}
-{{- end }}
-
-{{/* 
-Invoke as {{ include "cozy-lib.network.disableLoadBalancerNodePorts" $ }}.
-Detects whether the current load balancer class requires nodeports to function
-correctly. Currently just checks if Hetzner's RobotLB is enabled, which does
-require nodeports, and so, returns `false`. Otherwise assumes that metallb is
-in use and returns `true`.
-*/}}
-
-{{- define "cozy-lib.network.disableLoadBalancerNodePorts" }}
-{{-   include "cozy-lib.loadCozyConfig" (list "" .) }}
-{{-   $cozyConfig := index . 1 "cozyConfig" }}
-{{-   if not $cozyConfig }}
-{{-     include "cozy-lib.network.defaultDisableLoadBalancerNodePorts" . }}
-{{-   else }}
-{{-     $enabledComponents := splitList "," ((index $cozyConfig.data "bundle-enable") | default "") }}
-{{-     not (has "robotlb" $enabledComponents) }}
-{{-   end }}
-{{- end }}

packages/system/bucket/images/s3manager.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:b39a00543d28cb72617bc50c7a9f873d65c3cd34114d9690cf044f7fac66c8da
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:a9c0a5d5519b2da200d7d035fe30087ea4834fc8013a482848c160610b5b9716

packages/system/cozystack-api/templates/configmap.yaml

@@ -0,0 +1,353 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cozystack-api
+  namespace: cozy-system
+data:
+  config.yaml: |
+    resources:
+    - application:
+        kind: Bucket
+        singular: bucket
+        plural: buckets
+        openAPISchema: {{ .Files.Get "openapi-schemas/bucket.json" | fromJson | toJson | quote }}
+      release:
+        prefix: bucket-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: bucket
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: ClickHouse
+        singular: clickhouse
+        plural: clickhouses
+        openAPISchema: {{ .Files.Get "openapi-schemas/clickhouse.json" | fromJson | toJson | quote }}
+      release:
+        prefix: clickhouse-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: clickhouse
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: HTTPCache
+        singular: httpcache
+        plural: httpcaches
+        openAPISchema: {{ .Files.Get "openapi-schemas/http-cache.json" | fromJson | toJson | quote }}
+      release:
+        prefix: http-cache-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: http-cache
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: NATS
+        singular: nats
+        plural: natses
+        openAPISchema: {{ .Files.Get "openapi-schemas/nats.json" | fromJson | toJson | quote }}
+      release:
+        prefix: nats-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: nats
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: TCPBalancer
+        singular: tcpbalancer
+        plural: tcpbalancers
+        openAPISchema: {{ .Files.Get "openapi-schemas/tcp-balancer.json" | fromJson | toJson | quote }}
+      release:
+        prefix: tcp-balancer-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: tcp-balancer
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: VirtualMachine
+        singular: virtualmachine
+        plural: virtualmachines
+        openAPISchema: {{ .Files.Get "openapi-schemas/virtual-machine.json" | fromJson | toJson | quote }}
+      release:
+        prefix: virtual-machine-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: virtual-machine
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: VPN
+        singular: vpn
+        plural: vpns
+        openAPISchema: {{ .Files.Get "openapi-schemas/vpn.json" | fromJson | toJson | quote }}
+      release:
+        prefix: vpn-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: vpn
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: MySQL
+        singular: mysql
+        plural: mysqls
+        openAPISchema: {{ .Files.Get "openapi-schemas/mysql.json" | fromJson | toJson | quote }}
+      release:
+        prefix: mysql-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: mysql
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: Tenant
+        singular: tenant
+        plural: tenants
+        openAPISchema: {{ .Files.Get "openapi-schemas/tenant.json" | fromJson | toJson | quote }}
+      release:
+        prefix: tenant-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: tenant
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: Kubernetes
+        singular: kubernetes
+        plural: kuberneteses
+        openAPISchema: {{ .Files.Get "openapi-schemas/kubernetes.json" | fromJson | toJson | quote }}
+      release:
+        prefix: kubernetes-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: kubernetes
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: Redis
+        singular: redis
+        plural: redises
+        openAPISchema: {{ .Files.Get "openapi-schemas/redis.json" | fromJson | toJson | quote }}
+      release:
+        prefix: redis-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: redis
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: RabbitMQ
+        singular: rabbitmq
+        plural: rabbitmqs
+        openAPISchema: {{ .Files.Get "openapi-schemas/rabbitmq.json" | fromJson | toJson | quote }}
+      release:
+        prefix: rabbitmq-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: rabbitmq
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: Postgres
+        singular: postgres
+        plural: postgreses
+        openAPISchema: {{ .Files.Get "openapi-schemas/postgres.json" | fromJson | toJson | quote }}
+      release:
+        prefix: postgres-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: postgres
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: FerretDB
+        singular: ferretdb
+        plural: ferretdb
+        openAPISchema: {{ .Files.Get "openapi-schemas/ferretdb.json" | fromJson | toJson | quote }}
+      release:
+        prefix: ferretdb-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: ferretdb
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: Kafka
+        singular: kafka
+        plural: kafkas
+        openAPISchema: {{ .Files.Get "openapi-schemas/kafka.json" | fromJson | toJson | quote }}
+      release:
+        prefix: kafka-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: kafka
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: VMDisk
+        plural: vmdisks
+        singular: vmdisk
+        openAPISchema: {{ .Files.Get "openapi-schemas/vm-disk.json" | fromJson | toJson | quote }}
+      release:
+        prefix: vm-disk-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: vm-disk
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: VMInstance
+        plural: vminstances
+        singular: vminstance
+        openAPISchema: {{ .Files.Get "openapi-schemas/vm-instance.json" | fromJson | toJson | quote }}
+      release:
+        prefix: vm-instance-
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: vm-instance
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-apps
+            namespace: cozy-public
+    - application:
+        kind: Monitoring
+        plural: monitorings
+        singular: monitoring
+        openAPISchema: {{ .Files.Get "openapi-schemas/monitoring.json" | fromJson | toJson | quote }}
+      release:
+        prefix: ""
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: monitoring
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-extra
+            namespace: cozy-public
+    - application:
+        kind: Etcd
+        plural: etcds
+        singular: etcd
+        openAPISchema: {{ .Files.Get "openapi-schemas/etcd.json" | fromJson | toJson | quote }}
+      release:
+        prefix: ""
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: etcd
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-extra
+            namespace: cozy-public
+    - application:
+        kind: Ingress
+        plural: ingresses
+        singular: ingress
+        openAPISchema: {{ .Files.Get "openapi-schemas/ingress.json" | fromJson | toJson | quote }}
+      release:
+        prefix: ""
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: ingress
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-extra
+            namespace: cozy-public
+    - application:
+        kind: SeaweedFS
+        plural: seaweedfses
+        singular: seaweedfs
+        openAPISchema: {{ .Files.Get "openapi-schemas/seaweedfs.json" | fromJson | toJson | quote }}
+      release:
+        prefix: ""
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: seaweedfs
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-extra
+            namespace: cozy-public
+    - application:
+        kind: BootBox
+        plural: bootboxes
+        singular: bootbox
+        openAPISchema: {{ .Files.Get "openapi-schemas/bootbox.json" | fromJson | toJson | quote }}
+      release:
+        prefix: ""
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: bootbox
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-extra
+            namespace: cozy-public
+    - application:
+        kind: Info
+        plural: infos
+        singular: info
+        openAPISchema: {{ .Files.Get "openapi-schemas/info.json" | fromJson | toJson | quote }}
+      release:
+        prefix: ""
+        labels:
+          cozystack.io/ui: "true"
+        chart:
+          name: info
+          sourceRef:
+            kind: HelmRepository
+            name: cozystack-extra
+            namespace: cozy-public

packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml

@@ -1,505 +0,0 @@
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: bucket
-spec:
-  application:
-    kind: Bucket
-    singular: bucket
-    plural: buckets
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/bucket.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: bucket-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: bucket
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: clickhouse
-spec:
-  application:
-    kind: ClickHouse
-    singular: clickhouse
-    plural: clickhouses
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/clickhouse.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: clickhouse-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: clickhouse
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: httpcache
-spec:
-  application:
-    kind: HTTPCache
-    singular: httpcache
-    plural: httpcaches
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/http-cache.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: http-cache-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: http-cache
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: nats
-spec:
-  application:
-    kind: NATS
-    singular: nats
-    plural: natses
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/nats.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: nats-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: nats
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: tcpbalancer
-spec:
-  application:
-    kind: TCPBalancer
-    singular: tcpbalancer
-    plural: tcpbalancers
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/tcp-balancer.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: tcp-balancer-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: tcp-balancer
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: virtualmachine
-spec:
-  application:
-    kind: VirtualMachine
-    singular: virtualmachine
-    plural: virtualmachines
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/virtual-machine.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: virtual-machine-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: virtual-machine
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: vpn
-spec:
-  application:
-    kind: VPN
-    singular: vpn
-    plural: vpns
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/vpn.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: vpn-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: vpn
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: mysql
-spec:
-  application:
-    kind: MySQL
-    singular: mysql
-    plural: mysqls
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/mysql.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: mysql-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: mysql
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: tenant
-spec:
-  application:
-    kind: Tenant
-    singular: tenant
-    plural: tenants
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/tenant.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: tenant-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: tenant
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: kubernetes
-spec:
-  application:
-    kind: Kubernetes
-    singular: kubernetes
-    plural: kuberneteses
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/kubernetes.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: kubernetes-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: kubernetes
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: redis
-spec:
-  application:
-    kind: Redis
-    singular: redis
-    plural: redises
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/redis.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: redis-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: redis
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: rabbitmq
-spec:
-  application:
-    kind: RabbitMQ
-    singular: rabbitmq
-    plural: rabbitmqs
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/rabbitmq.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: rabbitmq-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: rabbitmq
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: postgres
-spec:
-  application:
-    kind: Postgres
-    singular: postgres
-    plural: postgreses
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/postgres.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: postgres-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: postgres
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: ferretdb
-spec:
-  application:
-    kind: FerretDB
-    singular: ferretdb
-    plural: ferretdbs
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/ferretdb.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: ferretdb-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: ferretdb
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: kafka
-spec:
-  application:
-    kind: Kafka
-    singular: kafka
-    plural: kafkas
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/kafka.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: kafka-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: kafka
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: vmdisk
-spec:
-  application:
-    kind: VMDisk
-    singular: vmdisk
-    plural: vmdisks
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/vm-disk.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: vm-disk-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: vm-disk
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: vminstance
-spec:
-  application:
-    kind: VMInstance
-    singular: vminstance
-    plural: vminstances
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/vm-instance.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: vm-instance-
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: vm-instance
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-apps
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: monitoring
-spec:
-  application:
-    kind: Monitoring
-    singular: monitoring
-    plural: monitorings
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/monitoring.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: ""
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: monitoring
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-extra
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: etcd
-spec:
-  application:
-    kind: Etcd
-    singular: etcd
-    plural: etcds
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/etcd.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: ""
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: etcd
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-extra
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: ingress
-spec:
-  application:
-    kind: Ingress
-    singular: ingress
-    plural: ingresses
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/ingress.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: ""
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: ingress
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-extra
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: seaweedfs
-spec:
-  application:
-    kind: SeaweedFS
-    singular: seaweedfs
-    plural: seaweedfses
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/seaweedfs.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: ""
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: seaweedfs
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-extra
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: bootbox
-spec:
-  application:
-    kind: BootBox
-    singular: bootbox
-    plural: bootboxes
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/bootbox.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: ""
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: bootbox
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-extra
-        namespace: cozy-public
----
-apiVersion: cozystack.io/v1alpha1
-kind: CozystackResourceDefinition
-metadata:
-  name: info
-spec:
-  application:
-    kind: Info
-    singular: info
-    plural: infos
-    openAPISchema: |
-      {{- .Files.Get "openapi-schemas/info.json" | fromJson | toJson | nindent 6 }}
-  release:
-    prefix: ""
-    labels:
-      cozystack.io/ui: "true"
-    chart:
-      name: info
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-extra
-        namespace: cozy-public

