Fix older versions in dashboard

Workaround for https://github.com/vmware-tanzu/kubeapps/issues/7740 Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-02-05 08:17:59 +00:00 · 2024-04-25 18:16:20 +02:00
146 changed files with 6184 additions and 8651 deletions
--- a/hack/gen_versions_map.sh
+++ b/hack/gen_versions_map.sh
@@ -20,28 +20,9 @@ miss_map=$(echo "$new_map" | awk 'NR==FNR { new_map[$1 " " $2] = $3; next } { if
 resolved_miss_map=$(
  echo "$miss_map" | while read chart version commit; do
    if [ "$commit" = HEAD ]; then
-      line=$(awk '/^version:/ {print NR; exit}' "./$chart/Chart.yaml")
+      line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
-      change_commit=$(git --no-pager blame -L"$line",+1 -- "$chart/Chart.yaml" | awk '{print $1}')
+      change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
-       
+      commit=$(git describe --always "$change_commit~1")
      if [ "$change_commit" = "00000000" ]; then
        # Not commited yet, use previus commit
        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
        commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
        if [ $(echo $commit | cut -c1) = "^" ]; then
          # Previus commit not exists
          commit=$(echo $commit | cut -c2-)
        fi
      else
        # Commited, but version_map wasn't updated
        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
        change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
        if [ $(echo $change_commit | cut -c1) = "^" ]; then
          # Previus commit not exists
          commit=$(echo $change_commit | cut -c2-)
        else
          commit=$(git describe --always "$change_commit~1")
        fi
      fi
    fi
    echo "$chart $version $commit"
  done
--- a/manifests/cozystack-installer.yaml
+++ b/manifests/cozystack-installer.yaml
@@ -63,7 +63,7 @@ spec:
      serviceAccountName: cozystack
      containers:
      - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.4.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.3.1"
        env:
        - name: KUBERNETES_SERVICE_HOST
          value: localhost
@@ -82,7 +82,7 @@ spec:
            fieldRef:
              fieldPath: metadata.name
      - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.4.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.3.1"
        command:
        - /usr/bin/darkhttpd
        - /cozystack/assets
--- a/packages/apps/clickhouse/Chart.yaml
+++ b/packages/apps/clickhouse/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "24.3.0"
+appVersion: "1.16.0"
--- a/packages/apps/clickhouse/templates/clickhouse.yaml
+++ b/packages/apps/clickhouse/templates/clickhouse.yaml
@@ -21,8 +21,8 @@ spec:
    clusters:
      - name: "clickhouse"
        layout:
-          shardsCount: {{ .Values.shards }}
+          shardsCount: 1
-          replicasCount: {{ .Values.replicas }}
+          replicasCount: 2
  {{- with .Values.size }}
  templates:
    volumeClaimTemplates:
--- a/packages/apps/clickhouse/values.yaml
+++ b/packages/apps/clickhouse/values.yaml
@@ -1,6 +1,4 @@
 size: 10Gi
 shards: 1
 replicas: 2
 users:
  user1:
--- a/packages/apps/http-cache/Chart.yaml
+++ b/packages/apps/http-cache/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.25.3"
+appVersion: "1.16.0"
--- a/packages/apps/http-cache/images/nginx-cache.json
+++ b/packages/apps/http-cache/images/nginx-cache.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:9eb68d2d503d7e22afc6fde2635f566fd3456bbdb3caad5dc9f887be1dc2b8ab",
+  "containerimage.config.digest": "sha256:e406d5ac59cc06bbab51e16ae9a520143ad4f54952ef8f8cca982dc89454d616",
-  "containerimage.digest": "sha256:1f44274dbc2c3be2a98e6cef83d68a041ae9ef31abb8ab069a525a2a92702bdd"
+  "containerimage.digest": "sha256:08e5063e65d2adc17278abee0ab43ce31cf37bc9bc7eb7988ef16f1f1c459862"
 }
--- a/packages/apps/http-cache/templates/haproxy/configmap.yaml
+++ b/packages/apps/http-cache/templates/haproxy/configmap.yaml
@@ -74,7 +74,7 @@ data:
        option redispatch 1
        default-server observe layer7 error-limit 10 on-error mark-down
-        {{- range $i, $e := until (int $.Values.nginx.replicas) }}
+        {{- range $i, $e := until (int $.Values.replicas) }}
        server cache{{ $i }} {{ $.Release.Name }}-nginx-cache-{{ $i }}:80 check
        {{- end }}
        {{- range $i, $e := $.Values.endpoints }} 
--- a/packages/apps/http-cache/templates/haproxy/deployment.yaml
+++ b/packages/apps/http-cache/templates/haproxy/deployment.yaml
@@ -7,7 +7,7 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: {{ .Values.haproxy.replicas }}
+  replicas: 2
  selector:
    matchLabels:
      app: {{ .Release.Name }}-haproxy
--- a/packages/apps/http-cache/templates/nginx/deployment.yaml
+++ b/packages/apps/http-cache/templates/nginx/deployment.yaml
@@ -11,7 +11,7 @@ spec:
  selector:
    matchLabels:
      app: {{ $.Release.Name }}-nginx-cache
-{{- range $i := until (int $.Values.nginx.replicas) }}
+{{- range $i := until 3 }}
 ---
 apiVersion: apps/v1
 kind: Deployment
--- a/packages/apps/http-cache/values.yaml
+++ b/packages/apps/http-cache/values.yaml
@@ -1,10 +1,4 @@
 external: false
 haproxy:
  replicas: 2
 nginx:
  replicas: 2
 size: 10Gi
 endpoints:
  - 10.100.3.1:80
--- a/packages/apps/kafka/Chart.yaml
+++ b/packages/apps/kafka/Chart.yaml
@@ -22,4 +22,4 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.7.0"
+appVersion: "1.16.0"
--- a/packages/apps/kafka/templates/kafka.yaml
+++ b/packages/apps/kafka/templates/kafka.yaml
@@ -7,7 +7,7 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
  kafka:
-    replicas: {{ .Values.replicas }}
+    replicas: 3
    listeners:
      - name: plain
        port: 9092
@@ -41,7 +41,7 @@ spec:
        {{- end }}
        deleteClaim: true
  zookeeper:
-    replicas: {{ .Values.replicas }}
+    replicas: 3
    storage:
      type: persistent-claim
      {{- with .Values.zookeeper.size }}
--- a/packages/apps/kafka/values.yaml
+++ b/packages/apps/kafka/values.yaml
@@ -1,10 +1,8 @@
 external: false
 kafka:
  size: 10Gi
  replicas: 3
 zookeeper:
  size: 5Gi
  replicas: 3
 topics:
  - name: Results
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.19.0"
+appVersion: "1.16.0"
--- a/packages/apps/kubernetes/images/ubuntu-container-disk.json
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:a7e8e6e35ac07bcf6253c9cfcf21fd3c315bd0653ad0427dd5f0cae95ffd3722",
+  "containerimage.config.digest": "sha256:62baab666445d76498fb14cc1d0865fc82e4bdd5cb1d7ba80475dc5024184622",
-  "containerimage.digest": "sha256:c03bffeeb70fe7dd680d2eca3021d2405fbcd9961dd38437f5673560c31c72cc"
+  "containerimage.digest": "sha256:9363d717f966f4e7927da332eaaf17401b42203a2fcb493b428f94d096dae3a5"
 }
--- a/packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml
+++ b/packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml
@@ -15,12 +15,6 @@ spec:
      labels:
        app: {{ .Release.Name }}-cluster-autoscaler
    spec:
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: "NoSchedule"
      containers:
      - image: ghcr.io/kvaps/test:cluster-autoscaller
        name: cluster-autoscaler
--- a/packages/apps/kubernetes/templates/cluster.yaml
+++ b/packages/apps/kubernetes/templates/cluster.yaml
@@ -64,13 +64,12 @@ metadata:
    cluster.x-k8s.io/managed-by: kamaji
  name: {{ .Release.Name }}
  namespace: {{ .Release.Namespace }}
 {{- range $groupName, $group := .Values.nodeGroups }}
 ---
 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
 kind: KubeadmConfigTemplate
 metadata:
-  name: {{ $.Release.Name }}-{{ $groupName }}
+  name: {{ .Release.Name }}-md-0
-  namespace: {{ $.Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
 spec:
  template:
    spec:
@@ -79,7 +78,7 @@ spec:
          kubeletExtraArgs: {}
        discovery:
          bootstrapToken:
-            apiServerEndpoint: {{ $.Release.Name }}.{{ $.Release.Namespace }}.svc:6443
+            apiServerEndpoint: {{ .Release.Name }}.{{ .Release.Namespace }}.svc:6443
      initConfiguration:
        skipPhases:
        - addon/kube-proxy
@@ -87,8 +86,8 @@ spec:
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: KubevirtMachineTemplate
 metadata:
-  name: {{ $.Release.Name }}-{{ $groupName }}
+  name: {{ .Release.Name }}-md-0
-  namespace: {{ $.Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
 spec:
  template:
    spec:
@@ -96,7 +95,7 @@ spec:
        checkStrategy: ssh
      virtualMachineTemplate:
        metadata:
-          namespace: {{ $.Release.Namespace }}
+          namespace: {{ .Release.Namespace }}
        spec:
          runStrategy: Always
          template:
@@ -104,7 +103,7 @@ spec:
              domain:
                cpu:
                  threads: 1
-                  cores: {{ $group.resources.cpu }}
+                  cores: 2
                  sockets: 1
                devices:
                  disks:
@@ -113,7 +112,7 @@ spec:
                    name: containervolume
