fix(migration): suspend cozy-proxy if it conflicts with installer release by kvaps · Pull Request #2128 · cozystack/cozystack

kvaps · 2026-03-02T11:57:48Z

What this PR does

Adds a check in the migration script to detect and suspend the cozy-proxy
HelmRelease if it has releaseName: cozystack, which conflicts with the installer
release and causes cozystack-operator deletion during upgrade from v0.41 to v1.0.

Release note

[platform] Fix migration script to handle cozy-proxy releaseName conflict during v0.41→v1.0 upgrade.

Summary by CodeRabbit

Chores
- Enhanced the version 1.0 migration process with automatic conflict detection and interactive guidance, prompting users to resolve issues during the upgrade for a smoother migration experience.

coderabbitai · 2026-03-02T11:58:00Z

📝 Walkthrough

Walkthrough

Adds a new initial step to the migration script that detects a conflicting cozy-proxy HelmRelease with releaseName "cozystack", interactively prompts the user to suspend it, and patches the resource if agreed, or aborts the migration if refused.

Changes

Cohort / File(s)	Summary
HelmRelease Conflict Detection `hack/migrate-to-version-1.0.sh`	Adds Step 1 that detects conflicting cozy-proxy HelmRelease, displays warning message, interactively prompts for suspension, patches the resource if approved, or aborts with error if declined.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A migration tale, swift and clear,
Where Helm charts dance without fear!
Detect and suspend with a gentle ask,
Our fuzzy script completes its task. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a fix to suspend cozy-proxy when it conflicts during migration, which directly matches the PR's core objective of handling a conflicting HelmRelease.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings (stacked PR)
📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch fix/remove-namespace-from-installer

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

gemini-code-assist · 2026-03-02T11:58:12Z

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the robustness of the system's Helm deployments and migration process. It introduces measures to safeguard critical Kubernetes resources from unintended deletion during Helm uninstallations and addresses a specific conflict in the migration script that could lead to data loss or operational issues during upgrades.

Highlights

Helm Resource Policy: The cozy-system Namespace in the installer chart now includes the helm.sh/resource-policy: keep annotation, preventing Helm from deleting it upon release removal.
Migration Script Enhancement: The migration script has been updated to apply the helm.sh/resource-policy: keep annotation to both the cozy-system Namespace and the cozystack-version ConfigMap before migration.
HelmRelease Conflict Resolution: A new check was added to the migration script to detect and prompt for suspension of the cozy-proxy HelmRelease if its releaseName conflicts with the installer, preventing accidental deletion of the cozystack-operator.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

hack/migrate-to-version-1.0.sh
- Implemented a new step to check for and optionally suspend the cozy-proxy HelmRelease if its spec.releaseName is "cozystack", which would otherwise conflict with the main installer release during migration.

Activity

No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

gemini-code-assist

Code Review

This pull request introduces important fixes for the v1.0 migration. It adds a helm.sh/resource-policy: keep annotation to the cozy-system namespace to prevent its deletion by Helm, and it enhances the migration script to handle a potential conflict with the cozy-proxy HelmRelease. The logic in the migration script is sound, but I have one suggestion to improve its robustness by using the full Kubernetes resource name instead of a short name.

gemini-code-assist · 2026-03-02T11:59:29Z

hack/migrate-to-version-1.0.sh

+# In v0.41.x, cozy-proxy was incorrectly configured with releaseName "cozystack",
+# which conflicts with the installer helm release name. If not suspended, cozy-proxy
+# HelmRelease will overwrite the installer release and delete cozystack-operator.
+COZY_PROXY_RELEASE_NAME=$(kubectl get hr -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.releaseName}' 2>/dev/null || true)


For better robustness in this migration script, it's recommended to use the full resource name helmreleases instead of the short name hr. Short names are not guaranteed to be available on all clusters, and using the full name makes the script more reliable. This change should also be applied on lines 72 and 77 where hr is also used.

Suggested change

COZY_PROXY_RELEASE_NAME=$(kubectl get hr -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.releaseName}' 2>/dev/null || true)

COZY_PROXY_RELEASE_NAME=$(kubectl get helmreleases -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.releaseName}' 2>/dev/null || true)

…ease In v0.41.x, cozy-proxy HelmRelease was configured with releaseName: cozystack, which collides with the installer helm release. If not suspended before upgrade, the cozy-proxy HR reconciles and overwrites the installer release, deleting cozystack-operator. Add a check in the migration script that detects this conflict and suspends the cozy-proxy HelmRelease before proceeding. Co-Authored-By: Claude <[email protected]> Signed-off-by: Andrei Kvapil <[email protected]>

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@hack/migrate-to-version-1.0.sh`:
- Around line 64-79: The script currently aborts if the user answers "N" even
when the HelmRelease cozy-proxy is already suspended; modify the block that
checks COZY_PROXY_RELEASE_NAME so it first queries the HelmRelease .spec.suspend
(e.g., using kubectl get hr cozy-proxy -n "$NAMESPACE" -o
jsonpath='{.spec.suspend}') and if that value is true skip prompting and
continue, otherwise prompt as before and only abort if the user declines and
.spec.suspend is false; update the logic around the REPLY check and the kubectl
patch hr cozy-proxy command to reflect this new pre-check so answering "N" does
not cause an exit when .spec.suspend is already true.

