Skip to content

Releases: PlatformRelay/Kollect

kollect 0.9.0

Choose a tag to compare

@github-actions github-actions released this 14 Jul 13:53

0.9.0 - 2026-07-14

Bug Fixes

  • docs: Correct OpenSSF Scorecard badge repo-name casing 4984cc7

Features

  • branding: Add favicon and social preview assets (#74)930a82b

  • pipeline: Sink credentials from env vars via ${env:VAR} secret placeholders 53b3d48

  • api: Per-sink-binding maxExportBytes override (merge feat/export-partitioning, AR-01/EC-P0-01 Option B) 37596e9

  • api: Per-sink-binding maxExportBytes override (AR-01/EC-P0-01 Phase C, Option B) 1d26bfc

Refactoring

  • sink: Extract event-sink secret->auth helper into secretkv 4f14450

Container image (operator)

ghcr.io/platformrelay/kollect:0.9.0

Multi-arch (linux/amd64, linux/arm64), Debian bookworm-slim nonroot base (includes git and openssh-client for spec.git.engine: cli).

OCI attestations (SBOM + SLSA provenance) are attached in GHCR and on the repository
Attestations page. Verify the signature:

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/PlatformRelay/Kollect/.+' \
  ghcr.io/platformrelay/kollect@sha256:99f33015dede4e6be4e4d8b122021e204d5181ac4c282f8f6a6e0e28b26845c5

Container image (kollect-ui)

Optional read-only UI SPA — enable with Helm ui.enabled=true.

ghcr.io/platformrelay/kollect-ui:0.9.0

Multi-arch (linux/amd64, linux/arm64), nginx alpine static server.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/PlatformRelay/Kollect/.+' \
  ghcr.io/platformrelay/kollect-ui@sha256:56b2cfa81bd3667c8dbb657f3f592504f855fc14d2b46763efb47cb859f9ad68

Container image (kollect-pipeline)

One-shot CI/CD collection CLI (ADR-0801) — collect inventory from a kubeconfig without installing
the operator. See the pipeline CLI guide.

ghcr.io/platformrelay/kollect-pipeline:0.9.0

Multi-arch (linux/amd64, linux/arm64), distroless static nonroot base. The git snapshot sink
uses the pure-Go go-git engine over HTTPS; git.engine: cli and file:// remotes are not supported
in this minimal image.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/PlatformRelay/Kollect/.+' \
  ghcr.io/platformrelay/kollect-pipeline@sha256:fe7799600540ca849b68d67fe5b7e0acb19823d55f83cfc6e61842488ffc4825

Install (Kustomize)

kubectl apply -f install-crds.yaml
kubectl apply -f install.yaml

Install (Helm — OCI)

helm upgrade --install kollect oci://ghcr.io/platformrelay/kollect \
  --version 0.9.0 \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/platformrelay/kollect \
  --set image.tag=0.9.0 \
  --set ui.image.tag=0.9.0

Install (Helm — GitHub Release tarball)

helm upgrade --install kollect kollect-0.9.0.tgz \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/platformrelay/kollect \
  --set image.tag=0.9.0 \
  --set ui.image.tag=0.9.0

Verify checksums with sha256sum -c checksums.txt. Each release asset includes a
<file>.sigstore.json Sigstore bundle; release-provenance.intoto.jsonl attests all assets.
See docs/RELEASE.md.

kollect 0.8.0

Choose a tag to compare

@github-actions github-actions released this 10 Jul 08:51

0.8.0 - 2026-07-10

Bug Fixes

  • pipeline: Drop computed make() capacity flagged by CodeQL overflow 11b9ee3

  • cli: Context selection, skip-to-exitcode, and dead --namespace flag ba53f06

  • controller: Requeue on family-sink status conflict instead of dropping it 7cb5cbe

  • collect: Block on dispatch backpressure instead of inline sync fallback c570338

  • controller: Degrade scope not whole target on RBAC-forbidden namespace (#28) 7cdc108

  • release: Tolerate Rekor 409 on asset re-sign 0a8f61a

  • sink/nats: Reconnect when cached connection is closed 05323e7

  • sink/bigquery: Snapshot emulator mode in Config 7ab6387

  • test: Drop duplicate family sink condition tests b6bfdb7

  • build: Fix go-arch-lint exclude paths for local dirs 95850bb

  • validation: Block private sink endpoint targets 6c1ed5b

  • sink: Retry BigQuery emulator readiness in L3 tests 5106a32

  • controller: Enforce namespace intersections in rollups c4439c3

  • sink: Re-enable backend pool after layout integration test bea1372

  • sink: Infer resource manifest layout e83c30f

  • build: Compile full cmd package after pprof fold 796e744

  • controller: Panic-guard family-sink, connection-test, cluster-target reconcilers b333ce0

