Download Latest Version
metal-amd64.iso (540.4 MB)
Get an email when there's a new version of cozystack
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2026-05-28 | 5.8 kB | |
| v1.4.2 source code.tar.gz | 2026-05-28 | 5.7 MB | |
| v1.4.2 source code.zip | 2026-05-28 | 7.8 MB | |
| openapi.json | 2026-05-28 | 2.5 MB | |
| cozypkg-checksums.txt | 2026-05-28 | 564 Bytes | |
| cozypkg-windows-arm64.tar.gz | 2026-05-28 | 22.9 MB | |
| cozypkg-darwin-amd64.tar.gz | 2026-05-28 | 26.7 MB | |
| cozypkg-darwin-arm64.tar.gz | 2026-05-28 | 24.7 MB | |
| cozypkg-linux-amd64.tar.gz | 2026-05-28 | 25.4 MB | |
| cozypkg-linux-arm64.tar.gz | 2026-05-28 | 22.9 MB | |
| cozypkg-windows-amd64.tar.gz | 2026-05-28 | 25.6 MB | |
| initramfs-metal-amd64.xz | 2026-05-28 | 154.4 MB | |
| kernel-amd64 | 2026-05-28 | 20.4 MB | |
| nocloud-amd64.raw.xz | 2026-05-28 | 347.5 MB | |
| metal-amd64.raw.xz | 2026-05-28 | 347.5 MB | |
| metal-amd64.iso | 2026-05-28 | 540.4 MB | |
| cozystack-operator-hosted.yaml | 2026-05-28 | 2.5 kB | |
| cozystack-operator-generic.yaml | 2026-05-28 | 2.6 kB | |
| cozystack-operator-talos.yaml | 2026-05-28 | 2.6 kB | |
| cozystack-crds.yaml | 2026-05-28 | 20.0 kB | |
| Totals: 20 Items | 1.6 GB | 0 | |
v1.4.2 (2026-05-27)
A patch release shipping two kubevirt-csi-driver reliability fixes for persistent-volume attach failures and a platform fix that makes OpenSearch available in the PaaS bundle. All main-repo changes are backports of PRs already merged to main.
Fixes
-
fix(platform): add OpenSearch to PaaS bundle: OpenSearch packages (
opensearch-operator,opensearch-rd) have been present in the repository for several releases, but the PaaS bundle template (bundles.paas.enabled=true) never referenced the twocozystack.opensearch-*PackageSources. As a result the operator was not deployed (noOpenSearchClusterCRD), theApplicationDefinition/opensearchwas never created, and the dashboard catalog showed no OpenSearch entry — tenants could not provision OpenSearch instances regardless of what was installed. The two missing includes are now added to the PaaS bundle alongside every other database operator (@myasnikovdaniil in [#2648], backport [#2757]). -
fix(csi): route RWX Block volumes to upstream hotplug detach:
ControllerUnpublishVolumein the kubevirt-csi-driver wrapper selected the NFS cleanup branch using onlyhasRWXAccessMode(pvc). KubeVirt live-migration disks (RWX Block PVCs) matched that check and were sent down the NFS path, which only deletes aCiliumNetworkPolicy. Because no such CNP exists for block volumes, the function returned success without calling upstream's hotplug detach — leaving theDataVolumeentry inVM.spec.template.spec.volumespermanently. When the same PVC later attached to a different VM, linstor-csi's anti-split-brain check rejected the attach. The fix introducesisNFSVolume(pvc), which requires bothReadWriteManyaccess mode andVolumeMode=Filesystem, accurately matching only NFS-backed PVCs. The same predicate replaces the access-mode-only check inControllerExpandVolume, which was incorrectly skipping in-VM disk expansion for RWX Block volumes (@myasnikovdaniil in [#2658], backport [#2749]). -
fix(csi): verify VMI Ready after kubevirt-csi Publish to surface stuck-PVC failures: Upstream
ControllerPublishVolumehas a fast path (EnsureVolumeAvailableVM) that considers a volume attached as soon as its entry appears inVM.spec.template.spec.volumes. If a previous Publish wrote that entry but the hotplug never completed — e.g. because the backing PVC is stuckClaimPendingdue to LINSTOR being unable to autoplace — the retry hits the fast path and reports success.external-attacherthen setsVolumeAttachment.Attached=true, but QEMU was never sentdevice_add, so the tenant kubelet'sNodeStageVolumefails withcouldn't find device by serial id. The wrapper now re-readsVMI.Status.VolumeStatusafter upstream returns success and returnscodes.Unavailable(with the upstream reason, e.g.PVC is in phase ClaimPending) if the volume is not inVolumeReadyphase. This keepsexternal-attacherretrying and surfaces the underlying provisioning failure at the CSI layer rather than as a confusing kubelet-side error (@myasnikovdaniil in [#2659], backport [#2748]).
Documentation
-
[website] Update Cozystack logo, favicons, and social banner: Refreshes the website branding to the new Cozystack logo — a new horizontal wordmark for the navigation bar, regenerated favicon set, and an updated Open Graph social banner. The navbar logo height is adjusted from 30 px to 36 px for improved readability (@kvapsova in cozystack/website#551).
-
[website] Cilium Gateway API — architecture, security, and migration guide: Adds a comprehensive
networking/gateway-api.mdpage for the Cilium-backed Gateway API feature. The guide covers the platform-levelgateway.enabledtoggle and per-tenanttenant.spec.gatewayopt-in, inheritance of the parent Gateway through thenamespace.cozystack.io/gatewaylabel, HTTP-01 and DNS-01 certificate modes (four DNS providers), per-service HTTPRoute and TLSRoute tables, a five-layer security model, and a step-by-step migration path from ingress-nginx for new and existing clusters. The platform-package reference is extended with thegateway.*andpublishing.certificates.dns01.*value rows (@lexfrei in cozystack/website#509). -
[website] Pin cozystack download URLs in v0 docs: Fixes broken download links in the v0 installation documentation.
releases/latest/download/now resolves to v1.4.x where the legacycozystack-installer.yamlasset no longer exists. All affected URLs are pinned to thev0.41.11tag via aversion-pinshortcode, including the installer manifest (three pages), metal image downloads (two pages), and the Oracle Cloud guide'swgetcommand. The talm download in the Oracle Cloud guide is also fixed from the dropped bare-binary asset name to the.tar.gzarchive (@lexfrei in cozystack/website#548).
Contributors
Thanks to everyone who contributed to this patch release:
Full Changelog: https://github.com/cozystack/cozystack/compare/v1.4.1...v1.4.2
