Update Cilium v1.14.5

README.md

@@ -33,7 +33,7 @@ You can use Cozystack as Kubernetes distribution for Bare Metal
 
 ## Documentation
 
-The documentation is located on official [cozystack.io](https://cozystack.io) website.
+The documentation is located on official [cozystack.io](cozystack.io) website.
 
 Read [Get Started](https://cozystack.io/docs/get-started/) section for a quick start.
 
@@ -44,8 +44,6 @@ If you encounter any difficulties, start with the [troubleshooting guide](https:
 Versioning adheres to the [Semantic Versioning](http://semver.org/) principles.  
 A full list of the available releases is available in the GitHub repository's [Release](https://github.com/aenix-io/cozystack/releases) section.
 
-- [Roadmap](https://github.com/orgs/aenix-io/projects/2)
-
 ## Contributions
 
 Contributions are highly appreciated and very welcomed!

packages/apps/http-cache/Makefile

@@ -2,7 +2,7 @@ PUSH := 1
 LOAD := 0
 REGISTRY := ghcr.io/aenix-io/cozystack
 NGINX_CACHE_TAG = v0.1.0
-TAG := v0.2.0
+TAG := v0.1.0
 
 image: image-nginx
 

packages/apps/kubernetes/Makefile

@@ -1,7 +1,7 @@
 PUSH := 1
 LOAD := 0
 REGISTRY := ghcr.io/aenix-io/cozystack
-TAG := v0.2.0
+TAG := v0.1.0
 UBUNTU_CONTAINER_DISK_TAG = v1.29.1
 
 image: image-ubuntu-container-disk

packages/core/installer/Makefile

@@ -3,7 +3,7 @@ NAME=installer
 PUSH := 1
 LOAD := 0
 REGISTRY := ghcr.io/aenix-io/cozystack
-TAG := v0.2.0
+TAG := v0.1.0
 TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' images/talos/profiles/installer.yaml)
 
 show:
@@ -21,7 +21,6 @@ update:
 image: image-cozystack image-talos image-matchbox
 
 image-cozystack:
-	make -C ../../.. repos
 	docker buildx build -f images/cozystack/Dockerfile ../../.. \
 		--provenance false \
 		--tag $(REGISTRY)/cozystack:$(TAG) \

packages/core/platform/Makefile

@@ -16,4 +16,4 @@ namespaces-apply:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -f-
 
 diff:
-	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -f-
+	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl diff -f-

packages/core/platform/bundles/full-distro.yaml

@@ -1,96 +0,0 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-
-releases:
-- name: cilium
-  releaseName: cilium
-  chart: cozy-cilium
-  namespace: cozy-cilium
-  privileged: true
-  dependsOn: []
-
-- name: fluxcd
-  releaseName: fluxcd
-  chart: cozy-fluxcd
-  namespace: cozy-fluxcd
-  dependsOn: [cilium]
-
-- name: cert-manager
-  releaseName: cert-manager
-  chart: cozy-cert-manager
-  namespace: cozy-cert-manager
-  dependsOn: [cilium]
-
-- name: cert-manager-issuers
-  releaseName: cert-manager-issuers
-  chart: cozy-cert-manager-issuers
-  namespace: cozy-cert-manager
-  dependsOn: [cilium,cert-manager]
-
-- name: victoria-metrics-operator
-  releaseName: victoria-metrics-operator
-  chart: cozy-victoria-metrics-operator
-  namespace: cozy-victoria-metrics-operator
-  dependsOn: [cilium,cert-manager]
-
-- name: monitoring
-  releaseName: monitoring
-  chart: cozy-monitoring
-  namespace: cozy-monitoring
-  privileged: true
-  dependsOn: [cilium,victoria-metrics-operator]
-
-- name: metallb
-  releaseName: metallb
-  chart: cozy-metallb
-  namespace: cozy-metallb
-  privileged: true
-  dependsOn: [cilium]
-
-- name: grafana-operator
-  releaseName: grafana-operator
-  chart: cozy-grafana-operator
-  namespace: cozy-grafana-operator
-  dependsOn: [cilium]
-
-- name: mariadb-operator
-  releaseName: mariadb-operator
-  chart: cozy-mariadb-operator
-  namespace: cozy-mariadb-operator
-  dependsOn: [cilium,cert-manager,victoria-metrics-operator]
-
-- name: postgres-operator
-  releaseName: postgres-operator
-  chart: cozy-postgres-operator
-  namespace: cozy-postgres-operator
-  dependsOn: [cilium,cert-manager]
-
-- name: rabbitmq-operator
-  releaseName: rabbitmq-operator
-  chart: cozy-rabbitmq-operator
-  namespace: cozy-rabbitmq-operator
-  dependsOn: [cilium]
-
-- name: redis-operator
-  releaseName: redis-operator
-  chart: cozy-redis-operator
-  namespace: cozy-redis-operator
-  dependsOn: [cilium]
-
-- name: piraeus-operator
-  releaseName: piraeus-operator
-  chart: cozy-piraeus-operator
-  namespace: cozy-linstor
-  dependsOn: [cilium,cert-manager]
-
-- name: linstor
-  releaseName: linstor
-  chart: cozy-linstor
-  namespace: cozy-linstor
-  privileged: true
-  dependsOn: [piraeus-operator,cilium,cert-manager]
-
-- name: telepresence
-  releaseName: traffic-manager
-  chart: cozy-telepresence
-  namespace: cozy-telepresence
-  dependsOn: [kubeovn]

packages/core/platform/bundles/full-paas.yaml

@@ -1,177 +0,0 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-
-releases:
-- name: cilium
-  releaseName: cilium
-  chart: cozy-cilium
-  namespace: cozy-cilium
-  privileged: true
-  dependsOn: []
-
-- name: kubeovn
-  releaseName: kubeovn
-  chart: cozy-kubeovn
-  namespace: cozy-kubeovn
-  privileged: true
-  dependsOn: [cilium]
-  values:
-    cozystack:
-      nodesHash: {{ include "cozystack.master-node-ips" . | sha256sum }}
-    kube-ovn:
-      ipv4:
-        POD_CIDR: "{{ index $cozyConfig.data "ipv4-pod-cidr" }}"
-        POD_GATEWAY: "{{ index $cozyConfig.data "ipv4-pod-gateway" }}"
-        SVC_CIDR: "{{ index $cozyConfig.data "ipv4-svc-cidr" }}"
-        JOIN_CIDR: "{{ index $cozyConfig.data "ipv4-join-cidr" }}"
-
-- name: fluxcd
-  releaseName: fluxcd
-  chart: cozy-fluxcd
-  namespace: cozy-fluxcd
-  dependsOn: [cilium,kubeovn]
-
-- name: cert-manager
-  releaseName: cert-manager
-  chart: cozy-cert-manager
-  namespace: cozy-cert-manager
-  dependsOn: [cilium,kubeovn]
-
-- name: cert-manager-issuers
-  releaseName: cert-manager-issuers
-  chart: cozy-cert-manager-issuers
-  namespace: cozy-cert-manager
-  dependsOn: [cilium,kubeovn,cert-manager]
-
-- name: victoria-metrics-operator
-  releaseName: victoria-metrics-operator
-  chart: cozy-victoria-metrics-operator
-  namespace: cozy-victoria-metrics-operator
-  dependsOn: [cilium,kubeovn,cert-manager]
-
-- name: monitoring
-  releaseName: monitoring
-  chart: cozy-monitoring
-  namespace: cozy-monitoring
-  privileged: true
-  dependsOn: [cilium,kubeovn,victoria-metrics-operator]
-
-- name: kubevirt-operator
-  releaseName: kubevirt-operator
-  chart: cozy-kubevirt-operator
-  namespace: cozy-kubevirt
-  dependsOn: [cilium,kubeovn]
-
-- name: kubevirt
-  releaseName: kubevirt
-  chart: cozy-kubevirt
-  namespace: cozy-kubevirt
-  privileged: true
-  dependsOn: [cilium,kubeovn,kubevirt-operator]
-
-- name: kubevirt-cdi-operator
-  releaseName: kubevirt-cdi-operator
-  chart: cozy-kubevirt-cdi-operator
-  namespace: cozy-kubevirt-cdi
-  dependsOn: [cilium,kubeovn]
-
-- name: kubevirt-cdi
-  releaseName: kubevirt-cdi
-  chart: cozy-kubevirt-cdi
-  namespace: cozy-kubevirt-cdi
-  dependsOn: [cilium,kubeovn,kubevirt-cdi-operator]
-
-- name: metallb
-  releaseName: metallb
-  chart: cozy-metallb
-  namespace: cozy-metallb
-  privileged: true
-  dependsOn: [cilium,kubeovn]
-
-- name: grafana-operator
-  releaseName: grafana-operator
-  chart: cozy-grafana-operator
-  namespace: cozy-grafana-operator
-  dependsOn: [cilium,kubeovn]
-
-- name: mariadb-operator
-  releaseName: mariadb-operator
-  chart: cozy-mariadb-operator
-  namespace: cozy-mariadb-operator
-  dependsOn: [cilium,kubeovn,cert-manager,victoria-metrics-operator]
-
-- name: postgres-operator
-  releaseName: postgres-operator
-  chart: cozy-postgres-operator
-  namespace: cozy-postgres-operator
-  dependsOn: [cilium,kubeovn,cert-manager]
-
-- name: rabbitmq-operator
-  releaseName: rabbitmq-operator
-  chart: cozy-rabbitmq-operator
-  namespace: cozy-rabbitmq-operator
-  dependsOn: [cilium,kubeovn]
-
-- name: redis-operator
-  releaseName: redis-operator
-  chart: cozy-redis-operator
-  namespace: cozy-redis-operator
-  dependsOn: [cilium,kubeovn]
-
-- name: piraeus-operator
-  releaseName: piraeus-operator
-  chart: cozy-piraeus-operator
-  namespace: cozy-linstor
-  dependsOn: [cilium,kubeovn,cert-manager]
-
-- name: linstor
-  releaseName: linstor
-  chart: cozy-linstor
-  namespace: cozy-linstor
-  privileged: true
-  dependsOn: [piraeus-operator,cilium,kubeovn,cert-manager]
-
-- name: telepresence
-  releaseName: traffic-manager
-  chart: cozy-telepresence
-  namespace: cozy-telepresence
-  dependsOn: [cilium,kubeovn]
-
-- name: dashboard
-  releaseName: dashboard
-  chart: cozy-dashboard
-  namespace: cozy-dashboard
-  dependsOn: [cilium,kubeovn]
-  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }}
-  {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }}
-  values:
-    kubeapps:
-      redis:
-        master:
-          podAnnotations:
-            {{- range $index, $repo := . }}
-            {{- with (($repo.status).artifact).revision }}
-            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
-            {{- end }}
-            {{- end }}
-  {{- end }}
-  {{- end }}
-
-- name: kamaji
-  releaseName: kamaji
-  chart: cozy-kamaji
-  namespace: cozy-kamaji
-  dependsOn: [cilium,kubeovn,cert-manager]
-
-- name: capi-operator
-  releaseName: capi-operator
-  chart: cozy-capi-operator
-  namespace: cozy-cluster-api
-  privileged: true
-  dependsOn: [cilium,kubeovn,cert-manager]
-
-- name: capi-providers
-  releaseName: capi-providers
-  chart: cozy-capi-providers
-  namespace: cozy-cluster-api
-  privileged: true
-  dependsOn: [cilium,kubeovn,capi-operator]

packages/core/platform/bundles/hosted-distro.yaml

@@ -1,69 +0,0 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-
-releases:
-- name: fluxcd
-  releaseName: fluxcd
-  chart: cozy-fluxcd
-  namespace: cozy-fluxcd
-  dependsOn: []
-
-- name: cert-manager
-  releaseName: cert-manager
-  chart: cozy-cert-manager
-  namespace: cozy-cert-manager
-  dependsOn: []
-
-- name: cert-manager-issuers
-  releaseName: cert-manager-issuers
-  chart: cozy-cert-manager-issuers
-  namespace: cozy-cert-manager
-  dependsOn: [cert-manager]
-
-- name: victoria-metrics-operator
-  releaseName: victoria-metrics-operator
-  chart: cozy-victoria-metrics-operator
-  namespace: cozy-victoria-metrics-operator
-  dependsOn: [cert-manager]
-
-- name: monitoring
-  releaseName: monitoring
-  chart: cozy-monitoring
-  namespace: cozy-monitoring
-  privileged: true
-  dependsOn: [victoria-metrics-operator]
-
-- name: grafana-operator
-  releaseName: grafana-operator
-  chart: cozy-grafana-operator
-  namespace: cozy-grafana-operator
-  dependsOn: []
-
-- name: mariadb-operator
-  releaseName: mariadb-operator
-  chart: cozy-mariadb-operator
-  namespace: cozy-mariadb-operator
-  dependsOn: [victoria-metrics-operator]
-
-- name: postgres-operator
-  releaseName: postgres-operator
-  chart: cozy-postgres-operator
-  namespace: cozy-postgres-operator
-  dependsOn: [cert-manager]
-
-- name: rabbitmq-operator
-  releaseName: rabbitmq-operator
-  chart: cozy-rabbitmq-operator
-  namespace: cozy-rabbitmq-operator
-  dependsOn: []
-
-- name: redis-operator
-  releaseName: redis-operator
-  chart: cozy-redis-operator
-  namespace: cozy-redis-operator
-  dependsOn: []
-
-- name: telepresence
-  releaseName: traffic-manager
-  chart: cozy-telepresence
-  namespace: cozy-telepresence
-  dependsOn: []

packages/core/platform/bundles/hosted-paas.yaml

@@ -1,95 +0,0 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-
-releases:
-- name: fluxcd
-  releaseName: fluxcd
-  chart: cozy-fluxcd
-  namespace: cozy-fluxcd
-  dependsOn: []
-
-- name: cert-manager
-  releaseName: cert-manager
-  chart: cozy-cert-manager
-  namespace: cozy-cert-manager
-  dependsOn: []
-
-- name: cert-manager-issuers
-  releaseName: cert-manager-issuers
-  chart: cozy-cert-manager-issuers
-  namespace: cozy-cert-manager
-  dependsOn: [cert-manager]
-
-- name: victoria-metrics-operator
-  releaseName: victoria-metrics-operator
-  chart: cozy-victoria-metrics-operator
-  namespace: cozy-victoria-metrics-operator
-  dependsOn: [cert-manager]
-
-- name: monitoring
-  releaseName: monitoring
-  chart: cozy-monitoring
-  namespace: cozy-monitoring
-  privileged: true
-  dependsOn: [victoria-metrics-operator]
-
-- name: grafana-operator
-  releaseName: grafana-operator
-  chart: cozy-grafana-operator
-  namespace: cozy-grafana-operator
-  dependsOn: []
-
-- name: mariadb-operator
-  releaseName: mariadb-operator
-  chart: cozy-mariadb-operator
-  namespace: cozy-mariadb-operator
-  dependsOn: [cert-manager,victoria-metrics-operator]
-
-- name: postgres-operator
-  releaseName: postgres-operator
-  chart: cozy-postgres-operator
-  namespace: cozy-postgres-operator
-  dependsOn: [cert-manager]
-
-- name: rabbitmq-operator
-  releaseName: rabbitmq-operator
-  chart: cozy-rabbitmq-operator
-  namespace: cozy-rabbitmq-operator
-  dependsOn: []
-
-- name: redis-operator
-  releaseName: redis-operator
-  chart: cozy-redis-operator
-  namespace: cozy-redis-operator
-  dependsOn: []
-
-- name: piraeus-operator
-  releaseName: piraeus-operator
-  chart: cozy-piraeus-operator
-  namespace: cozy-linstor
-  dependsOn: [cert-manager]
-
-- name: telepresence
-  releaseName: traffic-manager
-  chart: cozy-telepresence
-  namespace: cozy-telepresence
-  dependsOn: []
-
-- name: dashboard
-  releaseName: dashboard
-  chart: cozy-dashboard
-  namespace: cozy-dashboard
-  dependsOn: []
-  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }}
-  {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }}
-  values:
-    kubeapps:
-      redis:
-        master:
-          podAnnotations:
-            {{- range $index, $repo := . }}
-            {{- with (($repo.status).artifact).revision }}
-            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
-            {{- end }}
-            {{- end }}
-  {{- end }}
-  {{- end }}

packages/core/platform/templates/_helpers.tpl

@@ -1,7 +1,7 @@
 {{/*
 Get IP-addresses of master nodes
 */}}
-{{- define "cozystack.master-node-ips" -}}
+{{- define "master.nodeIPs" -}}
 {{- $nodes := lookup "v1" "Node" "" "" -}}
 {{- $ips := list -}}
 {{- range $node := $nodes.items -}}

packages/core/platform/templates/helmreleases.yaml

@@ -1,27 +1,13 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $bundleName := index $cozyConfig.data "bundle-name" }}
-{{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }}
-{{- $dependencyNamespaces := dict }}
-{{- $disabledComponents := splitList "," ((index $cozyConfig.data "bundle-disable") | default "") }}
-
-{{/* collect dependency namespaces from releases */}}
-{{- range $x := $bundle.releases }}
-{{- $_ := set $dependencyNamespaces $x.name $x.namespace }}
-{{- end }}
-
-{{- range $x := $bundle.releases }}
-{{- if not (has $x.name $disabledComponents) }}
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
-  name: {{ $x.name }}
-  namespace: {{ $x.namespace }}
+  name: cilium
+  namespace: cozy-cilium
   labels:
     cozystack.io/repository: system
 spec:
   interval: 1m
-  releaseName: {{ $x.releaseName | default $x.name }}
+  releaseName: cilium
   install:
     remediation:
       retries: -1
@@ -30,31 +16,743 @@ spec:
       retries: -1
   chart:
     spec:
-      chart: {{ $x.chart }}
+      chart: cozy-cilium
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kubeovn
+  namespace: cozy-kubeovn
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: kubeovn
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-kubeovn
       reconcileStrategy: Revision
       sourceRef:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-  {{- $values := dict }}
-  {{- with $x.values }}
-  {{- $values = merge . $values }}
-  {{- end }}
-  {{- with index $cozyConfig.data (printf "values-%s" $x.name) }}
-  {{- $values = merge (fromYaml .) $values }}
-  {{- end }}
-  {{- with $values }}
   values:
-    {{- toYaml . | nindent 4}}
-  {{- end }}
-  {{- with $x.dependsOn }}
+    cozystack:
+      configHash: {{ index (lookup "v1" "ConfigMap" "cozy-system" "cozystack") "data" | toJson | sha256sum }}
+      nodesHash: {{ include "master.nodeIPs" . | sha256sum }}
   dependsOn:
-  {{- range $dep := . }}
-  {{- if not (has $dep $disabledComponents) }}
-  - name: {{ $dep }}
-    namespace: {{ index $dependencyNamespaces $dep }}
+  - name: cilium
+    namespace: cozy-cilium
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: cozy-fluxcd
+  namespace: cozy-fluxcd
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: fluxcd
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-fluxcd
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cozy-cert-manager
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: cert-manager
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-cert-manager
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: cert-manager-issuers
+  namespace: cozy-cert-manager
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: cert-manager-issuers
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-cert-manager-issuers
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: cert-manager
+    namespace: cozy-cert-manager
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: victoria-metrics-operator
+  namespace: cozy-victoria-metrics-operator
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: victoria-metrics-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-victoria-metrics-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: cert-manager
+    namespace: cozy-cert-manager
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: monitoring
+  namespace: cozy-monitoring
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: monitoring
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-monitoring
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: victoria-metrics-operator
+    namespace: cozy-victoria-metrics-operator
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kubevirt-operator
+  namespace: cozy-kubevirt
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: kubevirt-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-kubevirt-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kubevirt
+  namespace: cozy-kubevirt
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: kubevirt
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-kubevirt
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: kubevirt-operator
+    namespace: cozy-kubevirt
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kubevirt-cdi-operator
+  namespace: cozy-kubevirt-cdi
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: kubevirt-cdi-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-kubevirt-cdi-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kubevirt-cdi
+  namespace: cozy-kubevirt-cdi
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: kubevirt-cdi
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-kubevirt-cdi
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: kubevirt-cdi-operator
+    namespace: cozy-kubevirt-cdi
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: metallb
+  namespace: cozy-metallb
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: metallb
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-metallb
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: grafana-operator
+  namespace: cozy-grafana-operator
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: grafana-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-grafana-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: mariadb-operator
+  namespace: cozy-mariadb-operator
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: mariadb-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-mariadb-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: cert-manager
+    namespace: cozy-cert-manager
+  - name: victoria-metrics-operator
+    namespace: cozy-victoria-metrics-operator
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: postgres-operator
+  namespace: cozy-postgres-operator
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: postgres-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-postgres-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: cert-manager
+    namespace: cozy-cert-manager
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: rabbitmq-operator
+  namespace: cozy-rabbitmq-operator
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: rabbitmq-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-rabbitmq-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: redis-operator
+  namespace: cozy-redis-operator
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: redis-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-redis-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: piraeus-operator
+  namespace: cozy-linstor
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: piraeus-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-piraeus-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: cert-manager
+    namespace: cozy-cert-manager
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: linstor
+  namespace: cozy-linstor
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: linstor
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-linstor
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: piraeus-operator
+    namespace: cozy-linstor
+  - name: cert-manager
+    namespace: cozy-cert-manager
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: telepresence
+  namespace: cozy-telepresence
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: traffic-manager
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-telepresence
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: dashboard
+  namespace: cozy-dashboard
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: dashboard
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-dashboard
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }}
+  {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }}
+  values:
+    kubeapps:
+      redis:
+        master:
+          podAnnotations:
+            {{- range $index, $repo := . }}
+            {{- with (($repo.status).artifact).revision }}
+            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
+            {{- end }}
+            {{- end }}
   {{- end }}
   {{- end }}
-  {{- end }}
-{{- end }}
-{{- end }}
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kamaji
+  namespace: cozy-kamaji
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: kamaji
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-kamaji
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: cert-manager
+    namespace: cozy-cert-manager
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: capi-operator
+  namespace: cozy-cluster-api
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: capi-operator
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-capi-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn
+  - name: cert-manager
+    namespace: cozy-cert-manager
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: capi-providers
+  namespace: cozy-cluster-api
+  labels:
+    cozystack.io/repository: system
+spec:
+  interval: 1m
+  releaseName: capi-providers
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  chart:
+    spec:
+      chart: cozy-capi-providers
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  dependsOn:
+  - name: capi-operator
+    namespace: cozy-cluster-api
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn

packages/core/platform/templates/namespaces.yaml

@@ -1,29 +1,13 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $bundleName := index $cozyConfig.data "bundle-name" }}
-{{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }}
-{{- $namespaces := dict }}
-
-{{/* collect namespaces from releases */}}
-{{- range $x := $bundle.releases }}
-{{- if not (hasKey $namespaces $x.namespace) }}
-{{- $_ := set $namespaces $x.namespace false }}
-{{- end }}
-{{/* if at least one release requires a privileged namespace, then it should be privileged */}}
-{{- if or $x.privileged (index $namespaces $x.namespace) }}
-{{- $_ := set $namespaces $x.namespace true }}
-{{- end }}
-{{- end }}
-
-{{- range $namespace, $privileged := $namespaces }}
+{{- range $ns := .Values.namespaces }}
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
     "helm.sh/resource-policy": keep
-  {{- if $privileged }}
+  {{- if $ns.privileged }}
   labels:
     pod-security.kubernetes.io/enforce: privileged
   {{- end }}
-  name: {{ $namespace }}
+  name: {{ $ns.name }}
 {{- end }}

packages/core/platform/values.yaml

@@ -0,0 +1,30 @@
+namespaces:
+- name: cozy-public
+- name: cozy-system
+  privileged: true
+- name: cozy-cert-manager
+- name: cozy-cilium
+  privileged: true
+- name: cozy-fluxcd
+- name: cozy-grafana-operator
+- name: cozy-kamaji
+- name: cozy-cluster-api
+  privileged: true # for capk only
+- name: cozy-dashboard
+- name: cozy-kubeovn
+  privileged: true
+- name: cozy-kubevirt
+  privileged: true
+- name: cozy-kubevirt-cdi
+- name: cozy-linstor
+  privileged: true
+- name: cozy-mariadb-operator
+- name: cozy-metallb
+  privileged: true
+- name: cozy-monitoring
+  privileged: true
+- name: cozy-postgres-operator
+- name: cozy-rabbitmq-operator
+- name: cozy-redis-operator
+- name: cozy-telepresence
+- name: cozy-victoria-metrics-operator

packages/system/dashboard/Makefile

@@ -3,7 +3,7 @@ NAMESPACE=cozy-dashboard
 PUSH := 1
 LOAD := 0
 REPOSITORY := ghcr.io/aenix-io/cozystack
-TAG := v0.2.0
+TAG := v0.1.0
 
 show:
 	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .

packages/system/dashboard/charts/kubeapps/.helmignore

@@ -22,5 +22,3 @@
 .project
 .idea/
 *.tmproj
-# img folder
-img/

packages/system/dashboard/charts/kubeapps/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 18.19.2
+  version: 18.4.0
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 13.4.6
+  version: 13.2.14
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.19.0
-digest: sha256:b4965a22517e61212e78abb8d1cbe86e800c8664b3139e2047f4bd62b3e55b24
-generated: "2024-03-13T11:51:34.216594+01:00"
+  version: 2.13.3
+digest: sha256:7bede05a463745ea72d332aaaf406d84e335d8af09dce403736f4e4e14c3554d
+generated: "2023-11-21T18:18:20.024990735Z"

packages/system/dashboard/charts/kubeapps/Chart.yaml

@@ -2,21 +2,21 @@ annotations:
   category: Infrastructure
   images: |
     - name: kubeapps-apis
-      image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-12-r19
+      image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-11-r13
     - name: kubeapps-apprepository-controller
-      image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-12-r18
+      image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-11-r12
     - name: kubeapps-asset-syncer
-      image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-12-r19
-    - name: kubeapps-dashboard
-      image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-12-r18
+      image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-11-r13
     - name: kubeapps-oci-catalog
-      image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-12-r17
+      image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-11-r6
     - name: kubeapps-pinniped-proxy
-      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-12-r17
+      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-11-r10
+    - name: kubeapps-dashboard
+      image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-11-r16
     - name: nginx
-      image: docker.io/bitnami/nginx:1.25.4-debian-12-r3
+      image: docker.io/bitnami/nginx:1.25.3-debian-11-r1
     - name: oauth2-proxy
-      image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r4
+      image: docker.io/bitnami/oauth2-proxy:7.5.1-debian-11-r11
   licenses: Apache-2.0
 apiVersion: v2
 appVersion: 2.9.0
@@ -51,4 +51,4 @@ maintainers:
 name: kubeapps
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kubeapps
-version: 14.7.2
+version: 14.1.2

packages/system/dashboard/charts/kubeapps/charts/common/.helmignore

@@ -20,5 +20,3 @@
 .idea/
 *.tmproj
 .vscode/
-# img folder
-img/

packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml

@@ -2,7 +2,7 @@ annotations:
   category: Infrastructure
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.19.0
+appVersion: 2.13.3
 description: A Library Helm Chart for grouping common logic between bitnami charts.
   This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.19.0
+version: 2.13.3

packages/system/dashboard/charts/kubeapps/charts/common/README.md

@@ -24,14 +24,14 @@ data:
   myvalue: "Hello World"
 ```
 
-Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
-
 ## Introduction
 
 This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
 
 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
 
+Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## Prerequisites
 
 - Kubernetes 1.23+
@@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""
 
 ## License
 
-Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+Copyright © 2023 VMware, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

packages/system/dashboard/charts/kubeapps/charts/common/templates/_compatibility.tpl

@@ -1,39 +0,0 @@
-{{/*
-Copyright VMware, Inc.
-SPDX-License-Identifier: APACHE-2.0
-*/}}
-
-{{/* vim: set filetype=mustache: */}}
-
-{{/* 
-Return true if the detected platform is Openshift
-Usage:
-{{- include "common.compatibility.isOpenshift" . -}}
-*/}}
-{{- define "common.compatibility.isOpenshift" -}}
-{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
-{{- true -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
-Usage:
-{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
-*/}}
-{{- define "common.compatibility.renderSecurityContext" -}}
-{{- $adaptedContext := .secContext -}}
-{{- if .context.Values.global.compatibility -}}
-  {{- if .context.Values.global.compatibility.openshift -}}
-    {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
-      {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
-      {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
-      {{- if not .secContext.seLinuxOptions -}}
-      {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
-      {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
-      {{- end -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{- omit $adaptedContext "enabled" | toYaml -}}
-{{- end -}}

packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl

@@ -1,50 +0,0 @@
-{{/*
-Copyright VMware, Inc.
-SPDX-License-Identifier: APACHE-2.0
-*/}}
-
-{{/* vim: set filetype=mustache: */}}
-
-{{/*
-Return a resource request/limit object based on a given preset.
-These presets are for basic testing and not meant to be used in production
-{{ include "common.resources.preset" (dict "type" "nano") -}}
-*/}}
-{{- define "common.resources.preset" -}}
-{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
-{{- $presets := dict 
-  "nano" (dict 
-      "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi")
-   )
-  "micro" (dict 
-      "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi")
-   )
-  "small" (dict 
-      "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi")
-   )
-  "medium" (dict 
-      "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi")
-   )
-  "large" (dict 
-      "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
-   )
-  "xlarge" (dict 
-      "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
-   )
-  "2xlarge" (dict 
-      "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
-   )
- }}
-{{- if hasKey $presets .type -}}
-{{- index $presets .type | toYaml -}}
-{{- else -}}
-{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
-{{- end -}}
-{{- end -}}

packages/system/dashboard/charts/kubeapps/charts/common/templates/_secrets.tpl

@@ -78,8 +78,6 @@ Params:
   - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
   - context - Context - Required - Parent context.
   - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
-  - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
-  - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
 The order in which this function returns a secret password:
   1. Already existing 'Secret' resource
      (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@@ -93,6 +91,7 @@ The order in which this function returns a secret password:
 
 {{- $password := "" }}
 {{- $subchart := "" }}
+{{- $failOnNew := default true .failOnNew }}
 {{- $chartName := default "" .chartName }}
 {{- $passwordLength := default 10 .length }}
 {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@@ -100,14 +99,12 @@ The order in which this function returns a secret password:
 {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
 {{- if $secretData }}
   {{- if hasKey $secretData .key }}
-    {{- $password = index $secretData .key | b64dec }}
-  {{- else if not (eq .failOnNew false) }}
+    {{- $password = index $secretData .key | quote }}
+  {{- else if $failOnNew }}
     {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
-  {{- else if $providedPasswordValue }}
-    {{- $password = $providedPasswordValue | toString }}
   {{- end -}}
 {{- else if $providedPasswordValue }}
-  {{- $password = $providedPasswordValue | toString }}
+  {{- $password = $providedPasswordValue | toString | b64enc | quote }}
 {{- else }}
 
   {{- if .context.Values.enabled }}
@@ -123,19 +120,12 @@ The order in which this function returns a secret password:
     {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
     {{- $password = randAscii $passwordLength }}
     {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
-    {{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
+    {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
   {{- else }}
-    {{- $password = randAlphaNum $passwordLength }}
+    {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
   {{- end }}
 {{- end -}}
-{{- if not .skipB64enc }}
-{{- $password = $password | b64enc }}
-{{- end -}}
-{{- if .skipQuote -}}
 {{- printf "%s" $password -}}
-{{- else -}}
-{{- printf "%s" $password | quote -}}
-{{- end -}}
 {{- end -}}
 
 {{/*

packages/system/dashboard/charts/kubeapps/charts/common/templates/_warnings.tpl

@@ -13,70 +13,7 @@ Usage:
 
 {{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
 WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
-+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers
++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
 {{- end }}
-{{- end -}}
 
-{{/*
-Warning about not setting the resource object in all deployments.
-Usage:
-{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }}
-Example:
-{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }}
-The list in the example assumes that the following values exist:
-  - csiProvider.provider.resources
-  - server.resources
-  - volumePermissions.resources
-  - resources
-*/}}
-{{- define "common.warnings.resources" -}}
-{{- $values := .context.Values -}}
-{{- $printMessage := false -}}
-{{ $affectedSections := list -}}
-{{- range .sections -}}
-  {{- if eq . "" -}}
-    {{/* Case where the resources section is at the root (one main deployment in the chart) */}}
-    {{- if not (index $values "resources") -}}
-    {{- $affectedSections = append $affectedSections "resources" -}}
-    {{- $printMessage = true -}}
-    {{- end -}}
-  {{- else -}}
-    {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}}
-    {{- $keys := split "." . -}}
-    {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}}
-    {{- $section := $values -}}
-    {{- range $keys -}}
-      {{- $section = index $section . -}}
-    {{- end -}}
-    {{- if not (index $section "resources") -}}
-      {{/* If the section has enabled=false or replicaCount=0, do not include it */}}
-      {{- if and (hasKey $section "enabled") -}}
-        {{- if index $section "enabled" -}}
-          {{/* enabled=true */}}
-          {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
-          {{- $printMessage = true -}}
-        {{- end -}}
-      {{- else if and (hasKey $section "replicaCount")  -}}
-        {{/* We need a casting to int because number 0 is not treated as an int by default */}}
-        {{- if (gt (index $section "replicaCount" | int) 0) -}}
-          {{/* replicaCount > 0 */}}
-          {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
-          {{- $printMessage = true -}}
-        {{- end -}}
-      {{- else -}}
-        {{/* Default case, add it to the affected sections */}}
-        {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
-        {{- $printMessage = true -}}
-      {{- end -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{- if $printMessage }}
-
-WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
-{{- range $affectedSections }}
-  - {{ . }}
-{{- end }}
-+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-{{- end -}}
 {{- end -}}

packages/system/dashboard/charts/kubeapps/charts/redis/.helmignore

@@ -19,5 +19,3 @@
 .project
 .idea/
 *.tmproj
-# img folder
-img/

packages/system/dashboard/charts/kubeapps/charts/redis/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.19.0
-digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
-generated: "2024-03-08T15:56:40.04210215Z"
+  version: 2.13.3
+digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
+generated: "2023-10-19T12:32:36.790999138Z"

packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml

@@ -1,19 +1,17 @@
 annotations:
   category: Database
   images: |
-    - name: kubectl
-      image: docker.io/bitnami/kubectl:1.29.2-debian-12-r3
     - name: os-shell
-      image: docker.io/bitnami/os-shell:12-debian-12-r16
-    - name: redis
-      image: docker.io/bitnami/redis:7.2.4-debian-12-r9
+      image: docker.io/bitnami/os-shell:11-debian-11-r91
     - name: redis-exporter
-      image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
+      image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r2
     - name: redis-sentinel
-      image: docker.io/bitnami/redis-sentinel:7.2.4-debian-12-r7
+      image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r1
+    - name: redis
+      image: docker.io/bitnami/redis:7.2.3-debian-11-r1
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 7.2.4
+appVersion: 7.2.3
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
@@ -35,4 +33,4 @@ maintainers:
 name: redis
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/redis
-version: 18.19.2
+version: 18.4.0

packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/.helmignore

@@ -20,5 +20,3 @@
 .idea/
 *.tmproj
 .vscode/
-# img folder
-img/

packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/Chart.yaml

@@ -2,7 +2,7 @@ annotations:
   category: Infrastructure
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.19.0
+appVersion: 2.13.3
 description: A Library Helm Chart for grouping common logic between bitnami charts.
   This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.19.0
+version: 2.13.3

packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/README.md

@@ -24,14 +24,14 @@ data:
   myvalue: "Hello World"
 ```
 
-Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
-
 ## Introduction
 
 This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
 
 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
 
+Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## Prerequisites
 
 - Kubernetes 1.23+
@@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""
 
 ## License
 
-Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+Copyright © 2023 VMware, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_compatibility.tpl

@@ -1,39 +0,0 @@
-{{/*
-Copyright VMware, Inc.
-SPDX-License-Identifier: APACHE-2.0
-*/}}
-
-{{/* vim: set filetype=mustache: */}}
-
-{{/* 
-Return true if the detected platform is Openshift
-Usage:
-{{- include "common.compatibility.isOpenshift" . -}}
-*/}}
-{{- define "common.compatibility.isOpenshift" -}}
-{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
-{{- true -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
-Usage:
-{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
-*/}}
-{{- define "common.compatibility.renderSecurityContext" -}}
-{{- $adaptedContext := .secContext -}}
-{{- if .context.Values.global.compatibility -}}
-  {{- if .context.Values.global.compatibility.openshift -}}
-    {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
-      {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
-      {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
-      {{- if not .secContext.seLinuxOptions -}}
-      {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
-      {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
-      {{- end -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{- omit $adaptedContext "enabled" | toYaml -}}
-{{- end -}}

packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_resources.tpl

@@ -1,50 +0,0 @@
-{{/*
-Copyright VMware, Inc.
-SPDX-License-Identifier: APACHE-2.0
-*/}}
-
-{{/* vim: set filetype=mustache: */}}
-
-{{/*
-Return a resource request/limit object based on a given preset.
-These presets are for basic testing and not meant to be used in production
-{{ include "common.resources.preset" (dict "type" "nano") -}}
-*/}}
-{{- define "common.resources.preset" -}}
-{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
-{{- $presets := dict 
-  "nano" (dict 
-      "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi")
-   )
-  "micro" (dict 
-      "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi")
-   )
-  "small" (dict 
-      "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi")
-   )
-  "medium" (dict 
-      "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi")
-   )
-  "large" (dict 
-      "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
-   )
-  "xlarge" (dict 
-      "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
-   )
-  "2xlarge" (dict 
-      "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
-   )
- }}
-{{- if hasKey $presets .type -}}
-{{- index $presets .type | toYaml -}}
-{{- else -}}
-{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
-{{- end -}}
-{{- end -}}

packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_secrets.tpl

@@ -78,8 +78,6 @@ Params:
   - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
   - context - Context - Required - Parent context.
   - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
-  - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
-  - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
 The order in which this function returns a secret password:
   1. Already existing 'Secret' resource
      (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@@ -93,6 +91,7 @@ The order in which this function returns a secret password:
 
 {{- $password := "" }}
 {{- $subchart := "" }}
+{{- $failOnNew := default true .failOnNew }}
 {{- $chartName := default "" .chartName }}
 {{- $passwordLength := default 10 .length }}
 {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@@ -100,14 +99,12 @@ The order in which this function returns a secret password:
 {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
 {{- if $secretData }}
   {{- if hasKey $secretData .key }}
-    {{- $password = index $secretData .key | b64dec }}
-  {{- else if not (eq .failOnNew false) }}
+    {{- $password = index $secretData .key | quote }}
+  {{- else if $failOnNew }}
     {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
-  {{- else if $providedPasswordValue }}
-    {{- $password = $providedPasswordValue | toString }}
   {{- end -}}
 {{- else if $providedPasswordValue }}
-  {{- $password = $providedPasswordValue | toString }}
+  {{- $password = $providedPasswordValue | toString | b64enc | quote }}
 {{- else }}
 
   {{- if .context.Values.enabled }}
@@ -123,19 +120,12 @@ The order in which this function returns a secret password:
     {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
     {{- $password = randAscii $passwordLength }}
     {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
-    {{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
+    {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
   {{- else }}
-    {{- $password = randAlphaNum $passwordLength }}
+    {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
   {{- end }}
 {{- end -}}
-{{- if not .skipB64enc }}
-{{- $password = $password | b64enc }}
-{{- end -}}
-{{- if .skipQuote -}}
 {{- printf "%s" $password -}}
-{{- else -}}
-{{- printf "%s" $password | quote -}}
-{{- end -}}
 {{- end -}}
 
 {{/*

packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_warnings.tpl

@@ -13,70 +13,7 @@ Usage:
 
 {{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
 WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
-+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers
++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
 {{- end }}
-{{- end -}}
 
-{{/*
-Warning about not setting the resource object in all deployments.
-Usage:
-{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }}
-Example:
-{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }}
-The list in the example assumes that the following values exist:
-  - csiProvider.provider.resources
-  - server.resources
-  - volumePermissions.resources
-  - resources
-*/}}
-{{- define "common.warnings.resources" -}}
-{{- $values := .context.Values -}}
-{{- $printMessage := false -}}
-{{ $affectedSections := list -}}
-{{- range .sections -}}
-  {{- if eq . "" -}}
-    {{/* Case where the resources section is at the root (one main deployment in the chart) */}}
-    {{- if not (index $values "resources") -}}
-    {{- $affectedSections = append $affectedSections "resources" -}}
-    {{- $printMessage = true -}}
-    {{- end -}}
-  {{- else -}}
-    {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}}
-    {{- $keys := split "." . -}}
-    {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}}
-    {{- $section := $values -}}
-    {{- range $keys -}}
-      {{- $section = index $section . -}}
-    {{- end -}}
-    {{- if not (index $section "resources") -}}
-      {{/* If the section has enabled=false or replicaCount=0, do not include it */}}
-      {{- if and (hasKey $section "enabled") -}}
-        {{- if index $section "enabled" -}}
-          {{/* enabled=true */}}
-          {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
-          {{- $printMessage = true -}}
-        {{- end -}}
-      {{- else if and (hasKey $section "replicaCount")  -}}
-        {{/* We need a casting to int because number 0 is not treated as an int by default */}}
-        {{- if (gt (index $section "replicaCount" | int) 0) -}}
-          {{/* replicaCount > 0 */}}
-          {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
-          {{- $printMessage = true -}}
-        {{- end -}}
-      {{- else -}}
-        {{/* Default case, add it to the affected sections */}}
-        {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
-        {{- $printMessage = true -}}
-      {{- end -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{- if $printMessage }}
-
-WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
-{{- range $affectedSections }}
-  - {{ . }}
-{{- end }}
-+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-{{- end -}}
 {{- end -}}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/NOTES.txt

@@ -12,11 +12,11 @@ The chart has been deployed in diagnostic mode. All probes have been disabled an
 
 Get the list of pods by executing:
 
-  kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
+  kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
 
 Access the pod you want to debug by executing
 
-  kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
+  kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
 
 In order to replicate the container startup scripts execute this command:
 
@@ -53,28 +53,12 @@ For Redis Sentinel:
 {{- end }}
 {{- end }}
 
-{{- if and .Values.auth.usePasswordFiles (not .Values.auth.usePasswordFileFromSecret) (or (empty .Values.master.initContainers) (empty .Values.replica.initContainers)) }}
-
--------------------------------------------------------------------------------
- WARNING
-
-    By specifying ".Values.auth.usePasswordFiles=true" and ".Values.auth.usePasswordFileFromSecret=false"
-    Redis is expecting that the password is mounted as a file in each pod
-    (by default in /opt/bitnami/redis/secrets/redis-password)
-
-    Ensure that you specify the respective initContainers in
-    both .Values.master.initContainers and .Values.replica.initContainers
-    in order to populate the contents of this file.
-
--------------------------------------------------------------------------------
-{{- end }}
-
 {{- if eq .Values.architecture "replication" }}
 {{- if .Values.sentinel.enabled }}
 
 Redis&reg; can be accessed via port {{ .Values.sentinel.service.ports.redis }} on the following DNS name from within your cluster:
 
-    {{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} for read only operations
+    {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations
 
 For read/write operations, first access the Redis&reg; Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above.
 