                  networkInterfaceMultiqueue: true
                memory:
-                  guest: {{ $group.resources.memory }}
+                  guest: 1024Mi
              evictionStrategy: External
              volumes:
              - containerDisk:
@@ -123,28 +122,29 @@ spec:
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachineDeployment
 metadata:
-  name: {{ $.Release.Name }}-{{ $groupName }}
+  name: {{ .Release.Name }}-md-0
-  namespace: {{ $.Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
  annotations:
-    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "{{ $group.minReplicas }}"
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "2"
-    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "{{ $group.maxReplicas }}"
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "0"
-    capacity.cluster-autoscaler.kubernetes.io/memory: "{{ $group.resources.memory }}"
+    capacity.cluster-autoscaler.kubernetes.io/memory: "1024Mi"
-    capacity.cluster-autoscaler.kubernetes.io/cpu: "{{ $group.resources.cpu }}"
+    capacity.cluster-autoscaler.kubernetes.io/cpu: "2"
 spec:
-  clusterName: {{ $.Release.Name }}
+  clusterName: {{ .Release.Name }}
  selector:
    matchLabels: null
  template:
    spec:
      bootstrap:
        configRef:
          apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
          kind: KubeadmConfigTemplate
-          name: {{ $.Release.Name }}-{{ $groupName }}
+          name: {{ .Release.Name }}-md-0
          namespace: default
-      clusterName: {{ $.Release.Name }}
+      clusterName: {{ .Release.Name }}
      infrastructureRef:
        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
        kind: KubevirtMachineTemplate
-        name: {{ $.Release.Name }}-{{ $groupName }}
+        name: {{ .Release.Name }}-md-0
        namespace: default
-      version: v1.29.0
+      version: v1.23.10
 {{- end }}
--- a/packages/apps/kubernetes/templates/csi/deploy.yaml
+++ b/packages/apps/kubernetes/templates/csi/deploy.yaml
@@ -16,10 +16,12 @@ spec:
    spec:
      serviceAccountName: {{ .Release.Name }}-kcsi
      priorityClassName: system-cluster-critical
      nodeSelector:
        node-role.kubernetes.io/control-plane: ""
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
-        - key: node-role.kubernetes.io/control-plane
+        - key: node-role.kubernetes.io/master
          operator: Exists
          effect: "NoSchedule"
      containers:
--- a/packages/apps/kubernetes/templates/helmreleases/delete.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/delete.yaml
@@ -12,12 +12,6 @@ spec:
    spec:
      serviceAccountName: {{ .Release.Name }}-flux-teardown
      restartPolicy: Never
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: "NoSchedule"
      containers:
        - name: kubectl
          image: docker.io/clastix/kubectl:v1.29.1
--- a/packages/apps/kubernetes/templates/kccm/manager.yaml
+++ b/packages/apps/kubernetes/templates/kccm/manager.yaml
@@ -14,12 +14,6 @@ spec:
      labels:
        k8s-app: {{ .Release.Name }}-kccm
    spec:
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: "NoSchedule"
      containers:
      - name: kubevirt-cloud-controller-manager
        args:
@@ -50,4 +44,6 @@ spec:
      - secret:
          secretName: {{ .Release.Name }}-admin-kubeconfig
        name: kubeconfig
      tolerations:
      - operator: Exists
      serviceAccountName: {{ .Release.Name }}-kccm
--- a/packages/apps/kubernetes/values.schema.json
+++ b/packages/apps/kubernetes/values.schema.json
@@ -0,0 +1,11 @@
 {
  "$schema": "http://json-schema.org/schema#",
  "type": "object",
  "properties": {
    "host": {
      "type": "string",
      "title": "Domain name for this kubernetes cluster",
      "description": "This host will be used for all apps deployed in this tenant"
    }
  }
 }
--- a/packages/apps/kubernetes/values.yaml
+++ b/packages/apps/kubernetes/values.yaml
@@ -1,10 +1 @@
 host: ""
 controlPlane:
  replicas: 2
 nodeGroups:
  md0:
    minReplicas: 0
    maxReplicas: 10
    resources:
      cpu: 2
      memory: 1024Mi
--- a/packages/apps/mysql/Chart.yaml
+++ b/packages/apps/mysql/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "11.0.2"
+appVersion: "1.16.0"
--- a/packages/apps/mysql/templates/mariadb.yaml
+++ b/packages/apps/mysql/templates/mariadb.yaml
@@ -12,7 +12,7 @@ spec:
  port: 3306
-  replicas: {{ .Values.replicas }}
+  replicas: 2
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
@@ -28,13 +28,11 @@ spec:
            - {{ .Release.Name }}
        topologyKey: "kubernetes.io/hostname"
  {{- if gt (int .Values.replicas) 1 }}
  replication:
    enabled: true
    #primary:
    #  podIndex: 0
    #  automaticFailover: true
  {{- end }}
  metrics:
    enabled: true
--- a/packages/apps/mysql/values.yaml
+++ b/packages/apps/mysql/values.yaml
@@ -1,8 +1,6 @@
 external: false
 size: 10Gi
 replicas: 2
 users:
  root:
    password: strongpassword
--- a/packages/apps/postgres/Chart.yaml
+++ b/packages/apps/postgres/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "16.2"
+appVersion: "1.16.0"
--- a/packages/apps/postgres/templates/db.yaml
+++ b/packages/apps/postgres/templates/db.yaml
@@ -4,7 +4,7 @@ kind: Cluster
 metadata:
  name: {{ .Release.Name }}
 spec:
-  instances: {{ .Values.replicas }}
+  instances: 2
  enableSuperuserAccess: true
  postgresql:
--- a/packages/apps/postgres/values.yaml
+++ b/packages/apps/postgres/values.yaml
@@ -1,6 +1,5 @@
 external: false
 size: 10Gi
 replicas: 2
 users:
  user1:
--- a/packages/apps/rabbitmq/Chart.yaml
+++ b/packages/apps/rabbitmq/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.12.2"
+appVersion: "1.16.0"
--- a/packages/apps/rabbitmq/templates/rabbitmq.yaml
+++ b/packages/apps/rabbitmq/templates/rabbitmq.yaml
@@ -6,7 +6,7 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: {{ .Values.replicas }}
+  replicas: 3
  {{- if .Values.external }}
  service:
    type: LoadBalancer
--- a/packages/apps/rabbitmq/values.schema.json
+++ b/packages/apps/rabbitmq/values.schema.json
@@ -5,10 +5,6 @@
    "external": {
      "type": "boolean",
      "title": "Enable external Access"
    },
    "replicas": {
      "type": "integer",
      "title": "Replicas"
    }
  }
 }
--- a/packages/apps/rabbitmq/values.yaml
+++ b/packages/apps/rabbitmq/values.yaml
@@ -1,2 +1 @@
 replicas: 3
 external: false
--- a/packages/apps/redis/Chart.yaml
+++ b/packages/apps/redis/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "6.2.6"
+appVersion: "1.16.0"
--- a/packages/apps/redis/templates/redisfailover.yaml
+++ b/packages/apps/redis/templates/redisfailover.yaml
@@ -14,7 +14,7 @@ spec:
      limits:
        memory: 100Mi
  redis:
-    replicas: {{ .Values.replicas }}
+    replicas: 3
    resources:
      requests:
        cpu: 150m
--- a/packages/apps/redis/values.schema.json
+++ b/packages/apps/redis/values.schema.json
@@ -9,10 +9,6 @@
    "size": {
      "type": "string",
      "title": "Disk Size"
    },
    "replicas": {
      "type": "integer",
      "title": "Replicas"
    }
  }
 }
--- a/packages/apps/redis/values.yaml
+++ b/packages/apps/redis/values.yaml
@@ -1,3 +1,2 @@
 replicas: 2
 external: false
 size: 5Gi
--- a/packages/apps/tcp-balancer/Chart.yaml
+++ b/packages/apps/tcp-balancer/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "2.9.7"
+appVersion: "1.16.0"
--- a/packages/apps/tcp-balancer/templates/deployment.yaml
+++ b/packages/apps/tcp-balancer/templates/deployment.yaml
@@ -7,7 +7,7 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: {{ .Values.replicas }}
+  replicas: 2
  selector:
    matchLabels:
      app: {{ .Release.Name }}-haproxy
--- a/packages/apps/tcp-balancer/values.yaml
+++ b/packages/apps/tcp-balancer/values.yaml
@@ -1,5 +1,4 @@
 external: false
 replicas: 2
 httpAndHttps:
  mode: tcp
  targetPorts:
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -1,26 +1,17 @@
-clickhouse 0.1.0 ca79f72
+clickhouse 0.1.0 HEAD
-clickhouse 0.2.0 HEAD
+http-cache 0.1.0 HEAD
 http-cache 0.1.0 a956713
 http-cache 0.2.0 HEAD
 kafka 0.1.0 HEAD
-kubernetes 0.1.0 f642698
+kubernetes 0.1.0 HEAD
 kubernetes 0.2.0 HEAD
 mysql 0.1.0 f642698
-mysql 0.2.0 8b975ff0
+mysql 0.2.0 HEAD
-mysql 0.3.0 HEAD
+postgres 0.1.0 HEAD
-postgres 0.1.0 f642698
+rabbitmq 0.1.0 HEAD
-postgres 0.2.0 HEAD
+redis 0.1.1 HEAD
-rabbitmq 0.1.0 f642698
+tcp-balancer 0.1.0 HEAD
 rabbitmq 0.2.0 HEAD
 redis 0.1.1 f642698
 redis 0.2.0 HEAD
 tcp-balancer 0.1.0 f642698
 tcp-balancer 0.2.0 HEAD
 tenant 0.1.3 3d1b86c
 tenant 0.1.4 d200480
 tenant 0.1.5 e3ab858
 tenant 1.0.0 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 HEAD
-vpn 0.1.0 f642698
+vpn 0.1.0 HEAD
 vpn 0.2.0 HEAD
--- a/packages/apps/vpn/Chart.yaml
+++ b/packages/apps/vpn/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vpn
-description: Managed VPN service
+description: Establish a connection from your computer
 icon: https://upload.wikimedia.org/wikipedia/commons/thumb/6/60/Outline_VPN_icon.png/600px-Outline_VPN_icon.png
