Download Latest Version
metal-amd64.iso (521.5 MB)
Get an email when there's a new version of cozystack
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-03-31 | 5.6 kB | |
| v1.2.1 source code.tar.gz | 2026-03-31 | 5.0 MB | |
| v1.2.1 source code.zip | 2026-03-31 | 7.0 MB | |
| openapi.json | 2026-03-31 | 2.5 MB | |
| cozypkg-checksums.txt | 2026-03-31 | 564 Bytes | |
| cozypkg-windows-arm64.tar.gz | 2026-03-31 | 17.2 MB | |
| cozypkg-darwin-amd64.tar.gz | 2026-03-31 | 20.0 MB | |
| cozypkg-darwin-arm64.tar.gz | 2026-03-31 | 18.6 MB | |
| cozypkg-linux-amd64.tar.gz | 2026-03-31 | 19.0 MB | |
| cozypkg-linux-arm64.tar.gz | 2026-03-31 | 17.2 MB | |
| cozypkg-windows-amd64.tar.gz | 2026-03-31 | 19.1 MB | |
| initramfs-metal-amd64.xz | 2026-03-31 | 146.7 MB | |
| kernel-amd64 | 2026-03-31 | 21.6 MB | |
| nocloud-amd64.raw.xz | 2026-03-31 | 335.4 MB | |
| metal-amd64.raw.xz | 2026-03-31 | 335.4 MB | |
| metal-amd64.iso | 2026-03-31 | 521.5 MB | |
| cozystack-operator-hosted.yaml | 2026-03-31 | 2.5 kB | |
| cozystack-operator-generic.yaml | 2026-03-31 | 2.6 kB | |
| cozystack-operator-talos.yaml | 2026-03-31 | 2.5 kB | |
| cozystack-crds.yaml | 2026-03-31 | 19.1 kB | |
| Totals: 20 Items | 1.5 GB | 4 | |
Features and Improvements
- [postgres] Hardcode PostgreSQL 17 for monitoring databases and add migration: CloudNativePG operator defaults to PostgreSQL 18.3 when no explicit image is specified, but monitoring queries in Grafana and Alerta rely on PostgreSQL 17 features such as
pg_stat_checkpointerand the updatedpg_stat_bgwriter. This mismatch could break monitoring after fresh installs or database recreation. PostgreSQL 17.7 images are now hardcoded for monitoring databases, and migration 37 is added to set version v17 for any existing PostgreSQL resources (@IvanHunters in [#2304], [#2309]).
Fixes
-
[platform] Prevent installed packages deletion: Added the
helm.sh/resource-policy: keepannotation to all platform packages. Previously, moving a package todisabledPackagesor removing it fromenabledPackagescaused Helm to automatically delete the corresponding resource, contradicting the documented behavior that requires the platform administrator to manually delete packages when needed (@myasnikovdaniil in [#2273], [#2297]). -
[linstor] Preserve TCP ports during toggle-disk operations: During toggle-disk operations,
removeLayerData()freed TCP ports from the number pool andensureStackDataExists()could then allocate different ports. If a satellite missed the resulting update (e.g. due to a controller restart), it retained the old ports while peers received the new ones, causing DRBD connections to fail with StandAlone state. The fix addscopyDrbdTcpPortsIfExists()which saves existing TCP ports into theLayerPayloadbeforeremoveLayerData()deletes them (@kvaps in [#2292], [#2299]). -
[platform] Fix resource allocation ratios not propagated to managed packages: A regression introduced in the bundle restructure caused
cpuAllocationRatio,memoryAllocationRatio, andephemeralStorageAllocationRatioset inplatform/values.yamlto become no-ops — they were never written to thecozystack-valuesSecret that cozy-lib reads in child packages. This meant all managed applications silently used the hardcoded defaults (10, 1, 40) regardless of operator-configured values. The fix restores propagation by writing the ratios into the_clustersection of thecozystack-valuesSecret and passingcpuAllocationRatioto the KubeVirt Package component (@sircthulhu in [#2296], [#2301]). -
[linstor] Fix DRBD connectivity failures on kernels without
crct10difby setting verify-alg tocrc32c: LINSTOR's auto-verify algorithm selection defaults tocrct10dif, but this kernel crypto module is no longer available in newer kernels (e.g. Talos v1.12.6, kernel 6.18.18). Whencrct10difis unavailable, DRBD peer connections fail withVERIFYAlgNotAvail: failed to allocate crct10dif for verify, causing all DRBD resources to enter Diskless state and lose quorum.DrbdOptions/Net/verify-algis now set tocrc32cat the controller level (@kvaps in [#2303], [#2312]). -
[multus] Fix stale sandbox reservations permanently blocking pod creation after CNI ADD failure: After a node disruption (e.g. DRBD or kube-ovn issues during upgrade), containerd accumulated stale sandbox name reservations. Cleanup failed because multus called delegate plugins for DEL without cached state and they rejected the incomplete config, causing DEL to fail instead of succeeding. Stale entries were never released, permanently blocking new pod creation on the affected node. A custom multus-cni image is now built with a patch that returns success from DEL when CNI ADD never completed (@kvaps in [#2313], [#2314]).
-
[multus] Pin master CNI to
05-cilium.conflistto prevent race condition at boot: During node boot or Talos upgrade, multus auto-detects the master CNI conflist by scanning the CNI config directory. If kube-ovn writes10-kube-ovn.conflistbefore Cilium writes05-cilium.conflist, multus selects the wrong file and pods bypass the Cilium chain entirely, have no Cilium endpoint, and their traffic is blocked by cluster-wide network policies.multusMasterCNIis now pinned to05-cilium.conflist(@kvaps in [#2315], [#2316]).
Documentation
-
[website] Add custom Keycloak themes documentation: Added documentation for custom Keycloak theme injection to the White Labeling guide, covering the theme image contract (
/themes/directory structure), configuration via thecozystack.keycloakPackage resource,imagePullSecretsfor private registries, and theme activation in the Keycloak admin console (@lexfrei in cozystack/website#463). -
[website] Add documentation for Go types usage: Added a guide for using the generated Go types for Cozystack managed applications as a Go module, including installation instructions, programmatic resource management examples, and deployment approaches (@myasnikovdaniil in cozystack/website#465).
Full Changelog: https://github.com/cozystack/cozystack/compare/v1.2.0...v1.2.1