packages/system/cozystack-api/templates/deployment.yaml

@@ -14,8 +14,22 @@ spec:
     metadata:
       labels:
         app: cozystack-api
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
     spec:
       serviceAccountName: cozystack-api
       containers:
       - name: cozystack-api
         image: "{{ .Values.cozystackAPI.image }}"
+        args: ["--config=/config/config.yaml"]
+        volumeMounts:
+        - name: config-volume
+          mountPath: /config/config.yaml
+          subPath: config.yaml
+      volumes:
+      - name: config-volume
+        configMap:
+          name: cozystack-api
+          items:
+          - key: config.yaml
+            path: config.yaml

packages/system/cozystack-api/templates/rbac.yaml

@@ -10,11 +10,8 @@ rules:
   resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations", "validatingadmissionpolicies", "validatingadmissionpolicybindings"]
   verbs: ["get", "watch", "list"]
 - apiGroups: ["flowcontrol.apiserver.k8s.io"]
-  resources: ["prioritylevelconfigurations", "flowschemas"]
-  verbs: ["list", "watch"]
-- apiGroups: ["cozystack.io"]
-  resources: ["*"]
-  verbs: ["get", "watch", "list"]
-- apiGroups: ["helm.toolkit.fluxcd.io"]
-  resources: ["*"]
-  verbs: ["*"]
+  resources: ['prioritylevelconfigurations', 'flowschemas']
+  verbs: ['list', 'watch']
+- apiGroups: ['helm.toolkit.fluxcd.io']
+  resources: ['*']
+  verbs: ['*']

packages/system/cozystack-api/values.yaml

@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.35.0-alpha.3@sha256:d4cfc2afacc30d383f7b5454e97bb77f2e9bfc33dbc3dc512bfe671300e3ad51
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.34.8@sha256:86ef89a7be84761038cc25507a1b6e195c9f86c8051ac8aca8044dd8de39dedb

packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml

@@ -1,115 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.4
-  name: cozystackresourcedefinitions.cozystack.io
-spec:
-  group: cozystack.io
-  names:
-    kind: CozystackResourceDefinition
-    listKind: CozystackResourceDefinitionList
-    plural: cozystackresourcedefinitions
-    singular: cozystackresourcedefinition
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: CozystackResourceDefinition is the Schema for the cozystackresourcedefinitions
-          API
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            properties:
-              application:
-                description: Application configuration
-                properties:
-                  kind:
-                    description: Kind of the application, used for UI and API
-                    type: string
-                  openAPISchema:
-                    description: OpenAPI schema for the application, used for API
-                      validation
-                    type: string
-                  plural:
-                    description: Plural name of the application, used for UI and API
-                    type: string
-                  singular:
-                    description: Singular name of the application, used for UI and
-                      API
-                    type: string
-                required:
-                - kind
-                - openAPISchema
-                - plural
-                - singular
-                type: object
-              release:
-                description: Release configuration
-                properties:
-                  chart:
-                    description: Helm chart configuration
-                    properties:
-                      name:
-                        description: Name of the Helm chart
-                        type: string
-                      sourceRef:
-                        description: Source reference for the Helm chart
-                        properties:
-                          kind:
-                            default: HelmRepository
-                            description: Kind of the source reference
-                            type: string
-                          name:
-                            description: Name of the source reference
-                            type: string
-                          namespace:
-                            default: cozy-public
-                            description: Namespace of the source reference
-                            type: string
-                        required:
-                        - kind
-                        - name
-                        - namespace
-                        type: object
-                    required:
-                    - name
-                    - sourceRef
-                    type: object
-                  labels:
-                    additionalProperties:
-                      type: string
-                    description: Labels for the release
-                    type: object
-                  prefix:
-                    description: Prefix for the release name
-                    type: string
-                required:
-                - chart
-                - prefix
-                type: object
-            required:
-            - application
-            - release
-            type: object
-        type: object
-    served: true
-    storage: true