@@ -82,15 +66,15 @@ For read/write operations, first access the Redis&reg; Sentinel cluster, which i
 
 Redis&reg; can be accessed on the following DNS names from within your cluster:
 
-    {{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }})
-    {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }})
+    {{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }})
+    {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }})
 
 {{- end }}
 {{- else }}
 
 Redis&reg; can be accessed via port {{ .Values.master.service.ports.redis }} on the following DNS name from within your cluster:
 
-    {{ template "common.names.fullname" . }}-master.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
+    {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
 
 {{- end }}
 
@@ -98,7 +82,7 @@ Redis&reg; can be accessed via port {{ .Values.master.service.ports.redis }} on
 
 To get your password run:
 
-    export REDIS_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d)
+    export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d)
 
 {{- end }}
 
@@ -106,15 +90,15 @@ To connect to your Redis&reg; server:
 
 1. Run a Redis&reg; pod that you can use as a client:
 
-   kubectl run --namespace {{ include "common.names.namespace" . }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity
+   kubectl run --namespace {{ .Release.Namespace }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity
 
 {{- if .Values.tls.enabled }}
 
    Copy your TLS certificates to the pod:
 
-   kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.cert redis-client:/tmp/client.cert
-   kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.key redis-client:/tmp/client.key
-   kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/CA.cert redis-client:/tmp/CA.cert
+   kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert redis-client:/tmp/client.cert
+   kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key redis-client:/tmp/client.key
+   kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert redis-client:/tmp/CA.cert
 
 {{- end }}
 
@@ -122,7 +106,7 @@ To connect to your Redis&reg; server:
 
    kubectl exec --tty -i redis-client \
    {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
-   --namespace {{ include "common.names.namespace" . }} -- bash
+   --namespace {{ .Release.Namespace }} -- bash
 
 2. Connect using the Redis&reg; CLI:
 
@@ -149,42 +133,42 @@ To connect to your database from outside the cluster execute the following comma
 {{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
 {{- if contains "NodePort" .Values.sentinel.service.type }}
 
-    export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-    export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
     {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 
 {{- else if contains "LoadBalancer" .Values.sentinel.service.type }}
 
   NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-        Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
+        Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
 
-    export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
     {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 
 {{- else if contains "ClusterIP" .Values.sentinel.service.type }}
 
-    kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} &
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} &
     {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 
 {{- end }}
 {{- else }}
 {{- if contains "NodePort" .Values.master.service.type }}
 
-    export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-    export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }})
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }})
     {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 
 {{- else if contains "LoadBalancer" .Values.master.service.type }}
 
   NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-        Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
+        Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
 
-    export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
     {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 
 {{- else if contains "ClusterIP" .Values.master.service.type }}
 
-    kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} &
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} &
     {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 
 {{- end }}
@@ -205,4 +189,3 @@ No need to upgrade, ports and nodeports have been set from values
 YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED
 {{- end }}
 {{- end }}
-{{- include "common.warnings.resources" (dict "sections" (list "master" "metrics" "replica" "sentinel" "sysctl" "volumePermissions") "context" $) }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/_helpers.tpl

@@ -33,13 +33,6 @@ Return the proper image name (for the init container volume-permissions image)
 {{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
 {{- end -}}
 
-{{/*
-Return kubectl image
-*/}}
-{{- define "redis.kubectl.image" -}}
-{{ include "common.images.image" (dict "imageRoot" .Values.kubectl.image "global" .Values.global) }}
-{{- end -}}
-
 {{/*
 Return sysctl image
 */}}
@@ -247,7 +240,7 @@ Return Redis® password
     {{- else if not (empty .Values.auth.password) -}}
         {{- .Values.auth.password -}}
     {{- else -}}
-        {{- include "getValueFromSecret" (dict "Namespace" (include "common.names.namespace" .) "Name" (include "redis.secretName" .) "Length" 10 "Key" (include "redis.secretPasswordKey" .))  -}}
+        {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "redis.secretName" .) "Length" 10 "Key" (include "redis.secretPasswordKey" .))  -}}
     {{- end -}}
 {{- end -}}
 {{- end }}
@@ -268,7 +261,6 @@ Compile all warnings into a single message, and call fail.
 {{- $messages := append $messages (include "redis.validateValues.architecture" .) -}}
 {{- $messages := append $messages (include "redis.validateValues.podSecurityPolicy.create" .) -}}
 {{- $messages := append $messages (include "redis.validateValues.tls" .) -}}
-{{- $messages := append $messages (include "redis.validateValues.createMaster" .) -}}
 {{- $messages := without $messages "" -}}
 {{- $message := join "\n" $messages -}}
 
@@ -320,16 +312,6 @@ redis: tls.enabled
 {{- end -}}
 {{- end -}}
 
-{{/* Validate values of Redis® - master service enabled */}}
-{{- define "redis.validateValues.createMaster" -}}
-{{- if and .Values.sentinel.service.createMaster (or (not .Values.rbac.create) (not .Values.replica.automountServiceAccountToken) (not .Values.serviceAccount.create)) }}
-redis: sentinel.service.createMaster
-    In order to redirect requests only to the master pod via the service, you also need to
-    create rbac and serviceAccount. In addition, you need to enable
-    replica.automountServiceAccountToken.
-{{- end -}}
-{{- end -}}
-
 {{/* Define the suffix utilized for external-dns */}}
 {{- define "redis.externalDNS.suffix" -}}
 {{ printf "%s.%s" (include "common.names.fullname" .) .Values.useExternalDNS.suffix }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/configmap.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ printf "%s-configuration" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -48,13 +48,10 @@ data:
   sentinel.conf: |-
     dir "/tmp"
     port {{ .Values.sentinel.containerPorts.sentinel }}
-    sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }}
+    sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }}
     sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }}
     sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }}
     sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }}
-    {{- if .Values.sentinel.service.createMaster}}
-      sentinel client-reconfig-script {{ .Values.sentinel.masterSet }} /opt/bitnami/scripts/start-scripts/push-master-label.sh
-    {{- end }}
     # User-supplied sentinel configuration:
     {{- if .Values.sentinel.configuration }}
     {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/headless-svc.yaml

@@ -7,16 +7,14 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ printf "%s-headless" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-  {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations (include "redis.externalDNS.annotations" .) }}
   annotations:
     {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations }}
     {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.headless.annotations .Values.commonAnnotations ) "context" . ) }}
     {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
     {{- end }}
     {{- include "redis.externalDNS.annotations" . | nindent 4 }}
-  {{- end }}
 spec:
   type: ClusterIP
   clusterIP: None

packages/system/dashboard/charts/kubeapps/charts/redis/templates/health-configmap.yaml

@@ -7,7 +7,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ printf "%s-health" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/application.yaml

@@ -9,7 +9,7 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
 kind: {{ .Values.master.kind }}
 metadata:
   name: {{ printf "%s-master" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: master
   {{- if .Values.commonAnnotations }}
@@ -62,10 +62,10 @@ spec:
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.master.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ template "redis.masterServiceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.master.automountServiceAccountToken }}
+      automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
       {{- if .Values.master.priorityClassName }}
       priorityClassName: {{ .Values.master.priorityClassName | quote }}
       {{- end }}
@@ -108,7 +108,7 @@ spec:
           lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }}
           {{- end }}
           {{- if .Values.master.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -226,8 +226,6 @@ spec:
           {{- end }}
           {{- if .Values.master.resources }}
           resources: {{- toYaml .Values.master.resources | nindent 12 }}
-          {{- else if ne .Values.master.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.master.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
             - name: start-scripts
@@ -247,12 +245,10 @@ spec:
               {{- end }}
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: empty-dir
+            - name: redis-tmp-conf
               mountPath: /opt/bitnami/redis/etc/
-              subPath: app-conf-dir
-            - name: empty-dir
+            - name: tmp
               mountPath: /tmp
-              subPath: tmp-dir
             {{- if .Values.tls.enabled }}
             - name: redis-certificates
               mountPath: /opt/bitnami/redis/certs
@@ -266,7 +262,7 @@ spec:
           image: {{ include "redis.metrics.image" . }}
           imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
           {{- if .Values.metrics.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -288,8 +284,6 @@ spec:
           env:
             - name: REDIS_ALIAS
               value: {{ template "common.names.fullname" . }}
-            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
-              value: {{ printf ":%v" .Values.metrics.containerPorts.http }}
             {{- if .Values.auth.enabled }}
             - name: REDIS_USER
               value: default
@@ -318,7 +312,7 @@ spec:
             {{- end }}
           ports:
             - name: metrics
-              containerPort: {{ .Values.metrics.containerPorts.http }}
+              containerPort: 9121
           {{- if not .Values.diagnosticMode.enabled }}
           {{- if .Values.metrics.customStartupProbe }}
           startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
@@ -345,13 +339,8 @@ spec:
           {{- end }}
           {{- if .Values.metrics.resources }}
           resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
-          {{- else if ne .Values.metrics.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: app-tmp-dir
             {{- if .Values.auth.usePasswordFiles }}
             - name: redis-password
               mountPath: /secrets/
@@ -394,13 +383,8 @@ spec:
           {{- end }}
           {{- if .Values.volumePermissions.resources }}
           resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
-          {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             - name: redis-data
               mountPath: {{ .Values.master.persistence.path }}
               {{- if .Values.master.persistence.subPath }}
@@ -421,14 +405,9 @@ spec:
           {{- end }}
           {{- if .Values.sysctl.resources }}
           resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
-          {{- else if ne .Values.sysctl.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }}
           {{- end }}
           {{- if .Values.sysctl.mountHostSys }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             - name: host-sys
               mountPath: /host-sys
           {{- end }}
@@ -445,15 +424,11 @@ spec:
             defaultMode: 0755
         {{- if .Values.auth.usePasswordFiles }}
         - name: redis-password
-          {{ if .Values.auth.usePasswordFileFromSecret }}
           secret:
             secretName: {{ template "redis.secretName" . }}
             items:
             - key: {{ template "redis.secretPasswordKey" . }}
               path: redis-password
-          {{- else }}
-          emptyDir: {}
-          {{- end }}
         {{- end }}
         - name: config
           configMap:
@@ -463,7 +438,19 @@ spec:
           hostPath:
             path: /sys
         {{- end }}
-        - name: empty-dir
+        - name: redis-tmp-conf
+          {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }}
+          emptyDir:
+            {{- if .Values.master.persistence.medium }}
+            medium: {{ .Values.master.persistence.medium | quote }}
+            {{- end }}
+            {{- if .Values.master.persistence.sizeLimit }}
+            sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }}
+            {{- end }}
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
+        - name: tmp
           {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }}
           emptyDir:
             {{- if .Values.master.persistence.medium }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/psp.yaml

@@ -8,7 +8,7 @@ apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
   name: {{ printf "%s-master" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pvc.yaml

@@ -8,7 +8,7 @@ kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
   name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: master

packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/service.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ printf "%s-master" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: master
   {{- if or .Values.master.service.annotations .Values.commonAnnotations }}
@@ -26,9 +26,6 @@ spec:
   {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerIP)) }}
   loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
   {{- end }}
-  {{- if and (eq .Values.master.service.type "LoadBalancer")  .Values.master.service.loadBalancerClass }}
-  loadBalancerClass: {{ .Values.master.service.loadBalancerClass }}
-  {{- end }}
   {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }}
   loadBalancerSourceRanges: {{ toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }}
   {{- end }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/serviceaccount.yaml

@@ -3,13 +3,13 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- if and .Values.master.serviceAccount.create (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }}
+{{- if .Values.master.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
 metadata:
   name: {{ template "redis.masterServiceAccountName" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if or .Values.master.serviceAccount.annotations .Values.commonAnnotations }}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/metrics-svc.yaml

@@ -3,12 +3,12 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- if and .Values.metrics.enabled .Values.metrics.service.enabled }}
+{{- if .Values.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
   name: {{ printf "%s-metrics" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: metrics
   {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
@@ -26,15 +26,12 @@ spec:
   {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
   loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
   {{- end }}
-  {{- if and (eq .Values.metrics.service.type "LoadBalancer")  .Values.metrics.service.loadBalancerClass }}
-  loadBalancerClass: {{ .Values.metrics.service.loadBalancerClass }}
-  {{- end }}
   {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }}
   loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }}
   {{- end }}
   ports:
     - name: http-metrics
-      port: {{ coalesce .Values.metrics.service.ports.http .Values.metrics.service.port }}
+      port: {{ .Values.metrics.service.port }}
       protocol: TCP
       targetPort: metrics
     {{- if .Values.metrics.service.extraPorts }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/networkpolicy.yaml

@@ -8,7 +8,7 @@ kind: NetworkPolicy
 apiVersion: {{ template "networkPolicy.apiVersion" . }}
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -18,11 +18,8 @@ spec:
     matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
   policyTypes:
     - Ingress
+  {{- if or (eq .Values.architecture "replication") .Values.networkPolicy.extraEgress }}
     - Egress
-  {{- if .Values.networkPolicy.allowExternalEgress }}
-  egress:
-    - {}
-  {{- else }}
   egress:
     {{- if eq .Values.architecture "replication" }}
     # Allow dns resolution
@@ -79,7 +76,7 @@ spec:
     {{- if .Values.metrics.enabled }}
     # Allow prometheus scrapes for metrics
     - ports:
-        - port: {{ .Values.metrics.containerPorts.http }}
+        - port: 9121
       {{- if not .Values.networkPolicy.metrics.allowExternal }}
       from:
         {{- if or .Values.networkPolicy.metrics.ingressNSMatchLabels .Values.networkPolicy.metrics.ingressNSPodMatchLabels }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/pdb.yaml

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
 kind: PodDisruptionBudget
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml

@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ default (include "common.names.namespace" .) .Values.metrics.podMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.metrics.podMonitor.namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     {{- if .Values.metrics.podMonitor.additionalLabels }}
     {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }}
@@ -18,7 +18,7 @@ metadata:
   {{- end }}
 spec:
   podMetricsEndpoints:
-    - port: {{ .Values.metrics.podMonitor.port }}
+    - port: http-metrics
       {{- if .Values.metrics.podMonitor.interval }}
       interval: {{ .Values.metrics.podMonitor.interval }}
       {{- end }}
@@ -34,36 +34,6 @@ spec:
       {{- if .Values.metrics.podMonitor.metricRelabelings }}
       metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }}
       {{- end }}
-    {{- range .Values.metrics.podMonitor.additionalEndpoints }}
-    - port: {{ .port }}
-      {{- if .interval }}
-      interval: {{ .interval }}
-      {{- end }}
-      {{- if .path }}
-      path: {{ .path }}
-      {{- end }}
-      {{- if .honorLabels }}
-      honorLabels: {{ .honorLabels }}
-      {{- end }}
-      {{- if .relabellings }}
-      relabelings: {{- toYaml .relabellings | nindent 6 }}
-      {{- end }}
-      {{- if .metricRelabelings }}
-      metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}
-      {{- end }}
-      {{- if .scrapeTimeout }}
-      scrapeTimeout: {{ .scrapeTimeout }}
-      {{- end }}
-      {{- if .params }}
-      params:
-        {{- range $key, $value := .params }}
-        {{ $key }}:
-          {{- range $value }}
-          - {{ . | quote }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-    {{- end }}
   {{- if .Values.metrics.serviceMonitor.podTargetLabels }}
   podTargetLabels: {{- toYaml .Values.metrics.podMonitor.podTargetLabels | nindent 4 }}
   {{- end }}
@@ -75,7 +45,8 @@ spec:
   {{- end }}
   namespaceSelector:
     matchNames:
-      - {{ include "common.names.namespace" . | quote }}
+      - {{ .Release.Namespace }}
   selector:
     matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: metrics
 {{- end }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/prometheusrule.yaml

@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     {{- if .Values.metrics.prometheusRule.additionalLabels }}
     {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/application.yaml

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
 kind: {{ .Values.replica.kind }}
 metadata:
   name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: replica
   {{- if .Values.commonAnnotations }}
@@ -60,10 +60,10 @@ spec:
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.replica.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ template "redis.replicaServiceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }}
+      automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }}
       {{- if .Values.replica.priorityClassName }}
       priorityClassName: {{ .Values.replica.priorityClassName | quote }}
       {{- end }}
@@ -108,7 +108,7 @@ spec:
           {{- end }}
           {{- end }}
           {{- if .Values.replica.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -136,9 +136,9 @@ spec:
             {{- if .Values.replica.externalMaster.enabled }}
               value: {{ .Values.replica.externalMaster.host | quote }}
             {{- else if and (eq (int64 .Values.master.count) 1) (eq .Values.master.kind "StatefulSet") }}
-              value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
+              value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
             {{- else }}
-              value: {{ template "common.names.fullname" . }}-master.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
+              value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
             {{- end }}
             - name: REDIS_MASTER_PORT_NUMBER
             {{- if .Values.replica.externalMaster.enabled }}
@@ -246,8 +246,6 @@ spec:
           {{- end }}
           {{- if .Values.replica.resources }}
           resources: {{- toYaml .Values.replica.resources | nindent 12 }}
-          {{- else if ne .Values.replica.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
             - name: start-scripts
@@ -267,12 +265,8 @@ spec:
               {{- end }}
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: empty-dir
+            - name: redis-tmp-conf
               mountPath: /opt/bitnami/redis/etc
-              subPath: app-conf-dir
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             {{- if .Values.tls.enabled }}
             - name: redis-certificates
               mountPath: /opt/bitnami/redis/certs
@@ -286,7 +280,7 @@ spec:
           image: {{ include "redis.metrics.image" . }}
           imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
           {{- if .Values.metrics.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -308,8 +302,6 @@ spec:
           env:
             - name: REDIS_ALIAS
               value: {{ template "common.names.fullname" . }}
-            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
-              value: {{ printf ":%v" .Values.metrics.containerPorts.http }}
             {{- if .Values.auth.enabled }}
             - name: REDIS_USER
               value: default
@@ -338,7 +330,7 @@ spec:
             {{- end }}
           ports:
             - name: metrics
-              containerPort: {{ .Values.metrics.containerPorts.http }}
+              containerPort: 9121
           {{- if not .Values.diagnosticMode.enabled }}
           {{- if .Values.metrics.customStartupProbe }}
           startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
@@ -365,13 +357,8 @@ spec:
           {{- end }}
           {{- if .Values.metrics.resources }}
           resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
-          {{- else if ne .Values.metrics.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             {{- if .Values.auth.usePasswordFiles }}
             - name: redis-password
               mountPath: /secrets/
@@ -414,13 +401,8 @@ spec:
           {{- end }}
           {{- if .Values.volumePermissions.resources }}
           resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
-          {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             - name: redis-data
               mountPath: {{ .Values.replica.persistence.path }}
               {{- if .Values.replica.persistence.subPath }}
@@ -441,14 +423,9 @@ spec:
           {{- end }}
           {{- if .Values.sysctl.resources }}
           resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
-          {{- else if ne .Values.sysctl.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }}
           {{- end }}
           {{- if .Values.sysctl.mountHostSys }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             - name: host-sys
               mountPath: /host-sys
           {{- end }}
@@ -465,15 +442,11 @@ spec:
             defaultMode: 0755
         {{- if .Values.auth.usePasswordFiles }}
         - name: redis-password
-          {{ if .Values.auth.usePasswordFileFromSecret }}
           secret:
             secretName: {{ template "redis.secretName" . }}
             items:
             - key: {{ template "redis.secretPasswordKey" . }}
               path: redis-password
-          {{- else }}
-          emptyDir: {}
-          {{- end }}
         {{- end }}
         - name: config
           configMap:
@@ -483,7 +456,7 @@ spec:
           hostPath:
             path: /sys
         {{- end }}
-        - name: empty-dir
+        - name: redis-tmp-conf
           {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }}
           emptyDir:
             {{- if .Values.replica.persistence.medium }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/hpa.yaml

