Release v1.0.0-beta.4

[cozystack-bot]

This PR prepares the release v1.0.0-beta.4.

Summary by CodeRabbit

• Chores
  • Updated container image references across system components from v1.0.0-beta.3 to v1.0.0-beta.4, including backup controllers, API services, dashboard components, and networking modules.
  • Updated image digests to reflect latest builds.
  • Fixed KubeVirt CSI driver image reference to a specific version.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR updates container image references across multiple packages from v1.0.0-beta.3 to v1.0.0-beta.4, with new digest hashes. Additionally, the kubevirt-csi-driver and cluster-autoscaler images are pinned to specific versions with updated digests. All changes are configuration-only updates to image references in values files and tag files.

Changes

Cohort / File(s)	Summary
Core Installer & Platform packages/core/installer/values.yaml, packages/core/platform/values.yaml	Updated cozystackOperator image to beta.4 and platform-migrations to v1.0.0-beta.4 with new digests.
System Controllers (Backup & Strategy) packages/system/backup-controller/values.yaml, packages/system/backupstrategy-controller/values.yaml	Updated backup-controller and backupStrategyController images from beta.3 to beta.4 with new digests.
System Controllers (Core APIs) packages/system/cozystack-api/values.yaml, packages/system/cozystack-controller/values.yaml, packages/system/lineage-controller-webhook/values.yaml, packages/system/objectstorage-controller/values.yaml	Updated cozystackAPI, cozystackController, lineage-controller-webhook, and objectstorage-controller images from beta.3 to beta.4 with new digests.
System Networking packages/system/kubeovn-plunger/values.yaml, packages/system/kubeovn-webhook/values.yaml	Updated kubeovn-plunger image to beta.4 with new digest; kubeovn-webhook tag bumped to beta.4 (digest unchanged).
System Storage packages/system/kamaji/values.yaml, packages/system/seaweedfs/values.yaml	Updated kamaji image tag and migrate-image to beta.4; updated SeaweedFS COSI sidecar image to beta.4 with new digest.
System Monitoring & Dashboard packages/system/dashboard/templates/configmap.yaml, packages/system/dashboard/values.yaml, packages/system/grafana-operator/images/grafana-dashboards.tag	Updated dashboard tenantText, openapiUI, openapiUIK8sBff, tokenProxy, and grafana-dashboards images to beta.4.
Apps & Infrastructure packages/apps/kubernetes/images/cluster-autoscaler.tag, packages/apps/kubernetes/images/kubevirt-csi-driver.tag, packages/system/kubevirt-csi-node/values.yaml	Updated cluster-autoscaler digest; pinned kubevirt-csi-driver from `latest` to `0.0.0` with new digest; updated kubevirt-csi-node image to 0.0.0.
Extra Packages packages/extra/bootbox/images/matchbox.tag, packages/extra/seaweedfs/images/objectstorage-sidecar.tag	Updated matchbox image to beta.4 with new digest; updated objectstorage-sidecar image to beta.4.
Testing packages/core/testing/values.yaml	Updated e2e image tag from beta.3 to beta.4 (digest unchanged).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Release v1.0.0-alpha.1 #1865: Updates the same kubevirt-csi-driver.tag file with image reference and digest changes.
• Release v0.36.0 #1428: Modifies kubevirt-csi-node values and related kubevirt-csi-driver image references.
• Release v1.0.0-beta.2 #1955: Updates kubevirt-csi-driver.tag image tag and digest to newer versions.

Suggested labels

size:M

Suggested reviewers

• kvaps
• lllamnyp
• nbykov0

Poem

🐰 Hop-hop, the images do spring,
From beta.3 to beta.4, a versioning thing!
New digests appear with a cryptographic bloom,
Freshly pinned tags dispel all gloom.
The containers are ready, the hashes align—
This release update is simply divine! ✨

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Release v1.0.0-beta.4' directly describes the primary purpose of the PR, which is to release version 1.0.0-beta.4. The changeset confirms this with updates to all component image tags and digests from beta.3 to beta.4 across 22 files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release-1.0.0-beta.4

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @cozystack-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request is dedicated to preparing the v1.0.0-beta.4 release. It systematically updates all container image references and version strings within various configuration files to align with the new beta version. This ensures that all deployed components and their dependencies are correctly pointing to the artifacts associated with this specific release.

