Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Update flux plugin for dashboard

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

This PR upgrades to Flux-Operator 0.6 released this morning, also includes:

* #170
which is an aggregate PR, so #171 #172 etc. I think this PR now basically subsumes #170 and can replace it.

I have at least 80% confidence there are no errors in this PR. It also restores the networkPolicy default and the deleted cozy-dashboard network policy, which we will see fixed (restored to install NetworkPolicy resources by default) in the next `flux-operator` release.

Ref: controlplaneio-fluxcd/flux-operator#52
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

This cumulative PR includes the following changes:

- Migrate from fluxcd-community charts to Flux-Operator #166
- Upgrade to Flux 2.3.x #167
- Refactor Flux 2.3 update #172
- Update flux plugin for dashboard #171
- Flux Operator 0.6 #178

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>

Add option `--no-backup-if-mismatch` to every patch command, so it will
not create .orig and .diff files anymore

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Managed tenant nginx ingress controller

in addition to #181

This PR introduces a new fluxcd-kustomize.sh script that can be used as
post-processor for helm for adding a common fluxcd labels.

This is very useful for `make diff`, so it will not include diff between
these labels anymore

Also for debugging specific kustomize cases, eg:
- fluxcd/helm-controller#283
- fluxcd/flux2#4368

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Separate and move fluxcd and fluxcd-operator from `core` to `system`.

It should not be problem with self-update now, since we correctly set
dependsOn option, it ensures ordered update of flux instance right after
flux-operator.

As part of #184 and
#185
fixes #169

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

I am testing install with this PR #183 and I had some issues, these
should help

---------

Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>

Update Tenant Kubernetes Addons

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Update etcd-operator v0.3.0

Fix #195

Don't set the `interval` so short on HelmReleases, with this many
HelmReleases that really hamstrings the control plane.

Also, copy the install/upgrade remediation config from system packages
to the Kubernetes templates for addon packages (cilium, flux, ingress) -
in my testing the ingress-nginx chart fails every time the first time.
Maybe that should be filed as a separate issue, I haven't looked into
detail, it is some issue related to a secret not being created, I think
it said something related to an admission controller.

Looks as though it's a conflict with being installed at the same time as
the cert-manager addon.

Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Fix kafka app to unhardcode partitions number
fixes problem with unability to specify number of partitions and
replicas for them

also possible fixes #163

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

image to test:

```
ghcr.io/aenix-io/cozystack/cozystack:v0.8.0@sha256:48e9f676f4eca5f7036648a56767c31beb0aca8fdc6d6798bd65de74886ed1ef
```


this PR should fix a problem of upgrading from older cozystack version

```
make: Leaving directory '/cozystack/packages/core/platform'
deployment.apps/source-controller condition met
deployment.apps/helm-controller condition met
Error from server (NotFound): helmreleases.helm.toolkit.fluxcd.io "fluxcd" not found
NAME                                        CREATED AT
helmreleases.helm.toolkit.fluxcd.io         2024-05-29T11:00:16Z
helmrepositories.source.toolkit.fluxcd.io   2024-05-29T11:00:17Z
make: Entering directory '/cozystack/packages/system/fluxcd-operator'
kubectl patch hr -n cozy-fluxcd fluxcd-operator -p '{"spec": {"suspend": true}}' --type=merge --field-manager=flux-client-side-apply
Error from server (NotFound): helmreleases.helm.toolkit.fluxcd.io "fluxcd-operator" not found
make: *** [../../../scripts/package-system.mk:20: suspend] Error 1
make: Leaving directory '/cozystack/packages/system/fluxcd-operator'
time="2024-07-04T12:50:05Z" level=fatal msg="failed to run" err="exit status 2"
```

The error manifests as:

W0705 16:07:35.694677 7 configmap.go:431] unexpected error merging
defaults: 2 error(s) decoding:

* cannot parse 'proxy-connect-timeout' as int: strconv.ParseInt: parsing
"10s": invalid syntax
* cannot parse 'proxy-read-timeout' as int: strconv.ParseInt: parsing
"10s": invalid syntax

I came across this trying to understand why my nginx ingress addon
config isn't working, (this didn't help, but at least the warning is
gone now.)

I'll continue to try to debug, but I think this can merge any time

Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>

I don't understand why "true" value isn't accepted here, but I have seen
this before. The `--enable-ssl-passthrough` parameter is not supposed to
accept any value, it's a stand-alone argument.

With this change I get my traffic appropriately passed through to
backend ingress on a kubevirt cluster that enabled TLS

Without it (the change is made on the addon ingress, which is very
strange, because that one isn't even configured to use a passthrough
annotation... the root ingress controller doesn't seem to care) I get
this error:

> 400 Bad Request
> The plain HTTP request was sent to HTTPS port
> ---
> nginx

Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

This PR introduces change to allow upgrading existing node groups for
tenant Kubernetes cluster:

This fixes the error:
```
Status: Failed (UpgradeFailed: Helm upgrade failed for release tenant-test0/kubernetes-test0 with chart kubernetes@0.3.0: cannot patch "kubernetes-test0-md0" with kind KubevirtMachineTemplate: admission webhook "validation.kubevirtmachinetemplate.infrastructure.cluster.x-k8s.io" denied the request: KubevirtMachineTemplateSpec is immutable)
```

This is done by generating unique names for KubevirtMachineTemplate
based on hash from spec. Old KubevirtMachineTemplates keep existing in
the cluster until some MachineSet continues using them.

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Now grafana dashboards for ingress-nginx controller completely works!

![pic](https://github.com/user-attachments/assets/c2414cc7-9e0c-441e-9668-bf78ea3ef0c6)

![pic](https://github.com/user-attachments/assets/8ebe2488-0c53-4fc8-9e26-fc37e0047ebe)

![pic](https://github.com/user-attachments/assets/675a47b8-0304-4c58-9379-75e23c2db90f)

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

FerretDB

undefined