packages/system/cozystack-controller/values.yaml

@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.35.0-alpha.3@sha256:98d0b945630c3dd7c39adc7a5326f0e0e0b49a18641bec911aeb6c62beca4e1f
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.34.8@sha256:cd4082e3672e793cbead467041ffb372d465085653614885f109fc7c582cd112
   debug: false
   disableTelemetry: false
-  cozystackVersion: "v0.35.0-alpha.3"
+  cozystackVersion: "v0.34.8"

packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml

@@ -76,7 +76,7 @@ data:
       "kubeappsNamespace": {{ .Release.Namespace | quote }},
       "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
       "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.35.0-alpha.3",
+      "appVersion": "v0.34.8",
       "authProxyEnabled": {{ .Values.authProxy.enabled }},
       "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
       "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},

packages/system/dashboard/images/dashboard/Dockerfile

@@ -1,7 +1,7 @@
 FROM bitnami/node:20.15.1 AS build
 WORKDIR /app
 
-ARG COMMIT_REF=cdf9095f50c74505870de337725d2a9d0bd20947
+ARG COMMIT_REF=4926bc68fabb0914afab574006643c85a597b371
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=2 kubeapps-${COMMIT_REF}/dashboard
 
 RUN yarn install --frozen-lockfile

packages/system/dashboard/images/kubeapps-apis/Dockerfile

@@ -4,7 +4,7 @@
 # syntax = docker/dockerfile:1
 
 FROM alpine AS source
-ARG COMMIT_REF=cdf9095f50c74505870de337725d2a9d0bd20947
+ARG COMMIT_REF=4926bc68fabb0914afab574006643c85a597b371
 RUN apk add --no-cache patch
 WORKDIR /source
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1

packages/system/dashboard/values.yaml

@@ -19,8 +19,8 @@ kubeapps:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: dashboard
-      tag: v0.35.0-alpha.3
-      digest: "sha256:ad4b95660b6c5c1b9736ca4768a3f9648705c2855d0a08880d570b4e480dba78"
+      tag: v0.34.8
+      digest: "sha256:54906b3d2492c8603a347a5938b6db36e5ed5c4149111cae1804ac9110361947"
   redis:
     master:
       resourcesPreset: "none"
@@ -37,8 +37,8 @@ kubeapps:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: kubeapps-apis
-      tag: v0.35.0-alpha.3
-      digest: "sha256:55b1aacdcb8f7e96b75396e461fbba612498095515b9a437b8f925802f06c485"
+      tag: v0.34.8
+      digest: "sha256:6a02c7ef1e851118472e80ec7dac961e7637a6d32f4bd35dc1d2f0b32bf217a3"
     pluginConfig:
       flux:
         packages:

packages/system/hetzner-robotlb/Chart.yaml

@@ -1,3 +0,0 @@
-apiVersion: v2
-name: cozy-hetzner-robotlb
-version: 0.1.3  # Placeholder, the actual version will be automatically set during the build process

packages/system/hetzner-robotlb/Makefile

@@ -1,9 +0,0 @@
-export NAME=hetzner-robotlb
-export NAMESPACE=cozy-$(NAME)
-
-include ../../../scripts/package.mk
-
-update:
-	rm -rf charts
-	mkdir -p charts
-	helm pull oci://ghcr.io/intreecom/charts/robotlb --untar --untardir charts

packages/system/hetzner-robotlb/charts/robotlb/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

packages/system/hetzner-robotlb/charts/robotlb/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v2
-appVersion: 0.0.5
-description: A Helm chart for robotlb (loadbalancer on hetzner cloud).
-name: robotlb
-type: application
-version: 0.1.3

packages/system/hetzner-robotlb/charts/robotlb/templates/NOTES.txt

@@ -1,4 +0,0 @@
-The RobotLB Operator was successfully installed.
-Please follow the readme to create loadbalanced services.
-
-README: https://github.com/intreecom/robotlb

packages/system/hetzner-robotlb/charts/robotlb/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "robotlb.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "robotlb.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "robotlb.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "robotlb.labels" -}}
-helm.sh/chart: {{ include "robotlb.chart" . }}
-{{ include "robotlb.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "robotlb.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "robotlb.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "robotlb.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "robotlb.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

packages/system/hetzner-robotlb/charts/robotlb/templates/deployment.yaml

@@ -1,66 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "robotlb.fullname" . }}
-  labels:
-    {{- include "robotlb.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicas }}
-  selector:
-    matchLabels:
-      {{- include "robotlb.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "robotlb.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "robotlb.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command:
-            - /usr/local/bin/robotlb
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          {{- with .Values.envs }}
-          env:
-            {{- range $key, $val := . }}
-              - name: {{ $key | quote }}
-                value: {{ $val | quote }}
-            {{ end -}}
-          {{- end }}
-          {{- with .Values.existingSecrets }}
-          envFrom:
-            {{- range $val := . }}
-            - secretRef:
-                name: {{ $val | quote }}
-            {{ end -}}
-          {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