  • controller: Aggregate per-sink export errors af341f8

  • controller: Stop requeue on terminal finalizer cleanup b3ae025

  • api: [breaking] Reject stub sink types at admission 5eee44d

  • sink: Remove stub backends, make unknown sink type terminal eaf5a15

  • sink/git: Redact credentials from git CLI errors 7a8e6d0

  • collect: Stabilize export fingerprints for debounce 038cbec

  • docs: Purge stale hub/spoke from operator manual 367b6bf

  • docs: Repair broken links and stale ADR references be7c448

  • chart: Sync family-sink CRDs with ADR-0416 fields 7baaa66

  • build: Upgrade alpine packages in UI image for Trivy 3cdce54

  • ci: Stop perf-report writing agent-context in CI 5efafd6

  • ui: Disambiguate Playwright inventory row locator 878dff2

  • ci: Stabilize nightly Playwright and perf-report fcb0533

  • build: Upgrade debian packages for Trivy gate 5c8f07f

  • controller: Recover panics and suspend status 3bb8c55

  • git: Resolve lint issues in sink hardening 1cd7ef7

  • docs: Remove extra blank line in git-sink-attribution 152cb40

  • e2e: Guard multitenant port-forward cleanup trap fde54d4

  • e2e: Use object form for snapshotSinkRefs c434c9e

  • e2e: Validate git-export and multitenant via HTTP b934eb2

  • e2e: Drop legacy sinkRefs from multitenant scope 7efd330

  • e2e: Drop removed inventory sinkRefs field f7de7af

  • e2e: Validate collection via inventory HTTP 67404df

  • e2e,test: Stabilize smoke bootstrap and debounce IT 2b7b31d

  • samples: Drop legacy sinkRefs from team-a scope 4598ce5

  • e2e: Wait on family sink CRDs in kind smoke fac0a82

  • gitlab: Basic auth for Forgejo Gitea MR API 92e2ce0

  • collect,controller: Resolve race detector findings 2fc1aff

  • api: Keep KollectRemoteCluster status optional in codegen 578af5e

  • api: Drop required status on KollectRemoteCluster create 88e7bc5

  • ops: P2 hardening and chart connectionTest default 4a07ab6

  • git: Terminal auth errors and per-repo export lock 2b596ba

  • lint: Gofmt webhooks and phase A envtest cleanup f132bf9

  • sink: Isolate circuit breaker test from parallel pollution d5ec865

  • e2e: Revert multitenant namespaceSelector 4ba734c

  • controller: Continue multi-sink export on partial failure 6b1fa36

  • e2e: Apply tenant-scope after multitenant asserts 475f3f9

  • e2e: Stabilize multitenant matrix job waits 9ed2c7a

  • sink: Validate git export paths for CodeQL 4855b3d

  • ci: Sync CHANGELOG and UI Docker npm ci 0eef82c

  • e2e: Bootstrap samples for matrix git-export 7957b7b

  • sink: Gitlab HTTP client timeout 2c1377c

  • sink: Postgres connect uses request context 3590d22

  • collect: Degrade target on SAR API error 9ada555

  • hub: Rollback merge when export fails 6065122

  • controller: Requeue conflicts and log map errors a9cd353

  • sink: Close backends and log close errors a52d779

  • transport: Commit Kafka offset on handler success e15ef5b

  • spoke: Retain delta until publish succeeds 42fe240

  • sink: Valida...

Read more

kollect 0.7.0

Choose a tag to compare

@github-actions github-actions released this 17 Jun 21:47

0.7.0 - 2026-06-17


Container image (operator)

ghcr.io/konih/kollect:0.7.0

Multi-arch (linux/amd64, linux/arm64), Debian bookworm-slim nonroot base (includes git and openssh-client for spec.git.engine: cli).

