Prepare release v0.19.0 #500
Conversation
dosubot
bot
added
the
size:M
|
Warning Rate limit exceeded@kvaps has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 4 minutes and 57 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. WalkthroughThe pull request updates several Docker image references and tags across various components in the CozyStack application. Key changes include updating the container images for Changes
Possibly related PRs
Suggested labels
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (1)
manifests/cozystack-installer.yaml (1)
Line range hint
71-104: Security Review: Deployment uses privileged configurationsWhile not changed in this PR, it's worth noting that this deployment uses sensitive configurations:
hostNetwork: true- Provides direct access to host networkcluster-adminrole binding - Grants full cluster accessThese configurations are likely required for the installer's functionality but should be documented and reviewed periodically.
Consider:
- Adding comments explaining why these privileged settings are necessary
- Documenting security implications in the deployment guide
- Implementing additional security controls if possible
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (18)
manifests/cozystack-installer.yaml(2 hunks)packages/apps/clickhouse/images/clickhouse-backup.tag(1 hunks)packages/apps/ferretdb/images/postgres-backup.tag(1 hunks)packages/apps/http-cache/images/nginx-cache.tag(1 hunks)packages/apps/kubernetes/images/cluster-autoscaler.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-cloud-provider.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-csi-driver.tag(1 hunks)packages/apps/kubernetes/images/ubuntu-container-disk.tag(1 hunks)packages/apps/mysql/images/mariadb-backup.tag(1 hunks)packages/apps/postgres/images/postgres-backup.tag(1 hunks)packages/core/installer/values.yaml(1 hunks)packages/core/testing/values.yaml(1 hunks)packages/system/bucket/images/s3manager.tag(1 hunks)packages/system/cilium/values.yaml(1 hunks)packages/system/cozystack-api/values.yaml(1 hunks)packages/system/dashboard/values.yaml(1 hunks)packages/system/kamaji/values.yaml(1 hunks)packages/system/kubeovn/values.yaml(1 hunks)
✅ Files skipped from review due to trivial changes (14)
- packages/apps/clickhouse/images/clickhouse-backup.tag
- packages/core/testing/values.yaml
- packages/apps/http-cache/images/nginx-cache.tag
- packages/system/bucket/images/s3manager.tag
- packages/apps/kubernetes/images/kubevirt-csi-driver.tag
- packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
- packages/system/kubeovn/values.yaml
- packages/apps/ferretdb/images/postgres-backup.tag
- packages/apps/postgres/images/postgres-backup.tag
- packages/apps/kubernetes/images/ubuntu-container-disk.tag
- packages/system/kamaji/values.yaml
- packages/apps/mysql/images/mariadb-backup.tag
- packages/core/installer/values.yaml
- packages/apps/kubernetes/images/cluster-autoscaler.tag
🔇 Additional comments (4)
packages/system/cozystack-api/values.yaml (1)
2-2: LGTM! Good practice moving from 'latest' to specific version.
The change from using the 'latest' tag to a specific version 'v0.19.0' improves deployment stability and reproducibility. The SHA256 digest ensures image integrity.
packages/system/cilium/values.yaml (1)
15-16: Verify Cilium 1.16.4 release notes and compatibility.
The patch version upgrade from 1.16.3 to 1.16.4 should be reviewed for:
- Any breaking changes
- Security fixes that might need additional configuration
✅ Verification successful
Cilium 1.16.4 upgrade includes important security fix and bug fixes
This version includes a security advisory (GHSA-xg58-75qf-9r67) and multiple bug fixes that improve stability. Key changes:
- Security fix for a reported vulnerability
- Fixed potential deadlock with DNS interception
- Fixed packet drops for pod-to-pod connections with IPsec
- Fixed performance regression with network policies in large clusters
- Improved stability for Wireguard and BGP features
The upgrade is recommended as it addresses security and stability issues.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check for Cilium release information and potential security advisories
gh api graphql -f query='
{
repository(owner: "cilium", name: "cilium") {
release(tagName: "v1.16.4") {
description
createdAt
}
vulnerabilityAlerts(first: 5, states: OPEN) {
nodes {
securityVulnerability {
package { name }
vulnerableVersionRange
firstPatchedVersion { identifier }
}
}
}
}
}'
Length of output: 14685
packages/system/dashboard/values.yaml (1)
36-37: LGTM! Version consistency maintained across components.
Both dashboard and kubeappsapis components are consistently updated to v0.19.0, maintaining version parity. SHA256 digests are properly updated for both images.
Also applies to: 42-43
manifests/cozystack-installer.yaml (1)
71-71: LGTM: Version updates align with release v0.19.0
The container image versions have been consistently updated to v0.19.0 for both containers, which aligns with the release objectives.
