docs(operations): add customizer section

[myasnikovdaniil]

Summary

Adds an Operations Guide section for the new cozystack.customizer
system package (the opt-in admin-facing GitOps surface) shipping in
cozystack/cozystack#2731.

Four pages under content/en/docs/next/operations/customizer/:

• _index.md — overview, when to use, two-zone architecture sketch
• setup.md — step-by-step setup guide (prerequisites → create git auth Secret → init customizer repo → enable in the Platform Package → verify reconciliation → sanity-check commit → troubleshooting first sync)
• repo-layout.md — recommended directory tree plus three worked examples (enable OIDC, override a MetalLB option, ship an in-house HelmRelease) and a custom-packages walkthrough
• `field-ownership.md` — RBAC granted vs explicitly not, chart-owned vs customizer-owned Package CR fields, the SSA contract, the known advisory-only limitation pending the planned admission webhook, recovery from a bad patch, full uninstall path

Weight 15 on the section places customizer between Configuration (10) and Cluster Maintenance Guides (20) in the Operations sidebar — early in the operator's reading order, consistent with framing the customizer as "the recommended way to manage cluster customizations."

Why `do-not-merge`

The customizer package isn't in any shipped Cozystack version yet — its upstream PR (cozystack/cozystack#2731) is still draft. Merging this docs section before the feature lands in a release would render documentation for code readers can't actually use on current releases. Hold until #2731 merges and gets cut into a release; then this PR can flip to ready-for-review and merge into `next/`.

Test plan

• `hugo list all --environment=development` discovers all 4 pages with correct URLs and titles
• Local `make serve` returns 200 on all 4 page URLs
• Page titles render via the standard Docsy template (`<title>` tags present)
• Internal `{{< relref >}}` links between the four pages resolve to working URLs
• Section weight places it correctly in the Operations sidebar
• Maintainer review of the customizer concept + docs framing
• Wait for feat(platform): add cozystack.customizer system package cozystack#2731 to merge + release before flipping out of draft

Out of scope

• Backporting the customizer docs to released versions — only `next/` is touched
• Screenshots of the Cozystack dashboard reflecting customizer state (no dashboard integration in the MVP)
• Tenant-scoped customizer GitOps (out of scope of the MVP itself)

[netlify]

✅ Deploy Preview for cozystack ready!

Name	Link
🔨 Latest commit	c5fa669
🔍 Latest deploy log	https://app.netlify.com/projects/cozystack/deploys/6a14ad8ec61ac20008d9efd9
😎 Deploy Preview	https://deploy-preview-549--cozystack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 64e1e5ff-d047-4e7b-80f9-2dfd823b40b5

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/customizer-docs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces comprehensive documentation for the "Customizer" feature in Cozystack, which enables declarative cluster customizations using an admin-owned Git repository and Flux. The documentation covers an overview, setup instructions, repository layout examples, and field ownership/RBAC details. The review feedback correctly identifies two issues in the documentation examples: an incorrect HelmRelease configuration for multi-chart OCI repositories and an incorrect Helm release name in the uninstallation commands.

[gemini-code-assist]

Since myorg-charts is an OCIRepository containing a directory structure of multiple charts (as shown in the PackageSource example where path: internal-portal is used), you cannot use spec.chartRef directly in the HelmRelease. spec.chartRef expects the OCIRepository to be a packaged Helm chart itself. Instead, use spec.chart.spec with chart and sourceRef to specify the subdirectory path.

Suggested change

	spec:
	interval: 5m
	chartRef:
	kind: OCIRepository
	name: myorg-charts
	namespace: cozy-customizer
	spec:
	interval: 5m
	chart:
	spec:
	chart: internal-portal
	sourceRef:
	kind: OCIRepository
	name: myorg-charts
	namespace: cozy-customizer

[gemini-code-assist]

Since the package name is cozystack.customizer, the corresponding Helm release name managed by Cozystack is likely cozystack-customizer (or cozystack.customizer), rather than just customizer. Running helm uninstall customizer might fail with a release not found error.

Suggested change

	helm uninstall customizer --namespace cozy-system
	helm uninstall cozystack-customizer --namespace cozy-system