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ )
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: replica
   {{- if .Values.commonAnnotations }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/service.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: replica
   {{- if or .Values.replica.service.annotations .Values.commonAnnotations }}
@@ -26,9 +26,6 @@ spec:
   {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerIP)) }}
   loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }}
   {{- end }}
-  {{- if and (eq .Values.replica.service.type "LoadBalancer")  .Values.replica.service.loadBalancerClass }}
-  loadBalancerClass: {{ .Values.replica.service.loadBalancerClass }}
-  {{- end }}
   {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }}
   loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }}
   {{- end }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/serviceaccount.yaml

@@ -3,13 +3,13 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- if and .Values.replica.serviceAccount.create (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }}
+{{- if .Values.replica.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }}
 metadata:
   name: {{ template "redis.replicaServiceAccountName" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if or .Values.replica.serviceAccount.annotations .Values.commonAnnotations }}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/role.yaml

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: Role
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -23,11 +23,6 @@ rules:
       - 'use'
     resourceNames: [{{ printf "%s-master" (include "common.names.fullname" .) }}]
   {{- end }}
-  {{- if and .Values.sentinel.enabled .Values.sentinel.service.createMaster}}
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["list", "patch"]
-  {{- end -}}
   {{- if .Values.rbac.rules }}
   {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
   {{- end }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/rolebinding.yaml

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: RoleBinding
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/scripts-configmap.yaml

@@ -7,7 +7,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -48,7 +48,7 @@ data:
         {{- if .Values.useExternalDNS.enabled }}
         full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
         {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
         {{- else }}
         full_hostname="${hostname}.${HEADLESS_SERVICE}"
         {{- end }}
@@ -71,12 +71,12 @@ data:
 
     REDISPORT=$(get_port "$HOSTNAME" "REDIS")
 
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
 
     if [ -n "$REDIS_EXTERNAL_MASTER_HOST" ]; then
         REDIS_SERVICE="$REDIS_EXTERNAL_MASTER_HOST"
     else
-        REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+        REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
     fi
 
     SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL")
@@ -251,8 +251,8 @@ data:
     . /opt/bitnami/scripts/libvalidations.sh
     . /opt/bitnami/scripts/libfile.sh
 
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
-    REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
+    REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
 
     get_port() {
         hostname="$1"
@@ -281,7 +281,7 @@ data:
         {{- if .Values.useExternalDNS.enabled }}
         full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
         {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
         {{- else }}
         full_hostname="${hostname}.${HEADLESS_SERVICE}"
         {{- end }}
@@ -366,13 +366,6 @@ data:
         REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
     fi
 
-    {{- if .Values.sentinel.service.createMaster }}
-    if [[ "${REDIS_REPLICATION_MODE}" == "master" ]]; then
-        # Add isMaster label to master node for master service
-        echo "${REDIS_MASTER_HOST/.*}" > /etc/shared/current
-    fi
-    {{- end }}
-
     if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then
       REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST"
       REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}"
@@ -457,7 +450,7 @@ data:
     . /opt/bitnami/scripts/libvalidations.sh
     . /opt/bitnami/scripts/libos.sh
 
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
 
     get_full_hostname() {
         hostname="$1"
@@ -465,7 +458,7 @@ data:
         {{- if .Values.useExternalDNS.enabled }}
         full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
         {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
         {{- else }}
         full_hostname="${hostname}.${HEADLESS_SERVICE}"
         {{- end }}
@@ -488,7 +481,7 @@ data:
 
     run_sentinel_command() {
         if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
-            redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
+            redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
         else
             redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
         fi
@@ -499,7 +492,7 @@ data:
       [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
     }
 
-    REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
 
     {{ if .Values.auth.sentinel -}}
     # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
@@ -537,7 +530,7 @@ data:
         [[ "$REDIS_ROLE" == "master" ]]
     }
 
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{- include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
 
     get_full_hostname() {
         hostname="$1"
@@ -545,7 +538,7 @@ data:
         {{- if .Values.useExternalDNS.enabled }}
         full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
         {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
         {{- else }}
         full_hostname="${hostname}.${HEADLESS_SERVICE}"
         {{- end }}
@@ -568,7 +561,7 @@ data:
 
     run_sentinel_command() {
         if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
-            {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
+            {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
         else
             {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
         fi
@@ -579,7 +572,7 @@ data:
         [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
     }
 
-    REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
 
     # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
@@ -603,14 +596,6 @@ data:
         exit 0
     fi
 
-  {{- if .Values.sentinel.service.createMaster}}
-  push-master-label.sh: |
-    #!/bin/bash
-    # https://download.redis.io/redis-stable/sentinel.conf
-
-    echo "${6/.*}" > /etc/shared/current
-    echo "${4/.*}" > /etc/shared/previous
-  {{- end }}
 {{- else }}
   start-master.sh: |
     #!/bin/bash
@@ -691,7 +676,7 @@ data:
         {{- if .Values.useExternalDNS.enabled }}
         full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
         {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
         {{- else }}
         full_hostname="${hostname}.${HEADLESS_SERVICE}"
         {{- end }}
@@ -713,7 +698,7 @@ data:
     }
 
     REDISPORT=$(get_port "$HOSTNAME" "REDIS")
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
 
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
@@ -770,29 +755,3 @@ data:
     {{- end }}
   {{- end }}
 {{- end }}
----
-{{- if .Values.sentinel.service.createMaster}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-data:
-  update-master-label.sh: |
-    #!/bin/bash
-    while true; do
-        while [ ! -f "/etc/shared/current" ]; do
-            sleep 1
-        done
-        echo "new master elected, updating label(s)..."
-        kubectl label pod --field-selector metadata.name="$(< "/etc/shared/current")" isMaster="true" --overwrite
-        if [ -f /etc/shared/previous ]; then
-            kubectl label pod --field-selector metadata.name="$(< "/etc/shared/previous")" isMaster="false" --overwrite
-        fi
-        rm "/etc/shared/current" "/etc/shared/previous"
-    done
-{{- end }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret-svcbind.yaml

@@ -17,7 +17,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "common.names.fullname" . }}-svcbind
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret.yaml

@@ -3,12 +3,12 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) (or .Values.auth.usePasswordFileFromSecret (not .Values.auth.usePasswordFiles)) -}}
+{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) -}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if or .Values.secretAnnotations .Values.commonAnnotations }}
   annotations:

packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/hpa.yaml

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ )
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ printf "%s-node" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: replica
   {{- if .Values.commonAnnotations }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/node-services.yaml

@@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
 
 {{- range $i := until (int .Values.replica.replicaCount) }}
 
-{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" $) (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }}
+{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }}
 
 {{ $sentinelport := 0}}
 {{ $redisport := 0}}
@@ -20,7 +20,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "common.names.fullname" $ }}-node-{{ $i }}
-  namespace: {{ include "common.names.namespace" $ | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: node
   {{- if or $.Values.commonAnnotations $.Values.sentinel.service.annotations }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/ports-configmap.yaml

@@ -71,14 +71,14 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "common.names.fullname" . }}-ports-configmap
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations:
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
   {{- end }}
 data:
-{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }}
+{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }}
 {{- if $portsmap }}
 {{- /* configmap already exists, do not install again */ -}}
   {{- range $name, $value := $portsmap }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/service.yaml

@@ -5,7 +5,7 @@ SPDX-License-Identifier: APACHE-2.0
 
 {{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}}
 {{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
-{{ $portsmap := (lookup "v1" "ConfigMap" (include "common.names.namespace" .) (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }}
+{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }}
 
 {{ $sentinelport := 0}}
 {{ $redisport := 0}}
@@ -19,7 +19,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: node
   {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }}
@@ -34,9 +34,6 @@ spec:
   {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }}
   loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
   {{- end }}
-  {{- if and (eq .Values.sentinel.service.type "LoadBalancer")  .Values.sentinel.service.loadBalancerClass }}
-  loadBalancerClass: {{ .Values.sentinel.service.loadBalancerClass }}
-  {{- end }}
   {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }}
   loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }}
   {{- end }}
@@ -100,62 +97,5 @@ spec:
   {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.podLabels .Values.commonLabels ) "context" . ) }}
   selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: node
-
-{{- if and .Values.sentinel.enabled .Values.sentinel.service.createMaster}}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ template "common.names.fullname" . }}-master"
-  namespace: {{ include "common.names.namespace" . | quote }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: node
-  {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }}
-  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.annotations .Values.commonAnnotations ) "context" . ) }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.sentinel.service.type }}
-  {{- if or (eq .Values.sentinel.service.type "LoadBalancer") (eq .Values.sentinel.service.type "NodePort") }}
-  externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy | quote }}
-  {{- end }}
-  {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }}
-  loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
-  {{- end }}
-  {{- if and (eq .Values.sentinel.service.type "LoadBalancer")  .Values.sentinel.service.loadBalancerClass }}
-  loadBalancerClass: {{ .Values.sentinel.service.loadBalancerClass }}
-  {{- end }}
-  {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }}
-  loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }}
-  {{- end }}
-  {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }}
-  clusterIP: {{ .Values.sentinel.service.clusterIP }}
-  {{- end }}
-  {{- if .Values.sentinel.service.sessionAffinity }}
-  sessionAffinity: {{ .Values.sentinel.service.sessionAffinity }}
-  {{- end }}
-  {{- if .Values.sentinel.service.sessionAffinityConfig }}
-  sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.sessionAffinityConfig "context" $) | nindent 4 }}
-  {{- end }}
-  ports:
-    - name: tcp-redis
-      {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }}
-      port: {{ .Values.sentinel.service.nodePorts.redis }}
-      {{- else if eq .Values.sentinel.service.type "NodePort" }}
-      port: {{ $redisport }}
-      {{- else}}
-      port: {{ .Values.sentinel.service.ports.redis }}
-      {{- end }}
-      targetPort: {{ .Values.replica.containerPorts.redis }}
-      {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }}
-      nodePort: {{ .Values.sentinel.service.nodePorts.redis }}
-      {{- else if eq .Values.sentinel.service.type "ClusterIP" }}
-      nodePort: null
-      {{- else if eq .Values.sentinel.service.type "NodePort" }}
-      nodePort:  {{ $redisport }}
-      {{- end }}
-  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
-    isMaster: "true"
-{{- end }}
 {{- end }}
 {{- end }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/statefulset.yaml

@@ -9,7 +9,7 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
 kind: StatefulSet
 metadata:
   name: {{ printf "%s-node" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: node
   {{- if or .Values.commonAnnotations .Values.sentinel.annotations }}
@@ -54,13 +54,13 @@ spec:
         {{- end }}
     spec:
       {{- include "redis.imagePullSecrets" . | nindent 6 }}
-      automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }}
       {{- if .Values.replica.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.replica.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
+      automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
       serviceAccountName: {{ template "redis.serviceAccountName" . }}
       {{- if .Values.replica.priorityClassName }}
       priorityClassName: {{ .Values.replica.priorityClassName | quote }}
@@ -114,7 +114,7 @@ spec:
           {{- end }}
           {{- end }}
           {{- if .Values.replica.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -270,8 +270,6 @@ spec:
           {{- end }}
           {{- if .Values.replica.resources }}
           resources: {{- toYaml .Values.replica.resources | nindent 12 }}
-          {{- else if ne .Values.replica.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
             - name: start-scripts
@@ -295,12 +293,10 @@ spec:
               {{- end }}
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: empty-dir
+            - name: redis-tmp-conf
               mountPath: /opt/bitnami/redis/etc
-              subPath: app-conf-dir
-            - name: empty-dir
+            - name: tmp
               mountPath: /tmp
-              subPath: tmp-dir
             {{- if .Values.tls.enabled }}
             - name: redis-certificates
               mountPath: /opt/bitnami/redis/certs
@@ -326,7 +322,7 @@ spec:
           {{- end }}
           {{- end }}
           {{- if .Values.sentinel.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.sentinel.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.sentinel.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -453,21 +449,12 @@ spec:
           {{- end }}
           {{- if .Values.sentinel.resources }}
           resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
-          {{- else if ne .Values.sentinel.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.sentinel.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
             - name: health
               mountPath: /health
-            {{- if .Values.sentinel.service.createMaster}}
-            - name: kubectl-shared
-              mountPath: /etc/shared
-            {{- end }}
             - name: sentinel-data
               mountPath: /opt/bitnami/redis-sentinel/etc
             {{- if .Values.auth.usePasswordFiles }}
@@ -496,7 +483,7 @@ spec:
           image: {{ template "redis.metrics.image" . }}
           imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
           {{- if .Values.metrics.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -516,8 +503,6 @@ spec:
           env:
             - name: REDIS_ALIAS
               value: {{ template "common.names.fullname" . }}
-            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
-              value: {{ printf ":%v" .Values.metrics.containerPorts.http }}
             {{- if .Values.auth.enabled }}
             - name: REDIS_USER
               value: default
@@ -546,7 +531,7 @@ spec:
             {{- end }}
           ports:
             - name: metrics
-              containerPort: {{ .Values.metrics.containerPorts.http }}
+              containerPort: 9121
           {{- if not .Values.diagnosticMode.enabled }}
           {{- if .Values.metrics.customStartupProbe }}
           startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
@@ -573,13 +558,8 @@ spec:
           {{- end }}
           {{- if .Values.metrics.resources }}
           resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
-          {{- else if ne .Values.metrics.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             {{- if .Values.auth.usePasswordFiles }}
             - name: redis-password
               mountPath: /secrets/
@@ -593,22 +573,6 @@ spec:
             {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }}
             {{- end }}
         {{- end }}
-        {{- if .Values.sentinel.service.createMaster }}
-        - name: kubectl-shared
-          image: {{ template "redis.kubectl.image" . }}
-          imagePullPolicy: {{ .Values.kubectl.image.pullPolicy | quote }}
-          command: {{- toYaml .Values.kubectl.command | nindent 12 }}
-          securityContext:
-            runAsUser: 0
-          volumeMounts:
-            - name: kubectl-shared
-              mountPath: /etc/shared
-            - name: kubectl-scripts
-              mountPath: /opt/bitnami/scripts/kubectl-scripts
-          {{- if .Values.kubectl.resources }}
-          resources: {{- toYaml .Values.kubectl.resources | nindent 12 }}
-          {{- end }}
-        {{- end }}
         {{- if .Values.replica.sidecars }}
         {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }}
         {{- end }}
@@ -638,13 +602,8 @@ spec:
           {{- end }}
           {{- if .Values.volumePermissions.resources }}
           resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
-          {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             - name: redis-data
               mountPath: {{ .Values.replica.persistence.path }}
               {{- if .Values.replica.persistence.subPath }}
@@ -665,14 +624,9 @@ spec:
           {{- end }}
           {{- if .Values.sysctl.resources }}
           resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
-          {{- else if ne .Values.sysctl.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }}
           {{- end }}
           {{- if .Values.sysctl.mountHostSys }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             - name: host-sys
               mountPath: /host-sys
           {{- end }}
@@ -687,25 +641,13 @@ spec:
           configMap:
             name: {{ printf "%s-health" (include "common.names.fullname" .) }}
             defaultMode: 0755
-        {{- if .Values.sentinel.service.createMaster}}
-        - name: kubectl-shared
-          emptyDir: {}
-        - name: kubectl-scripts
-          configMap:
-            name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }}
-            defaultMode: 0755
-        {{- end }}
         {{- if .Values.auth.usePasswordFiles }}
         - name: redis-password
-          {{ if .Values.auth.usePasswordFileFromSecret }}
           secret:
             secretName: {{ template "redis.secretName" . }}
             items:
             - key: {{ template "redis.secretPasswordKey" . }}
               path: redis-password
-          {{- else }}
-          emptyDir: {}
-          {{- end }}
         {{- end }}
         - name: config
           configMap:
@@ -729,7 +671,19 @@ spec:
           emptyDir: {}
           {{- end }}
         {{- end }}
-        - name: empty-dir
+        - name: redis-tmp-conf
+          {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }}
+          emptyDir:
+            {{- if .Values.sentinel.persistence.medium }}
+            medium: {{ .Values.sentinel.persistence.medium | quote }}
+            {{- end }}
+            {{- if .Values.sentinel.persistence.sizeLimit }}
+            sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }}
+            {{- end }}
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
+        - name: tmp
           {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }}
           emptyDir:
             {{- if .Values.sentinel.persistence.medium }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/serviceaccount.yaml

@@ -3,13 +3,13 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- if and .Values.serviceAccount.create .Values.sentinel.enabled }}
+{{- if and .Values.serviceAccount.create (and (not .Values.master.serviceAccount.create) (not .Values.replica.serviceAccount.create)) }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
 metadata:
   name: {{ template "redis.serviceAccountName" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/servicemonitor.yaml

@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     {{- if .Values.metrics.serviceMonitor.additionalLabels }}
     {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
@@ -18,7 +18,7 @@ metadata:
   {{- end }}
 spec:
   endpoints:
-    - port: {{ .Values.metrics.serviceMonitor.port }}
+    - port: http-metrics
       {{- if .Values.metrics.serviceMonitor.interval }}
       interval: {{ .Values.metrics.serviceMonitor.interval }}
       {{- end }}
@@ -34,48 +34,18 @@ spec:
       {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
       metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
       {{- end }}
-      {{- range .Values.metrics.serviceMonitor.additionalEndpoints }}
-    - port: {{ .port }}
-      {{- if .interval }}
-      interval: {{ .interval }}
-      {{- end }}
-      {{- if .scrapeTimeout }}
-      scrapeTimeout: {{ .scrapeTimeout }}
-      {{- end }}
-      {{- if .honorLabels }}
-      honorLabels: {{ .honorLabels }}
-      {{- end }}
-      {{- if .relabellings }}
-      relabelings: {{- toYaml .relabellings | nindent 6 }}
-      {{- end }}
-      {{- if .metricRelabelings }}
-      metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}
-      {{- end }}
-      {{- if .path }}
-      path: {{ .path }}
-      {{- end }}
-      {{- if .params }}
-      params:
-        {{- range $key, $value := .params }}
-        {{ $key }}:
-          {{- range $value }}
-          - {{ . | quote }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-    {{- end }}
   {{- if .Values.metrics.serviceMonitor.podTargetLabels }}
   podTargetLabels: {{- toYaml .Values.metrics.serviceMonitor.podTargetLabels | nindent 4 }}
   {{- end }}
-  {{- with .Values.metrics.serviceMonitor.sampleLimit }}
+  {{ with .Values.metrics.serviceMonitor.sampleLimit }}
   sampleLimit: {{ . }}
   {{- end }}
-  {{- with .Values.metrics.serviceMonitor.targetLimit }}
+  {{ with .Values.metrics.serviceMonitor.targetLimit }}
   targetLimit: {{ . }}
   {{- end }}
   namespaceSelector:
     matchNames:
-      - {{ include "common.names.namespace" . | quote }}
+      - {{ .Release.Namespace }}
   selector:
     matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
       app.kubernetes.io/component: metrics

packages/system/dashboard/charts/kubeapps/charts/redis/templates/tls-secret.yaml

@@ -6,7 +6,7 @@ SPDX-License-Identifier: APACHE-2.0
 {{- if (include "redis.createTlsSecret" .) }}
 {{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
 {{- $ca := genCA "redis-ca" 365 }}
-{{- $releaseNamespace := (include "common.names.namespace" .) }}
+{{- $releaseNamespace := .Release.Namespace }}
 {{- $clusterDomain := .Values.clusterDomain }}
 {{- $fullname := include "common.names.fullname" . }}
 {{- $serviceName := include "common.names.fullname" . }}
@@ -18,7 +18,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ $secretName }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/charts/redis/values.yaml

@@ -22,15 +22,7 @@ global:
   storageClass: ""
   redis:
     password: ""
-  ## Compatibility adaptations for Kubernetes platforms
-  ##
-  compatibility:
-    ## Compatibility adaptations for Openshift
-    ##
-    openshift:
-      ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
-      ##
-      adaptSecurityContext: disabled
+
 ## @section Common parameters
 ##
 
@@ -43,9 +35,6 @@ nameOverride: ""
 ## @param fullnameOverride String to fully override common.names.fullname
 ##
 fullnameOverride: ""
-## @param namespaceOverride String to fully override common.names.namespace
-##
-namespaceOverride: ""
 ## @param commonLabels Labels to add to all deployed objects
 ##
 commonLabels: {}
@@ -70,6 +59,7 @@ nameResolutionThreshold: 5
 ## @param nameResolutionTimeout Timeout seconds between probes for internal hostnames resolution
 ##
 nameResolutionTimeout: 5
+
 ## Enable diagnostic mode in the deployment
 ##
 diagnosticMode:
@@ -84,6 +74,7 @@ diagnosticMode:
   ##
   args:
     - infinity
+
 ## @section Redis® Image parameters
 ##
 
