docs(install): add --take-ownership flag and describe networking.* fields

[lexfrei]

What

Two small fixes to content/en/docs/v1/getting-started/install-cozystack.md covering issues that keep showing up for newcomers in the community chat:

1. Add --take-ownership to the documented helm upgrade --install command for the Cozystack operator and explain when it is needed.
2. Document each networking.* field (podCIDR, podGateway, serviceCIDR, joinCIDR) instead of just saying "internal networking configurations". The example YAML already contains joinCIDR: "100.64.0.0/16" but the prose explains nothing about it, which confuses people during the tutorial.

Why

--take-ownership: a user ran the documented command against a cluster where cozy-system already existed (aborted earlier install attempt, manually-created namespace, etc.) and hit an ownership conflict. They worked it out on the second try but the fix belongs in the doc. The flag was added in Helm 3.17 specifically for this scenario and is the standard way to adopt a pre-existing namespace that lacks meta.helm.sh/release-name. The PR describes both sources of the conflict (no Helm annotations at all, or annotations pointing at a different release) and clarifies that Helm detects the conflict when applying the rendered manifests, not during template rendering.

networking.* descriptions: another user asked in the community chat what networking.joinCIDR was for, because the current doc only lists the field in the example and labels the whole block "internal networking configurations". The PR adds a bullet for each field:

• podCIDR with the "must not overlap with your node network" caveat
• podGateway with a concrete rule (use the .1 address of the podCIDR network, e.g., 10.244.0.1 for 10.244.0.0/16)
• serviceCIDR with an explicit warning that the value is baked into the kube-apiserver at bootstrap and cannot be changed without rebuilding the cluster — mismatches silently break DNS and service routing
• joinCIDR with a link to the upstream Kube-OVN join subnet reference and a pointer to RFC 6598 explaining why 100.64.0.0/16 is the default

Verification

• hugo builds cleanly; the new content renders as expected.
• --take-ownership flag confirmed against Helm v3.17.0 release notes (https://github.com/helm/helm/releases/tag/v3.17.0).
• Kube-OVN join subnet anchor verified live (https://kubeovn.github.io/docs/stable/en/guide/subnet/#join-subnet).
• RFC 6598 citation verified for 100.64.0.0/10 shared address space (100.64.0.0/16 is a subset).
• The podGateway = .1 of podCIDR rule matches the Kube-OVN default gateway allocation and the existing YAML example.

Summary by CodeRabbit

• Documentation
  • Updated Helm installation instructions for the Cozystack operator to include an additional flag that enables improved cluster resource adoption and prevents installation conflicts with pre-existing resources.
  • Expanded networking configuration documentation with comprehensive parameter definitions and constraints, including pod CIDR, service CIDR, gateway, and join CIDR configurations with interdependency requirements.

[netlify]

✅ Deploy Preview for cozystack ready!

Name	Link
🔨 Latest commit	e0e31f1
🔍 Latest deploy log	https://app.netlify.com/projects/cozystack/deploys/69dac3411be44600081cacaf
😎 Deploy Preview	https://deploy-preview-480--cozystack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Warning

Rate limit exceeded

@lexfrei has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 7 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 8 minutes and 7 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6074e86f-aca9-4428-903c-fad6ab3b80bb

📥 Commits

Reviewing files that changed from the base of the PR and between 428f23f and e0e31f1.

📒 Files selected for processing (1)

• content/en/docs/v1/getting-started/install-cozystack.md

📝 Walkthrough

Walkthrough

Updated the Cozystack operator Helm installation command to include the --take-ownership flag (Helm 3.17+) and provided detailed documentation explaining its purpose for adopting pre-existing cluster resources. Expanded the networking configuration documentation with enumerated definitions of podCIDR, podGateway, serviceCIDR, and joinCIDR parameters.

Changes

Cohort / File(s)	Summary
Documentation Updates content/en/docs/v1/getting-started/install-cozystack.md	Updated Helm installation command with --take-ownership flag; added explanation of ownership conflict resolution. Expanded networking configuration documentation with detailed parameter definitions and constraints for podCIDR, podGateway, serviceCIDR, and joinCIDR.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 Ownership flags now guide the way,
Namespaces claimed without delay,
Networks defined in colors so bright,
Documentation shining ever right! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the two main changes: adding the --take-ownership flag documentation and describing the networking.* configuration fields.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/install-cozystack-networking-and-take-ownership

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request updates the Cozystack installation guide to include the --take-ownership Helm flag and provides detailed documentation for networking configuration parameters. Feedback includes a technical correction regarding the RFC 6598 address space and suggestions for consistent terminology in the networking section.

[gemini-code-assist]

Technically, RFC 6598 defines the shared address space as 100.64.0.0/10. The default 100.64.0.0/16 used here is a subset of that space. It is more precise to state that it is "part of" the shared address space.

Suggested change

	traffic between cluster nodes and pods. The default `100.64.0.0/16` is a shared address space
	traffic between cluster nodes and pods. The default 100.64.0.0/16 is part of the shared address space

[lexfrei]

Applied — reworded the joinCIDR bullet to say that the default 100.64.0.0/16 is part of the RFC 6598 shared address space 100.64.0.0/10.

[gemini-code-assist]

For consistency with the description of podCIDR (lines 98-99), consider using the terms "overlaps" and "route" instead of "collides" and "reach". This maintains a uniform technical vocabulary throughout the networking section.

Suggested change

	internal-only use. Change it only if it collides with a network your nodes already reach; see the
	internal-only use. Change it only if it overlaps with a network your nodes already route; see the

[lexfrei]

Applied — switched to overlaps / route so the joinCIDR bullet matches the podCIDR wording earlier in the same networking section.