packages/system/hetzner-robotlb/charts/robotlb/templates/role.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "robotlb.fullname" . }}-cr
-rules: {{- toYaml .Values.serviceAccount.permissions | nindent 2 }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "robotlb.fullname" . }}-crb
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "robotlb.fullname" . }}-cr
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "robotlb.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
-{{- end }}

packages/system/hetzner-robotlb/charts/robotlb/templates/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "robotlb.serviceAccountName" . }}
-  labels:
-    {{- include "robotlb.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}

packages/system/hetzner-robotlb/charts/robotlb/values.yaml

@@ -1,73 +0,0 @@
-# Default values for robotlb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-image:
-  repository: ghcr.io/intreecom/robotlb
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-envs:
-  ROBOTLB_LOG_LEVEL: "INFO"
-
-existingSecrets: []
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-  # This is a list of cluster permissions to apply to the service account.
-  # By default it grants all permissions.
-  permissions:
-  - apiGroups: [""]
-    resources: [services, services/status]
-    verbs: [get, list, patch, update, watch]
-  - apiGroups: [""]
-    resources: [nodes, pods]
-    verbs: [get, list, watch]
-
-podAnnotations: {}
-podLabels: {}
-
-podSecurityContext:
-  {}
-  # fsGroup: 2000
-
-securityContext:
-  {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-resources:
-  {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

packages/system/hetzner-robotlb/values.yaml

@@ -1,3 +0,0 @@
-robotlb:
-  replicas: 1
-  existingSecrets: ["hetzner-robotlb-credentials"]

packages/system/kamaji/Makefile

@@ -27,4 +27,5 @@ image:
 		yq -i '.kamaji.image.repository = strenv(REPOSITORY)' values.yaml
 	TAG=$(TAG)@$$(yq e '."containerimage.digest"' images/kamaji.json -o json -r) \
 		yq -i '.kamaji.image.tag = strenv(TAG)' values.yaml
+	yq -i '.kamaji.extraArgs[0] = "--migrate-image=" + .kamaji.image.repository + ":" + .kamaji.image.tag' values.yaml
 	rm -f images/kamaji.json

packages/system/kamaji/values.yaml

@@ -3,7 +3,7 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.35.0-alpha.3@sha256:34500654751ceef7a57562fb1edc6928d91245ad8e41da732788dcf10ec330b5
+    tag: v0.34.8@sha256:908dc829ce8493607dffcf6de95e4993ff2bfc0d65949c501bd7119fad45127a
     repository: ghcr.io/cozystack/cozystack/kamaji
   resources:
     limits:
@@ -12,3 +12,5 @@ kamaji:
     requests:
       cpu: 100m
       memory: 100Mi
+  extraArgs:
+    - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.34.8@sha256:908dc829ce8493607dffcf6de95e4993ff2bfc0d65949c501bd7119fad45127a

packages/system/keycloak/templates/sts.yaml

@@ -87,10 +87,7 @@ spec:
             - name: KEYCLOAK_ADMIN
               value: admin
             - name: KEYCLOAK_ADMIN_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Release.Name }}-credentials
-                  key: password
+              value: {{ $password }}
             - name: KC_DB
               value: "postgres"
             - name: KC_DB_URL_HOST

packages/system/kubeovn-webhook/values.yaml

@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.35.0-alpha.3@sha256:ad4e506065458b039a86c7f03a35dbb6918756e117ce74dd931089383cfd91f8
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.34.8@sha256:e6c845b65142d554d34187aef29afcbd8f67fae7dcc787255fb53de2b6103386

packages/system/kubeovn/values.yaml

@@ -64,4 +64,4 @@ global:
   images:
     kubeovn:
       repository: kubeovn
-      tag: v1.13.14@sha256:bacd68243ee9fd94f5f0e377801ed3e99cd0762ff5df0d0ec73a73130180d8ca
+      tag: v1.13.14@sha256:0f27c268300fe30fe3ad61d145fdb276d5dddba2d792aacc26f3f512f7ef205d

packages/system/kubevirt-csi-node/values.yaml

@@ -1,3 +1,3 @@
 storageClass: replicated
 csiDriver:
-  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.2@sha256:761e7235ff9cb7f6f223f00954943e6a5af32ed6624ee592a8610122f96febb0
+  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.26.3@sha256:df3a2f503b4a035567b20b81a0f105c15971274fd675101c3b3eb2413d966d2e

packages/system/linstor/templates/podscrape.yaml

@@ -37,7 +37,7 @@ spec:
     - replacement: linstor-satellite
       targetLabel: job
     - sourceLabels: [__meta_kubernetes_pod_node_name]
-      targetLabel: node
+      targetLabel: controller_node
     - targetLabel: tier
       replacement: cluster
   selector:

packages/system/objectstorage-controller/Makefile

@@ -27,4 +27,3 @@ image-controller image-sidecar:
 	IMAGE="$(REGISTRY)/objectstorage-$(TARGET):$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/$(TARGET).json -r)" \
 		yq -i '$(YAML_PATH) = strenv(IMAGE)' $(VALUES_FILE)
 	rm -f images/$(TARGET).json
-	yq .seaweedfs.cosi.sidecar.image ../seaweedfs/values.yaml > ../../extra/seaweedfs/images/objectstorage-sidecar.tag