OCI attestations (SBOM + SLSA provenance) are attached in GHCR and on the repository
Attestations page. Verify the signature:

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect@sha256:bd50c251502495931669703a7bfea6d13c4c44f45f4c5972acf3b97f8f734543

Container image (kollect-ui)

Optional read-only UI SPA — enable with Helm ui.enabled=true.

ghcr.io/konih/kollect-ui:0.7.0

Multi-arch (linux/amd64, linux/arm64), nginx alpine static server.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect-ui@sha256:3bd72b73493018bf8cccfff536e97013e92cca4262624a5990e8ab9fd55b4291

Install (Kustomize)

kubectl apply -f install-crds.yaml
kubectl apply -f install.yaml

Install (Helm — OCI)

helm upgrade --install kollect oci://ghcr.io/konih/kollect \
  --version 0.7.0 \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.7.0 \
  --set ui.image.tag=0.7.0

Install (Helm — GitHub Release tarball)

helm upgrade --install kollect kollect-0.7.0.tgz \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.7.0 \
  --set ui.image.tag=0.7.0

Verify checksums with sha256sum -c checksums.txt. Each release asset includes a
<file>.sigstore.json Sigstore bundle; release-provenance.intoto.jsonl attests all assets.
See docs/RELEASE.md.

kollect 0.7.0-rc.1

kollect 0.7.0-rc.1 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 13 Jun 13:44

0.7.0-rc.1 - 2026-06-13

Bug Fixes

  • release: Tolerate Rekor 409 on asset re-sign 94de025

  • sink/nats: Reconnect when cached connection is closed 319a2bf

  • sink/bigquery: Snapshot emulator mode in Config 4c58988

Features

  • webhook: Reject cluster kinds in tenantMode 3dbfd6b

  • controller: Classify forbidden static refs for cluster kinds ae3057d

  • api: [breaking] Reference namespaced static config from cluster kinds 9753744


Container image (operator)

ghcr.io/konih/kollect:0.7.0-rc.1

Multi-arch (linux/amd64, linux/arm64), Debian bookworm-slim nonroot base (includes git and openssh-client for spec.git.engine: cli).

OCI attestations (SBOM + SLSA provenance) are attached in GHCR and on the repository
Attestations page. Verify the signature:

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect@sha256:05fe500edf271489def67e61dc7f456f54983e83471f56ff4f5d226b806dcf7e

Container image (kollect-ui)

Optional read-only UI SPA — enable with Helm ui.enabled=true.

ghcr.io/konih/kollect-ui:0.7.0-rc.1

Multi-arch (linux/amd64, linux/arm64), nginx alpine static server.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect-ui@sha256:b3c4169f0c72475e0abdfbcc1e0788e0eedd47d5c321dcbe830db1ca37977178

Install (Kustomize)

kubectl apply -f install-crds.yaml
kubectl apply -f install.yaml

Install (Helm — OCI)

helm upgrade --install kollect oci://ghcr.io/konih/kollect \
  --version 0.7.0-rc.1 \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.7.0-rc.1 \
  --set ui.image.tag=0.7.0-rc.1

Install (Helm — GitHub Release tarball)

helm upgrade --install kollect kollect-0.7.0-rc.1.tgz \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.7.0-rc.1 \
  --set ui.image.tag=0.7.0-rc.1

Verify checksums with sha256sum -c checksums.txt. Each release asset includes a
<file>.sigstore.json Sigstore bundle; release-provenance.intoto.jsonl attests all assets.
See docs/RELEASE.md.

kollect 0.6.0-rc.2

Choose a tag to compare

@github-actions github-actions released this 10 Jun 03:50

0.6.0-rc.2 - 2026-06-10

Bug Fixes

  • test: Drop duplicate family sink condition tests f0bfb36

  • build: Fix go-arch-lint exclude paths for local dirs 4e443f6

  • validation: Block private sink endpoint targets f1c0d79

Features

  • controller: Shard snapshot exports by max bytes d6ee50a

Refactoring

  • bigquery: Inject query execution adapter 0d2208d

  • s3: Isolate head-bucket check helper 12a47ea

  • postgres: Narrow upsert tx interfaces 82e7bb1

  • export: Extract envelope partition helpers 391bbb8

  • mongodb: Isolate export scope planning 51154e7

  • postgres: Extract export planning helpers 1e0248f


Container image (operator)

ghcr.io/konih/kollect:0.6.0-rc.2

Multi-arch (linux/amd64, linux/arm64), Debian bookworm-slim nonroot base (includes git and openssh-client for spec.git.engine: cli).