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 12fec9b and 14a9017.

📒 Files selected for processing (1)

hack/migrate-to-version-1.0.sh

coderabbitai · 2026-03-02T12:03:08Z

hack/migrate-to-version-1.0.sh

+if [ "$COZY_PROXY_RELEASE_NAME" = "cozystack" ]; then
+    echo "WARNING: HelmRelease cozy-proxy has releaseName 'cozystack', which conflicts"
+    echo "with the installer release. It must be suspended before proceeding, otherwise"
+    echo "it will overwrite the installer and delete cozystack-operator."
+    echo ""
+    read -p "Suspend HelmRelease cozy-proxy? (y/N) " -n 1 -r
+    echo ""
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        kubectl -n "$NAMESPACE" patch hr cozy-proxy --type=merge --field-manager=flux-client-side-apply -p '{"spec":{"suspend":true}}'
+        echo "HelmRelease cozy-proxy suspended."
+    else
+        echo "ERROR: Cannot proceed with conflicting cozy-proxy HelmRelease active."
+        echo "Please suspend it manually:"
+        echo "  kubectl -n $NAMESPACE patch hr cozy-proxy --type=merge -p '{\"spec\":{\"suspend\":true}}'"
+        exit 1
+    fi


⚠️ Potential issue | 🟡 Minor

Avoid aborting when cozy-proxy is already suspended.

At Line 64, the branch is based only on releaseName. If .spec.suspend is already true, answering N at Line 69 still aborts at Line 78 even though the conflict is already mitigated.

💡 Suggested fix

COZY_PROXY_RELEASE_NAME=$(kubectl get hr -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.releaseName}' 2>/dev/null || true) +COZY_PROXY_SUSPENDED=$(kubectl get hr -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.suspend}' 2>/dev/null || true) if [ "$COZY_PROXY_RELEASE_NAME" = "cozystack" ]; then + if [ "$COZY_PROXY_SUSPENDED" = "true" ]; then + echo "HelmRelease cozy-proxy is already suspended." + echo "" + else echo "WARNING: HelmRelease cozy-proxy has releaseName 'cozystack', which conflicts" echo "with the installer release. It must be suspended before proceeding, otherwise" echo "it will overwrite the installer and delete cozystack-operator." echo "" read -p "Suspend HelmRelease cozy-proxy? (y/N) " -n 1 -r echo "" if [[ $REPLY =~ ^[Yy]$ ]]; then kubectl -n "$NAMESPACE" patch hr cozy-proxy --type=merge --field-manager=flux-client-side-apply -p '{"spec":{"suspend":true}}' echo "HelmRelease cozy-proxy suspended." else echo "ERROR: Cannot proceed with conflicting cozy-proxy HelmRelease active." echo "Please suspend it manually:" echo " kubectl -n $NAMESPACE patch hr cozy-proxy --type=merge -p '{\"spec\":{\"suspend\":true}}'" exit 1 fi echo "" + fi fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

if [ "$COZY_PROXY_RELEASE_NAME" = "cozystack" ]; then

echo "WARNING: HelmRelease cozy-proxy has releaseName 'cozystack', which conflicts"

echo "with the installer release. It must be suspended before proceeding, otherwise"

echo "it will overwrite the installer and delete cozystack-operator."

echo ""

read -p "Suspend HelmRelease cozy-proxy? (y/N) " -n 1 -r

echo ""

if [[ $REPLY =~ ^[Yy]$ ]]; then

kubectl -n "$NAMESPACE" patch hr cozy-proxy --type=merge --field-manager=flux-client-side-apply -p '{"spec":{"suspend":true}}'

echo "HelmRelease cozy-proxy suspended."

else

echo "ERROR: Cannot proceed with conflicting cozy-proxy HelmRelease active."

echo "Please suspend it manually:"

echo " kubectl -n $NAMESPACE patch hr cozy-proxy --type=merge -p '{\"spec\":{\"suspend\":true}}'"

exit 1

fi

COZY_PROXY_RELEASE_NAME=$(kubectl get hr -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.releaseName}' 2>/dev/null || true)

COZY_PROXY_SUSPENDED=$(kubectl get hr -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.suspend}' 2>/dev/null || true)

if [ "$COZY_PROXY_RELEASE_NAME" = "cozystack" ]; then

if [ "$COZY_PROXY_SUSPENDED" = "true" ]; then

echo "HelmRelease cozy-proxy is already suspended."