 # A chart can be either an 'application' or a 'library' chart.
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.8.1"
+appVersion: "1.16.0"
--- a/packages/apps/vpn/templates/deployment.yaml
+++ b/packages/apps/vpn/templates/deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
  name: {{ .Release.Name }}-vpn
 spec:
-  replicas: {{ .Values.replicas }}
+  replicas: 2
  selector:
    matchLabels:
      app: {{ .Release.Name }}-vpn
--- a/packages/apps/vpn/values.yaml
+++ b/packages/apps/vpn/values.yaml
@@ -1,5 +1,4 @@
 external: false
 replicas: 2
 users:
  user1:
--- a/packages/core/installer/images/cozystack.json
+++ b/packages/core/installer/images/cozystack.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:aefc3ca9f56f69270d7ce6f56a1ce5b531332d5641481eb54c8e74b66b0f3341",
+  "containerimage.config.digest": "sha256:29b11ecbb92bae830f2e55cd4b6f7f3ada09b2f5514c0eeee395bd2dbd12fb81",
-  "containerimage.digest": "sha256:a2bf43cb7eb812166edfeb1a4fae6a76a4ddba93be2c0ba9040a804ccb53c261"
+  "containerimage.digest": "sha256:791df989ff37a76062c7c638dbfc93435df9ee0db48797f2045c80b6d6b937c0"
 }
--- a/packages/core/installer/images/cozystack.tag
+++ b/packages/core/installer/images/cozystack.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cozystack:v0.4.0
+ghcr.io/aenix-io/cozystack/cozystack:v0.3.1
--- a/packages/core/installer/images/matchbox.json
+++ b/packages/core/installer/images/matchbox.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:68ea72fcc581352fabfd87fa6fd482968cc85ee520cab7a614f1244d7ae36eb0",
+  "containerimage.config.digest": "sha256:d63ac434876b4e47c130e6b99f0c9657e718f9d97f522f5ccd878eab75844122",
-  "containerimage.digest": "sha256:cea915e08a19eb6892f3facf3b3648368cd4a05abefc49bc2616ba3340c27e82"
+  "containerimage.digest": "sha256:9963580a02ac4ddccafb60f2411365910bcadd73f92d1c9187a278221306a4ed"
 }
--- a/packages/core/installer/images/matchbox.tag
+++ b/packages/core/installer/images/matchbox.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/matchbox:v1.7.1
+ghcr.io/aenix-io/cozystack/matchbox:v1.6.4
--- a/packages/core/installer/images/talos/profiles/initramfs.yaml
+++ b/packages/core/installer/images/talos/profiles/initramfs.yaml
@@ -3,25 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.7.1
+version: v1.6.4
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.7.1
+    imageRef: ghcr.io/siderolabs/installer:v1.6.4
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
 output:
  kind: initramfs
  imageOptions: {}
  outFormat: raw
--- a/packages/core/installer/images/talos/profiles/installer.yaml
+++ b/packages/core/installer/images/talos/profiles/installer.yaml
@@ -3,25 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.7.1
+version: v1.6.4
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.7.1
+    imageRef: ghcr.io/siderolabs/installer:v1.6.4
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
 output:
  kind: installer
  imageOptions: {}
  outFormat: raw
--- a/packages/core/installer/images/talos/profiles/iso.yaml
+++ b/packages/core/installer/images/talos/profiles/iso.yaml
@@ -3,25 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.7.1
+version: v1.6.4
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.7.1
+    imageRef: ghcr.io/siderolabs/installer:v1.6.4
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
 output:
  kind: iso
  imageOptions: {}
  outFormat: raw
--- a/packages/core/installer/images/talos/profiles/kernel.yaml
+++ b/packages/core/installer/images/talos/profiles/kernel.yaml
@@ -3,25 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.7.1
+version: v1.6.4
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.7.1
+    imageRef: ghcr.io/siderolabs/installer:v1.6.4
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
 output:
  kind: kernel
  imageOptions: {}
  outFormat: raw
--- a/packages/core/installer/images/talos/profiles/nocloud.yaml
+++ b/packages/core/installer/images/talos/profiles/nocloud.yaml
@@ -3,25 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.7.1
+version: v1.6.4
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.7.1
+    imageRef: ghcr.io/siderolabs/installer:v1.6.4
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
 output:
-  kind: nocloud
+  kind: image
  imageOptions: { diskSize: 1306525696, diskFormat: raw }
  outFormat: .xz
--- a/packages/core/platform/bundles/distro-full.yaml
+++ b/packages/core/platform/bundles/distro-full.yaml
@@ -52,12 +52,6 @@ releases:
  privileged: true
  dependsOn: [cilium]
 - name: etcd-operator
  releaseName: etcd-operator
  chart: cozy-etcd-operator
  namespace: cozy-etcd-operator
  dependsOn: [cilium,cert-manager]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
--- a/packages/core/platform/bundles/distro-hosted.yaml
+++ b/packages/core/platform/bundles/distro-hosted.yaml
@@ -26,12 +26,6 @@ releases:
  privileged: true
  dependsOn: [victoria-metrics-operator]
 - name: etcd-operator
  releaseName: etcd-operator
  chart: cozy-etcd-operator
  namespace: cozy-etcd-operator
  dependsOn: [cert-manager]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
--- a/packages/core/platform/bundles/paas-full.yaml
+++ b/packages/core/platform/bundles/paas-full.yaml
@@ -81,12 +81,6 @@ releases:
  privileged: true
  dependsOn: [cilium,kubeovn]
 - name: etcd-operator
  releaseName: etcd-operator
  chart: cozy-etcd-operator
  namespace: cozy-etcd-operator
  dependsOn: [cilium,kubeovn,cert-manager]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
--- a/packages/core/platform/bundles/paas-hosted.yaml
+++ b/packages/core/platform/bundles/paas-hosted.yaml
@@ -26,12 +26,6 @@ releases:
  privileged: true
  dependsOn: [victoria-metrics-operator]
 - name: etcd-operator
  releaseName: etcd-operator
  chart: cozy-etcd-operator
  namespace: cozy-etcd-operator
  dependsOn: [cert-manager]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
--- a/packages/core/platform/templates/helmreleases.yaml
+++ b/packages/core/platform/templates/helmreleases.yaml
@@ -23,11 +23,9 @@ spec:
  interval: 1m
  releaseName: {{ $x.releaseName | default $x.name }}
  install:
    crds: CreateReplace
    remediation:
      retries: -1
  upgrade:
    crds: CreateReplace
    remediation:
      retries: -1
  chart:
--- a/packages/extra/etcd/Chart.yaml
+++ b/packages/extra/etcd/Chart.yaml
@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: https://www.svgrepo.com/show/353714/etcd.svg
 type: application
-version: 2.0.0
+version: 1.0.0
--- a/packages/extra/etcd/templates/datastore.yaml
+++ b/packages/extra/etcd/templates/datastore.yaml
@@ -1,50 +0,0 @@
 ---
 apiVersion: kamaji.clastix.io/v1alpha1
 kind: DataStore
 metadata:
  name: {{ .Release.Namespace }}
 spec:
  driver: etcd
  endpoints:
  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc:2379
  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc:2379
  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc:2379
  tlsConfig:
    certificateAuthority:
      certificate:
        secretReference:
          keyPath: tls.crt
          name: etcd-ca-tls
          namespace: {{ .Release.Namespace }}
      privateKey:
        secretReference:
          keyPath: tls.key
          name: etcd-ca-tls
          namespace: {{ .Release.Namespace }}
    clientCertificate:
      certificate:
        secretReference:
          keyPath: tls.crt
          name: etcd-client-tls
          namespace: {{ .Release.Namespace }}
      privateKey:
        secretReference:
          keyPath: tls.key
          name: etcd-client-tls
          namespace: {{ .Release.Namespace }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: etcd-ca-tls
  annotations:
    helm.sh/hook: pre-install
    helm.sh/resource-policy: keep
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: etcd-client-tls
  annotations:
    helm.sh/hook: pre-install
    helm.sh/resource-policy: keep
--- a/packages/extra/etcd/templates/etcd-cluster.yaml
+++ b/packages/extra/etcd/templates/etcd-cluster.yaml
@@ -1,176 +0,0 @@
 ---
 apiVersion: etcd.aenix.io/v1alpha1
 kind: EtcdCluster
 metadata:
  name: etcd
 spec:
  storage: {}
  security:
    tls:
      peerTrustedCASecret: etcd-peer-ca-tls
      peerSecret: etcd-peer-tls
      serverSecret: etcd-server-tls
      clientTrustedCASecret: etcd-ca-tls
      clientSecret: etcd-client-tls
  podTemplate:
    spec:
      topologySpreadConstraints:
      - maxSkew: 1
        topologyKey: "kubernetes.io/hostname"
        whenUnsatisfiable: ScheduleAnyway
        labelSelector:
          matchLabels:
            app.kubernetes.io/instance: etcd
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: etcd-selfsigning-issuer
 spec:
  selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-peer-ca
 spec:
  isCA: true
  usages:
  - "signing"
  - "key encipherment"
  - "cert sign"
  commonName: etcd-peer-ca
  subject:
    organizations:
      - ACME Inc.