@@ -100,11 +91,11 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/redis
-  tag: 7.2.4-debian-12-r9
+  tag: 7.2.3-debian-11-r1
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-  ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+  ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
   ##
   pullPolicy: IfNotPresent
   ## Optionally specify an array of imagePullSecrets.
@@ -118,6 +109,7 @@ image:
   ## Enable debug mode
   ##
   debug: false
+
 ## @section Redis® common configuration parameters
 ## https://github.com/bitnami/containers/tree/main/bitnami/redis#configuration
 ##
@@ -150,9 +142,7 @@ auth:
   ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable
   ##
   usePasswordFiles: false
-  ## @param auth.usePasswordFileFromSecret Mount password file from secret
-  ##
-  usePasswordFileFromSecret: true
+
 ## @param commonConfiguration [string] Common configuration to be added into the ConfigMap
 ## ref: https://redis.io/topics/config
 ##
@@ -164,8 +154,10 @@ commonConfiguration: |-
 ## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis® nodes
 ##
 existingConfigmap: ""
+
 ## @section Redis® master configuration parameters
 ##
+
 master:
   ## @param master.count Number of Redis® master instances to deploy (experimental, requires additional configuration)
   ##
@@ -271,60 +263,42 @@ master:
   ##
   customReadinessProbe: {}
   ## Redis® master resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param master.resources.limits The resources limits for the Redis® master containers
+  ## @param master.resources.requests The requested resources for the Redis® master containers
   ##
-  resourcesPreset: "none"
-  ## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
-  ##
-  resources: {}
+  resources:
+    limits: {}
+    requests: {}
   ## Configure Pods Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param master.podSecurityContext.enabled Enabled Redis® master pods' Security Context
-  ## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
-  ## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface
-  ## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups
   ## @param master.podSecurityContext.fsGroup Set Redis® master pod's Security Context fsGroup
   ##
   podSecurityContext:
     enabled: true
-    fsGroupChangePolicy: Always
-    sysctls: []
-    supplementalGroups: []
     fsGroup: 1001
   ## Configure Container Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param master.containerSecurityContext.enabled Enabled Redis® master containers' Security Context
-  ## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param master.containerSecurityContext.runAsUser Set Redis® master containers' Security Context runAsUser
   ## @param master.containerSecurityContext.runAsGroup Set Redis® master containers' Security Context runAsGroup
   ## @param master.containerSecurityContext.runAsNonRoot Set Redis® master containers' Security Context runAsNonRoot
   ## @param master.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Redis® pod(s) privileges
-  ## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
   ## @param master.containerSecurityContext.seccompProfile.type Set Redis® master containers' Security Context seccompProfile
   ## @param master.containerSecurityContext.capabilities.drop Set Redis® master containers' Security Context capabilities to drop
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
     runAsGroup: 0
     runAsNonRoot: true
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: false
     seccompProfile:
       type: RuntimeDefault
     capabilities:
-      drop: ["ALL"]
+      drop:
+        - ALL
   ## @param master.kind Use either Deployment, StatefulSet (default) or DaemonSet
   ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
   ##
@@ -348,9 +322,6 @@ master:
   ## @param master.priorityClassName Redis® master pods' priorityClassName
   ##
   priorityClassName: ""
-  ## @param master.automountServiceAccountToken Mount Service Account token in pod
-  ##
-  automountServiceAccountToken: false
   ## @param master.hostAliases Redis® master pods host aliases
   ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
   ##
@@ -398,7 +369,7 @@ master:
   ##
   affinity: {}
   ## @param master.nodeSelector Node labels for Redis® master pods assignment
-  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
   ##
   nodeSelector: {}
   ## @param master.tolerations Tolerations for Redis® master pods assignment
@@ -461,7 +432,7 @@ master:
   ##
   initContainers: []
   ## Persistence parameters
-  ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
+  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
   ##
   persistence:
     ## @param master.persistence.enabled Enable persistence on Redis® master nodes using Persistent Volume Claims
@@ -561,10 +532,6 @@ master:
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
     ##
     loadBalancerIP: ""
-    ## @param master.service.loadBalancerClass master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
-    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
-    ##
-    loadBalancerClass: ""
     ## @param master.service.loadBalancerSourceRanges Redis® master service Load Balancer sources
     ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
     ## e.g.
@@ -602,7 +569,7 @@ master:
   serviceAccount:
     ## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
     ##
-    create: true
+    create: false
     ## @param master.serviceAccount.name The name of the ServiceAccount to use.
     ## If not set and create is true, a name is generated using the common.names.fullname template
     ##
@@ -610,12 +577,14 @@ master:
     ## @param master.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
     ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
     ##
-    automountServiceAccountToken: false
+    automountServiceAccountToken: true
     ## @param master.serviceAccount.annotations Additional custom annotations for the ServiceAccount
     ##
     annotations: {}
+
 ## @section Redis® replicas configuration parameters
 ##
+
 replica:
   ## @param replica.kind Use either DaemonSet or StatefulSet (default)
   ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
@@ -733,60 +702,50 @@ replica:
   ##
   customReadinessProbe: {}
   ## Redis® replicas resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param replica.resources.limits The resources limits for the Redis® replicas containers
+  ## @param replica.resources.requests The requested resources for the Redis® replicas containers
   ##
-  resourcesPreset: "none"
-  ## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
-  ##
-  resources: {}
+  resources:
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    limits: {}
+    #   cpu: 250m
+    #   memory: 256Mi
+    requests: {}
+    #   cpu: 250m
+    #   memory: 256Mi
   ## Configure Pods Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param replica.podSecurityContext.enabled Enabled Redis® replicas pods' Security Context
-  ## @param replica.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
-  ## @param replica.podSecurityContext.sysctls Set kernel settings using the sysctl interface
-  ## @param replica.podSecurityContext.supplementalGroups Set filesystem extra groups
   ## @param replica.podSecurityContext.fsGroup Set Redis® replicas pod's Security Context fsGroup
   ##
   podSecurityContext:
     enabled: true
-    fsGroupChangePolicy: Always
-    sysctls: []
-    supplementalGroups: []
     fsGroup: 1001
   ## Configure Container Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param replica.containerSecurityContext.enabled Enabled Redis® replicas containers' Security Context
-  ## @param replica.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param replica.containerSecurityContext.runAsUser Set Redis® replicas containers' Security Context runAsUser
   ## @param replica.containerSecurityContext.runAsGroup Set Redis® replicas containers' Security Context runAsGroup
   ## @param replica.containerSecurityContext.runAsNonRoot Set Redis® replicas containers' Security Context runAsNonRoot
   ## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Redis® replicas pod's Security Context allowPrivilegeEscalation
-  ## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
   ## @param replica.containerSecurityContext.seccompProfile.type Set Redis® replicas containers' Security Context seccompProfile
   ## @param replica.containerSecurityContext.capabilities.drop Set Redis® replicas containers' Security Context capabilities to drop
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
     runAsGroup: 0
     runAsNonRoot: true
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: false
     seccompProfile:
       type: RuntimeDefault
     capabilities:
-      drop: ["ALL"]
+      drop:
+        - ALL
   ## @param replica.schedulerName Alternate scheduler for Redis® replicas pods
   ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
   ##
@@ -810,9 +769,6 @@ replica:
   ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
   ##
   podManagementPolicy: ""
-  ## @param replica.automountServiceAccountToken Mount Service Account token in pod
-  ##
-  automountServiceAccountToken: false
   ## @param replica.hostAliases Redis® replicas pods host aliases
   ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
   ##
@@ -860,7 +816,7 @@ replica:
   ##
   affinity: {}
   ## @param replica.nodeSelector Node labels for Redis® replicas pods assignment
-  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
   ##
   nodeSelector: {}
   ## @param replica.tolerations Tolerations for Redis® replicas pods assignment
@@ -923,7 +879,7 @@ replica:
   ##
   initContainers: []
   ## Persistence Parameters
-  ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
+  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
   ##
   persistence:
     ## @param replica.persistence.enabled Enable persistence on Redis® replicas nodes using Persistent Volume Claims
@@ -1023,10 +979,6 @@ replica:
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
     ##
     loadBalancerIP: ""
-    ## @param replica.service.loadBalancerClass replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
-    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
-    ##
-    loadBalancerClass: ""
     ## @param replica.service.loadBalancerSourceRanges Redis® replicas service Load Balancer sources
     ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
     ## e.g.
@@ -1074,7 +1026,7 @@ replica:
   serviceAccount:
     ## @param replica.serviceAccount.create Specifies whether a ServiceAccount should be created
     ##
-    create: true
+    create: false
     ## @param replica.serviceAccount.name The name of the ServiceAccount to use.
     ## If not set and create is true, a name is generated using the common.names.fullname template
     ##
@@ -1082,7 +1034,7 @@ replica:
     ## @param replica.serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
     ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
     ##
-    automountServiceAccountToken: false
+    automountServiceAccountToken: true
     ## @param replica.serviceAccount.annotations Additional custom annotations for the ServiceAccount
     ##
     annotations: {}
@@ -1108,11 +1060,11 @@ sentinel:
   image:
     registry: docker.io
     repository: bitnami/redis-sentinel
-    tag: 7.2.4-debian-12-r7
+    tag: 7.2.3-debian-11-r1
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -1250,7 +1202,7 @@ sentinel:
   ##
   customReadinessProbe: {}
   ## Persistence parameters
-  ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
+  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
   ##
   persistence:
     ## @param sentinel.persistence.enabled Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental)
@@ -1302,46 +1254,34 @@ sentinel:
     whenScaled: Retain
     whenDeleted: Retain
   ## Redis® Sentinel resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param sentinel.resources.limits The resources limits for the Redis® Sentinel containers
+  ## @param sentinel.resources.requests The requested resources for the Redis® Sentinel containers
   ##
-  resourcesPreset: "none"
-  ## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
-  ##
-  resources: {}
+  resources:
+    limits: {}
+    requests: {}
   ## Configure Container Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param sentinel.containerSecurityContext.enabled Enabled Redis® Sentinel containers' Security Context
-  ## @param sentinel.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param sentinel.containerSecurityContext.runAsUser Set Redis® Sentinel containers' Security Context runAsUser
   ## @param sentinel.containerSecurityContext.runAsGroup Set Redis® Sentinel containers' Security Context runAsGroup
   ## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis® Sentinel containers' Security Context runAsNonRoot
-  ## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
   ## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation
   ## @param sentinel.containerSecurityContext.seccompProfile.type Set Redis® Sentinel containers' Security Context seccompProfile
   ## @param sentinel.containerSecurityContext.capabilities.drop Set Redis® Sentinel containers' Security Context capabilities to drop
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
     runAsGroup: 0
     runAsNonRoot: true
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: false
     seccompProfile:
       type: RuntimeDefault
     capabilities:
-      drop: ["ALL"]
+      drop:
+        - ALL
   ## @param sentinel.lifecycleHooks for the Redis® sentinel container(s) to automate configuration before or after startup
   ##
   lifecycleHooks: {}
@@ -1383,20 +1323,10 @@ sentinel:
     ## @param sentinel.service.clusterIP Redis® Sentinel service Cluster IP
     ##
     clusterIP: ""
-
-    ## @param sentinel.service.createMaster Enable master service pointing to the current master (experimental)
-    ## NOTE: rbac.create need to be set to true
-    ##
-    createMaster: false
-
     ## @param sentinel.service.loadBalancerIP Redis® Sentinel service Load Balancer IP
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
     ##
     loadBalancerIP: ""
-    ## @param sentinel.service.loadBalancerClass sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
-    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
-    ##
-    loadBalancerClass: ""
     ## @param sentinel.service.loadBalancerSourceRanges Redis® Sentinel service Load Balancer sources
     ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
     ## e.g.
@@ -1427,6 +1357,7 @@ sentinel:
   ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods
   ##
   terminationGracePeriodSeconds: 30
+
 ## @section Other Parameters
 ##
 
@@ -1435,22 +1366,20 @@ sentinel:
 ##
 serviceBindings:
   enabled: false
+
 ## Network Policy configuration
 ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
 ##
 networkPolicy:
   ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
   ##
-  enabled: true
+  enabled: false
   ## @param networkPolicy.allowExternal Don't require client label for connections
   ## When set to false, only pods with the correct client label will have network access to the ports
   ## Redis® is listening on. When true, Redis® will accept connections from any source
   ## (with the correct destination port).
   ##
   allowExternal: true
-  ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
-  ##
-  allowExternalEgress: true
   ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy
   ## e.g:
   ## extraIngress:
@@ -1490,6 +1419,7 @@ networkPolicy:
   ##
   ingressNSMatchLabels: {}
   ingressNSPodMatchLabels: {}
+
   metrics:
     ## @param networkPolicy.metrics.allowExternal Don't require client label for connections for metrics endpoint
     ## When set to false, only pods with the correct client label will have network access to the metrics port
@@ -1500,6 +1430,7 @@ networkPolicy:
     ##
     ingressNSMatchLabels: {}
     ingressNSPodMatchLabels: {}
+  
 ## PodSecurityPolicy configuration
 ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
 ##
@@ -1541,7 +1472,7 @@ serviceAccount:
   ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
   ##
-  automountServiceAccountToken: false
+  automountServiceAccountToken: true
   ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
   ##
   annotations: {}
@@ -1588,8 +1519,10 @@ tls:
   ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers)
   ##
   dhParamsFilename: ""
+
 ## @section Metrics Parameters
 ##
+
 metrics:
   ## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis® metrics
   ##
@@ -1606,7 +1539,7 @@ metrics:
   image:
     registry: docker.io
     repository: bitnami/redis-exporter
-    tag: 1.58.0-debian-12-r4
+    tag: 1.55.0-debian-11-r2
     digest: ""
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -1617,10 +1550,6 @@ metrics:
     ##   - myRegistryKeySecretName
     ##
     pullSecrets: []
-  ## @param metrics.containerPorts.http Metrics HTTP container port
-  ##
-  containerPorts:
-    http: 9121
   ## Configure extra options for Redis® containers' liveness, readiness & startup probes
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
   ## @param metrics.startupProbe.enabled Enable startupProbe on Redis® replicas nodes
@@ -1697,27 +1626,24 @@ metrics:
   ## Configure Container Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param metrics.containerSecurityContext.enabled Enabled Redis® exporter containers' Security Context
-  ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param metrics.containerSecurityContext.runAsUser Set Redis® exporter containers' Security Context runAsUser
   ## @param metrics.containerSecurityContext.runAsGroup Set Redis® exporter containers' Security Context runAsGroup
   ## @param metrics.containerSecurityContext.runAsNonRoot Set Redis® exporter containers' Security Context runAsNonRoot
   ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Redis® exporter containers' Security Context allowPrivilegeEscalation
-  ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
   ## @param metrics.containerSecurityContext.seccompProfile.type Set Redis® exporter containers' Security Context seccompProfile
   ## @param metrics.containerSecurityContext.capabilities.drop Set Redis® exporter containers' Security Context capabilities to drop
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
     runAsGroup: 0
     runAsNonRoot: true
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: false
     seccompProfile:
       type: RuntimeDefault
     capabilities:
-      drop: ["ALL"]
+      drop:
+        - ALL
   ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis® metrics sidecar
   ##
   extraVolumes: []
@@ -1725,22 +1651,13 @@ metrics:
   ##
   extraVolumeMounts: []
   ## Redis® exporter resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param metrics.resources.limits The resources limits for the Redis® exporter container
+  ## @param metrics.resources.requests The requested resources for the Redis® exporter container
   ##
-  resourcesPreset: "none"
-  ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
-  ##
-  resources: {}
+  resources:
+    limits: {}
+    requests: {}
   ## @param metrics.podLabels Extra labels for Redis® exporter pods
   ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
   ##
@@ -1754,16 +1671,12 @@ metrics:
   ## Redis® exporter service parameters
   ##
   service:
-    ## @param metrics.service.enabled Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor
-    ##
-    enabled: true
     ## @param metrics.service.type Redis® exporter service type
     ##
     type: ClusterIP
-    ## @param metrics.service.ports.http Redis® exporter service port
+    ## @param metrics.service.port Redis® exporter service port
     ##
-    ports:
-      http: 9121
+    port: 9121
     ## @param metrics.service.externalTrafficPolicy Redis® exporter service external traffic policy
     ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
     ##
@@ -1775,10 +1688,6 @@ metrics:
     ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
     ##
     loadBalancerIP: ""
-    ## @param metrics.service.loadBalancerClass exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
-    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
-    ##
-    loadBalancerClass: ""
     ## @param metrics.service.loadBalancerSourceRanges Redis® exporter service Load Balancer sources
     ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
     ## e.g.
@@ -1797,9 +1706,6 @@ metrics:
   ##      https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
   ##
   serviceMonitor:
-    ## @param metrics.serviceMonitor.port the service port to scrape metrics from
-    ##
-    port: http-metrics
     ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator
     ##
     enabled: false
@@ -1833,27 +1739,11 @@ metrics:
     ## @param metrics.serviceMonitor.targetLimit Limit of how many targets should be scraped
     ##
     targetLimit: false
-    ## @param metrics.serviceMonitor.additionalEndpoints  Additional endpoints to scrape (e.g sentinel)
-    ##
-    additionalEndpoints: []
-    # uncomment in order to scrape sentinel metrics, also to in order distinguish between Sentinel and Redis container metrics
-    # add metricRelabelings with label like app=redis to main redis pod-monitor port
-    # - interval: "30s"
-    #   path: "/scrape"
-    #   port: "metrics"
-    #   params:
-    #     target: ["localhost:26379"]
-    #   metricRelabelings:
-    #     - targetLabel: "app"
-    #       replacement: "sentinel"
   ## Prometheus Pod Monitor
   ## ref: https://github.com/coreos/prometheus-operator
   ##      https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#podmonitor
   ##
   podMonitor:
-    ## @param metrics.podMonitor.port the pod port to scrape metrics from
-    ##
-    port: metrics
     ## @param metrics.podMonitor.enabled Create PodMonitor resource(s) for scraping metrics using PrometheusOperator
     ##
     enabled: false
@@ -1872,8 +1762,6 @@ metrics:
     ## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
     ##
     metricRelabelings: []
-    # - targetLabel: "app"
-    #   replacement: "redis"
     ## @param metrics.podMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
     ##
     honorLabels: false
@@ -1889,17 +1777,7 @@ metrics:
     ## @param metrics.podMonitor.targetLimit Limit of how many targets should be scraped
     ##
     targetLimit: false
-    ## @param metrics.podMonitor.additionalEndpoints  Additional endpoints to scrape (e.g sentinel)
-    ##
-    additionalEndpoints: []
-    # - interval: "30s"
-    #   path: "/scrape"
-    #   port: "metrics"
-    #   params:
-    #     target: ["localhost:26379"]
-    #   metricRelabelings:
-    #     - targetLabel: "app"
-    #       replacement: "sentinel"
+
   ## Custom PrometheusRule to be defined
   ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
   ##
@@ -1949,6 +1827,7 @@ metrics:
     ##          Redis® instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes.
     ##
     rules: []
+
 ## @section Init Container Parameters
 ##
 
@@ -1972,7 +1851,7 @@ volumePermissions:
   image:
     registry: docker.io
     repository: bitnami/os-shell
-    tag: 12-debian-12-r16
+    tag: 11-debian-11-r91
     digest: ""
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -1984,77 +1863,23 @@ volumePermissions:
     ##
     pullSecrets: []
   ## Init container's resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param volumePermissions.resources.limits The resources limits for the init container
+  ## @param volumePermissions.resources.requests The requested resources for the init container
   ##
-  resourcesPreset: "none"
-  ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
-  ##
-  resources: {}
+  resources:
+    limits: {}
+    requests: {}
   ## Init container Container Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
-  ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
   ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
   ##   data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
   ##   "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
   ##
   containerSecurityContext:
-    seLinuxOptions: null
     runAsUser: 0
 
-## Kubectl InitContainer
-## used by Sentinel to update the isMaster label on the Redis(TM) pods
-##
-kubectl:
-  ## Bitnami Kubectl image version
-  ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/
-  ## @param kubectl.image.registry [default: REGISTRY_NAME] Kubectl image registry
-  ## @param kubectl.image.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository
-  ## @skip kubectl.image.tag Kubectl image tag (immutable tags are recommended), by default, using the current version
-  ## @param kubectl.image.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
-  ## @param kubectl.image.pullPolicy Kubectl image pull policy
-  ## @param kubectl.image.pullSecrets Kubectl pull secrets
-  ##
-  image:
-    registry: docker.io
-    repository: bitnami/kubectl
-    tag: 1.29.2-debian-12-r3
-    digest: ""
-    ## Specify a imagePullPolicy
-    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
-    ##
-    pullPolicy: IfNotPresent
-    ## Optionally specify an array of imagePullSecrets.
-    ## Secrets must be manually created in the namespace.
-    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-    ## e.g:
-    ## pullSecrets:
-    ##   - myRegistryKeySecretName
-    ##
-    pullSecrets: []
-  ## @param kubectl.command kubectl command to execute
-  ##
-  command: ["/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh"]
-  ## Bitnami Kubectl resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param kubectl.resources.limits The resources limits for the kubectl containers
-  ## @param kubectl.resources.requests The requested resources for the kubectl containers
-  ##
-  resources:
-    limits: {}
-    requests: {}
-
 ## init-sysctl container parameters
 ## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings)
 ##
@@ -2074,7 +1899,7 @@ sysctl:
   image:
     registry: docker.io
     repository: bitnami/os-shell
-    tag: 12-debian-12-r16
+    tag: 11-debian-11-r91
     digest: ""
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -2092,22 +1917,14 @@ sysctl:
   ##
   mountHostSys: false
   ## Init container's resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param sysctl.resources.limits The resources limits for the init container
+  ## @param sysctl.resources.requests The requested resources for the init container
   ##
-  resourcesPreset: "none"
-  ## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
-  ##
-  resources: {}
+  resources:
+    limits: {}
+    requests: {}
+
 ## @section useExternalDNS Parameters
 ##
 ## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work.  Note this requires a working installation of `external-dns` to be usable.