Let's verify the image availability and digest:
Also applies to: 90-90
✅ Verification successful
Version v0.19.0 is consistently referenced across the codebase with verified digests
The version update to v0.19.0 is well-documented across multiple components in the codebase, with several images having specific SHA256 digests, indicating they have been properly built and published. The image references in cozystack-installer.yaml align with other components' versions, maintaining consistency throughout the release.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify if the new image exists and get its digest
gh api \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
/repos/aenix-io/cozystack/pkgs/container/cozystack%2Fcozystack/versions | \
jq '.[] | select(.metadata.container.tags[] == "v0.19.0")'
Length of output: 408
Script:
#!/bin/bash
# Let's try a different approach to verify the image
# First, let's check if there are any other references to this version in the codebase
rg "v0.19.0" --type yaml
# Also check for any version-related changes in recent commits
git log -n 5 --oneline
Length of output: 952
dosubot
bot
added
size:L
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Outside diff range and nitpick comments (7)
hack/e2e.sh (2)
191-192: Consolidate EtcD Member Checks for RobustnessThe current commands for checking
etcdmembers use a combination oftimeoutand loops. This approach may cause unnecessary complexity and potential issues with signal handling. Consider consolidating these checks into a single, more efficient command.Apply this diff to simplify the
etcdreadiness check:-timeout 180 sh -c 'until timeout -s 9 2 talosctl etcd members -n 192.168.123.11,192.168.123.12,192.168.123.13 -e 192.168.123.10 2>&1; do sleep 1; done' -timeout 60 sh -c 'while talosctl etcd members -n 192.168.123.11,192.168.123.12,192.168.123.13 -e 192.168.123.10 2>&1 | grep "rpc error"; do sleep 1; done' +timeout 180 sh -c 'until talosctl etcd members -n 192.168.123.11 -e 192.168.123.10 >/dev/null 2>&1; do sleep 1; done'This change waits for the
etcdcluster to be ready by checking a single node and reduces complexity.
313-315: Consistent Formatting in JSON PatchesEnsure consistency in the JSON patch formatting for better readability and maintenance.
Apply this diff to adjust the indentation:
kubectl patch -n tenant-root ingresses.apps.cozystack.io ingress --type=merge -p '{"spec":{ - "dashboard": true + "dashboard": true }}'packages/apps/tenant/templates/keycloakgroups.yaml (1)
53-53: Add Newline at End of File for POSIX ComplianceIt's considered good practice to end files with a newline character. This can prevent issues with some tools that may not handle files without a terminating newline correctly.
Ensure there is a newline at the end of the file.
packages/apps/tenant/templates/kubeconfig.yaml (1)
21-21: Update Kubeconfig Server Address if API Server Endpoint ChangesThe server address in the kubeconfig is set to use
{{ $apiServerEndpoint }}. If the API server endpoint changes, ensure that the kubeconfig is regenerated or updated accordingly.Consider automating the update of kubeconfig files when the API server endpoint changes to maintain seamless access for users.
packages/core/platform/bundles/paas-hosted.yaml (2)
2-10: Consider adding type validation for OIDC configurationWhile the presence check for
api-server-endpointis good, consider validating thatoidc-enabledis a valid boolean value to prevent runtime issues.{{- $oidcEnabled := index $cozyConfig.data "oidc-enabled" }} +{{- if and $oidcEnabled (ne $oidcEnabled "true") (ne $oidcEnabled "false") }} +{{- fail "ERROR oidc-enabled in cozystack ConfigMap must be 'true' or 'false'" }} +{{- end }}
Line range hint
166-184: Consider defining resource requirements for Keycloak componentsThe Keycloak-related releases should have resource requests and limits defined to ensure proper resource allocation and prevent resource starvation.
Consider adding resource configurations in the respective charts:
- Memory and CPU limits/requests for Keycloak server
- Resource constraints for the operator
- Proper sizing based on expected load
packages/core/platform/bundles/paas-full.yaml (1)
Line range hint
270-288: Consider adding health check configurationsFor better reliability and monitoring, consider adding readiness and liveness probe configurations for the Keycloak components.