    organizationalUnits:
      - Widgets
  secretName: etcd-peer-ca-tls
  privateKey:
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-selfsigning-issuer
    kind: Issuer
    group: cert-manager.io
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-ca
 spec:
  isCA: true
  usages:
  - "signing"
  - "key encipherment"
  - "cert sign"
  commonName: etcd-ca
  subject:
    organizations:
      - ACME Inc.
    organizationalUnits:
      - Widgets
  secretName: etcd-ca-tls
  privateKey:
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-selfsigning-issuer
    kind: Issuer
    group: cert-manager.io
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: etcd-peer-issuer
 spec:
  ca:
    secretName: etcd-peer-ca-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: etcd-issuer
 spec:
  ca:
    secretName: etcd-ca-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-server
 spec:
  secretName: etcd-server-tls
  isCA: false
  usages:
    - "server auth"
    - "signing"
    - "key encipherment"
  dnsNames:
  - etcd-0
  - etcd-0.etcd-headless
  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
  - etcd-1
  - etcd-1.etcd-headless
  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
  - etcd-2
  - etcd-2.etcd-headless
  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
  - localhost
  - "127.0.0.1"
  privateKey:
    rotationPolicy: Always
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-issuer
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-peer
 spec:
  secretName: etcd-peer-tls
  isCA: false
  usages:
    - "server auth"
    - "client auth"
    - "signing"
    - "key encipherment"
  dnsNames:
  - etcd-0
  - etcd-0.etcd-headless
  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
  - etcd-1
  - etcd-1.etcd-headless
  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
  - etcd-2
  - etcd-2.etcd-headless
  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
  - localhost
  - "127.0.0.1"
  privateKey:
    rotationPolicy: Always
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-peer-issuer
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-client
 spec:
  commonName: root
  secretName: etcd-client-tls
  usages:
  - "signing"
  - "key encipherment"
  - "client auth"
  privateKey:
    rotationPolicy: Always
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-issuer
    kind: Issuer
--- a/packages/extra/etcd/templates/kamaji-etcd.yaml
+++ b/packages/extra/etcd/templates/kamaji-etcd.yaml
@@ -0,0 +1,19 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: kamaji-etcd
 spec:
  chart:
    spec:
      chart: cozy-kamaji-etcd
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
    kamaji-etcd:
      fullnameOverride: etcd
--- a/packages/extra/versions_map
+++ b/packages/extra/versions_map
@@ -1,4 +1,3 @@
-etcd 1.0.0 f7eaab0
+etcd 1.0.0 HEAD
 etcd 2.0.0 HEAD
 ingress 1.0.0 HEAD
 monitoring 1.0.0 HEAD
--- a/packages/system/capi-providers/templates/providers.yaml
+++ b/packages/system/capi-providers/templates/providers.yaml
@@ -13,7 +13,7 @@ spec:
  deployment:
    containers:
    - name: manager
-      imageUrl: ghcr.io/kvaps/test:cluster-api-control-plane-provider-kamaji-v0.7.1-fix
+      imageUrl: ghcr.io/kvaps/test:cluster-api-control-plane-provider-kamaji-v0.6.0-fix7
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: BootstrapProvider
--- a/packages/system/dashboard/charts/kubeapps/Chart.lock
+++ b/packages/system/dashboard/charts/kubeapps/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: redis
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 19.0.2
+  version: 18.19.2
 - name: postgresql
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.2.4
+  version: 13.4.6
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.19.1
+  version: 2.19.0
-digest: sha256:2ff034d67cb1b9c11f0243b3ab9a6a8642bf12142df2f86043f9006adf6dbba1
+digest: sha256:b4965a22517e61212e78abb8d1cbe86e800c8664b3139e2047f4bd62b3e55b24
-generated: "2024-04-08T09:01:34.727544997Z"
+generated: "2024-03-13T11:51:34.216594+01:00"
--- a/packages/system/dashboard/charts/kubeapps/Chart.yaml
+++ b/packages/system/dashboard/charts/kubeapps/Chart.yaml
@@ -2,33 +2,33 @@ annotations:
  category: Infrastructure
  images: |
    - name: kubeapps-apis
-      image: docker.io/bitnami/kubeapps-apis:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-12-r19
    - name: kubeapps-apprepository-controller
-      image: docker.io/bitnami/kubeapps-apprepository-controller:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-12-r18
    - name: kubeapps-asset-syncer
-      image: docker.io/bitnami/kubeapps-asset-syncer:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-12-r19
    - name: kubeapps-dashboard
-      image: docker.io/bitnami/kubeapps-dashboard:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-12-r18
    - name: kubeapps-oci-catalog
-      image: docker.io/bitnami/kubeapps-oci-catalog:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-12-r17
    - name: kubeapps-pinniped-proxy
-      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-12-r17
    - name: nginx
-      image: docker.io/bitnami/nginx:1.25.4-debian-12-r7
+      image: docker.io/bitnami/nginx:1.25.4-debian-12-r3
    - name: oauth2-proxy
-      image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r7
+      image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r4
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.10.0
+appVersion: 2.9.0
 dependencies:
 - condition: packaging.flux.enabled
  name: redis
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 19.x.x
+  version: 18.x.x
 - condition: packaging.helm.enabled
  name: postgresql
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.x.x
+  version: 13.x.x
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
  tags:
@@ -51,4 +51,4 @@ maintainers:
 name: kubeapps
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kubeapps
-version: 15.0.2
+version: 14.7.2
--- a/packages/system/dashboard/charts/kubeapps/README.md
+++ b/packages/system/dashboard/charts/kubeapps/README.md
--- a/packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
  category: Infrastructure
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.19.1
+appVersion: 2.19.0
 description: A Library Helm Chart for grouping common logic between bitnami charts.