OCI attestations (SBOM + SLSA provenance) are attached in GHCR and on the repository
Attestations page. Verify the signature:

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect@sha256:6fda5bd7b4ae43775687a5d8f5dad69522baee7822b76c56830b6cd5bfbecb42

Container image (kollect-ui)

Optional read-only UI SPA — enable with Helm ui.enabled=true.

ghcr.io/konih/kollect-ui:0.6.0-rc.2

Multi-arch (linux/amd64, linux/arm64), nginx alpine static server.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect-ui@sha256:43c9fdce6219dadd2f7885f9095d4796b24e090bf6af4564dec03c7eb7f5aa36

Install (Kustomize)

kubectl apply -f install-crds.yaml
kubectl apply -f install.yaml

Install (Helm — OCI)

helm upgrade --install kollect oci://ghcr.io/konih/kollect \
  --version 0.6.0-rc.2 \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.6.0-rc.2 \
  --set ui.image.tag=0.6.0-rc.2

Install (Helm — GitHub Release tarball)

helm upgrade --install kollect kollect-0.6.0-rc.2.tgz \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.6.0-rc.2 \
  --set ui.image.tag=0.6.0-rc.2

Verify checksums with sha256sum -c checksums.txt. Each release asset includes a
<file>.sigstore.json Sigstore bundle; release-provenance.intoto.jsonl attests all assets.
See docs/RELEASE.md.

kollect 0.6.0-rc.1

kollect 0.6.0-rc.1 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 09 Jun 23:48

0.6.0-rc.1 - 2026-06-09

Bug Fixes

  • sink: Retry BigQuery emulator readiness in L3 tests b5a6b85

  • controller: Enforce namespace intersections in rollups 8e11ab6

  • sink: Re-enable backend pool after layout integration test 95a417c

  • sink: Infer resource manifest layout 90725d6

  • build: Compile full cmd package after pprof fold 5045839

  • controller: Panic-guard family-sink, connection-test, cluster-target reconcilers 95f2cae

  • controller: Aggregate per-sink export errors 61d28d4

  • controller: Stop requeue on terminal finalizer cleanup 439e5dd

  • api: [breaking] Reject stub sink types at admission 2ebc8df

  • sink: Remove stub backends, make unknown sink type terminal f39d19c

  • sink/git: Redact credentials from git CLI errors f25cafb

  • collect: Stabilize export fingerprints for debounce 76813eb

  • docs: Purge stale hub/spoke from operator manual 5135c41

  • docs: Repair broken links and stale ADR references d8b37cb

  • chart: Sync family-sink CRDs with ADR-0416 fields 067c5c7

Features

  • api: Add cluster rollup shard status 4809cfd

  • api: Add cluster inventory namespaces list 3959ba2

  • helm: Add minimal RBAC team install profile 907487e

  • sink: Add BigQuery database backend 83fb2f3

  • sink/nats: Version event envelope schema 48fd7dd

  • demo: Add hero harness with in-kind Forgejo c64c14c

  • sink: Wire ADR-0419 git layout into export pipeline 12d7f80

  • export: Full-resource pruning and Git layout 3df4027

  • sink: Render status.preview surface (ADR-0416) 5c9c80f

  • sink: MongoDB database sink (ADR-0417) f49bf3e

Refactoring

  • controller: Compose cluster rollups by namespace b1af6b1

  • inventory: Fold internal/httpauth into inventory f89e2cd

  • cmd: Fold internal/pprof into cmd 8a3004f

  • validation: Decouple layout path checks from sink package a558394


Container image (operator)

ghcr.io/konih/kollect:0.6.0-rc.1

Multi-arch (linux/amd64, linux/arm64), Debian bookworm-slim nonroot base (includes git and openssh-client for spec.git.engine: cli).

OCI attestations (SBOM + SLSA provenance) are attached in GHCR and on the repository
Attestations page. Verify the signature:

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect@sha256:89c310a5f3a960366b71f987cf9f75c53662964834a8ab58d0639a8f8920743d

Container image (kollect-ui)

Optional read-only UI SPA — enable with Helm ui.enabled=true.

ghcr.io/konih/kollect-ui:0.6.0-rc.1

Multi-arch (linux/amd64, linux/arm64), nginx alpine static server.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect-ui@sha256:8e69a4b8a2ec55294c68801493ed85be7fd6a2513b6dc643c77ce8bbba14f8fa

Install (Kustomize)

kubectl apply -f install-crds.yaml
kubectl apply -f install.yaml

Install (Helm — OCI)

helm upgrade --install kollect oci://ghcr.io/konih/kollect \
  --version 0.6.0-rc.1 \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.6.0-rc.1 \
  --set ui.image.tag=0.6.0-rc.1