packages/system/dashboard/charts/kubeapps/templates/NOTES.txt

@@ -85,4 +85,3 @@ To access Kubeapps from outside your K8s cluster, follow the steps below:
 
 {{- include "kubeapps.checkRollingTags" . }}
 {{- include "kubeapps.validateValues" . }}
-{{- include "common.warnings.resources" (dict "sections" (list "apprepository" "authProxy" "dashboard" "frontend" "kubeappsapis" "ociCatalog" "pinnipedProxy" "postgresql") "context" $) }}

packages/system/dashboard/charts/kubeapps/templates/apprepository/apprepositories.yaml

@@ -41,11 +41,11 @@ spec:
               value: {{ $.Values.apprepository.initialReposProxy.noProxy }}
       {{- end }}
       {{- if $.Values.apprepository.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.apprepository.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit $.Values.apprepository.containerSecurityContext "enabled" | toYaml | nindent 12 }}
       {{- end }}
       {{- end }}
       {{- if $.Values.apprepository.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.apprepository.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit $.Values.apprepository.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
       {{- if .nodeSelector }}
       nodeSelector: {{- toYaml .nodeSelector | nindent 8 }}

packages/system/dashboard/charts/kubeapps/templates/apprepository/deployment.yaml

@@ -35,7 +35,6 @@ spec:
     spec:
       {{- include "kubeapps.imagePullSecrets" . | indent 6 }}
       serviceAccountName: {{ template "kubeapps.apprepository.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.apprepository.automountServiceAccountToken }}
       {{- if .Values.apprepository.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.hostAliases "context" $) | nindent 8 }}
       {{- end }}
@@ -63,7 +62,7 @@ spec:
       priorityClassName: {{ .Values.apprepository.priorityClassName | quote }}
       {{- end }}
       {{- if .Values.apprepository.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.apprepository.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit .Values.apprepository.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
       {{- if .Values.apprepository.initContainers }}
       initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.initContainers "context" $) | trim | nindent 8 }}
@@ -73,7 +72,7 @@ spec:
           image: {{ include "kubeapps.apprepository.image" . }}
           imagePullPolicy: {{ .Values.apprepository.image.pullPolicy | quote }}
           {{- if .Values.apprepository.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.apprepository.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.apprepository.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.apprepository.lifecycleHooks }}
           lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.lifecycleHooks "context" $) | nindent 12 }}
@@ -142,25 +141,16 @@ spec:
             - secretRef:
                 name: {{ include "common.tplvalues.render" (dict "value" .Values.apprepository.extraEnvVarsSecret "context" $) }}
             {{- end }}
-          volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
-            {{- if .Values.apprepository.extraVolumeMounts }}
-            {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumeMounts "context" $) | nindent 12 }}
-            {{- end }}
+          {{- if .Values.apprepository.extraVolumeMounts }}
+          volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
           {{- if .Values.apprepository.resources }}
           resources: {{- toYaml .Values.apprepository.resources | nindent 12 }}
-          {{- else if ne .Values.apprepository.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.apprepository.resourcesPreset) | nindent 12 }}
           {{- end }}
         {{- if .Values.apprepository.sidecars }}
         {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.sidecars "context" $) | trim | nindent 8 }}
         {{- end }}
-      volumes:
-        - name: empty-dir
-          emptyDir: {}
-        {{- if .Values.apprepository.extraVolumes }}
-        {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumes "context" $) | nindent 8 }}
-        {{- end }}
+      {{- if .Values.apprepository.extraVolumes }}
+      volumes: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraVolumes "context" $) | nindent 8 }}
+      {{- end }}
 {{- end }}

packages/system/dashboard/charts/kubeapps/templates/dashboard/deployment.yaml

@@ -36,7 +36,6 @@ spec:
         app.kubernetes.io/component: dashboard
     spec:
       {{- include "kubeapps.imagePullSecrets" . | indent 6 }}
-      automountServiceAccountToken: {{ .Values.dashboard.automountServiceAccountToken }}
       {{- if .Values.dashboard.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.hostAliases "context" $) | nindent 8 }}
       {{- end }}
@@ -64,7 +63,7 @@ spec:
       priorityClassName: {{ .Values.dashboard.priorityClassName | quote }}
       {{- end }}
       {{- if .Values.dashboard.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboard.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit .Values.dashboard.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
       {{- if .Values.dashboard.initContainers }}
       initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.initContainers "context" $) | nindent 8 }}
@@ -74,7 +73,7 @@ spec:
           image: {{ include "kubeapps.dashboard.image" . }}
           imagePullPolicy: {{ .Values.dashboard.image.pullPolicy | quote }}
           {{- if .Values.dashboard.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboard.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.dashboard.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -134,21 +133,10 @@ spec:
           {{- end }}
           {{- if .Values.dashboard.resources }}
           resources: {{- toYaml .Values.dashboard.resources | nindent 12 }}
-          {{- else if ne .Values.dashboard.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.dashboard.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
             - name: vhost
               mountPath: /opt/bitnami/nginx/conf/server_blocks
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
-            - name: empty-dir
-              mountPath: /opt/bitnami/nginx/tmp
-              subPath: app-tmp-dir
-            - name: empty-dir
-              mountPath: /opt/bitnami/nginx/logs
-              subPath: app-logs-dir
             - name: config
               mountPath: /app/config.json
               subPath: config.json
@@ -165,8 +153,6 @@ spec:
         {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.sidecars "context" $) | nindent 8 }}
         {{- end }}
       volumes:
-        - name: empty-dir
-          emptyDir: {}
         - name: vhost
           configMap:
             name: {{ template "kubeapps.dashboard-config.fullname" . }}

packages/system/dashboard/charts/kubeapps/templates/frontend/deployment.yaml

@@ -35,7 +35,6 @@ spec:
         app.kubernetes.io/component: frontend
     spec:
       {{- include "kubeapps.imagePullSecrets" . | indent 6 }}
-      automountServiceAccountToken: {{ .Values.frontend.automountServiceAccountToken }}
       {{- if .Values.frontend.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.hostAliases "context" $) | nindent 8 }}
       {{- end }}
@@ -63,7 +62,7 @@ spec:
       priorityClassName: {{ .Values.frontend.priorityClassName | quote }}
       {{- end }}
       {{- if .Values.frontend.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.frontend.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit .Values.frontend.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
       {{- if .Values.frontend.initContainers }}
       initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.initContainers "context" $) | nindent 8 }}
@@ -73,7 +72,7 @@ spec:
           image: {{ include "kubeapps.frontend.image" . }}
           imagePullPolicy: {{ .Values.frontend.image.pullPolicy | quote }}
           {{- if .Values.frontend.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.frontend.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.frontend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -133,19 +132,8 @@ spec:
           {{- end }}
           {{- if .Values.frontend.resources }}
           resources: {{- toYaml .Values.frontend.resources | nindent 12 }}
-          {{- else if ne .Values.frontend.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.frontend.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
-            - name: empty-dir
-              mountPath: /opt/bitnami/nginx/tmp
-              subPath: app-tmp-dir
-            - name: empty-dir
-              mountPath: /opt/bitnami/nginx/logs
-              subPath: app-logs-dir
             - name: vhost
               mountPath: /opt/bitnami/nginx/conf/server_blocks
             {{- if .Values.frontend.extraVolumeMounts }}
@@ -156,7 +144,7 @@ spec:
           image: {{ include "kubeapps.authProxy.image" . }}
           imagePullPolicy: {{ .Values.authProxy.image.pullPolicy | quote }}
           {{- if .Values.authProxy.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.authProxy.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.authProxy.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.authProxy.lifecycleHooks }}
           lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.lifecycleHooks "context" $) | nindent 12 }}
@@ -231,16 +219,10 @@ spec:
               containerPort: {{ .Values.authProxy.containerPorts.proxy }}
           {{- if .Values.authProxy.resources }}
           resources: {{- toYaml .Values.authProxy.resources | nindent 12 }}
-          {{- else if ne .Values.authProxy.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.authProxy.resourcesPreset) | nindent 12 }}
           {{- end }}
-          volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
-            {{- if .Values.authProxy.extraVolumeMounts }}
-            {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.extraVolumeMounts "context" $) | nindent 12 }}
-            {{- end }}
+          {{- if .Values.authProxy.extraVolumeMounts }}
+          volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.authProxy.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
         {{- end }}
         {{- if and (gt (len .Values.clusters) 1) (not .Values.authProxy.enabled) }}
           {{ fail "clusters can be configured only when using an auth proxy for cluster oidc authentication." }}
@@ -250,7 +232,7 @@ spec:
           image: {{ include "kubeapps.pinnipedProxy.image" . }}
           imagePullPolicy: {{ .Values.pinnipedProxy.image.pullPolicy | quote }}
           {{- if .Values.pinnipedProxy.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.pinnipedProxy.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.pinnipedProxy.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -301,13 +283,8 @@ spec:
               containerPort: {{ .Values.pinnipedProxy.containerPorts.pinnipedProxy }}
           {{- if .Values.pinnipedProxy.resources }}
           resources: {{- toYaml .Values.pinnipedProxy.resources | nindent 12 }}
-          {{- else if ne .Values.pinnipedProxy.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.pinnipedProxy.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
             {{- if .Values.pinnipedProxy.tls.existingSecret }}
             - name: pinniped-tls-secret
               mountPath: "/etc/pinniped-tls"
@@ -321,8 +298,6 @@ spec:
         {{- include "common.tplvalues.render" (dict "value" .Values.frontend.sidecars "context" $) | nindent 8 }}
         {{- end }}
       volumes:
-        - name: empty-dir
-          emptyDir: {}
         - name: vhost
           configMap:
             name: {{ template "kubeapps.frontend-config.fullname" . }}

packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml

@@ -34,7 +34,6 @@ spec:
     spec:
       {{- include "kubeapps.imagePullSecrets" . | indent 6 }}
       serviceAccountName: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.kubeappsapis.automountServiceAccountToken }}
       {{- if .Values.kubeappsapis.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.hostAliases "context" $) | nindent 8 }}
       {{- end }}
@@ -62,7 +61,7 @@ spec:
       priorityClassName: {{ .Values.kubeappsapis.priorityClassName | quote }}
       {{- end }}
       {{- if .Values.kubeappsapis.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubeappsapis.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit .Values.kubeappsapis.podSecurityContext "enabled" | toYaml | nindent 8 }}
       {{- end }}
       # Increase termination timeout to let remaining operations to finish before ending the pods
       # This is because new releases/upgrades/deletions are synchronous operations
@@ -75,7 +74,7 @@ spec:
           image: {{ include "kubeapps.kubeappsapis.image" . }}
           imagePullPolicy: {{ .Values.kubeappsapis.image.pullPolicy | quote }}
           {{- if .Values.kubeappsapis.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubeappsapis.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.kubeappsapis.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.kubeappsapis.lifecycleHooks }}
           lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }}
@@ -209,13 +208,8 @@ spec:
           {{- end }}
           {{- if .Values.kubeappsapis.resources }}
           resources: {{- toYaml .Values.kubeappsapis.resources | nindent 12 }}
-          {{- else if ne .Values.kubeappsapis.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.kubeappsapis.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
           {{- if .Values.clusters }}
             - name: clusters-config
               mountPath: /config
@@ -238,7 +232,7 @@ spec:
           image: {{ include "kubeapps.ociCatalog.image" . }}
           imagePullPolicy: {{ .Values.ociCatalog.image.pullPolicy | quote }}
           {{- if .Values.ociCatalog.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.ociCatalog.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.ociCatalog.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.kubeappsapis.lifecycleHooks }}
           lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }}
@@ -309,23 +303,16 @@ spec:
           {{- end }}
           {{- if .Values.ociCatalog.resources }}
           resources: {{- toYaml .Values.ociCatalog.resources | nindent 12 }}
-          {{- else if ne .Values.ociCatalog.resourcesPreset "none" }}
-          resources: {{- include "common.resources.preset" (dict "type" .Values.ociCatalog.resourcesPreset) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            - name: empty-dir
-              mountPath: /tmp
-              subPath: tmp-dir
-            {{- if .Values.ociCatalog.extraVolumeMounts }}
-            {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraVolumeMounts "context" $) | nindent 12 }}
-            {{- end }}
+          {{- if .Values.ociCatalog.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
         {{- end }}
         {{- if .Values.kubeappsapis.sidecars }}
         {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.sidecars "context" $) | trim | nindent 8 }}
         {{- end }}
       volumes:
-        - name: empty-dir
-          emptyDir: {}
       {{- if .Values.clusters }}
         - name: clusters-config
           configMap:

packages/system/dashboard/charts/kubeapps/values.yaml

@@ -18,15 +18,7 @@ global:
   ##
   imagePullSecrets: []
   storageClass: ""
-  ## Compatibility adaptations for Kubernetes platforms
-  ##
-  compatibility:
-    ## Compatibility adaptations for Openshift
-    ##
-    openshift:
-      ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
-      ##
-      adaptSecurityContext: disabled
+
 ## @section Common parameters
 
 ## @param kubeVersion Override Kubernetes version
@@ -50,6 +42,7 @@ extraDeploy: []
 ## @param enableIPv6 Enable IPv6 configuration
 ##
 enableIPv6: false
+
 ## Enable diagnostic mode in the deployment
 ##
 diagnosticMode:
@@ -64,6 +57,7 @@ diagnosticMode:
   ##
   args:
     - infinity
+
 ## @section Traffic Exposure Parameters
 
 ## Configure the ingress resource that allows you to access the Kubeapps installation
@@ -107,6 +101,7 @@ ingress:
   ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
   ##
   tls: false
+
   ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
   ##
   selfSigned: false
@@ -174,6 +169,7 @@ ingress:
   ##             name: http
   ##
   extraRules: []
+
 ## @section Kubeapps packaging options
 ## Note: the helm and flux plugins are mutually exclusive, you can only
 ## enable one or the other since they both operate on Helm release objects.
@@ -193,6 +189,7 @@ packaging:
   ## @param packaging.flux.enabled Enable support for Flux (v2) packaging.
   flux:
     enabled: false
+
 ## @section Frontend parameters
 
 ## Frontend parameters
@@ -211,11 +208,11 @@ frontend:
   image:
     registry: docker.io
     repository: bitnami/nginx
-    tag: 1.25.4-debian-12-r3
+    tag: 1.25.3-debian-11-r1
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -257,11 +254,7 @@ frontend:
   updateStrategy:
     type: RollingUpdate
   ## Frontend containers' resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param frontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-  ##
-  resourcesPreset: "none"
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## @param frontend.resources.limits.cpu The CPU limits for the NGINX container
   ## @param frontend.resources.limits.memory The memory limits for the NGINX container
   ## @param frontend.resources.requests.cpu The requested CPU for the NGINX container
@@ -294,23 +287,15 @@ frontend:
   ## Configure Pods Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param frontend.podSecurityContext.enabled Enabled frontend pods' Security Context
-  ## @param frontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
-  ## @param frontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface
-  ## @param frontend.podSecurityContext.supplementalGroups Set filesystem extra groups
   ## @param frontend.podSecurityContext.fsGroup Set frontend pod's Security Context fsGroup
   ##
   podSecurityContext:
     enabled: true
-    fsGroupChangePolicy: Always
-    sysctls: []
-    supplementalGroups: []
     fsGroup: 1001
   ## Configure Container Security Context for NGINX
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param frontend.containerSecurityContext.enabled Enabled containers' Security Context
-  ## @param frontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param frontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
-  ## @param frontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param frontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param frontend.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param frontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -320,9 +305,7 @@ frontend:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -432,7 +415,7 @@ frontend:
   ##
   affinity: {}
   ## @param frontend.nodeSelector Node labels for pod assignment
-  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
   ##
   nodeSelector: {}
   ## @param frontend.tolerations Tolerations for pod assignment
@@ -451,9 +434,6 @@ frontend:
   ## The value is evaluated as a template
   ##
   topologySpreadConstraints: []
-  ## @param frontend.automountServiceAccountToken Mount Service Account token in pod
-  ##
-  automountServiceAccountToken: true
   ## @param frontend.hostAliases Custom host aliases for frontend pods
   ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
   ##
@@ -537,6 +517,7 @@ frontend:
     ##     timeoutSeconds: 300
     ##
     sessionAffinityConfig: {}
+
 ## @section Dashboard parameters
 
 ## Dashboard parameters
@@ -558,11 +539,11 @@ dashboard:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-dashboard
-    tag: 2.9.0-debian-12-r18
+    tag: 2.9.0-debian-11-r16
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -653,11 +634,7 @@ dashboard:
   containerPorts:
     http: 8080
   ## Dashboard containers' resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param dashboard.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-  ##
-  resourcesPreset: "none"
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## @param dashboard.resources.limits.cpu The CPU limits for the Dashboard container
   ## @param dashboard.resources.limits.memory The memory limits for the Dashboard container
   ## @param dashboard.resources.requests.cpu The requested CPU for the Dashboard container
@@ -673,23 +650,15 @@ dashboard:
   ## Configure Pods Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context
-  ## @param dashboard.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
-  ## @param dashboard.podSecurityContext.sysctls Set kernel settings using the sysctl interface
-  ## @param dashboard.podSecurityContext.supplementalGroups Set filesystem extra groups
   ## @param dashboard.podSecurityContext.fsGroup Set Dashboard pod's Security Context fsGroup
   ##
   podSecurityContext:
     enabled: true
-    fsGroupChangePolicy: Always
-    sysctls: []
-    supplementalGroups: []
     fsGroup: 1001
   ## Configure Container Security Context for Dashboard
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param dashboard.containerSecurityContext.enabled Enabled containers' Security Context
-  ## @param dashboard.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param dashboard.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
-  ## @param dashboard.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param dashboard.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param dashboard.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param dashboard.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -699,9 +668,7 @@ dashboard:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -813,7 +780,7 @@ dashboard:
   ##
   affinity: {}
   ## @param dashboard.nodeSelector Node labels for pod assignment
-  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
   ##
   nodeSelector: {}
   ## @param dashboard.tolerations Tolerations for pod assignment
@@ -832,9 +799,6 @@ dashboard:
   ## The value is evaluated as a template
   ##
   topologySpreadConstraints: []
-  ## @param dashboard.automountServiceAccountToken Mount Service Account token in pod
-  ##
-  automountServiceAccountToken: true
   ## @param dashboard.hostAliases Custom host aliases for Dashboard pods
   ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
   ##
@@ -876,6 +840,7 @@ dashboard:
     ## @param dashboard.service.annotations Additional custom annotations for Dashboard service
     ##
     annotations: {}
+
 ## @section AppRepository Controller parameters
 
 ## AppRepository Controller parameters
@@ -893,11 +858,11 @@ apprepository:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-apprepository-controller
-    tag: 2.9.0-debian-12-r18
+    tag: 2.9.0-debian-11-r12
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -920,11 +885,11 @@ apprepository:
   syncImage:
     registry: docker.io
     repository: bitnami/kubeapps-asset-syncer
-    tag: 2.9.0-debian-12-r19
+    tag: 2.9.0-debian-11-r13
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -1028,11 +993,7 @@ apprepository:
   updateStrategy:
     type: RollingUpdate
   ## AppRepository Controller containers' resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param apprepository.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-  ##
-  resourcesPreset: "none"
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## @param apprepository.resources.limits.cpu The CPU limits for the AppRepository Controller container
   ## @param apprepository.resources.limits.memory The memory limits for the AppRepository Controller container
   ## @param apprepository.resources.requests.cpu The requested CPU for the AppRepository Controller container
@@ -1048,23 +1009,15 @@ apprepository:
   ## Configure Pods Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param apprepository.podSecurityContext.enabled Enabled AppRepository Controller pods' Security Context
-  ## @param apprepository.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
-  ## @param apprepository.podSecurityContext.sysctls Set kernel settings using the sysctl interface
-  ## @param apprepository.podSecurityContext.supplementalGroups Set filesystem extra groups
   ## @param apprepository.podSecurityContext.fsGroup Set AppRepository Controller pod's Security Context fsGroup
   ##
   podSecurityContext:
     enabled: true
-    fsGroupChangePolicy: Always
-    sysctls: []
-    supplementalGroups: []
     fsGroup: 1001
   ## Configure Container Security Context for App Repository jobs
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param apprepository.containerSecurityContext.enabled Enabled containers' Security Context
-  ## @param apprepository.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param apprepository.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
-  ## @param apprepository.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param apprepository.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param apprepository.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param apprepository.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1074,9 +1027,7 @@ apprepository:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -1152,7 +1103,7 @@ apprepository:
   ##
   affinity: {}
   ## @param apprepository.nodeSelector Node labels for pod assignment
-  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
   ##
   nodeSelector: {}
   ## @param apprepository.tolerations Tolerations for pod assignment
@@ -1171,9 +1122,6 @@ apprepository:
   ## The value is evaluated as a template
   ##
   topologySpreadConstraints: []
-  ## @param apprepository.automountServiceAccountToken Mount Service Account token in pod
-  ##
-  automountServiceAccountToken: true
   ## @param apprepository.hostAliases Custom host aliases for AppRepository Controller pods
   ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
   ##
@@ -1209,8 +1157,9 @@ apprepository:
   serviceAccount:
     create: true
     name: ""
-    automountServiceAccountToken: false
+    automountServiceAccountToken: true
     annotations: {}
+
 ## @section Auth Proxy parameters
 