  This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.19.1
+version: 2.19.0
--- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl
@@ -11,7 +11,7 @@ These presets are for basic testing and not meant to be used in production
 {{ include "common.resources.preset" (dict "type" "nano") -}}
 */}}
 {{- define "common.resources.preset" -}}
-{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}}
+{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
 {{- $presets := dict 
  "nano" (dict 
      "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
@@ -34,11 +34,11 @@ These presets are for basic testing and not meant to be used in production
      "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
   )
  "xlarge" (dict 
-      "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
   )
  "2xlarge" (dict 
-      "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
   )
 }}
@@ -47,4 +47,4 @@ These presets are for basic testing and not meant to be used in production
 {{- else -}}
 {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
 {{- end -}}
-{{- end -}}
+{{- end -}}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml
@@ -35,4 +35,4 @@ maintainers:
 name: redis
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/redis
-version: 19.0.2
+version: 18.19.2
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/README.md
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/README.md
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml
@@ -28,8 +28,8 @@ spec:
      {{- if .Values.metrics.podMonitor.honorLabels }}
      honorLabels: {{ .Values.metrics.podMonitor.honorLabels }}
      {{- end }}
-      {{- with concat .Values.metrics.podMonitor.relabelings .Values.metrics.podMonitor.relabellings }}
+      {{- if .Values.metrics.podMonitor.relabellings }}
-      relabelings: {{- toYaml . | nindent 6 }}
+      relabelings: {{- toYaml .Values.metrics.podMonitor.relabellings | nindent 6 }}
      {{- end }}
      {{- if .Values.metrics.podMonitor.metricRelabelings }}
      metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }}
@@ -45,8 +45,8 @@ spec:
      {{- if .honorLabels }}
      honorLabels: {{ .honorLabels }}
      {{- end }}
-      {{- with concat .Values.metrics.podMonitor.relabelings .Values.metrics.podMonitor.relabellings }}
+      {{- if .relabellings }}
-      relabelings: {{- toYaml . | nindent 6 }}
+      relabelings: {{- toYaml .relabellings | nindent 6 }}
      {{- end }}
      {{- if .metricRelabelings }}
      metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/statefulset.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/statefulset.yaml
@@ -598,9 +598,8 @@ spec:
          image: {{ template "redis.kubectl.image" . }}
          imagePullPolicy: {{ .Values.kubectl.image.pullPolicy | quote }}
          command: {{- toYaml .Values.kubectl.command | nindent 12 }}
-          {{- if .Values.kubectl.containerSecurityContext.enabled }}
+          securityContext:
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubectl.containerSecurityContext "context" $) | nindent 12 }}
+            runAsUser: 0
          {{- end }}
          volumeMounts:
            - name: kubectl-shared
              mountPath: /etc/shared
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/servicemonitor.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/servicemonitor.yaml
@@ -28,8 +28,8 @@ spec:
      {{- if .Values.metrics.serviceMonitor.honorLabels }}
      honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
      {{- end }}
-      {{- with concat .Values.metrics.serviceMonitor.relabelings .Values.metrics.serviceMonitor.relabellings }}
+      {{- if .Values.metrics.serviceMonitor.relabellings }}
-      relabelings: {{- toYaml . | nindent 6 }}
+      relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
      {{- end }}
      {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
      metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
@@ -45,8 +45,8 @@ spec:
      {{- if .honorLabels }}
      honorLabels: {{ .honorLabels }}
      {{- end }}
-      {{- with concat .Values.metrics.serviceMonitor.relabelings .Values.metrics.serviceMonitor.relabellings }}
+      {{- if .relabellings }}
-      relabelings: {{- toYaml . | nindent 6 }}
+      relabelings: {{- toYaml .relabellings | nindent 6 }}
      {{- end }}
      {{- if .metricRelabelings }}
      metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/values.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/values.yaml
@@ -30,7 +30,7 @@ global:
    openshift:
      ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
      ##
-      adaptSecurityContext: auto
+      adaptSecurityContext: disabled
 ## @section Common parameters
 ##
@@ -275,7 +275,7 @@ master:
  ## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
  ## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
@@ -315,12 +315,12 @@ master:
  ##
  containerSecurityContext:
    enabled: true
-    seLinuxOptions: {}
+    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    seccompProfile:
      type: RuntimeDefault
    capabilities:
@@ -737,7 +737,7 @@ replica:
  ## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
  ## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
@@ -777,12 +777,12 @@ replica:
  ##
  containerSecurityContext:
    enabled: true
-    seLinuxOptions: {}
+    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    seccompProfile:
      type: RuntimeDefault
    capabilities:
@@ -1306,7 +1306,7 @@ sentinel:
  ## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
  ## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
@@ -1332,12 +1332,12 @@ sentinel:
  ##
  containerSecurityContext:
    enabled: true
-    seLinuxOptions: {}
+    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    seccompProfile:
      type: RuntimeDefault
    capabilities:
@@ -1708,12 +1708,12 @@ metrics:
  ##
  containerSecurityContext:
    enabled: true
-    seLinuxOptions: {}
+    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    seccompProfile:
      type: RuntimeDefault
    capabilities:
@@ -1729,7 +1729,7 @@ metrics:
  ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
  ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
@@ -1812,10 +1812,7 @@ metrics:
    ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
    ##
    scrapeTimeout: ""
-    ## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
+    ## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
    ##
    relabelings: []
    ## @skip metrics.serviceMonitor.relabellings DEPRECATED: Use `metrics.serviceMonitor.relabelings` instead.
    ##
    relabellings: []
    ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
@@ -1869,10 +1866,7 @@ metrics:
    ## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended
    ##
    scrapeTimeout: ""
-    ## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
+    ## @param metrics.podMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
    ##
    relabelings: []
    ## @skip metrics.podMonitor.relabellings DEPRECATED: Use `metrics.podMonitor.relabelings` instead.
    ##
    relabellings: []
    ## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
@@ -1994,7 +1988,7 @@ volumePermissions:
  ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
  ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
@@ -2015,7 +2009,7 @@ volumePermissions:
  ##   "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
  ##
  containerSecurityContext:
-    seLinuxOptions: {}
+    seLinuxOptions: null
    runAsUser: 0
 ## Kubectl InitContainer
@@ -2052,30 +2046,6 @@ kubectl:
  ## @param kubectl.command kubectl command to execute
  ##
  command: ["/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh"]
  ## Configure Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param kubectl.containerSecurityContext.enabled Enabled kubectl containers' Security Context
  ## @param kubectl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
  ## @param kubectl.containerSecurityContext.runAsUser Set kubectl containers' Security Context runAsUser
  ## @param kubectl.containerSecurityContext.runAsGroup Set kubectl containers' Security Context runAsGroup
  ## @param kubectl.containerSecurityContext.runAsNonRoot Set kubectl containers' Security Context runAsNonRoot
  ## @param kubectl.containerSecurityContext.allowPrivilegeEscalation Set kubectl containers' Security Context allowPrivilegeEscalation
  ## @param kubectl.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
  ## @param kubectl.containerSecurityContext.seccompProfile.type Set kubectl containers' Security Context seccompProfile
  ## @param kubectl.containerSecurityContext.capabilities.drop Set kubectl containers' Security Context capabilities to drop
  ##
  containerSecurityContext:
    enabled: true
    seLinuxOptions: {}
    runAsUser: 1001
    runAsGroup: 1001
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
    seccompProfile:
      type: RuntimeDefault
    capabilities:
      drop: ["ALL"]
  ## Bitnami Kubectl resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
  ## @param kubectl.resources.limits The resources limits for the kubectl containers
@@ -2126,7 +2096,7 @@ sysctl:
  ## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
  ## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
  ## Example:
  ## resources:
--- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/deployment.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/apprepository/deployment.yaml
@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
  name: {{ template "kubeapps.apprepository.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/networkpolicy.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/apprepository/networkpolicy.yaml
@@ -1,59 +0,0 @@
 {{- /*
 Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 {{- if and .Values.packaging.helm.enabled .Values.apprepository.networkPolicy.enabled }}
 kind: NetworkPolicy
 apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
 metadata:
  name: {{ include "kubeapps.apprepository.fullname" . }}
  namespace: {{ include "common.names.namespace" . | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: apprepository
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
 spec:
  policyTypes:
    - Ingress
    - Egress
  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.apprepository.podLabels .Values.commonLabels ) "context" . ) }}
  podSelector:
    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
      app.kubernetes.io/component: apprepository
  {{- if .Values.apprepository.networkPolicy.allowExternalEgress }}
  egress:
    - {}
  {{- else }}
  egress:
    # Allow dns resolution
    - ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP
        {{- range $port := .Values.apprepository.networkPolicy.kubeAPIServerPorts }}
        - port: {{ $port }}
        {{- end }}
    # Allow connection to PostgreSQL
    - ports:
        - port: {{ include "kubeapps.postgresql.port" . }}
      {{- if .Values.postgresql.enabled }}
      to:
        - podSelector:
            matchLabels:
              app.kubernetes.io/name: postgresql
              app.kubernetes.io/instance: {{ .Release.Name }}
      {{- end }}
    {{- if .Values.apprepository.networkPolicy.extraEgress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.apprepository.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
    {{- end }}
  {{- end }}
  ingress:
    {{- if .Values.apprepository.networkPolicy.extraIngress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.apprepository.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/rbac.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/apprepository/rbac.yaml
@@ -12,7 +12,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: Role
 metadata:
  name: {{ template "kubeapps.apprepository.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: apprepository
  {{- if .Values.commonAnnotations }}
@@ -73,7 +73,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: RoleBinding
 metadata:
  name: {{ template "kubeapps.apprepository.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: apprepository
  {{- if .Values.commonAnnotations }}
@@ -112,7 +112,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: Role
 metadata:
  name: {{ printf "%s-repositories-read" .Release.Name }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: apprepository
  {{- if .Values.commonAnnotations }}
@@ -132,7 +132,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: Role
 metadata:
  name: {{ printf "%s-repositories-write" .Release.Name }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: apprepository
  {{- if .Values.commonAnnotations }}
--- a/packages/system/dashboard/charts/kubeapps/templates/apprepository/serviceaccount.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/apprepository/serviceaccount.yaml