Highlights

• Image Tag Updates: Updated image tags and SHA256 digests for numerous components across the repository to v1.0.0-beta.4, ensuring all services reference the new release.
• KubeVirt CSI Driver Versioning: Specifically updated the kubevirt-csi-driver image tag from latest to 0.0.0 along with its new SHA256 digest.
• Platform Source Reference: The platformSourceRef digest in the installer's values.yaml was updated to reflect the latest platform packages.
• Dashboard Version Display: The dashboard's tenant text, which often displays the current version, was updated to v1.0.0-beta.4.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• packages/apps/kubernetes/images/kubevirt-csi-driver.tag
  • Updated the kubevirt-csi-driver image tag from latest to 0.0.0 and its SHA256 digest.
• packages/core/installer/values.yaml
  • Updated the cozystack-operator image tag and SHA256 digest to v1.0.0-beta.4.
  • Updated the platformSourceRef digest.
• packages/core/platform/values.yaml
  • Updated the platform-migrations image tag and SHA256 digest to v1.0.0-beta.4.
• packages/core/testing/values.yaml
  • Updated the e2e-sandbox image tag and SHA256 digest to v1.0.0-beta.4.
• packages/extra/bootbox/images/matchbox.tag
  • Updated the matchbox image tag and SHA256 digest to v1.0.0-beta.4.
• packages/extra/seaweedfs/images/objectstorage-sidecar.tag
  • Updated the objectstorage-sidecar image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/backup-controller/values.yaml
  • Updated the backup-controller image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/backupstrategy-controller/values.yaml
  • Updated the backupstrategy-controller image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/cozystack-api/values.yaml
  • Updated the cozystack-api image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/cozystack-controller/values.yaml
  • Updated the cozystack-controller image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/dashboard/templates/configmap.yaml
  • Updated the $tenantText variable to v1.0.0-beta.4.
• packages/system/dashboard/values.yaml
  • Updated the openapi-ui image tag and SHA256 digest to v1.0.0-beta.4.
  • Updated the openapi-ui-k8s-bff image tag and SHA256 digest to v1.0.0-beta.4.
  • Updated the token-proxy image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/grafana-operator/images/grafana-dashboards.tag
  • Updated the grafana-dashboards image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/kamaji/values.yaml
  • Updated the kamaji image tag and SHA256 digest to v1.0.0-beta.4.
  • Updated the --migrate-image argument for kamaji to v1.0.0-beta.4.
• packages/system/kubeovn-plunger/values.yaml
  • Updated the kubeovn-plunger image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/kubeovn-webhook/values.yaml
  • Updated the kubeovn-webhook image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/kubevirt-csi-node/values.yaml
  • Updated the csiDriver image tag from latest to 0.0.0 and its SHA256 digest.
• packages/system/lineage-controller-webhook/values.yaml
  • Updated the lineage-controller-webhook image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/objectstorage-controller/values.yaml
  • Updated the objectstorage-controller image tag and SHA256 digest to v1.0.0-beta.4.
• packages/system/seaweedfs/values.yaml
  • Updated the objectstorage-sidecar image tag and SHA256 digest to v1.0.0-beta.4.

Activity

• No human activity has been recorded on this pull request since its creation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request prepares for the v1.0.0-beta.4 release by updating various version tags and image digests. While many updates are correct, I've found several critical issues where image tags were updated but their corresponding SHA256 digests were not. This means that these components would still be using old images despite the version bump. This is critical for a release and must be fixed. I've left specific comments on the affected files. Additionally, there's a minor concern about an unconventional version tag 0.0.0 being used.

[gemini-code-assist]

The image tag for e2e.image has been updated to v1.0.0-beta.4, but the SHA256 digest has not changed. This means it's still pointing to the old image from v1.0.0-beta.3. For a release, it's critical that the image digest matches the new version.

[gemini-code-assist]

The image tag for tokenProxy.image has been updated to v1.0.0-beta.4, but the SHA256 digest is the same as the previous version. This likely means the image is not updated, which is a critical issue for a release.

[gemini-code-assist]

The image tag has been updated to v1.0.0-beta.4, but the SHA256 digest is unchanged from the previous version. This is likely an error and the image has not been updated. Please update the digest to match the new image.