 ## Auth Proxy configuration for OIDC support
@@ -1232,11 +1181,11 @@ authProxy:
   image:
     registry: docker.io
     repository: bitnami/oauth2-proxy
-    tag: 7.6.0-debian-12-r4
+    tag: 7.5.1-debian-11-r11
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -1328,9 +1277,7 @@ authProxy:
   ## Configure Container Security Context for Auth Proxy
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param authProxy.containerSecurityContext.enabled Enabled containers' Security Context
-  ## @param authProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param authProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
-  ## @param authProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param authProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param authProxy.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param authProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1340,9 +1287,7 @@ authProxy:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -1352,11 +1297,7 @@ authProxy:
     seccompProfile:
       type: "RuntimeDefault"
   ## OAuth2 Proxy containers' resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param authProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-  ##
-  resourcesPreset: "none"
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## @param authProxy.resources.limits.cpu The CPU limits for the OAuth2 Proxy container
   ## @param authProxy.resources.limits.memory The memory limits for the OAuth2 Proxy container
   ## @param authProxy.resources.requests.cpu The requested CPU for the OAuth2 Proxy container
@@ -1369,6 +1310,7 @@ authProxy:
     requests:
       cpu: 25m
       memory: 32Mi
+
 ## @section Pinniped Proxy parameters
 
 ## Pinniped Proxy configuration for converting user OIDC tokens to k8s client authorization certs
@@ -1389,11 +1331,11 @@ pinnipedProxy:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-pinniped-proxy
-    tag: 2.9.0-debian-12-r17
+    tag: 2.9.0-debian-11-r10
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -1459,9 +1401,7 @@ pinnipedProxy:
   ## Configure Container Security Context for Pinniped Proxy
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param pinnipedProxy.containerSecurityContext.enabled Enabled containers' Security Context
-  ## @param pinnipedProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param pinnipedProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
-  ## @param pinnipedProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param pinnipedProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param pinnipedProxy.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param pinnipedProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1471,9 +1411,7 @@ pinnipedProxy:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -1483,13 +1421,7 @@ pinnipedProxy:
     seccompProfile:
       type: "RuntimeDefault"
   ## Pinniped Proxy containers' resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param pinnipedProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-  ##
-  resourcesPreset: "none"
-  ## Pinniped Proxy containers' resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## @param pinnipedProxy.resources.limits.cpu The CPU limits for the Pinniped Proxy container
   ## @param pinnipedProxy.resources.limits.memory The memory limits for the Pinniped Proxy container
   ## @param pinnipedProxy.resources.requests.cpu The requested CPU for the Pinniped Proxy container
@@ -1547,12 +1479,14 @@ pinnipedProxy:
 clusters:
   - name: default
     domain: cluster.local
+
 ## RBAC configuration
 ##
 rbac:
   ## @param rbac.create Specifies whether RBAC resources should be created
   ##
   create: true
+
 ## @section Feature flags
 ##
 ## Opt-in features intended for development and advanced use cases.
@@ -1576,6 +1510,7 @@ featureFlags:
     ## @param featureFlags.schemaEditor.enabled Enable a visual editor for customizing the package schemas
     ##
     enabled: false
+
 ## @section Database Parameters
 
 ## PostgreSQL chart configuration
@@ -1608,11 +1543,7 @@ postgresql:
   securityContext:
     enabled: false
   ## PostgreSQL containers' resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param postgresql.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-  ##
-  resourcesPreset: "none"
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## @param postgresql.resources.limits The resources limits for the PostgreSQL container
   ## @param postgresql.resources.requests.cpu The requested CPU for the PostgreSQL container
   ## @param postgresql.resources.requests.memory The requested memory for the PostgreSQL container
@@ -1622,6 +1553,7 @@ postgresql:
     requests:
       memory: 256Mi
       cpu: 250m
+
 ## @section kubeappsapis parameters
 kubeappsapis:
   ## @param kubeappsapis.enabledPlugins Manually override which plugins are enabled for the Kubeapps-APIs service
@@ -1704,11 +1636,11 @@ kubeappsapis:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-apis
-    tag: 2.9.0-debian-12-r19
+    tag: 2.9.0-debian-11-r13
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -1764,11 +1696,7 @@ kubeappsapis:
   containerPorts:
     http: 50051
   ## KubeappsAPIs containers' resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param kubeappsapis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-  ##
-  resourcesPreset: "none"
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## @param kubeappsapis.resources.limits.cpu The CPU limits for the KubeappsAPIs container
   ## @param kubeappsapis.resources.limits.memory The memory limits for the KubeappsAPIs container
   ## @param kubeappsapis.resources.requests.cpu The requested CPU for the KubeappsAPIs container
@@ -1784,23 +1712,15 @@ kubeappsapis:
   ## Configure Pods Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context
-  ## @param kubeappsapis.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
-  ## @param kubeappsapis.podSecurityContext.sysctls Set kernel settings using the sysctl interface
-  ## @param kubeappsapis.podSecurityContext.supplementalGroups Set filesystem extra groups
   ## @param kubeappsapis.podSecurityContext.fsGroup Set KubeappsAPIs pod's Security Context fsGroup
   ##
   podSecurityContext:
     enabled: true
-    fsGroupChangePolicy: Always
-    sysctls: []
-    supplementalGroups: []
     fsGroup: 1001
   ## Configure Container Security Context for Kubeapps APIs
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param kubeappsapis.containerSecurityContext.enabled Enabled containers' Security Context
-  ## @param kubeappsapis.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param kubeappsapis.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
-  ## @param kubeappsapis.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param kubeappsapis.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param kubeappsapis.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param kubeappsapis.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -1810,9 +1730,7 @@ kubeappsapis:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -1930,7 +1848,7 @@ kubeappsapis:
   ##
   affinity: {}
   ## @param kubeappsapis.nodeSelector Node labels for pod assignment
-  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
   ##
   nodeSelector: {}
   ## @param kubeappsapis.tolerations Tolerations for pod assignment
@@ -1949,9 +1867,6 @@ kubeappsapis:
   ## The value is evaluated as a template
   ##
   topologySpreadConstraints: []
-  ## @param kubeappsapis.automountServiceAccountToken Mount Service Account token in pod
-  ##
-  automountServiceAccountToken: true
   ## @param kubeappsapis.hostAliases Custom host aliases for KubeappsAPIs pods
   ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
   ##
@@ -1997,8 +1912,9 @@ kubeappsapis:
   serviceAccount:
     create: true
     name: ""
-    automountServiceAccountToken: false
+    automountServiceAccountToken: true
     annotations: {}
+
 ## @section OCI Catalog chart configuration
 ociCatalog:
   ## @param ociCatalog.enabled Enable the OCI catalog gRPC service for cataloging
@@ -2017,11 +1933,11 @@ ociCatalog:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-oci-catalog
-    tag: 2.9.0-debian-12-r17
+    tag: 2.9.0-debian-11-r6
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
     ##
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -2056,11 +1972,7 @@ ociCatalog:
   containerPorts:
     grpc: 50061
   ## OCI Catalog containers' resource requests and limits
-  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-  ## @param ociCatalog.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production).
-  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-  ##
-  resourcesPreset: "none"
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   ## @param ociCatalog.resources.limits.cpu The CPU limits for the OCI Catalog container
   ## @param ociCatalog.resources.limits.memory The memory limits for the OCI Catalog container
   ## @param ociCatalog.resources.requests.cpu The requested CPU for the OCI Catalog container
@@ -2076,9 +1988,7 @@ ociCatalog:
   ## Configure Container Security Context (only main container)
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param ociCatalog.containerSecurityContext.enabled Enabled containers' Security Context
-  ## @param ociCatalog.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param ociCatalog.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
-  ## @param ociCatalog.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
   ## @param ociCatalog.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
   ## @param ociCatalog.containerSecurityContext.privileged Set container's Security Context privileged
   ## @param ociCatalog.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
@@ -2088,9 +1998,7 @@ ociCatalog:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
     readOnlyRootFilesystem: false
@@ -2169,6 +2077,7 @@ ociCatalog:
   ## @param ociCatalog.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the OCI Catalog container(s)
   ##
   extraVolumeMounts: []
+
 ## @section Redis® chart configuration
 ## ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml
 ##

packages/system/dashboard/images/dashboard.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:c4bfb560aaa8f9bae1da00fa4b49b3e1fc993606902e47c155238f2b002fadce",
-  "containerimage.digest": "sha256:974cbeedb328e71aeb2b45970ebc1bcbbdcbdc0ed034a9d3d37924530f66b938"
+  "containerimage.config.digest": "sha256:51a28848a801e102b3383e6d980ac2459fa29cfd9cbc381d03c561672e94139d",
+  "containerimage.digest": "sha256:4b1b4ffc7c797b8fb4ab9561e6fa0a68c00d5b0d945fe47e42ecc6e43e9af0d3"
 }

packages/system/dashboard/images/dashboard.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/dashboard:v0.2.0
+ghcr.io/aenix-io/cozystack/dashboard:v0.1.0

packages/system/dashboard/images/dashboard/Dockerfile

@@ -1,7 +1,7 @@
 # Copyright 2018-2023 the Kubeapps contributors.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM bitnami/node:20.11.0 AS build
+FROM bitnami/node:18.18.0 AS build
 WORKDIR /app
 
 ARG VERSION=2.9.0

packages/system/dashboard/images/kubeapps-apis.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:992221768278b67a64b52d4e8bc847f18c8e4be746ac7197be9bbfd4fd092b24",
-  "containerimage.digest": "sha256:6fb48ec9b50422bdd843584cd4db6ee07618ce535fde23903560d2529e4da31a"
+  "containerimage.config.digest": "sha256:e522ba90c58c3dab629739fe240e42037a50bfc19442d018e957ef54f05aaa77",
+  "containerimage.digest": "sha256:ea80daaedd7e782bb42641fe25b2c91fc24260b81f8e576637f3d251c9c7d087"
 }

packages/system/dashboard/images/kubeapps-apis.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.2.0
+ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.1.0

packages/system/fluxcd/charts/flux2/Chart.yaml

@@ -1,11 +1,11 @@
 annotations:
   artifacthub.io/changes: |
-    - "[Chore]: Update App Version to upstream 2.2.3"
+    - "feat: adding CRD and RBAC annotation option"
 apiVersion: v2
-appVersion: 2.2.3
+appVersion: 2.1.2
 description: A Helm chart for flux2
 name: flux2
 sources:
 - https://github.com/fluxcd-community/helm-charts
 type: application
-version: 2.12.4
+version: 2.11.1

packages/system/fluxcd/charts/flux2/README.md

@@ -1,6 +1,6 @@
 # flux2
 
-![Version: 2.12.4](https://img.shields.io/badge/Version-2.12.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.3](https://img.shields.io/badge/AppVersion-2.2.3-informational?style=flat-square)
+![Version: 2.11.0](https://img.shields.io/badge/Version-2.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.2](https://img.shields.io/badge/AppVersion-2.1.2-informational?style=flat-square)
 
 A Helm chart for flux2
 
@@ -19,7 +19,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
 | cli.image | string | `"ghcr.io/fluxcd/flux-cli"` |  |
 | cli.nodeSelector | object | `{}` |  |
 | cli.serviceAccount.automount | bool | `true` |  |
-| cli.tag | string | `"v2.2.3"` |  |
+| cli.tag | string | `"v2.1.2"` |  |
 | cli.tolerations | list | `[]` |  |
 | clusterDomain | string | `"cluster.local"` |  |
 | crds.annotations | object | `{}` | Add annotations to all CRD resources, e.g. "helm.sh/resource-policy": keep |
@@ -41,7 +41,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
 | helmController.serviceAccount.annotations | object | `{}` |  |
 | helmController.serviceAccount.automount | bool | `true` |  |
 | helmController.serviceAccount.create | bool | `true` |  |
-| helmController.tag | string | `"v0.37.4"` |  |
+| helmController.tag | string | `"v0.36.2"` |  |
 | helmController.tolerations | list | `[]` |  |
 | imageAutomationController.affinity | object | `{}` |  |
 | imageAutomationController.annotations."prometheus.io/port" | string | `"8080"` |  |
@@ -60,7 +60,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
 | imageAutomationController.serviceAccount.annotations | object | `{}` |  |
 | imageAutomationController.serviceAccount.automount | bool | `true` |  |
 | imageAutomationController.serviceAccount.create | bool | `true` |  |
-| imageAutomationController.tag | string | `"v0.37.1"` |  |
+| imageAutomationController.tag | string | `"v0.36.1"` |  |
 | imageAutomationController.tolerations | list | `[]` |  |
 | imagePullSecrets | list | `[]` | contents of pod imagePullSecret in form 'name=[secretName]'; applied to all controllers |
 | imageReflectionController.affinity | object | `{}` |  |
@@ -80,7 +80,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
 | imageReflectionController.serviceAccount.annotations | object | `{}` |  |
 | imageReflectionController.serviceAccount.automount | bool | `true` |  |
 | imageReflectionController.serviceAccount.create | bool | `true` |  |
-| imageReflectionController.tag | string | `"v0.31.2"` |  |
+| imageReflectionController.tag | string | `"v0.30.0"` |  |
 | imageReflectionController.tolerations | list | `[]` |  |
 | installCRDs | bool | `true` |  |
 | kustomizeController.affinity | object | `{}` |  |
@@ -105,7 +105,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
 | kustomizeController.serviceAccount.annotations | object | `{}` |  |
 | kustomizeController.serviceAccount.automount | bool | `true` |  |
 | kustomizeController.serviceAccount.create | bool | `true` |  |
-| kustomizeController.tag | string | `"v1.2.2"` |  |
+| kustomizeController.tag | string | `"v1.1.1"` |  |
 | kustomizeController.tolerations | list | `[]` |  |
 | logLevel | string | `"info"` |  |
 | multitenancy.defaultServiceAccount | string | `"default"` | All Kustomizations and HelmReleases which don’t have spec.serviceAccountName specified, will use the default account from the tenant’s namespace. Tenants have to specify a service account in their Flux resources to be able to deploy workloads in their namespaces as the default account has no permissions. |
@@ -130,7 +130,7 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
 | notificationController.serviceAccount.annotations | object | `{}` |  |
 | notificationController.serviceAccount.automount | bool | `true` |  |
 | notificationController.serviceAccount.create | bool | `true` |  |
-| notificationController.tag | string | `"v1.2.4"` |  |
+| notificationController.tag | string | `"v1.1.0"` |  |
 | notificationController.tolerations | list | `[]` |  |
 | notificationController.webhookReceiver.ingress.annotations | object | `{}` |  |
 | notificationController.webhookReceiver.ingress.create | bool | `false` |  |
@@ -169,6 +169,6 @@ This helm chart is maintained and released by the fluxcd-community on a best eff
 | sourceController.serviceAccount.annotations | object | `{}` |  |
 | sourceController.serviceAccount.automount | bool | `true` |  |
 | sourceController.serviceAccount.create | bool | `true` |  |
-| sourceController.tag | string | `"v1.2.4"` |  |
+| sourceController.tag | string | `"v1.1.2"` |  |
 | sourceController.tolerations | list | `[]` |  |
 | watchAllNamespaces | bool | `true` |  |

packages/system/fluxcd/charts/flux2/templates/cluster-reconciler-clusterrolebinding.yaml

@@ -15,7 +15,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ .Values.rbac.roleRef.name }}
+  name: cluster-admin
 subjects:
 - kind: ServiceAccount
   name: kustomize-controller

packages/system/fluxcd/charts/flux2/templates/image-reflector-controller.crds.yaml

@@ -737,10 +737,6 @@ spec:
               image:
                 description: Image is the name of the image repository
                 type: string
-              insecure:
-                description: Insecure allows connecting to a non-TLS HTTP container
-                  registry.
-                type: boolean
               interval:
                 description: Interval is the length of time to wait between scans
                   of the image repository.

packages/system/fluxcd/charts/flux2/templates/notification-controller.crds.yaml

@@ -8,7 +8,6 @@ metadata:
     {{- . | toYaml | nindent 4 }}
     {{- end }}
   labels:
-    app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: '{{ .Release.Namespace }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/part-of: flux
@@ -34,8 +33,6 @@ spec:
     - jsonPath: .status.conditions[?(@.type=="Ready")].message
       name: Status
       type: string
-    deprecated: true
-    deprecationWarning: v1beta1 Alert is deprecated, upgrade to v1beta3
     name: v1beta1
     schema:
       openAPIV3Schema:
@@ -230,8 +227,6 @@ spec:
     - jsonPath: .status.conditions[?(@.type=="Ready")].message
       name: Status
       type: string
-    deprecated: true
-    deprecationWarning: v1beta2 Alert is deprecated, upgrade to v1beta3
     name: v1beta2
     schema:
       openAPIV3Schema:
@@ -441,140 +436,9 @@ spec:
             type: object
         type: object
     served: true
-    storage: false
+    storage: true
     subresources:
       status: {}
-  - additionalPrinterColumns:
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta3
-    schema:
-      openAPIV3Schema:
-        description: Alert is the Schema for the alerts API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: AlertSpec defines an alerting rule for events involving a
-              list of objects.
-            properties:
-              eventMetadata:
-                additionalProperties:
-                  type: string
-                description: EventMetadata is an optional field for adding metadata
-                  to events dispatched by the controller. This can be used for enhancing
-                  the context of the event. If a field would override one already
-                  present on the original event as generated by the emitter, then
-                  the override doesn't happen, i.e. the original value is preserved,
-                  and an info log is printed.
-                type: object
-              eventSeverity:
-                default: info
-                description: EventSeverity specifies how to filter events based on
-                  severity. If set to 'info' no events will be filtered.
-                enum:
-                - info
-                - error
-                type: string
-              eventSources:
-                description: EventSources specifies how to filter events based on
-                  the involved object kind, name and namespace.
-                items:
-                  description: CrossNamespaceObjectReference contains enough information
-                    to let you locate the typed referenced object at cluster level
-                  properties:
-                    apiVersion:
-                      description: API version of the referent
-                      type: string
-                    kind:
-                      description: Kind of the referent
-                      enum:
-                      - Bucket
-                      - GitRepository
-                      - Kustomization
-                      - HelmRelease
-                      - HelmChart
-                      - HelmRepository
-                      - ImageRepository
-                      - ImagePolicy
-                      - ImageUpdateAutomation
-                      - OCIRepository
-                      type: string
-                    matchLabels:
-                      additionalProperties:
-                        type: string
-                      description: MatchLabels is a map of {key,value} pairs. A single
-                        {key,value} in the matchLabels map is equivalent to an element
-                        of matchExpressions, whose key field is "key", the operator
-                        is "In", and the values array contains only "value". The requirements
-                        are ANDed. MatchLabels requires the name to be set to `*`.
-                      type: object
-                    name:
-                      description: Name of the referent If multiple resources are
-                        targeted `*` may be set.
-                      maxLength: 53
-                      minLength: 1
-                      type: string
-                    namespace:
-                      description: Namespace of the referent
-                      maxLength: 53
-                      minLength: 1
-                      type: string
-                  required:
-                  - kind
-                  - name
-                  type: object
-                type: array
-              exclusionList:
-                description: ExclusionList specifies a list of Golang regular expressions
-                  to be used for excluding messages.
-                items:
-                  type: string
-                type: array
-              inclusionList:
-                description: InclusionList specifies a list of Golang regular expressions
-                  to be used for including messages.
-                items:
-                  type: string
-                type: array
-              providerRef:
-                description: ProviderRef specifies which Provider this Alert should
-                  use.
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              summary:
-                description: Summary holds a short description of the impact and affected
-                  cluster.
-                maxLength: 255
-                type: string
-              suspend:
-                description: Suspend tells the controller to suspend subsequent events
-                  handling for this Alert.
-                type: boolean
-            required:
-            - eventSources
-            - providerRef
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -585,7 +449,6 @@ metadata:
     {{- . | toYaml | nindent 4 }}
     {{- end }}
   labels:
-    app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: '{{ .Release.Namespace }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/part-of: flux
@@ -611,8 +474,6 @@ spec:
     - jsonPath: .status.conditions[?(@.type=="Ready")].message
       name: Status
       type: string
-    deprecated: true
-    deprecationWarning: v1beta1 Provider is deprecated, upgrade to v1beta3
     name: v1beta1
     schema:
       openAPIV3Schema:
@@ -796,8 +657,6 @@ spec:
     - jsonPath: .status.conditions[?(@.type=="Ready")].message
       name: Status
       type: string
-    deprecated: true
-    deprecationWarning: v1beta2 Provider is deprecated, upgrade to v1beta3
     name: v1beta2
     schema:
       openAPIV3Schema:
@@ -882,7 +741,6 @@ spec:
                 - github
                 - gitlab
                 - gitea
-                - bitbucketserver
                 - bitbucket
                 - azuredevops
                 - googlechat
@@ -993,127 +851,9 @@ spec:
             type: object
         type: object
     served: true
-    storage: false
+    storage: true
     subresources:
       status: {}
-  - additionalPrinterColumns:
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta3
-    schema:
-      openAPIV3Schema:
-        description: Provider is the Schema for the providers API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ProviderSpec defines the desired state of the Provider.
-            properties:
-              address:
-                description: Address specifies the endpoint, in a generic sense, to
-                  where alerts are sent. What kind of endpoint depends on the specific
-                  Provider type being used. For the generic Provider, for example,
-                  this is an HTTP/S address. For other Provider types this could be
-                  a project ID or a namespace.
-                maxLength: 2048
-                type: string
-              certSecretRef:
-                description: "CertSecretRef specifies the Secret containing a PEM-encoded
-                  CA certificate (in the `ca.crt` key). \n Note: Support for the `caFile`
-                  key has been deprecated."
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              channel:
-                description: Channel specifies the destination channel where events
-                  should be posted.
-                maxLength: 2048
-                type: string
-              interval:
-                description: Interval at which to reconcile the Provider with its
-                  Secret references. Deprecated and not used in v1beta3.
-                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
-                type: string
-              proxy:
-                description: Proxy the HTTP/S address of the proxy server.
-                maxLength: 2048
-                pattern: ^(http|https)://.*$
-                type: string
-              secretRef:
-                description: SecretRef specifies the Secret containing the authentication
-                  credentials for this Provider.
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              suspend:
-                description: Suspend tells the controller to suspend subsequent events
-                  handling for this Provider.
-                type: boolean
-              timeout:
-                description: Timeout for sending alerts to the Provider.
-                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
-                type: string
-              type:
-                description: Type specifies which Provider implementation to use.
-                enum:
-                - slack
-                - discord
-                - msteams
-                - rocket
-                - generic
-                - generic-hmac
-                - github
-                - gitlab
-                - gitea
-                - bitbucketserver
-                - bitbucket
-                - azuredevops
-                - googlechat
-                - googlepubsub
-                - webex
-                - sentry
-                - azureeventhub
-                - telegram
-                - lark
-                - matrix
-                - opsgenie
-                - alertmanager
-                - grafana
-                - githubdispatch
-                - pagerduty
-                - datadog
-                - nats
-                type: string
-              username:
-                description: Username specifies the name under which events are posted.
-                maxLength: 2048
-                type: string
-            required:
-            - type
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -1124,7 +864,6 @@ metadata:
     {{- . | toYaml | nindent 4 }}
     {{- end }}
   labels:
-    app.kubernetes.io/component: notification-controller
     app.kubernetes.io/instance: '{{ .Release.Namespace }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/part-of: flux