@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "kubeapps.apprepository.serviceAccountName" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "kubeapps.dashboard-config.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/deployment.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/deployment.yaml
@@ -3,12 +3,12 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
-{{- if .Values.dashboard.enabled }}
+{{- if .Values.dashboard.enabled -}}
 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
  name: {{ template "kubeapps.dashboard.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/networkpolicy.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/networkpolicy.yaml
@@ -1,71 +0,0 @@
 {{- /*
 Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 {{- if and .Values.dashboard.enabled .Values.dashboard.networkPolicy.enabled }}
 kind: NetworkPolicy
 apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
 metadata:
  name: {{ include "kubeapps.dashboard.fullname" . }}
  namespace: {{ include "common.names.namespace" . | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: dashboard
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
 spec:
  policyTypes:
    - Ingress
    - Egress
  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels $versionLabel ) "context" . ) }}
  podSelector:
    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
      app.kubernetes.io/component: dashboard
  {{- if .Values.dashboard.networkPolicy.allowExternalEgress }}
  egress:
    - {}
  {{- else }}
  egress:
    # Allow dns resolution
    - ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP
        {{- range $port := .Values.dashboard.networkPolicy.kubeAPIServerPorts }}
        - port: {{ $port }}
        {{- end }}
    {{- if .Values.dashboard.networkPolicy.extraEgress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
    {{- end }}
  {{- end }}
  ingress:
    # Allow inbound connections
    - ports:
        - port: {{ .Values.dashboard.containerPorts.http }}
      {{- if not .Values.dashboard.networkPolicy.allowExternal }}
      from:
        - podSelector:
            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
        {{- if .Values.dashboard.networkPolicy.ingressNSMatchLabels }}
        - namespaceSelector:
            matchLabels:
              {{- range $key, $value := .Values.dashboard.networkPolicy.ingressNSMatchLabels }}
              {{ $key | quote }}: {{ $value | quote }}
              {{- end }}
          {{- if .Values.dashboard.networkPolicy.ingressNSPodMatchLabels }}
          podSelector:
            matchLabels:
              {{- range $key, $value := .Values.dashboard.networkPolicy.ingressNSPodMatchLabels }}
              {{ $key | quote }}: {{ $value | quote }}
              {{- end }}
          {{- end }}
        {{- end }}
      {{- end }}
    {{- if .Values.dashboard.networkPolicy.extraIngress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/service.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/service.yaml
@@ -8,7 +8,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "kubeapps.dashboard.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml
@@ -7,7 +7,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "kubeapps.frontend-config.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/frontend/deployment.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/frontend/deployment.yaml
@@ -7,7 +7,7 @@ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/frontend/networkpolicy.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/frontend/networkpolicy.yaml
@@ -1,77 +0,0 @@
 {{- /*
 Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 {{- if .Values.frontend.networkPolicy.enabled }}
 kind: NetworkPolicy
 apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
 metadata:
  name: {{ include "common.names.fullname" . }}
  namespace: {{ include "common.names.namespace" . | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: frontend
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
 spec:
  policyTypes:
    - Ingress
    - Egress
  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.frontend.podLabels .Values.commonLabels $versionLabel ) "context" . ) }}
  podSelector:
    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
      app.kubernetes.io/component: frontend
  {{- if .Values.frontend.networkPolicy.allowExternalEgress }}
  egress:
    - {}
  {{- else }}
  egress:
    # Allow dns resolution
    - ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP
        {{- range $port := .Values.frontend.networkPolicy.kubeAPIServerPorts }}
        - port: {{ $port }}
        {{- end }}
    {{- if .Values.frontend.networkPolicy.extraEgress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.frontend.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
    {{- end }}
  {{- end }}
  ingress:
    # Allow inbound connections
    - ports:
        - port: {{ .Values.frontend.containerPorts.http }}
        {{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }}
        - port: {{ .Values.authProxy.containerPorts.proxy }}
        {{- end }}
        {{- if .Values.pinnipedProxy.enabled }}
        - port: {{ .Values.pinnipedProxy.containerPorts.pinnipedProxy }}
        {{- end }}
      {{- if not .Values.frontend.networkPolicy.allowExternal }}
      from:
        - podSelector:
            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
        {{- if .Values.frontend.networkPolicy.ingressNSMatchLabels }}
        - namespaceSelector:
            matchLabels:
              {{- range $key, $value := .Values.frontend.networkPolicy.ingressNSMatchLabels }}
              {{ $key | quote }}: {{ $value | quote }}
              {{- end }}
          {{- if .Values.frontend.networkPolicy.ingressNSPodMatchLabels }}
          podSelector:
            matchLabels:
              {{- range $key, $value := .Values.frontend.networkPolicy.ingressNSPodMatchLabels }}
              {{ $key | quote }}: {{ $value | quote }}
              {{- end }}
          {{- end }}
        {{- end }}
      {{- end }}
    {{- if .Values.frontend.networkPolicy.extraIngress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.frontend.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/templates/frontend/oauth2-secret.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/frontend/oauth2-secret.yaml
@@ -8,7 +8,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ template "kubeapps.oauth2_proxy-secret.name" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/frontend/service.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/frontend/service.yaml
@@ -7,7 +7,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
@@ -64,7 +64,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "kubeapps.pinniped-proxy.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: frontend
  {{- if or .Values.pinnipedProxy.service.annotations .Values.commonAnnotations }}
--- a/packages/system/dashboard/charts/kubeapps/templates/ingress-api.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/ingress-api.yaml
@@ -15,7 +15,7 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
  name: {{ template "common.names.fullname" . }}-http-api
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
@@ -75,7 +75,7 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if or .Values.featureFlags.apiOnly.grpc.annotations .Values.ingress.annotations .Values.commonAnnotations }}
  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.featureFlags.apiOnly.grpc.annotations .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
--- a/packages/system/dashboard/charts/kubeapps/templates/ingress.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/ingress.yaml
@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
--- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/configmap.yaml
@@ -7,7 +7,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ printf "%s-configmap" (include "kubeapps.kubeappsapis.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml
@@ -7,7 +7,7 @@ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
  name: {{ template "kubeapps.kubeappsapis.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/networkpolicy.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/networkpolicy.yaml
@@ -1,74 +0,0 @@
 {{- /*
 Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 {{- if .Values.kubeappsapis.networkPolicy.enabled }}
 kind: NetworkPolicy
 apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
 metadata:
  name: {{ template "kubeapps.kubeappsapis.fullname" . }}
  namespace: {{ include "common.names.namespace" . | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: kubeappsapis
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
 spec:
  policyTypes:
    - Ingress
    - Egress
  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.kubeappsapis.podLabels .Values.commonLabels $versionLabel ) "context" . ) }}
  podSelector:
    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
      app.kubernetes.io/component: kubeappsapis
  {{- if .Values.kubeappsapis.networkPolicy.allowExternalEgress }}
  egress:
    - {}
  {{- else }}
  egress:
    # Allow dns resolution
    - ports:
        - port: 53
          protocol: UDP
        - port: 53
          protocol: TCP
        {{- range $port := .Values.kubeappsapis.networkPolicy.kubeAPIServerPorts }}
        - port: {{ $port }}
        {{- end }}
    {{- if .Values.kubeappsapis.networkPolicy.extraEgress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.kubeappsapis.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
    {{- end }}
  {{- end }}
  ingress:
    # Allow inbound connections
    - ports:
        - port: {{ .Values.kubeappsapis.containerPorts.http }}
        {{- if .Values.ociCatalog.enabled }}
        - port: {{ .Values.ociCatalog.containerPorts.grpc }}
        {{- end }}
      {{- if not .Values.kubeappsapis.networkPolicy.allowExternal }}
      from:
        - podSelector:
            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
        {{- if .Values.kubeappsapis.networkPolicy.ingressNSMatchLabels }}
        - namespaceSelector:
            matchLabels:
              {{- range $key, $value := .Values.kubeappsapis.networkPolicy.ingressNSMatchLabels }}
              {{ $key | quote }}: {{ $value | quote }}
              {{- end }}
          {{- if .Values.kubeappsapis.networkPolicy.ingressNSPodMatchLabels }}
          podSelector:
            matchLabels:
              {{- range $key, $value := .Values.kubeappsapis.networkPolicy.ingressNSPodMatchLabels }}
              {{ $key | quote }}: {{ $value | quote }}
              {{- end }}
          {{- end }}
        {{- end }}
      {{- end }}
    {{- if .Values.kubeappsapis.networkPolicy.extraIngress }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.kubeappsapis.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml
@@ -53,6 +53,6 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }}
-    namespace: {{ include "common.names.namespace" . | quote }}
+    namespace: {{ .Release.Namespace | quote }}
 {{- end }}
 {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/service.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/service.yaml
@@ -7,7 +7,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "kubeapps.kubeappsapis.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/serviceaccount.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/serviceaccount.yaml
@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/shared/config.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/shared/config.yaml
@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "kubeapps.clusters-config.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/templates/tls-secrets.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/tls-secrets.yaml
@@ -30,7 +30,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ $secretName }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/values.yaml
+++ b/packages/system/dashboard/charts/kubeapps/values.yaml
@@ -26,7 +26,7 @@ global:
    openshift:
      ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
      ##
-      adaptSecurityContext: auto
+      adaptSecurityContext: disabled
 ## @section Common parameters
 ## @param kubeVersion Override Kubernetes version
@@ -211,7 +211,7 @@ frontend:
  image:
    registry: docker.io
    repository: bitnami/nginx
-    tag: 1.25.4-debian-12-r7
+    tag: 1.25.4-debian-12-r3
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -258,21 +258,22 @@ frontend:
    type: RollingUpdate
  ## Frontend containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param frontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production).