Install (Helm — GitHub Release tarball)

helm upgrade --install kollect kollect-0.6.0-rc.1.tgz \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.6.0-rc.1 \
  --set ui.image.tag=0.6.0-rc.1

Verify checksums with sha256sum -c checksums.txt. Each release asset includes a
<file>.sigstore.json Sigstore bundle; release-provenance.intoto.jsonl attests all assets.
See docs/RELEASE.md.

kollect 0.5.0-rc.1

Choose a tag to compare

@github-actions github-actions released this 07 Jun 19:04

0.5.0-rc.1 - 2026-06-07

Bug Fixes

  • build: Upgrade alpine packages in UI image for Trivy 45d08ce

  • ci: Stop perf-report writing agent-context in CI 5ee2088

  • ui: Disambiguate Playwright inventory row locator f422a78

  • ci: Stabilize nightly Playwright and perf-report b6ea35f

Features

  • api: ADR-0416 sink config layering dcc5fa9

Container image (operator)

ghcr.io/konih/kollect:0.5.0-rc.1

Multi-arch (linux/amd64, linux/arm64), Debian bookworm-slim nonroot base (includes git and openssh-client for spec.git.engine: cli).

OCI attestations (SBOM + SLSA provenance) are attached in GHCR and on the repository
Attestations page. Verify the signature:

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect@sha256:a06464989768c266713824390e2fd4497b0cf28ab30ed88a68d97ec0858dfe85

Container image (kollect-ui)

Optional read-only UI SPA — enable with Helm ui.enabled=true.

ghcr.io/konih/kollect-ui:0.5.0-rc.1

Multi-arch (linux/amd64, linux/arm64), nginx alpine static server.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect-ui@sha256:22fa74946e4211577fb7030d2d185368bd4366b1f86e712d3b3c68c902ed18a6

Install (Kustomize)

kubectl apply -f install-crds.yaml
kubectl apply -f install.yaml

Install (Helm — OCI)

helm upgrade --install kollect oci://ghcr.io/konih/kollect \
  --version 0.5.0-rc.1 \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.5.0-rc.1 \
  --set ui.image.tag=0.5.0-rc.1

Install (Helm — GitHub Release tarball)

helm upgrade --install kollect kollect-0.5.0-rc.1.tgz \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.5.0-rc.1 \
  --set ui.image.tag=0.5.0-rc.1

Verify checksums with sha256sum -c checksums.txt. Each release asset includes a
<file>.sigstore.json Sigstore bundle; release-provenance.intoto.jsonl attests all assets.
See docs/RELEASE.md.

kollect 0.5.0

Choose a tag to compare

@github-actions github-actions released this 07 Jun 19:46

0.5.0 - 2026-06-07


Container image (operator)

ghcr.io/konih/kollect:0.5.0

Multi-arch (linux/amd64, linux/arm64), Debian bookworm-slim nonroot base (includes git and openssh-client for spec.git.engine: cli).

OCI attestations (SBOM + SLSA provenance) are attached in GHCR and on the repository
Attestations page. Verify the signature:

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect@sha256:04c8d5515ae81e63c4386e2afc2da14b0e7c81a3acffafda2511edd867ade23f

Container image (kollect-ui)

Optional read-only UI SPA — enable with Helm ui.enabled=true.

ghcr.io/konih/kollect-ui:0.5.0

Multi-arch (linux/amd64, linux/arm64), nginx alpine static server.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/konih/kollect/.+' \
  ghcr.io/konih/kollect-ui@sha256:152ece79facc46c82d9f92d82a3e77aae99906c555c660bc9c61e80b21e2f6ff

Install (Kustomize)

kubectl apply -f install-crds.yaml
kubectl apply -f install.yaml

Install (Helm — OCI)

helm upgrade --install kollect oci://ghcr.io/konih/kollect \
  --version 0.5.0 \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.5.0 \
  --set ui.image.tag=0.5.0

Install (Helm — GitHub Release tarball)

helm upgrade --install kollect kollect-0.5.0.tgz \
  --namespace kollect-system \
  --create-namespace \
  --set image.repository=ghcr.io/konih/kollect \
  --set image.tag=0.5.0 \
  --set ui.image.tag=0.5.0

Verify checksums with sha256sum -c checksums.txt. Each release asset includes a
<file>.sigstore.json Sigstore bundle; release-provenance.intoto.jsonl attests all assets.
See docs/RELEASE.md.