Consider adding in the respective charts:
- Readiness probes to ensure proper initialization
- Liveness probes to detect and recover from failures
- Startup probes for components with longer initialization times
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (27)
hack/e2e.sh(5 hunks)manifests/cozystack-installer.yaml(2 hunks)packages/apps/clickhouse/images/clickhouse-backup.tag(1 hunks)packages/apps/ferretdb/images/postgres-backup.tag(1 hunks)packages/apps/http-cache/images/nginx-cache.tag(1 hunks)packages/apps/kubernetes/images/cluster-autoscaler.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-cloud-provider.tag(1 hunks)packages/apps/kubernetes/images/kubevirt-csi-driver.tag(1 hunks)packages/apps/kubernetes/images/ubuntu-container-disk.tag(1 hunks)packages/apps/mysql/images/mariadb-backup.tag(1 hunks)packages/apps/postgres/images/postgres-backup.tag(1 hunks)packages/apps/tenant/templates/dashboard-resourcemap.yaml(1 hunks)packages/apps/tenant/templates/keycloakgroups.yaml(2 hunks)packages/apps/tenant/templates/kubeconfig.yaml(3 hunks)packages/core/installer/values.yaml(1 hunks)packages/core/platform/bundles/distro-full.yaml(0 hunks)packages/core/platform/bundles/distro-hosted.yaml(0 hunks)packages/core/platform/bundles/paas-full.yaml(4 hunks)packages/core/platform/bundles/paas-hosted.yaml(3 hunks)packages/core/testing/values.yaml(1 hunks)packages/system/bucket/images/s3manager.tag(1 hunks)packages/system/cilium/values.yaml(1 hunks)packages/system/cozystack-api/values.yaml(1 hunks)packages/system/dashboard/values.yaml(1 hunks)packages/system/kamaji/values.yaml(1 hunks)packages/system/keycloak-configure/templates/configure-kk.yaml(1 hunks)packages/system/kubeovn/values.yaml(1 hunks)
💤 Files with no reviewable changes (2)
- packages/core/platform/bundles/distro-full.yaml
- packages/core/platform/bundles/distro-hosted.yaml
✅ Files skipped from review due to trivial changes (1)
- packages/system/dashboard/values.yaml
🚧 Files skipped from review as they are similar to previous changes (17)
- packages/apps/clickhouse/images/clickhouse-backup.tag
- packages/apps/http-cache/images/nginx-cache.tag
- packages/apps/kubernetes/images/kubevirt-csi-driver.tag
- packages/system/kamaji/values.yaml
- packages/system/kubeovn/values.yaml
- packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
- packages/system/cozystack-api/values.yaml
- packages/apps/kubernetes/images/cluster-autoscaler.tag
- manifests/cozystack-installer.yaml
- packages/apps/kubernetes/images/ubuntu-container-disk.tag
- packages/system/bucket/images/s3manager.tag
- packages/core/testing/values.yaml
- packages/apps/postgres/images/postgres-backup.tag
- packages/system/cilium/values.yaml
- packages/apps/ferretdb/images/postgres-backup.tag
- packages/apps/mysql/images/mariadb-backup.tag
- packages/core/installer/values.yaml
🧰 Additional context used
🪛 yamllint (1.35.1)
packages/apps/tenant/templates/keycloakgroups.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/apps/tenant/templates/dashboard-resourcemap.yaml
[error] 4-4: syntax error: expected , but found ''
(syntax)
🔇 Additional comments (8)
hack/e2e.sh (2)
340-346: Ensure OIDC Components Are Properly Deployed
The script adds a section to test OIDC by patching the ConfigMap and waiting for Keycloak resources. Verify that all necessary components are correctly configured and deployed to enable OIDC functionality.
Run the following script to confirm the status of OIDC-related resources:
✅ Verification successful
OIDC Components Are Properly Configured
The verification confirms that the OIDC test in hack/e2e.sh is properly integrated with the required components:
- The Keycloak components (keycloak, keycloak-operator, keycloak-configure) are defined in the platform bundles with correct dependencies
- OIDC configuration is properly set up in the cluster with:
- Correct issuer URL configuration
- Required claims (username, groups)
- Proper client configuration for both Kubernetes and Kubeapps
- The test follows the correct deployment order by waiting for all required HelmReleases
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify that Keycloak resources are ready for OIDC.