+  ## @param frontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "micro"
+  resourcesPreset: "none"
-  ## @param frontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## @param frontend.resources.limits.cpu The CPU limits for the NGINX container
-  ## Example:
+  ## @param frontend.resources.limits.memory The memory limits for the NGINX container
-  ## resources:
+  ## @param frontend.resources.requests.cpu The requested CPU for the NGINX container
-  ##   requests:
+  ## @param frontend.resources.requests.memory The requested memory for the NGINX container
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
-  resources: {}
+  resources:
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## @param frontend.extraEnvVars Array with extra environment variables to add to the NGINX container
  ## e.g:
  ## extraEnvVars:
@@ -321,10 +322,10 @@ frontend:
    enabled: true
    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
@@ -536,64 +537,6 @@ frontend:
    ##     timeoutSeconds: 300
    ##
    sessionAffinityConfig: {}
  ## Network Policies
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
  ##
  networkPolicy:
    ## @param frontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
    ##
    enabled: true
    ## @param frontend.networkPolicy.allowExternal Don't require server label for connections
    ## The Policy model to apply. When set to false, only pods with the correct
    ## server label will have network access to the ports server is listening
    ## on. When true, server will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## @param frontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
    ##
    allowExternalEgress: true
    ## @param frontend.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
    ##
    kubeAPIServerPorts: [443, 6443, 8443]
    ## @param frontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
    ## e.g:
    ## extraIngress:
    ##   - ports:
    ##       - port: 1234
    ##     from:
    ##       - podSelector:
    ##           - matchLabels:
    ##               - role: frontend
    ##       - podSelector:
    ##           - matchExpressions:
    ##               - key: role
    ##                 operator: In
    ##                 values:
    ##                   - frontend
    extraIngress: []
    ## @param frontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
    ## e.g:
    ## extraEgress:
    ##   - ports:
    ##       - port: 1234
    ##     to:
    ##       - podSelector:
    ##           - matchLabels:
    ##               - role: frontend
    ##       - podSelector:
    ##           - matchExpressions:
    ##               - key: role
    ##                 operator: In
    ##                 values:
    ##                   - frontend
    ##
    extraEgress: []
    ## @param frontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
    ## @param frontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
    ##
    ingressNSMatchLabels: {}
    ingressNSPodMatchLabels: {}
 ## @section Dashboard parameters
 ## Dashboard parameters
@@ -615,7 +558,7 @@ dashboard:
  image:
    registry: docker.io
    repository: bitnami/kubeapps-dashboard
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r18
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -711,21 +654,22 @@ dashboard:
    http: 8080
  ## Dashboard containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param dashboard.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production).
+  ## @param dashboard.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "micro"
+  resourcesPreset: "none"
-  ## @param dashboard.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## @param dashboard.resources.limits.cpu The CPU limits for the Dashboard container
-  ## Example:
+  ## @param dashboard.resources.limits.memory The memory limits for the Dashboard container
-  ## resources:
+  ## @param dashboard.resources.requests.cpu The requested CPU for the Dashboard container
-  ##   requests:
+  ## @param dashboard.resources.requests.memory The requested memory for the Dashboard container
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
-  resources: {}
+  resources:
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context
@@ -757,10 +701,10 @@ dashboard:
    enabled: true
    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
@@ -932,64 +876,6 @@ dashboard:
    ## @param dashboard.service.annotations Additional custom annotations for Dashboard service
    ##
    annotations: {}
  ## Network Policies
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
  ##
  networkPolicy:
    ## @param dashboard.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
    ##
    enabled: true
    ## @param dashboard.networkPolicy.allowExternal Don't require server label for connections
    ## The Policy model to apply. When set to false, only pods with the correct
    ## server label will have network access to the ports server is listening
    ## on. When true, server will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## @param dashboard.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
    ##
    allowExternalEgress: true
    ## @param dashboard.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
    ##
    kubeAPIServerPorts: [443, 6443, 8443]
    ## @param dashboard.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
    ## e.g:
    ## extraIngress:
    ##   - ports:
    ##       - port: 1234
    ##     from:
    ##       - podSelector:
    ##           - matchLabels:
    ##               - role: frontend
    ##       - podSelector:
    ##           - matchExpressions:
    ##               - key: role
    ##                 operator: In
    ##                 values:
    ##                   - frontend
    extraIngress: []
    ## @param dashboard.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
    ## e.g:
    ## extraEgress:
    ##   - ports:
    ##       - port: 1234
    ##     to:
    ##       - podSelector:
    ##           - matchLabels:
    ##               - role: frontend
    ##       - podSelector:
    ##           - matchExpressions:
    ##               - key: role
    ##                 operator: In
    ##                 values:
    ##                   - frontend
    ##
    extraEgress: []
    ## @param dashboard.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
    ## @param dashboard.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
    ##
    ingressNSMatchLabels: {}
    ingressNSPodMatchLabels: {}
 ## @section AppRepository Controller parameters
 ## AppRepository Controller parameters
@@ -1007,7 +893,7 @@ apprepository:
  image:
    registry: docker.io
    repository: bitnami/kubeapps-apprepository-controller
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r18
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1034,7 +920,7 @@ apprepository:
  syncImage:
    registry: docker.io
    repository: bitnami/kubeapps-asset-syncer
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r19
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1143,21 +1029,22 @@ apprepository:
    type: RollingUpdate
  ## AppRepository Controller containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param apprepository.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production).
+  ## @param apprepository.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "micro"
+  resourcesPreset: "none"
-  ## @param apprepository.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## @param apprepository.resources.limits.cpu The CPU limits for the AppRepository Controller container
-  ## Example:
+  ## @param apprepository.resources.limits.memory The memory limits for the AppRepository Controller container
-  ## resources:
+  ## @param apprepository.resources.requests.cpu The requested CPU for the AppRepository Controller container
-  ##   requests:
+  ## @param apprepository.resources.requests.memory The requested memory for the AppRepository Controller container
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
-  resources: {}
+  resources:
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param apprepository.podSecurityContext.enabled Enabled AppRepository Controller pods' Security Context
@@ -1189,10 +1076,10 @@ apprepository:
    enabled: true
    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
@@ -1312,52 +1199,6 @@ apprepository:
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: []
  ## Network Policies
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
  ##
  networkPolicy:
    ## @param apprepository.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
    ##
    enabled: true
    ## @param apprepository.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
    ##
    allowExternalEgress: true
    ## @param apprepository.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
    ##
    kubeAPIServerPorts: [443, 6443, 8443]
    ## @param apprepository.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
    ## e.g:
    ## extraIngress:
    ##   - ports:
    ##       - port: 1234
    ##     from:
    ##       - podSelector:
    ##           - matchLabels:
    ##               - role: frontend
    ##       - podSelector:
    ##           - matchExpressions:
    ##               - key: role
    ##                 operator: In
    ##                 values:
    ##                   - frontend
    extraIngress: []
    ## @param apprepository.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
    ## e.g:
    ## extraEgress:
    ##   - ports:
    ##       - port: 1234
    ##     to:
    ##       - podSelector:
    ##           - matchLabels:
    ##               - role: frontend
    ##       - podSelector:
    ##           - matchExpressions:
    ##               - key: role
    ##                 operator: In
    ##                 values:
    ##                   - frontend
    ##
    extraEgress: []
  ## AppRepository Controller Service Account
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  ## @param apprepository.serviceAccount.create Specifies whether a ServiceAccount should be created
@@ -1391,7 +1232,7 @@ authProxy:
  image:
    registry: docker.io
    repository: bitnami/oauth2-proxy
-    tag: 7.6.0-debian-12-r7
+    tag: 7.6.0-debian-12-r4
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1501,10 +1342,10 @@ authProxy:
    enabled: true
    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
@@ -1512,21 +1353,22 @@ authProxy:
      type: "RuntimeDefault"
  ## OAuth2 Proxy containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param authProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production).