packages/system/objectstorage-controller/values.yaml

@@ -1,3 +1,3 @@
 objectstorage:
   controller:
-    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.35.0-alpha.3@sha256:4d3f20ae946736d9260193dd1ce0e72114ad6bd6f78fb6528a68efffa2092b07"
+    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.34.8@sha256:5891c7fb46fb7c6ada4abc4e78e69b34631d13e32a30a86c0abc15cc17675450"

packages/system/seaweedfs/Makefile

@@ -8,5 +8,4 @@ update:
 	curl -sSL https://github.com/seaweedfs/seaweedfs/archive/refs/heads/master.tar.gz | \
 	tar xzvf - --strip 3 -C charts seaweedfs-master/k8s/charts/seaweedfs
 	patch --no-backup-if-mismatch -p4 < patches/resize-api-server-annotation.diff
-	patch --no-backup-if-mismatch -p4 < patches/fix-volume-servicemonitor.patch
 	#patch --no-backup-if-mismatch -p4 < patches/retention-policy-delete.yaml

packages/system/seaweedfs/charts/seaweedfs/templates/volume-servicemonitor.yaml

@@ -21,9 +21,9 @@ metadata:
     {{- with $.Values.global.monitoring.additionalLabels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
-{{- if $.Values.volume.annotations }}
+{{- if .Values.volume.annotations }}
   annotations:
-    {{- toYaml $.Values.volume.annotations | nindent 4 }}
+    {{- toYaml .Values.volume.annotations | nindent 4 }}
 {{- end }}
 spec:
   endpoints:

packages/system/seaweedfs/patches/fix-volume-servicemonitor.patch

@@ -1,15 +0,0 @@
-diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-servicemonitor.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-servicemonitor.yaml
---- a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-servicemonitor.yaml	(revision 8951bc13d7d02b5e6982a239570ed58ed7cb025a)
-+++ b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-servicemonitor.yaml	(revision fa4fff2292c4b79a92db5cd654a3c6bf590252a6)
-@@ -21,9 +21,9 @@
-     {{- with $.Values.global.monitoring.additionalLabels }}
-     {{- toYaml . | nindent 4 }}
-     {{- end }}
--{{- if .Values.volume.annotations }}
-+{{- if $.Values.volume.annotations }}
-   annotations:
--    {{- toYaml .Values.volume.annotations | nindent 4 }}
-+    {{- toYaml $.Values.volume.annotations | nindent 4 }}
- {{- end }}
- spec:
-   endpoints:

packages/system/seaweedfs/values.yaml

@@ -4,12 +4,10 @@ global:
   extraEnvironmentVars:
     WEED_CLUSTER_SW_MASTER: "seaweedfs-master:9333"
     WEED_CLUSTER_SW_FILER: "seaweedfs-filer-client:8888"
-  monitoring:
-    enabled: true
 seaweedfs:
   master:
+    volumeSizeLimitMB: 30000
     replicas: 3
-    volumeSizeLimitMB: 100
     #  replication type is XYZ:
     # X number of replica in other data centers
     # Y number of replica in other racks in the same data center
@@ -80,10 +78,7 @@ seaweedfs:
       existingConfigSecret: null
       auditLogConfig: {}
   s3:
-    enabled: true
     enableAuth: true
-    readinessProbe:
-      scheme: HTTPS
     logs:
       type: ""
     ingress:
@@ -92,6 +87,8 @@ seaweedfs:
       host: "seaweedfs2.demo.cozystack.io"
       annotations:
         nginx.ingress.kubernetes.io/proxy-body-size: "0"
+        nginx.ingress.kubernetes.io/proxy-buffering: "off"
+        nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
         nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
         acme.cert-manager.io/http01-ingress-class: tenant-root
         cert-manager.io/cluster-issuer: letsencrypt-prod
@@ -99,13 +96,6 @@ seaweedfs:
         - hosts:
             - seaweedfs.demo.cozystack.io
           secretName: seaweedfs-s3-ingress-tls
-    resources:
-      limits:
-        cpu: "2"
-        memory: "2Gi"
-      requests:
-        cpu: "500m"
-        memory: "1Gi"
   cosi:
     enabled: true
     podLabels:
@@ -114,7 +104,7 @@ seaweedfs:
     bucketClassName: "seaweedfs"
     region: ""
     sidecar:
-      image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.35.0-alpha.3@sha256:4a67ec40c13bf912151957dc0e7409f7e01a2859905285c98c20baae7b667ae2"
+      image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.34.8@sha256:ccc7ec31b2beebf09413b9a41ffa8fd06899510127572c9e1c1e30ddab45ebe9"
   certificates:
     commonName: "SeaweedFS CA"
     ipAddresses: []

pkg/cmd/server/start.go

@@ -25,13 +25,11 @@ import (
 	"io"
 	"net"
 
-	corev1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
 	"github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1"
 	"github.com/cozystack/cozystack/pkg/apiserver"
 	"github.com/cozystack/cozystack/pkg/config"
 	sampleopenapi "github.com/cozystack/cozystack/pkg/generated/openapi"
 	"github.com/spf13/cobra"
-	"k8s.io/apimachinery/pkg/runtime"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/version"
@@ -40,11 +38,9 @@ import (
 	genericoptions "k8s.io/apiserver/pkg/server/options"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	utilversionpkg "k8s.io/apiserver/pkg/util/version"
-	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/component-base/featuregate"
 	baseversion "k8s.io/component-base/version"
 	netutils "k8s.io/utils/net"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 // AppsServerOptions holds the state for the Apps API server
@@ -55,7 +51,9 @@ type AppsServerOptions struct {
 	StdErr io.Writer
 