# Check the status of Keycloak HelmReleases
kubectl get hr -n cozy-keycloak keycloak keycloak-operator
# Validate that 'oidc-enabled' is set to 'true' in the ConfigMap
kubectl get cm cozystack -n cozy-system -o jsonpath='{.data.oidc-enabled}'
Length of output: 333
Script:
#!/bin/bash
# Let's verify the OIDC configuration in the codebase
# Check for OIDC-related configurations in Helm charts
fd . "charts/" --type f --exec grep -l "oidc" {} \;
# Look for OIDC-related configurations in the codebase
rg "oidc" -l
# Check for Keycloak-related configurations
fd . "charts/" --type f --exec grep -l "keycloak" {} \;
# Look for HelmRelease definitions for Keycloak
rg -l "kind:\s*HelmRelease.*name:\s*keycloak"
Length of output: 1313
Script:
#!/bin/bash
# Let's check the specific OIDC and Keycloak configurations
# Check the e2e test script for OIDC test context
rg "oidc" -A 5 -B 5 hack/e2e.sh
# Look for Keycloak HelmRelease definitions in platform bundles
rg "keycloak" -A 5 -B 5 "packages/core/platform/bundles/paas-hosted.yaml" "packages/core/platform/bundles/paas-full.yaml"
# Check Keycloak configuration template
rg "keycloak" -A 5 -B 5 "packages/system/keycloak-configure/templates/configure-kk.yaml"
Length of output: 8382
213-214: Verify Hardcoded Configuration Values
The root-host and api-server-endpoint are hardcoded with example values. Ensure that these values are appropriate for your environment or consider making them configurable.
Run the following script to check for hardcoded values:
Ensure that these values are correctly set according to your deployment requirements.
packages/apps/tenant/templates/keycloakgroups.yaml (1)
1-1:
Resolve YAML Syntax Error Due to Leading Dash
The static analysis tool reports a syntax error on line 1. This is likely due to an unexpected leading dash (-). Ensure that the Helm template directives are correctly formatted without introducing YAML syntax errors.
Apply this diff to fix the syntax error:
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{ $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}Alternatively, ensure there is no extra dash in the Helm template directive.
Likely invalid or redundant comment.
🧰 Tools
🪛 yamllint (1.35.1)
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
packages/apps/tenant/templates/kubeconfig.yaml (2)
45-45: Handle Absence of 'k8sClientSecret' Gracefully
The script checks for the existence of $k8sClientSecret. Ensure that if the secret is not present, the script handles it gracefully without causing errors.
Run the following script to check for the existence of the secret:
Ensure that the secret exists before proceeding.
6-6: Ensure 'api-server-endpoint' Is Defined in ConfigMap
The variable api-server-endpoint is used but may not be defined in the cozyConfig.data. Verify that it exists to prevent runtime errors.
Run the following script to check if api-server-endpoint is set:
Ensure that the output is not empty and contains a valid API server endpoint.
packages/system/keycloak-configure/templates/configure-kk.yaml (1)
84-84: Review Hardcoded 'webUrl' Value
The webUrl for the Keycloak client kubernetes has been changed to https://localhost:8000/oauth2/callback. Verify that this is the intended URL for OAuth2 callbacks and that it aligns with your deployment architecture.
If the application is not running on localhost:8000, consider updating the webUrl to reflect the correct callback URL.
packages/core/platform/bundles/paas-hosted.yaml (1)
156-164: Verify existence of kubeapps-auth-config ConfigMap when OIDC is enabled
When OIDC is enabled, the configuration depends on the kubeapps-auth-config ConfigMap, but its existence is not validated. This could lead to deployment failures.
packages/core/platform/bundles/paas-full.yaml (1)
226-234:
Fix inconsistent dashboard dependencies
There's an inconsistency in the dashboard's dependencies:
- Line 225 shows unconditional dependency on
keycloak-configure - Lines 226-234 show conditional dependency based on
$oidcEnabled
This could lead to deployment failures when OIDC is disabled.
- dependsOn: [cilium,kubeovn,keycloak-configure]
+ dependsOn: [cilium,kubeovn]
{{- if $oidcEnabled }}
dependsOn: [keycloak-configure]Likely invalid or redundant comment.
hack/e2e.sh
Outdated
| apiServer: | ||
| extraArgs: | ||
| oidc-issuer-url: "https://keycloak.example.org/realms/cozy" | ||
| oidc-client-id: "kubernetes" | ||
| oidc-username-claim: "preferred_username" | ||
| oidc-groups-claim: "groups" |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Parameterize OIDC Configuration Values
The OIDC configuration parameters oidc-issuer-url, oidc-client-id, oidc-username-claim, and oidc-groups-claim are hardcoded with example values. To enhance flexibility and avoid potential errors, consider parameterizing these values or referencing them from a configuration file or environment variables.
Apply this diff to parameterize the OIDC configuration:
apiServer:
extraArgs:
- oidc-issuer-url: "https://keycloak.example.org/realms/cozy"
- oidc-client-id: "kubernetes"
- oidc-username-claim: "preferred_username"
- oidc-groups-claim: "groups"
+ oidc-issuer-url: "${OIDC_ISSUER_URL}"
+ oidc-client-id: "${OIDC_CLIENT_ID}"
+ oidc-username-claim: "${OIDC_USERNAME_CLAIM}"
+ oidc-groups-claim: "${OIDC_GROUPS_CLAIM}"Ensure that the corresponding environment variables are set before running the script.