+  ## @param authProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "micro"
+  resourcesPreset: "none"
-  ## @param authProxy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## @param authProxy.resources.limits.cpu The CPU limits for the OAuth2 Proxy container
-  ## Example:
+  ## @param authProxy.resources.limits.memory The memory limits for the OAuth2 Proxy container
-  ## resources:
+  ## @param authProxy.resources.requests.cpu The requested CPU for the OAuth2 Proxy container
-  ##   requests:
+  ## @param authProxy.resources.requests.memory The requested memory for the OAuth2 Proxy container
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
-  resources: {}
+  resources:
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi
 ## @section Pinniped Proxy parameters
 ## Pinniped Proxy configuration for converting user OIDC tokens to k8s client authorization certs
@@ -1547,7 +1389,7 @@ pinnipedProxy:
  image:
    registry: docker.io
    repository: bitnami/kubeapps-pinniped-proxy
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r17
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1631,10 +1473,10 @@ pinnipedProxy:
    enabled: true
    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
@@ -1642,21 +1484,24 @@ pinnipedProxy:
      type: "RuntimeDefault"
  ## Pinniped Proxy containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param pinnipedProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production).
+  ## @param pinnipedProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "micro"
+  resourcesPreset: "none"
-  ## @param pinnipedProxy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## Pinniped Proxy containers' resource requests and limits
-  ## Example:
+  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## resources:
+  ## @param pinnipedProxy.resources.limits.cpu The CPU limits for the Pinniped Proxy container
-  ##   requests:
+  ## @param pinnipedProxy.resources.limits.memory The memory limits for the Pinniped Proxy container
-  ##     cpu: 2
+  ## @param pinnipedProxy.resources.requests.cpu The requested CPU for the Pinniped Proxy container
-  ##     memory: 512Mi
+  ## @param pinnipedProxy.resources.requests.memory The requested memory for the Pinniped Proxy container
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
-  resources: {}
+  resources:
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Pinniped Proxy service parameters
  ##
  service:
@@ -1764,22 +1609,19 @@ postgresql:
    enabled: false
  ## PostgreSQL containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param postgresql.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production).
+  ## @param postgresql.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "micro"
+  resourcesPreset: "none"
-  ## @param postgresql.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## @param postgresql.resources.limits The resources limits for the PostgreSQL container
-  ## Example:
+  ## @param postgresql.resources.requests.cpu The requested CPU for the PostgreSQL container
-  ## resources:
+  ## @param postgresql.resources.requests.memory The requested memory for the PostgreSQL container
  ##   requests:
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
-  ##
+  resources:
-  resources: {}
+    limits: {}
    requests:
      memory: 256Mi
      cpu: 250m
 ## @section kubeappsapis parameters
 kubeappsapis:
  ## @param kubeappsapis.enabledPlugins Manually override which plugins are enabled for the Kubeapps-APIs service
@@ -1862,7 +1704,7 @@ kubeappsapis:
  image:
    registry: docker.io
    repository: bitnami/kubeapps-apis
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r19
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1923,21 +1765,22 @@ kubeappsapis:
    http: 50051
  ## KubeappsAPIs containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param kubeappsapis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production).
+  ## @param kubeappsapis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "micro"
+  resourcesPreset: "none"
-  ## @param kubeappsapis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## @param kubeappsapis.resources.limits.cpu The CPU limits for the KubeappsAPIs container
-  ## Example:
+  ## @param kubeappsapis.resources.limits.memory The memory limits for the KubeappsAPIs container
-  ## resources:
+  ## @param kubeappsapis.resources.requests.cpu The requested CPU for the KubeappsAPIs container
-  ##   requests:
+  ## @param kubeappsapis.resources.requests.memory The requested memory for the KubeappsAPIs container
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
-  resources: {}
+  resources:
    limits:
      cpu: 250m
      memory: 256Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context
@@ -1969,10 +1812,10 @@ kubeappsapis:
    enabled: true
    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
@@ -2144,64 +1987,6 @@ kubeappsapis:
    ## @param kubeappsapis.service.annotations Additional custom annotations for KubeappsAPIs service
    ##
    annotations: {}
  ## Network Policies
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
  ##
  networkPolicy:
    ## @param kubeappsapis.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
    ##
    enabled: true
    ## @param kubeappsapis.networkPolicy.allowExternal Don't require server label for connections
    ## The Policy model to apply. When set to false, only pods with the correct
    ## server label will have network access to the ports server is listening
    ## on. When true, server will accept connections from any source
    ## (with the correct destination port).
    ##
    allowExternal: true
    ## @param kubeappsapis.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
    ##
    allowExternalEgress: true
    ## @param kubeappsapis.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
    ##
    kubeAPIServerPorts: [443, 6443, 8443]
    ## @param kubeappsapis.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
    ## e.g:
    ## extraIngress:
    ##   - ports:
    ##       - port: 1234
    ##     from:
    ##       - podSelector:
    ##           - matchLabels:
    ##               - role: frontend
    ##       - podSelector:
    ##           - matchExpressions:
    ##               - key: role
    ##                 operator: In
    ##                 values:
    ##                   - frontend
    extraIngress: []
    ## @param kubeappsapis.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
    ## e.g:
    ## extraEgress:
    ##   - ports:
    ##       - port: 1234
    ##     to:
    ##       - podSelector:
    ##           - matchLabels:
    ##               - role: frontend
    ##       - podSelector:
    ##           - matchExpressions:
    ##               - key: role
    ##                 operator: In
    ##                 values:
    ##                   - frontend
    ##
    extraEgress: []
    ## @param kubeappsapis.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
    ## @param kubeappsapis.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
    ##
    ingressNSMatchLabels: {}
    ingressNSPodMatchLabels: {}
  ## kubeappsapis Service Account
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  ## @param kubeappsapis.serviceAccount.create Specifies whether a ServiceAccount should be created
@@ -2232,7 +2017,7 @@ ociCatalog:
  image:
    registry: docker.io
    repository: bitnami/kubeapps-oci-catalog
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r17
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -2272,21 +2057,22 @@ ociCatalog:
    grpc: 50061
  ## OCI Catalog containers' resource requests and limits
  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-  ## @param ociCatalog.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production).
+  ## @param ociCatalog.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production).
  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
  ##
-  resourcesPreset: "micro"
+  resourcesPreset: "none"
-  ## @param ociCatalog.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## @param ociCatalog.resources.limits.cpu The CPU limits for the OCI Catalog container
-  ## Example:
+  ## @param ociCatalog.resources.limits.memory The memory limits for the OCI Catalog container
-  ## resources:
+  ## @param ociCatalog.resources.requests.cpu The requested CPU for the OCI Catalog container
-  ##   requests:
+  ## @param ociCatalog.resources.requests.memory The requested memory for the OCI Catalog container
  ##     cpu: 2
  ##     memory: 512Mi
  ##   limits:
  ##     cpu: 3
  ##     memory: 1024Mi
  ##
-  resources: {}
+  resources:
    limits:
      cpu: 250m
      memory: 256Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Configure Container Security Context (only main container)
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param ociCatalog.containerSecurityContext.enabled Enabled containers' Security Context
@@ -2304,10 +2090,10 @@ ociCatalog:
    enabled: true
    seLinuxOptions: null
    runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
    runAsNonRoot: true
    privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    capabilities:
      drop: ["ALL"]
@@ -2425,23 +2211,6 @@ redis:
      ## @param redis.master.persistence.enabled Enable Redis&reg; master data persistence using PVC
      ##
      enabled: false
    ## Redis&reg; master resource requests and limits
    ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
    ## @param redis.master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
    ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
    ##
    resourcesPreset: "nano"
    ## @param redis.master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
    ## Example:
    ## resources:
    ##   requests:
    ##     cpu: 2
    ##     memory: 512Mi
    ##   limits:
    ##     cpu: 3
    ##     memory: 1024Mi
    ##
    resources: {}
  replica:
    ## @param redis.replica.replicaCount Number of Redis&reg; replicas to deploy
    ##
--- a/packages/system/dashboard/images/dashboard.json
+++ b/packages/system/dashboard/images/dashboard.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:78b413d1c9a4ecf3bec9383444b3e85c01d8b33bf903c6443bfa5bdfd8b5bc04",
+  "containerimage.config.digest": "sha256:ebf11c0997c964a7eeadabecf3bade4c42f623cd03d4c742c8e0748d744f2b48",
-  "containerimage.digest": "sha256:ddfaadb33e33123f553a36a3ee5857a1bf53f312043f91d76ad24316591fd26e"
+  "containerimage.digest": "sha256:1f2ba6374064bdc927fc7e61c95f58a6f76c121c828d438d212f8772bc52b170"
 }
--- a/Show More
+++ b/Show More
`@@ -1,2 +1 @@`
	`replicas: 3`
	`external: false`	`external: false`
`@@ -1 +1 @@`
	`ghcr.io/aenix-io/cozystack/cozystack:v0.4.0`	`ghcr.io/aenix-io/cozystack/cozystack:v0.3.1`
`@@ -1 +1 @@`
	`ghcr.io/aenix-io/cozystack/matchbox:v1.7.1`	`ghcr.io/aenix-io/cozystack/matchbox:v1.6.4`