 	AlternateDNS []string
-	Client       client.Client
+
+	// Add a field to store the configuration path
+	ResourceConfigPath string
 
 	// Add a field to store the configuration
 	ResourceConfig *config.ResourceConfig
@@ -68,6 +66,7 @@ func NewAppsServerOptions(out, errOut io.Writer) *AppsServerOptions {
 			"",
 			apiserver.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion),
 		),
+
 		StdOut: out,
 		StdErr: errOut,
 	}
@@ -102,6 +101,9 @@ func NewCommandStartAppsServer(ctx context.Context, defaults *AppsServerOptions)
 	flags := cmd.Flags()
 	o.RecommendedOptions.AddFlags(flags)
 
+	// Add a flag for the config path
+	flags.StringVar(&o.ResourceConfigPath, "config", "config.yaml", "Path to the resource configuration file")
+
 	// The following lines demonstrate how to configure version compatibility and feature gates
 	// for the "Apps" component according to KEP-4330.
 
@@ -140,54 +142,12 @@ func NewCommandStartAppsServer(ctx context.Context, defaults *AppsServerOptions)
 
 // Complete fills in the fields that are not set
 func (o *AppsServerOptions) Complete() error {
-	scheme := runtime.NewScheme()
-	if err := corev1alpha1.AddToScheme(scheme); err != nil {
-		return fmt.Errorf("failed to register types: %w", err)
-	}
-
-	cfg, err := clientcmd.BuildConfigFromFlags("", "")
+	// Load the configuration file
+	cfg, err := config.LoadConfig(o.ResourceConfigPath)
 	if err != nil {
-		return fmt.Errorf("failed to get kubeconfig: %w", err)
+		return fmt.Errorf("failed to load config from %s: %v", o.ResourceConfigPath, err)
 	}
-
-	o.Client, err = client.New(cfg, client.Options{Scheme: scheme})
-	if err != nil {
-		return fmt.Errorf("client initialization failed: %w", err)
-	}
-
-	crdList := &corev1alpha1.CozystackResourceDefinitionList{}
-
-	if err := o.Client.List(context.Background(), crdList); err != nil {
-		return fmt.Errorf("failed to list CozystackResourceDefinitions: %w", err)
-	}
-
-	// Convert to ResourceConfig
-	o.ResourceConfig = &config.ResourceConfig{}
-	for _, crd := range crdList.Items {
-		resource := config.Resource{
-			Application: config.ApplicationConfig{
-				Kind:          crd.Spec.Application.Kind,
-				Singular:      crd.Spec.Application.Singular,
-				Plural:        crd.Spec.Application.Plural,
-				ShortNames:    []string{}, // TODO: implement shortnames
-				OpenAPISchema: crd.Spec.Application.OpenAPISchema,
-			},
-			Release: config.ReleaseConfig{
-				Prefix: crd.Spec.Release.Prefix,
-				Labels: crd.Spec.Release.Labels,
-				Chart: config.ChartConfig{
-					Name: crd.Spec.Release.Chart.Name,
-					SourceRef: config.SourceRefConfig{
-						Kind:      crd.Spec.Release.Chart.SourceRef.Kind,
-						Name:      crd.Spec.Release.Chart.SourceRef.Name,
-						Namespace: crd.Spec.Release.Chart.SourceRef.Namespace,
-					},
-				},
-			},
-		}
-		o.ResourceConfig.Resources = append(o.ResourceConfig.Resources, resource)
-	}
-
+	o.ResourceConfig = cfg
 	return nil
 }
 

pkg/config/config.go

@@ -16,6 +16,13 @@ limitations under the License.
 
 package config
 
+import (
+	"fmt"
+	"os"
+
+	"gopkg.in/yaml.v2"
+)
+
 // ResourceConfig represents the structure of the configuration file.
 type ResourceConfig struct {
 	Resources []Resource `yaml:"resources"`
@@ -55,3 +62,33 @@ type SourceRefConfig struct {
 	Name      string `yaml:"name"`
 	Namespace string `yaml:"namespace"`
 }
+
+// LoadConfig loads the configuration from the specified path and validates it.
+func LoadConfig(path string) (*ResourceConfig, error) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	var config ResourceConfig
+	if err := yaml.Unmarshal(data, &config); err != nil {
+		return nil, err
+	}
+
+	// Validate the configuration.
+	for i, res := range config.Resources {
+		if res.Application.Kind == "" {
+			return nil, fmt.Errorf("resource at index %d has an empty kind", i)
+		}
+		if res.Application.Plural == "" {
+			return nil, fmt.Errorf("resource at index %d has an empty plural", i)
+		}
+		if res.Release.Chart.Name == "" {
+			return nil, fmt.Errorf("resource at index %d has an empty chart name in release", i)
+		}
+		if res.Release.Chart.SourceRef.Kind == "" || res.Release.Chart.SourceRef.Name == "" || res.Release.Chart.SourceRef.Namespace == "" {
+			return nil, fmt.Errorf("resource at index %d has an incomplete sourceRef for chart in release", i)
+		}
+	}
+	return &config, nil
+}

