Licenses
This page lists the open-source components Cozystack ships, grouped by their role in the platform. Cozystack-maintained charts, CRDs, controllers, and application APIs are licensed under Apache-2.0 and are not listed individually below. For each upstream component, the card links to the upstream license file.
next set of components.
Container images can include additional operating-system packages and library dependencies with their own licenses.
Pinned upstream versions of managed runtimes (PostgreSQL, MariaDB, Kafka, etc.) may change between Cozystack minor releases — check the version of Cozystack you run.Operating system and Kubernetes runtime
Immutable Linux distribution built for Kubernetes nodes.
Container orchestration kernel used for both the management cluster and tenant clusters.
Hosted control planes for tenant Kubernetes clusters.
Declarative provisioning of tenant Kubernetes clusters (core, operator, and Kamaji/KubeVirt providers).
Virtual machines as Kubernetes-native workloads (core, CDI, CSI, and instancetypes).
Networking
eBPF-based CNI for pod networking and NetworkPolicy.
OVN-based virtual networking, used for VPC and floating IPs.
Multiple network interfaces per pod.
Bare-metal load balancer for Kubernetes Services.
HTTP ingress controller.
Standard Kubernetes Gateway API definitions.
Cluster DNS server.
Sync Kubernetes resources to external DNS providers.
Mesh networking across geographically distributed nodes.
Load balancer integration for Hetzner dedicated hardware.
Storage
DRBD-based replicated block storage (LINSTOR server, CSI, scheduler extender, GUI, Piraeus operator).
Distributed object storage; backs the managed Bucket service.
NFS CSI driver.
External snapshotter and VolumeSnapshot CRDs.
Cluster and persistent volume backups.
COSI controller for managed object storage.
Web UI for S3-compatible buckets.
Observability
Metrics storage, ingestion, and Prometheus-compatible query layer.
Manages Grafana instances, dashboards, and datasources.
Log forwarder running on every node.
Exposes Kubernetes object state as metrics.
System and hardware metrics from each node.
CRDs for Prometheus-style monitoring resources, consumed by VictoriaMetrics.
Kubelet metrics for HPA and `kubectl top`.
Pod-to-pod connectivity checks across the cluster.
Autoscaling and resource management
Vertical resource right-sizing for pods (chart: MIT).
Horizontal scaling of node pools.
Restarts pods when their ConfigMaps or Secrets change.
GPU and accelerators
Driver, container runtime, and device-plugin lifecycle for NVIDIA GPUs.
GPU sharing and fractional GPU scheduling.
GitOps and platform automation
GitOps engine. ControlPlane Flux Operator and instance chart are AGPL-3.0; upstream Flux controllers are Apache-2.0.
Manages etcd clusters used by tenant Kamaji control planes.
Automated TLS certificate issuance and rotation.
Sync secrets from external KMS into Kubernetes.
Replicate secrets across namespaces.
iPXE / DHCP boot server for bare-metal provisioning.
Local development against a remote cluster (Traffic Manager).
Identity, registry, and admin UI
OIDC provider for platform and tenant SSO; deployed with the KubeRocketCI Keycloak Operator.
OCI registry for container images and Helm charts.
Managed database runtimes
Managed via CloudNativePG operator (Apache-2.0).
Managed via mariadb-operator (MIT).
Managed via Percona Operator for MongoDB (Apache-2.0).
Server and Keeper, managed via Altinity ClickHouse Operator (Apache-2.0).
Managed via opensearch-k8s-operator (Apache-2.0).
Vector database, deployed via the upstream Qdrant Helm chart.
Managed via FoundationDB Kubernetes Operator (Apache-2.0).
Managed via Spotahome Redis Operator (Apache-2.0). Cozystack supports Redis 7.4 and Redis 8.
Managed messaging and caching runtimes
Managed via Strimzi Kafka Operator (Apache-2.0).
Lightweight messaging server, deployed via the upstream NATS Helm chart.
Managed via RabbitMQ Cluster Operator (MPL-2.0).
Secrets management fork of HashiCorp Vault, deployed via the upstream OpenBao Helm chart.
Managed networking services
Used by the managed HTTP Cache service.
Used by the managed TCP Balancer and HTTP Cache services.
GeoIP modules bundled into the HTTP Cache (IP2Location and IP2Proxy).
Backs the managed VPN service.