echo ""

else

echo "WARNING: HelmRelease cozy-proxy has releaseName 'cozystack', which conflicts"

echo "with the installer release. It must be suspended before proceeding, otherwise"

echo "it will overwrite the installer and delete cozystack-operator."

echo ""

read -p "Suspend HelmRelease cozy-proxy? (y/N) " -n 1 -r

echo ""

if [[ $REPLY =~ ^[Yy]$ ]]; then

kubectl -n "$NAMESPACE" patch hr cozy-proxy --type=merge --field-manager=flux-client-side-apply -p '{"spec":{"suspend":true}}'

echo "HelmRelease cozy-proxy suspended."

else

echo "ERROR: Cannot proceed with conflicting cozy-proxy HelmRelease active."

echo "Please suspend it manually:"

echo " kubectl -n $NAMESPACE patch hr cozy-proxy --type=merge -p '{\"spec\":{\"suspend\":true}}'"

exit 1

fi

fi

fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@hack/migrate-to-version-1.0.sh` around lines 64 - 79, The script currently aborts if the user answers "N" even when the HelmRelease cozy-proxy is already suspended; modify the block that checks COZY_PROXY_RELEASE_NAME so it first queries the HelmRelease .spec.suspend (e.g., using kubectl get hr cozy-proxy -n "$NAMESPACE" -o jsonpath='{.spec.suspend}') and if that value is true skip prompting and continue, otherwise prompt as before and only abort if the user declines and .spec.suspend is false; update the logic around the REPLY check and the kubectl patch hr cozy-proxy command to reflect this new pre-check so answering "N" does not cause an exit when .spec.suspend is already true.

github-actions · 2026-03-02T15:31:24Z

Successfully created backport PR for release-1.0:

[Backport release-1.0] fix(migration): suspend cozy-proxy if it conflicts with installer release #2130

…icts with installer release (#2130) # Description Backport of #2128 to `release-1.0`.

kvaps changed the title ~~fix(installer): add keep annotation to Namespace and fix migration script~~ fix(migration): suspend cozy-proxy if it conflicts with installer release Mar 2, 2026

gemini-code-assist bot reviewed Mar 2, 2026

View reviewed changes

kvaps force-pushed the fix/remove-namespace-from-installer branch from da00ceb to 14a9017 Compare March 2, 2026 11:59

kvaps marked this pull request as ready for review March 2, 2026 11:59

kvaps requested review from IvanHunters, androndo, lexfrei, lllamnyp and sircthulhu as code owners March 2, 2026 11:59

dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. bug Something isn't working labels Mar 2, 2026

coderabbitai bot reviewed Mar 2, 2026

View reviewed changes

kvaps added the backport Should change be backported on previus release label Mar 2, 2026

kvaps merged commit b455405 into main Mar 2, 2026
12 checks passed

kvaps deleted the fix/remove-namespace-from-installer branch March 2, 2026 15:31

github-actions bot mentioned this pull request Mar 2, 2026

[Backport release-1.0] fix(migration): suspend cozy-proxy if it conflicts with installer release #2130

Merged

kvaps added a commit that referenced this pull request Mar 2, 2026

[Backport release-1.0] fix(migration): suspend cozy-proxy if it confl…

2a956eb

…icts with installer release (#2130) # Description Backport of #2128 to `release-1.0`.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(migration): suspend cozy-proxy if it conflicts with installer release#2128

fix(migration): suspend cozy-proxy if it conflicts with installer release#2128
kvaps merged 1 commit intomainfrom
fix/remove-namespace-from-installer

kvaps commented Mar 2, 2026 •

edited by coderabbitai bot

Loading

Uh oh!

coderabbitai bot commented Mar 2, 2026 •

edited

Loading

Walkthrough

Changes

Estimated code review effort

Poem

Uh oh!

gemini-code-assist bot commented Mar 2, 2026

Uh oh!

gemini-code-assist bot left a comment

Uh oh!

gemini-code-assist bot Mar 2, 2026

Uh oh!

coderabbitai bot left a comment

Uh oh!

coderabbitai bot Mar 2, 2026

Uh oh!

Uh oh!

github-actions bot commented Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

	COZY_PROXY_RELEASE_NAME=$(kubectl get hr -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.releaseName}' 2>/dev/null \|\| true)
	COZY_PROXY_RELEASE_NAME=$(kubectl get helmreleases -n "$NAMESPACE" cozy-proxy -o jsonpath='{.spec.releaseName}' 2>/dev/null \|\| true)

Conversation

kvaps commented Mar 2, 2026 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What this PR does

Release note

Summary by CodeRabbit

Uh oh!

coderabbitai bot commented Mar 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Poem

Uh oh!

gemini-code-assist bot commented Mar 2, 2026

Summary of Changes

Highlights

Footnotes

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

gemini-code-assist bot Mar 2, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Mar 2, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

github-actions bot commented Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

kvaps commented Mar 2, 2026 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Mar 2, 2026 •

edited

Loading