pkg/generated/openapi/zz_generated.openapi.go

@@ -30,9 +30,9 @@ import (
 
 func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition {
 	return map[string]common.OpenAPIDefinition{
-		"github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.Application":                          schema_pkg_apis_apps_v1alpha1_Application(ref),
-		"github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationList":                      schema_pkg_apis_apps_v1alpha1_ApplicationList(ref),
-		"github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationStatus":                    schema_pkg_apis_apps_v1alpha1_ApplicationStatus(ref),
+		"github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.Application":                           schema_pkg_apis_apps_v1alpha1_Application(ref),
+		"github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationList":                       schema_pkg_apis_apps_v1alpha1_ApplicationList(ref),
+		"github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1.ApplicationStatus":                     schema_pkg_apis_apps_v1alpha1_ApplicationStatus(ref),
 		"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ConversionRequest":                 schema_pkg_apis_apiextensions_v1_ConversionRequest(ref),
 		"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ConversionResponse":                schema_pkg_apis_apiextensions_v1_ConversionResponse(ref),
 		"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ConversionReview":                  schema_pkg_apis_apiextensions_v1_ConversionReview(ref),

pkg/registry/apps/application/rest.go

@@ -18,7 +18,6 @@ package application
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"
@@ -42,10 +41,6 @@ import (
 
 	appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1"
 	"github.com/cozystack/cozystack/pkg/config"
-	internalapiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
-	apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	structuralschema "k8s.io/apiextensions-apiserver/pkg/apiserver/schema"
-	schemadefault "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting"
 
 	// Importing API errors package to construct appropriate error responses
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -83,21 +78,10 @@ type REST struct {
 	kindName      string
 	singularName  string
 	releaseConfig config.ReleaseConfig
-	specSchema    *structuralschema.Structural
 }
 
 // NewREST creates a new REST storage for Application with specific configuration
 func NewREST(dynamicClient dynamic.Interface, config *config.Resource) *REST {
-	var specSchema *structuralschema.Structural
-	if raw := strings.TrimSpace(config.Application.OpenAPISchema); raw != "" {
-		var js internalapiext.JSONSchemaProps
-		if err := json.Unmarshal([]byte(raw), &js); err != nil {
-			klog.Errorf("Failed to unmarshal OpenAPI schema: %v", err)
-		} else if specSchema, err = structuralschema.NewStructural(&js); err != nil {
-			klog.Errorf("Failed to create structural schema: %v", err)
-		}
-	}
-
 	return &REST{
 		dynamicClient: dynamicClient,
 		gvr: schema.GroupVersionResource{
@@ -112,7 +96,6 @@ func NewREST(dynamicClient dynamic.Interface, config *config.Resource) *REST {
 		kindName:      config.Application.Kind,
 		singularName:  config.Application.Singular,
 		releaseConfig: config.Release,
-		specSchema:    specSchema,
 	}
 }
 
@@ -937,10 +920,6 @@ func (r *REST) ConvertHelmReleaseToApplication(hr *unstructured.Unstructured) (a
 		return appsv1alpha1.Application{}, err
 	}
 
-	if err := r.applySpecDefaults(&app); err != nil {
-		return app, fmt.Errorf("defaulting error: %w", err)
-	}
-
 	klog.V(6).Infof("Successfully converted HelmRelease %s to Application", hr.GetName())
 	return app, nil
 }
@@ -1205,28 +1184,3 @@ func (e errNotAcceptable) Status() metav1.Status {
 		Message: e.Error(),
 	}
 }
-
-// applySpecDefaults applies default values to the Application spec based on the schema
-func (r *REST) applySpecDefaults(app *appsv1alpha1.Application) error {
-	if r.specSchema == nil {
-		return nil
-	}
-	var m map[string]any
-	if app.Spec != nil && len(app.Spec.Raw) > 0 {
-		if err := json.Unmarshal(app.Spec.Raw, &m); err != nil {
-			return err
-		}
-	}
-	if m == nil {
-		m = map[string]any{}
-	}
-
-	schemadefault.Default(m, r.specSchema)
-
-	raw, err := json.Marshal(m)
-	if err != nil {
-		return err
-	}
-	app.Spec = &apiextv1.JSON{Raw: raw}
-	return nil
-}

scripts/common-envs.mk

@@ -17,8 +17,6 @@ endif
 
 # Get the name of the selected docker buildx builder
 BUILDER ?= $(shell docker buildx inspect --bootstrap | head -n2 | awk '/^Name:/{print $$NF}')
+# Get platforms supported by the builder
+PLATFORM ?= $(shell docker buildx ls --format=json | jq -r 'select(.Name == "$(BUILDER)") | [.Nodes[].Platforms // []] | flatten | unique | map(select(test("^linux/amd64$$|^linux/arm64$$"))) | join(",")')
 
-# Get platforms supported by the builder (only if PLATFORM is not provided)
-ifeq ($(origin PLATFORM), undefined)
-PLATFORM := $(shell docker buildx ls --format=json | jq -r 'select(.Name == "$(BUILDER)") | [.Nodes[].Platforms // []] | flatten | unique | map(select(test("^linux/amd64$$|^linux/arm64$$"))) | join(",")')
-endif