Committable suggestion skipped: line range outside the PR's diff.
hack/e2e.sh
Outdated
| kubectl patch -n tenant-root tenants.apps.cozystack.io root --type=merge -p '{"spec":{ | ||
| "host": "example.org", | ||
| "ingress": true, | ||
| "monitoring": true, | ||
| "etcd": true, | ||
| "isolated": true | ||
| }}}' | ||
| }}' |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Parameterize Tenant Configuration Values
In the kubectl patch command, the host is set to "example.org". Consider parameterizing this value to make the script more adaptable to different environments.
Apply this diff to parameterize the host value:
kubectl patch -n tenant-root tenants.apps.cozystack.io root --type=merge -p '{"spec":{
- "host": "example.org",
+ "host": "'$HOST_DOMAIN'",
"ingress": true,
"monitoring": true,
"etcd": true,
"isolated": true
}}'Remember to set the HOST_DOMAIN environment variable before running the script.
Committable suggestion skipped: line range outside the PR's diff.
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: Role | ||
| metadata: | ||
| name: {{ include "tenant.name" . }}-dashboard-resources |
There was a problem hiding this comment.
Correct Indentation in YAML File
There is a syntax error indicated by the static analysis tool due to improper indentation on line 4. Ensure that the name field is correctly indented under metadata.
Apply this diff to fix the indentation error:
metadata:
- name: {{ include "tenant.name" . }}-dashboard-resources
+ name: {{ include "tenant.name" . }}-dashboard-resourcesCommittable suggestion skipped: line range outside the PR's diff.
🧰 Tools
🪛 yamllint (1.35.1)
[error] 4-4: syntax error: expected , but found ''
(syntax)
| @@ -82,7 +81,7 @@ spec: | |||
| clientId: kubernetes | |||
| directAccess: true | |||
| public: false | |||
| webUrl: https://{{ $apiServerAdress }}/oauth2/callback | |||
| webUrl: https://localhost:8000/oauth2/callback | |||
There was a problem hiding this comment.
Ensure Consistent Use of Variables
The removal of the $apiServerAdress variable may affect other parts of the configuration if they rely on it. Ensure that all references to this variable are updated accordingly.
Search the codebase for any remaining references to $apiServerAdress:
#!/bin/bash
# Description: Find references to '$apiServerAdress' in the codebase.
rg '\$apiServerAdress' .Update any occurrences to prevent undefined variable errors.
| {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} | ||
| {{- $oidcEnabled := index $cozyConfig.data "oidc-enabled" }} | ||
| {{- $host := index $cozyConfig.data "root-host" }} | ||
| {{- if not $host }} | ||
| {{- fail "ERROR need root-host in cozystack ConfigMap" }} | ||
| {{- end }} | ||
| {{- $apiServerEndpoint := index $cozyConfig.data "api-server-endpoint" }} | ||
| {{- if not $apiServerEndpoint }} | ||
| {{- fail "ERROR need api-server-endpoint in cozystack ConfigMap" }} | ||
| {{- end }} |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Consider extracting common configuration validation
The configuration validation logic is duplicated between paas-hosted.yaml and paas-full.yaml. Consider extracting this into a shared template to maintain DRY principles and ensure consistent validation across files.
Consider creating a shared template file (e.g., _helpers.tpl) with:
{{- define "cozystack.validateConfig" -}}
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
{{- $oidcEnabled := index $cozyConfig.data "oidc-enabled" }}
{{- $host := index $cozyConfig.data "root-host" }}
{{- if not $host }}
{{- fail "ERROR need root-host in cozystack ConfigMap" }}
{{- end }}
{{- $apiServerEndpoint := index $cozyConfig.data "api-server-endpoint" }}
{{- if not $apiServerEndpoint }}
{{- fail "ERROR need api-server-endpoint in cozystack ConfigMap" }}
{{- end }}
{{- end -}}🧰 Tools
🪛 yamllint (1.35.1)
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
dosubot
bot
added
size:M
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes - **New Features** - Updated container images for various components to their latest versions, enhancing performance and security. - **Bug Fixes** - Addressed potential issues by upgrading image tags and digests for components such as CozyStack, ClickHouse, PostgreSQL, and others. - **Documentation** - Updated `values.yaml` configurations for multiple packages to reflect the latest image versions and digests. These updates ensure improved functionality and reliability across the application. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Summary by CodeRabbit
Release Notes
New Features
Bug Fixes
Documentation
values.yamlconfigurations for multiple packages to reflect the latest image versions and digests.These updates ensure improved functionality and reliability across the application.