github cozystack/cozystack v1.0.0-rc.2
on GitHub

pre-release7 hours ago

⚠️ Release Candidate Warning: This is a release candidate intended for final validation before the stable v1.0.0 release. Breaking changes are not expected at this stage, but please test thoroughly before deploying to production.

Features and Improvements

  • [keycloak] Allow custom Ingress hostname via values: Added an ingress.host field to the cozy-keycloak chart values, allowing operators to override the default keycloak.<root-host> Ingress hostname. The custom hostname is applied to both the Ingress resource and the KC_HOSTNAME environment variable in the StatefulSet. When left empty, the original behavior is preserved (fully backward compatible) (@sircthulhu in #2101).

Fixes

  • [platform] Fix upgrade issues in migrations, etcd timeout, and migration script: Fixed multiple upgrade failures discovered during v0.41.1 → v1.0 upgrade testing. Migration 26 now uses the cozystack.io/ui=true label (always present on v0.41.1) instead of the new label that depends on migration 22 having run, and adds robust Helm secret deletion with fallback and verification. Migrations 28 and 29 wrap grep calls to prevent pipefail exits and fix the reconcile annotation to use RFC3339 format. Migration 27 now skips missing CRDs and adds a name-pattern fallback for Helm secret deletion. The etcd HelmRelease timeout is increased from 10m to 30m to accommodate TLS cert rotation hooks. The migrate-to-version-1.0.sh script gains the missing bundle-disable, bundle-enable, expose-ingress, and expose-services field mappings (@kvaps in #2096).

  • [platform] Fix orphaned -rd HelmReleases after application renames: After the ferretdb→mongodb, mysql→mariadb, and virtual-machine→vm-disk+vm-instance renames, the system-level -rd HelmReleases in cozy-system (ferretdb-rd, mysql-rd, virtual-machine-rd) were left orphaned, referencing ExternalArtifacts that no longer exist and causing persistent reconciliation failures. Migrations 28 and 29 are updated to remove these resources, and migration 33 is added as a safety net for clusters that already passed those migrations (@kvaps in #2102).

  • [monitoring-agents] Fix FQDN resolution regression in tenant workload clusters: The fix introduced in #2075 used _cluster.cluster-domain references in values.yaml, but _cluster values are not accessible from Helm subchart contexts — meaning fluent-bit received empty hostnames and failed to forward logs. This PR replaces the _cluster references with a new global.clusterDomain variable (empty by default for management clusters, set to the cluster domain for tenant clusters), which is correctly shared with all subcharts (@kvaps in #2086).

  • [dashboard] Fix legacy templating and cluster identifier in sidebar links: Standardized the cluster identifier used across dashboard menu links, administration links, and API request paths, resolving incorrect or broken link targets for the Backups and External IPs sidebar sections (@androndo in #2093).

  • [dashboard] Fix backupjobs creation form and sidebar backup category identifier: Fixed the backup job creation form configuration, adding the required Name, Namespace, Plan Name, Application, and Backup Class fields. Fixed the sidebar backup category identifier that was causing incorrect navigation (@androndo in #2103).

Documentation

  • [website] Add Helm chart development principles guide: Added a new developer guide section documenting Cozystack's four core Helm chart principles: easy upstream updates, local-first artifacts, local dev/test workflow, and no external dependencies (@kvaps in cozystack/website#418).

  • [website] Add network architecture overview: Added comprehensive network architecture documentation covering the multi-layered networking stack — MetalLB (L2/BGP), Cilium eBPF (kube-proxy replacement), Kube-OVN (centralized IPAM), and tenant isolation with identity-based eBPF policies — with Mermaid diagrams for all major traffic flows (@IvanHunters in cozystack/website#422).

  • [website] Update documentation to use jsonpatch for service exposure: Improved kubectl patch commands throughout installation and configuration guides to use JSON Patch add operations for extending arrays instead of replacing them wholesale, making the documented commands safer and more precise (@sircthulhu in cozystack/website#427).

  • [website] Update certificates section in Platform Package documentation: Updated the certificate configuration documentation to reflect the new solver and issuerName fields introduced in v1.0.0-rc.1, replacing the legacy issuerType references (@myasnikovdaniil in cozystack/website#429).

  • [website] Add tenant Kubernetes cluster log querying guide: Added documentation for querying logs from tenant Kubernetes clusters in Grafana using VictoriaLogs labels (tenant, kubernetes_namespace_name, kubernetes_pod_name), including the monitoringAgents addon prerequisite and step-by-step filtering examples (@IvanHunters in cozystack/website#430).

  • [website] Replace non-idempotent commands with idempotent alternatives: Updated helm install to helm upgrade --install, kubectl create -f to kubectl apply -f, and kubectl create ns to the dry-run+apply pattern across all installation and deployment guides so commands can be safely re-run (@lexfrei in cozystack/website#431).

  • [website] Fix broken documentation links with .md suffix: Fixed incorrect internal links with .md suffix across virtualization guides for both v0 and v1 documentation, standardizing link text to "Developer Guide" (@cheese in cozystack/website#432).

Contributors

We'd like to thank all contributors who made this release possible:

New Contributors

We're excited to welcome our first-time contributors:

Full Changelog: v1.0.0-rc.1...v1.0.0-rc.2

Download cozystack

Check out latest releases or
releases around cozystack/cozystack v1.0.0-rc.2

Don't miss a new cozystack release

NewReleases is sending notifications on new releases.

Get notifications