[gemini-code-assist]

The image tag has been updated to v1.0.0-beta.4, but the SHA256 digest is unchanged. This means it's still pointing to the old image, which is a critical issue for a release. Please update the digest.

[gemini-code-assist]

The --migrate-image tag has been updated to v1.0.0-beta.4, but the SHA256 digest is unchanged. This means it's still pointing to the old image. Please update the digest to match the new image version.

[gemini-code-assist]

The image tag has been updated to v1.0.0-beta.4, but the SHA256 digest is unchanged. This is a critical error for a release. Please update the digest to match the new image.

[gemini-code-assist]

The image tag for objectstorage.controller.image has been updated to v1.0.0-beta.4, but the SHA256 digest is unchanged. This is a critical issue for a release. Please update the digest.

[gemini-code-assist]

The image tag is being changed from latest to 0.0.0. While pinning from latest is a good practice, using 0.0.0 as a version tag is unconventional and can be confusing as it doesn't clearly indicate the version of the software. Consider using a more descriptive version tag. This is also updated in packages/system/kubevirt-csi-node/values.yaml.

[gemini-code-assist]

The image tag is being changed from latest to 0.0.0. While pinning from latest is a good practice, using 0.0.0 as a version tag is unconventional and can be confusing. It doesn't clearly indicate the version of the software. Consider using a more descriptive version tag. This change is also present in packages/apps/kubernetes/images/kubevirt-csi-driver.tag.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

hack/cozyreport.sh (1)

139-148: ⚠️ Potential issue | 🟠 Major

Pre-existing: Kamaji guard checks for linstor-controller instead of the kamaji deployment.

The condition at line 139 gates the kamaji resource collection block on the existence of linstor-controller in cozy-linstor, but the block collects resources from the cozy-kamaji namespace and explicitly references deployment/kamaji. The guard should check for the kamaji deployment instead:

if kubectl get deploy -n cozy-kamaji kamaji >/dev/null 2>&1; then

This appears to be a copy-paste error from the linstor block that follows (line 189).

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@packages/system/cozystack-api/templates/deployment.yaml`:
- Around line 29-40: The init container "wait-for-applicationdefinitions"
currently loops indefinitely; modify its command in the initContainers block to
enforce a deadline (e.g., track a start time or loop counter and exit non‑zero
after a configurable timeout) so the pod fails and surfaces errors via
restart/backoff, and ensure the exit path logs the timeout reason; also replace
the hardcoded image "docker.io/alpine/k8s:1.33.4" with a templated value from
values.yaml (e.g., an initContainer image and optional digest field) so the
image/tag/digest is managed consistently with the main container.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find cozystack-api service account and RBAC rules
echo "=== Looking for cozystack-api service account definition ==="
fd -t f -e yaml | xargs grep -l "cozystack-api" | head -20

echo ""
echo "=== Looking for ClusterRole/Role definitions related to applicationdefinitions ==="
fd -t f -e yaml | xargs grep -l "applicationdefinitions" | head -20

echo ""
echo "=== Checking the deployment file and surrounding context ==="
cat -n packages/system/cozystack-api/templates/deployment.yaml | head -45

Repository: cozystack/cozystack

Length of output: 2854

---

🏁 Script executed:

#!/bin/bash
# Search for RBAC configuration in the cozystack-api chart
echo "=== RBAC files in cozystack-api chart ==="
find packages/system/cozystack-api -type f -name "*.yaml" | xargs basename -a | sort | uniq

echo ""
echo "=== Full file listing ==="
find packages/system/cozystack-api/templates -type f -name "*.yaml" | sort

Repository: cozystack/cozystack

Length of output: 1006

---

🏁 Script executed:

#!/bin/bash
# Check for image references to see templating patterns
echo "=== Image references in deployment.yaml ==="
grep -n "image:" packages/system/cozystack-api/templates/deployment.yaml

echo ""
echo "=== Check values.yaml for image templating ==="
if [ -f packages/system/cozystack-api/values.yaml ]; then
  grep -n "image" packages/system/cozystack-api/values.yaml | head -20
fi

Repository: cozystack/cozystack

Length of output: 392

---

🌐 Web query:

alpine/k8s 1.33.4 docker hub image

💡 Result:

The Docker Hub image/tag you want is:

docker pull alpine/k8s:1.33.4

It’s from the alpine/k8s repository on Docker Hub (Kubernetes toolbox image). [1] The 1.33.4 tag is listed as a released version (dated Aug 17, 2025). [2]

---

🏁 Script executed:

#!/bin/bash
# Check the RBAC files for applicationdefinitions permissions
echo "=== rbac.yaml content ==="
cat -n packages/system/cozystack-api/templates/rbac.yaml

echo ""
echo "=== rbac-bind.yaml content ==="
cat -n packages/system/cozystack-api/templates/rbac-bind.yaml

echo ""
echo "=== sa.yaml content ==="
cat -n packages/system/cozystack-api/templates/sa.yaml

Repository: cozystack/cozystack

Length of output: 1726

---

🏁 Script executed:

#!/bin/bash
# Search for any ClusterRole that grants access to applicationdefinitions
echo "=== Searching for ClusterRole with applicationdefinitions resource ==="
find packages/system -type f -name "*.yaml" | xargs grep -l "applicationdefinitions" | while read f; do
  echo "File: $f"
  grep -B5 -A5 "applicationdefinitions" "$f" | head -20
  echo ""
done

Repository: cozystack/cozystack

Length of output: 1579

---

Init container loop has no timeout — pod can hang indefinitely.

If ApplicationDefinitions never appear (e.g., a CRD is missing, the HelmRelease that creates them is broken, or a fresh cluster is misconfigured), this init container will block forever with no visibility beyond its log line. Consider adding a deadline so the pod eventually fails and surfaces the issue through normal pod-restart backoff and alerting.

Additionally, the image tag is hardcoded in the template rather than being templated through values.yaml like the main container image (which also uses digest pinning). This makes version management inconsistent and harder to track across releases.

⏱️ Proposed fix: add a timeout

       - sh
       - -c
       - |
-        until kubectl get applicationdefinitions.cozystack.io --no-headers 2>/dev/null | grep -q .; do
+        TIMEOUT=300
+        ELAPSED=0
+        until kubectl get applicationdefinitions.cozystack.io --no-headers 2>/dev/null | grep -q .; do
+          if [ "$ELAPSED" -ge "$TIMEOUT" ]; then
+            echo "Timed out waiting for ApplicationDefinitions after ${TIMEOUT}s"
+            exit 1
+          fi
           echo "Waiting for ApplicationDefinitions to appear..."
           sleep 2
+          ELAPSED=$((ELAPSED + 2))
         done
         echo "ApplicationDefinitions found"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	initContainers:
	- name: wait-for-applicationdefinitions
	image: docker.io/alpine/k8s:1.33.4
	command:
	- sh
	- -c
	- |
	until kubectl get applicationdefinitions.cozystack.io --no-headers 2>/dev/null | grep -q .; do
	echo "Waiting for ApplicationDefinitions to appear..."
	sleep 2
	done
	echo "ApplicationDefinitions found"
	initContainers:
	- name: wait-for-applicationdefinitions
	image: docker.io/alpine/k8s:1.33.4
	command:
	- sh
	- -c
	- |
	TIMEOUT=300
	ELAPSED=0
	until kubectl get applicationdefinitions.cozystack.io --no-headers 2>/dev/null | grep -q .; do
	if [ "$ELAPSED" -ge "$TIMEOUT" ]; then
	echo "Timed out waiting for ApplicationDefinitions after ${TIMEOUT}s"
	exit 1
	fi
	echo "Waiting for ApplicationDefinitions to appear..."
	sleep 2
	ELAPSED=$((ELAPSED + 2))
	done
	echo "ApplicationDefinitions found"

🤖 Prompt for AI Agents

In `@packages/system/cozystack-api/templates/deployment.yaml` around lines 29 -
40, The init container "wait-for-applicationdefinitions" currently loops
indefinitely; modify its command in the initContainers block to enforce a
deadline (e.g., track a start time or loop counter and exit non‑zero after a
configurable timeout) so the pod fails and surfaces errors via restart/backoff,
and ensure the exit path logs the timeout reason; also replace the hardcoded
image "docker.io/alpine/k8s:1.33.4" with a templated value from values.yaml
(e.g., an initContainer image and optional digest field) so the image/tag/digest
is managed consistently with the main container.