docs(upgrade): add step to protect namespace before upgrading

[kvaps]

What this PR does

Adds a required step to both the standard upgrade guide and the v0.41→v1.0 migration guide:
annotate the cozy-system namespace and cozystack-version ConfigMap with
helm.sh/resource-policy=keep before running helm upgrade.

Without this annotation, Helm could delete the namespace and all resources within it
during release removal or upgrade.

Summary by CodeRabbit

• Documentation
  • Enhanced cluster upgrade documentation with a new protection step for critical resources before operator upgrades.
  • Improved operator upgrade instructions with detailed verification steps and troubleshooting guidance.
  • Clarified migration workflow with explicit commands and post-migration validation procedures.
  • Updated cleanup procedures with concrete commands and expected outcomes.

[netlify]

✅ Deploy Preview for cozystack ready!

Name	Link
🔨 Latest commit	51f1ae4
🔍 Latest deploy log	https://app.netlify.com/projects/cozystack/deploys/69a2c7ff282ffd00084e5207
😎 Deploy Preview	https://deploy-preview-435--cozystack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 38f3e24 and 51f1ae4.

📒 Files selected for processing (2)

• content/en/docs/v1/operations/cluster/upgrade.md
• content/en/docs/v1/operations/upgrades/_index.md

---

📝 Walkthrough

Walkthrough

Two upgrade documentation files were updated with new procedures: adding a critical resource protection step using Helm annotations before upgrades, expanding operator installation instructions with OCI-based helm commands, detailing migration script workflows, and enhancing verification steps with explicit validation commands.

Changes

Cohort / File(s)

Summary

Upgrade Documentation content/en/docs/v1/operations/cluster/upgrade.md, content/en/docs/v1/operations/upgrades/_index.md

Added new "Protect critical resources" step with Helm annotations (helm.sh/resource-policy=keep) for namespace and ConfigMap protection. Expanded operator installation with OCI-based helm upgrade/install commands and PackageSource creation. Enhanced verification workflow with HelmRelease status checks, pod inspection, and operator log troubleshooting guidance. Renumbered subsequent steps to reflect new sequence and added migration script execution details.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Hops of wisdom through the docs so fine,
Protection steps in perfect line,
Annotations guard what must survive,
Upgrades now safe, the cluster thrives!
With scripts and logs, we verify with care, ✨

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch docs/upgrade-namespace-annotation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the Cozystack upgrade documentation by integrating a crucial step to safeguard core Kubernetes resources. It ensures that the cozy-system namespace and cozystack-version ConfigMap are not inadvertently deleted by Helm during upgrades or release removals, thereby preventing potential data loss and ensuring operational continuity. The change is reflected in both the general upgrade guide and the specific migration guide for v0.41 to v1.0.

Highlights

• Critical Resource Protection: Added a new mandatory step to the Cozystack upgrade documentation to protect critical Kubernetes resources (the cozy-system namespace and cozystack-version ConfigMap) from accidental deletion by Helm.
• Helm Resource Policy Annotation: Introduced kubectl annotate commands to apply helm.sh/resource-policy=keep to ensure these resources are preserved during Helm upgrade or removal operations.
• Documentation Updates: Updated both the standard upgrade guide (content/en/docs/v1/operations/cluster/upgrade.md) and the v0.41->v1.0 migration guide (content/en/docs/v1/operations/upgrades/_index.md) with the new protection step and renumbered subsequent steps accordingly.
• Warning Inclusion: Included a prominent warning alert in the documentation, emphasizing that this step is required to prevent data loss.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• content/en/docs/v1/operations/cluster/upgrade.md
  • Inserted a new section titled "2. Protect critical resources" detailing the annotation commands for cozy-system namespace and cozystack-version ConfigMap.
  • Added a warning alert highlighting the necessity of the resource protection step.
  • Renumbered the subsequent section "2. Upgrade the Cozystack Operator" to "3.".
  • Renumbered the subsequent section "3. Check the cluster status after upgrading" to "4.".
• content/en/docs/v1/operations/upgrades/_index.md
  • Inserted a new section titled "Step 1. Protect critical resources" with instructions to annotate the cozy-system namespace and cozystack-version ConfigMap.
  • Added a warning alert emphasizing the critical nature of the new protection step.
  • Renumbered the original "Step 1. Install the Cozystack Operator" to "Step 2.".
  • Renumbered the original "Step 2. Generate the Platform Package" to "Step 3.".
  • Renumbered the original "Step 3. Monitor the Migration" to "Step 4.".
  • Renumbered the original "Step 4. Clean Up Old ConfigMaps" to "Step 5.".
  • Renumbered the original "Step 5. Verify the Migration" to "Step 6.".

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds a critical step to the upgrade documentation to protect the cozy-system namespace and cozystack-version ConfigMap from being deleted by Helm during an upgrade. The changes are clear and well-explained in both the standard upgrade guide and the v0.41→v1.0 migration guide. I've suggested a small improvement to the provided commands to make them more robust, preventing potential failures if the cozystack-version ConfigMap doesn't exist in the user's environment. This will help avoid confusion during the upgrade process.

[gemini-code-assist]

To improve the robustness of the upgrade script, it's a good practice to check for the existence of the cozystack-version ConfigMap before attempting to annotate it. This prevents the command from failing if the ConfigMap is not present, which could confuse users and halt their upgrade process. The suggested change wraps the annotation command in an if block that first verifies the ConfigMap exists.

Suggested change

	kubectl annotate configmap -n cozy-system cozystack-version helm.sh/resource-policy=keep --overwrite
	# Annotate the cozystack-version ConfigMap only if it exists
	if kubectl get configmap -n cozy-system cozystack-version >/dev/null 2>&1; then
	kubectl annotate configmap -n cozy-system cozystack-version helm.sh/resource-policy=keep --overwrite
	fi

[gemini-code-assist]

To make the upgrade steps more robust, it's better to check if the cozystack-version ConfigMap exists before trying to annotate it. This avoids a potential failure in the script if the ConfigMap is not found, which could cause confusion for the user. The suggested change adds a check for the ConfigMap's existence before running the kubectl annotate command.

Suggested change

	kubectl annotate configmap -n cozy-system cozystack-version helm.sh/resource-policy=keep --overwrite
	# Annotate the cozystack-version ConfigMap only if it exists
	if kubectl get configmap -n cozy-system cozystack-version >/dev/null 2>&1; then
	kubectl annotate configmap -n cozy-system cozystack-version helm.sh/resource-policy=keep --overwrite
	fi