packages/system/fluxcd/charts/flux2/templates/source-controller.crds.yaml

@@ -341,10 +341,6 @@ spec:
                   to ensure efficient use of resources.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
-              prefix:
-                description: Prefix to use for server-side filtering of files in the
-                  Bucket.
-                type: string
               provider:
                 default: generic
                 description: Provider of the object storage bucket. Defaults to 'generic',
@@ -2154,32 +2150,6 @@ spec:
                   Chart dependencies, which are not bundled in the umbrella chart
                   artifact, are not verified.
                 properties:
-                  matchOIDCIdentity:
-                    description: MatchOIDCIdentity specifies the identity matching
-                      criteria to use while verifying an OCI artifact which was signed
-                      using Cosign keyless signing. The artifact's identity is deemed
-                      to be verified if any of the specified matchers match against
-                      the identity.
-                    items:
-                      description: OIDCIdentityMatch specifies options for verifying
-                        the certificate identity, i.e. the issuer and the subject
-                        of the certificate.
-                      properties:
-                        issuer:
-                          description: Issuer specifies the regex pattern to match
-                            against to verify the OIDC issuer in the Fulcio certificate.
-                            The pattern must be a valid Go regular expression.
-                          type: string
-                        subject:
-                          description: Subject specifies the regex pattern to match
-                            against to verify the identity subject in the Fulcio certificate.
-                            The pattern must be a valid Go regular expression.
-                          type: string
-                      required:
-                      - issuer
-                      - subject
-                      type: object
-                    type: array
                   provider:
                     default: cosign
                     description: Provider specifies the technology used to sign the
@@ -2683,11 +2653,6 @@ spec:
                 required:
                 - name
                 type: object
-              insecure:
-                description: Insecure allows connecting to a non-TLS HTTP container
-                  registry. This field is only taken into account if the .spec.type
-                  field is set to 'oci'.
-                type: boolean
               interval:
                 description: Interval at which the HelmRepository URL is checked for
                   updates. This interval is approximate and may be subject to jitter
@@ -2732,10 +2697,10 @@ spec:
                   of this HelmRepository.
                 type: boolean
               timeout:
+                default: 60s
                 description: Timeout is used for the index fetch operation for an
                   HTTPS helm repository, and for remote OCI Repository operations
-                  like pulling for an OCI helm chart by the associated HelmChart.
-                  Its default value is 60s.
+                  like pulling for an OCI helm repository. Its default value is 60s.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
                 type: string
               type:
@@ -2748,9 +2713,9 @@ spec:
               url:
                 description: URL of the Helm repository, a valid URL contains at least
                   a protocol and host.
-                pattern: ^(http|https|oci)://.*$
                 type: string
             required:
+            - interval
             - url
             type: object
           status:
@@ -3068,32 +3033,6 @@ spec:
                   public keys used to verify the signature and specifies which provider
                   to use to check whether OCI image is authentic.
                 properties:
-                  matchOIDCIdentity:
-                    description: MatchOIDCIdentity specifies the identity matching
-                      criteria to use while verifying an OCI artifact which was signed
-                      using Cosign keyless signing. The artifact's identity is deemed
-                      to be verified if any of the specified matchers match against
-                      the identity.
-                    items:
-                      description: OIDCIdentityMatch specifies options for verifying
-                        the certificate identity, i.e. the issuer and the subject
-                        of the certificate.
-                      properties:
-                        issuer:
-                          description: Issuer specifies the regex pattern to match
-                            against to verify the OIDC issuer in the Fulcio certificate.
-                            The pattern must be a valid Go regular expression.
-                          type: string
-                        subject:
-                          description: Subject specifies the regex pattern to match
-                            against to verify the identity subject in the Fulcio certificate.
-                            The pattern must be a valid Go regular expression.
-                          type: string
-                      required:
-                      - issuer
-                      - subject
-                      type: object
-                    type: array
                   provider:
                     default: cosign
                     description: Provider specifies the technology used to sign the

packages/system/fluxcd/charts/flux2/templates/source-controller.yaml

@@ -15,7 +15,11 @@ metadata:
     {{- end }}
   name: source-controller
 spec:
+  {{- if kindIs "invalid" .Values.sourceController.replicas }}
   replicas: 1
+  {{- else }}
+  replicas: {{ .Values.sourceController.replicas  }}
+  {{- end}}
   selector:
     matchLabels:
       app: source-controller

packages/system/fluxcd/charts/flux2/values.yaml

@@ -23,7 +23,7 @@ clusterDomain: cluster.local
 
 cli:
   image: ghcr.io/fluxcd/flux-cli
-  tag: v2.2.3
+  tag: v2.1.2
   nodeSelector: {}
   affinity: {}
   tolerations: []
@@ -36,7 +36,7 @@ cli:
 helmController:
   create: true
   image: ghcr.io/fluxcd/helm-controller
-  tag: v0.37.4
+  tag: v0.36.2
   resources:
     limits: {}
     # cpu: 1000m
@@ -84,7 +84,7 @@ helmController:
 imageAutomationController:
   create: true
   image: ghcr.io/fluxcd/image-automation-controller
-  tag: v0.37.1
+  tag: v0.36.1
   resources:
     limits: {}
     # cpu: 1000m
@@ -112,7 +112,7 @@ imageAutomationController:
 imageReflectionController:
   create: true
   image: ghcr.io/fluxcd/image-reflector-controller
-  tag: v0.31.2
+  tag: v0.30.0
   resources:
     limits: {}
     # cpu: 1000m
@@ -140,7 +140,7 @@ imageReflectionController:
 kustomizeController:
   create: true
   image: ghcr.io/fluxcd/kustomize-controller
-  tag: v1.2.2
+  tag: v1.1.1
   resources:
     limits: {}
     # cpu: 1000m
@@ -188,7 +188,7 @@ kustomizeController:
 notificationController:
   create: true
   image: ghcr.io/fluxcd/notification-controller
-  tag: v1.2.4
+  tag: v1.1.0
   resources:
     limits: {}
     # cpu: 1000m
@@ -220,8 +220,8 @@ notificationController:
       create: false
       # ingressClassName: nginx
       annotations: {}
-      # kubernetes.io/ingress.class: nginx
-      # kubernetes.io/tls-acme: "true"
+        # kubernetes.io/ingress.class: nginx
+        # kubernetes.io/tls-acme: "true"
       labels: {}
       hosts:
         - host: flux-webhook.example.com
@@ -241,7 +241,7 @@ notificationController:
 sourceController:
   create: true
   image: ghcr.io/fluxcd/source-controller
-  tag: v1.2.4
+  tag: v1.1.2
   resources:
     limits: {}
     # cpu: 1000m
@@ -278,8 +278,6 @@ rbac:
   createAggregation: true
   # -- Add annotations to all RBAC resources, e.g. "helm.sh/resource-policy": keep
   annotations: {}
-  roleRef:
-    name: cluster-admin
 
 logLevel: info
 watchAllNamespaces: true

packages/system/kubeovn/Makefile

@@ -14,3 +14,4 @@ update:
 	rm -rf charts && mkdir -p charts/kube-ovn
 	curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/heads/master.tar.gz | \
 	tar -C charts/kube-ovn -xzvf - --strip 2 kube-ovn-master/charts
+	patch -p4 < patches/cozyconfig.diff

packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: kube-ovn
-description: Helm chart for Kube-OVN
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.13.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.13.0"

packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md

@@ -1,42 +0,0 @@
-# Kube-OVN-helm
-
-Currently supported version: 1.9
-
-Installation :
-
-```bash
-$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite
-$ kubectl label node -lnode-role.kubernetes.io/control-plane  kube-ovn/role=master --overwrite
-$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel  --overwrite
-
-# standard install 
-$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0}
-
-# high availability install
-$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
-
-# upgrade to this version
-$ helm upgrade --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
-```
-
-If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label
-
-### Talos Linux
-
-To install Kube-OVN on Talos Linux, declare openvswitch module in machine config:
-
-```
-machine:
-  kernel:
-    modules:
-    - name: openvswitch
-```
-
-and use the following options to install this Helm-chart:
-
-```
---set cni_conf.MOUNT_LOCAL_BIN_DIR=false
---set OPENVSWITCH_DIR=/var/lib/openvswitch
---set OVN_DIR=/var/lib/ovn
---set DISABLE_MODULES_MANAGEMENT=true
-```

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl

@@ -1,54 +0,0 @@
-{{/*
-Get IP-addresses of master nodes
-*/}}
-{{- define "kubeovn.nodeIPs" -}}
-{{- $nodes := lookup "v1" "Node" "" "" -}}
-{{- $ips := list -}}
-{{- range $node := $nodes.items -}}
-  {{- $label := splitList "=" $.Values.MASTER_NODES_LABEL }}
-  {{- $key := index $label 0 }}
-  {{- $val := "" }}
-  {{- if eq (len $label) 2 }}
-  {{- $val = index $label 1 }}
-  {{- end }}
-  {{- if eq (index $node.metadata.labels $key) $val -}}
-    {{- range $address := $node.status.addresses -}}
-      {{- if eq $address.type "InternalIP" -}}
-        {{- $ips = append $ips $address.address -}}
-        {{- break -}}
-      {{- end -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{ join "," $ips }}
-{{- end -}}
-
-{{/*
-Number of master nodes
-*/}}
-{{- define "kubeovn.nodeCount" -}}
-  {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }}
-{{- end -}}
-
-{{- define "kubeovn.ovs-ovn.updateStrategy" -}}
-  {{- $ds := lookup "apps/v1" "DaemonSet" $.Values.namespace "ovs-ovn" -}}
-  {{- if $ds -}}
-    {{- if eq $ds.spec.updateStrategy.type "RollingUpdate" -}}
-      RollingUpdate
-    {{- else -}}
-      {{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}}
-      {{- $versionRegex := `^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)` -}}
-      {{- if regexMatch $versionRegex $imageVersion -}}
-        {{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}}
-          RollingUpdate
-        {{- else -}}
-          OnDelete
-        {{- end -}}
-      {{- else -}}
-        OnDelete
-      {{- end -}}
-    {{- end -}}
-  {{- else -}}
-    RollingUpdate
-  {{- end -}}
-{{- end -}}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml

@@ -1,161 +0,0 @@
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: ovn-central
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      OVN components: northd, nb and sb.
-spec:
-  replicas: {{ include "kubeovn.nodeCount" . }}
-  strategy:
-    rollingUpdate:
-      maxSurge: 0
-      maxUnavailable: 1
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app: ovn-central
-  template:
-    metadata:
-      labels:
-        app: ovn-central
-        component: network
-        type: infra
-    spec:
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-        - effect: NoExecute
-          operator: Exists
-        - key: CriticalAddonsOnly
-          operator: Exists
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchLabels:
-                  app: ovn-central
-              topologyKey: kubernetes.io/hostname
-      priorityClassName: system-cluster-critical
-      serviceAccountName: ovn-ovs
-      hostNetwork: true
-      containers:
-        - name: ovn-central
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: 
-          - /kube-ovn/start-db.sh
-          securityContext:
-            capabilities:
-              add: ["SYS_NICE"]
-          env:
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: NODE_IPS
-              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: POD_IPS
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIPs
-            - name: ENABLE_BIND_LOCAL_IP
-              value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
-            - name: PROBE_INTERVAL
-              value: "{{ .Values.networking.PROBE_INTERVAL }}"
-            - name: OVN_NORTHD_PROBE_INTERVAL
-              value: "{{ .Values.networking.OVN_NORTHD_PROBE_INTERVAL}}"
-            - name: OVN_LEADER_PROBE_INTERVAL
-              value: "{{ .Values.networking.OVN_LEADER_PROBE_INTERVAL }}"
-            - name: OVN_NORTHD_N_THREADS
-              value: "{{ .Values.networking.OVN_NORTHD_N_THREADS }}"
-            - name: ENABLE_COMPACT
-              value: "{{ .Values.networking.ENABLE_COMPACT }}"
-            {{- if include "kubeovn.ovs-ovn.updateStrategy" . | eq "OnDelete" }}
-            - name: OVN_VERSION_COMPATIBILITY
-              value: "21.06"
-            {{- end }}
-          resources:
-            requests:
-              cpu: {{ index .Values "ovn-central" "requests" "cpu" }}
-              memory: {{ index .Values "ovn-central" "requests" "memory" }}
-            limits:
-              cpu: {{ index .Values "ovn-central" "limits" "cpu" }}
-              memory: {{ index .Values "ovn-central" "limits" "memory" }}
-          volumeMounts:
-            - mountPath: /var/run/openvswitch
-              name: host-run-ovs
-            - mountPath: /var/run/ovn
-              name: host-run-ovn
-            - mountPath: /etc/openvswitch
-              name: host-config-openvswitch
-            - mountPath: /etc/ovn
-              name: host-config-ovn
-            - mountPath: /var/log/openvswitch
-              name: host-log-ovs
-            - mountPath: /var/log/ovn
-              name: host-log-ovn
-            - mountPath: /etc/localtime
-              name: localtime
-              readOnly: true
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-          readinessProbe:
-            exec:
-              command:
-                - bash
-                - /kube-ovn/ovn-healthcheck.sh
-            periodSeconds: 15
-            timeoutSeconds: 45
-          livenessProbe:
-            exec:
-              command:
-                - bash
-                - /kube-ovn/ovn-healthcheck.sh
-            initialDelaySeconds: 30
-            periodSeconds: 15
-            failureThreshold: 5
-            timeoutSeconds: 45
-      nodeSelector:
-        kubernetes.io/os: "linux"
-        {{- with splitList "=" .Values.MASTER_NODES_LABEL }}
-        {{ index . 0 }}: "{{ if eq (len .) 2 }}{{ index . 1 }}{{ end }}"
-        {{- end }}
-      volumes:
-        - name: host-run-ovs
-          hostPath:
-            path: /run/openvswitch
-        - name: host-run-ovn
-          hostPath:
-            path: /run/ovn
-        - name: host-config-openvswitch
-          hostPath:
-            path: {{ .Values.OPENVSWITCH_DIR }}
-        - name: host-config-ovn
-          hostPath:
-            path: {{ .Values.OVN_DIR }}
-        - name: host-log-ovs
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
-        - name: host-log-ovn
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls
-

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml

@@ -1,190 +0,0 @@
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: kube-ovn-controller
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      kube-ovn controller
-spec:
-  replicas: {{ include "kubeovn.nodeCount" . }}
-  selector:
-    matchLabels:
-      app: kube-ovn-controller
-  strategy:
-    rollingUpdate:
-      maxSurge: 0%
-      maxUnavailable: 100%
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: kube-ovn-controller
-        component: network
-        type: infra
-    spec:
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-        - key: CriticalAddonsOnly
-          operator: Exists
-      affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - preference:
-                matchExpressions:
-                  - key: "ovn.kubernetes.io/ic-gw"
-                    operator: NotIn
-                    values:
-                      - "true"
-              weight: 100
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchLabels:
-                  app: kube-ovn-controller
-              topologyKey: kubernetes.io/hostname
-      priorityClassName: system-cluster-critical
-      serviceAccountName: ovn
-      hostNetwork: true
-      containers:
-        - name: kube-ovn-controller
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-          - /kube-ovn/start-controller.sh
-          - --default-ls={{ .Values.networking.DEFAULT_SUBNET }}
-          - --default-cidr=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.POD_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.POD_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.POD_CIDR }}
-          {{- end }}
-          - --default-gateway=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.POD_GATEWAY }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.POD_GATEWAY }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.POD_GATEWAY }}
-          {{- end }}
-          - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }}
-          - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }}
-          - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }}
-          - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }}
-          - --cluster-router={{ .Values.networking.DEFAULT_VPC }}
-          - --node-switch={{ .Values.networking.NODE_SUBNET }}
-          - --node-switch-cidr=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.JOIN_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.JOIN_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.JOIN_CIDR }}
-          {{- end }}
-          - --service-cluster-ip-range=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.SVC_CIDR }}
-          {{- end }}
-          - --network-type={{- .Values.networking.NETWORK_TYPE }}
-          - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }}
-          - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
-          - --default-exchange-link-name={{- .Values.networking.EXCHANGE_LINK_NAME }}
-          - --default-vlan-name={{- .Values.networking.vlan.VLAN_NAME }}
-          - --default-vlan-id={{- .Values.networking.vlan.VLAN_ID }}
-          - --ls-dnat-mod-dl-dst={{- .Values.func.LS_DNAT_MOD_DL_DST }}
-          - --ls-ct-skip-dst-lport-ips={{- .Values.func.LS_CT_SKIP_DST_LPORT_IPS }}
-          - --pod-nic-type={{- .Values.networking.POD_NIC_TYPE }}
-          - --enable-lb={{- .Values.func.ENABLE_LB }}
-          - --enable-np={{- .Values.func.ENABLE_NP }}
-          - --enable-eip-snat={{- .Values.networking.ENABLE_EIP_SNAT }}
-          - --enable-external-vpc={{- .Values.func.ENABLE_EXTERNAL_VPC }}
-          - --enable-ecmp={{- .Values.networking.ENABLE_ECMP }}
-          - --logtostderr=false
-          - --alsologtostderr=true
-          - --gc-interval={{- .Values.performance.GC_INTERVAL }}
-          - --inspect-interval={{- .Values.performance.INSPECT_INTERVAL }}
-          - --log_file=/var/log/kube-ovn/kube-ovn-controller.log
-          - --log_file_max_size=0
-          - --enable-lb-svc={{- .Values.func.ENABLE_LB_SVC }}
-          - --keep-vm-ip={{- .Values.func.ENABLE_KEEP_VM_IP }}
-          - --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
-          - --node-local-dns-ip={{- .Values.networking.NODE_LOCAL_DNS_IP }}
-          env:
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: KUBE_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: KUBE_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: OVN_DB_IPS
-              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
-            - name: POD_IPS
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIPs
-            - name: ENABLE_BIND_LOCAL_IP
-              value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
-          volumeMounts:
-            - mountPath: /etc/localtime
-              name: localtime
-              readOnly: true
-            - mountPath: /var/log/kube-ovn
-              name: kube-ovn-log
-            # ovn-ic log directory
-            - mountPath: /var/log/ovn
-              name: ovn-log
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-          readinessProbe:
-            exec:
-              command:
-                - /kube-ovn/kube-ovn-controller-healthcheck
-            periodSeconds: 3
-            timeoutSeconds: 45
-          livenessProbe:
-            exec:
-              command:
-                - /kube-ovn/kube-ovn-controller-healthcheck
-            initialDelaySeconds: 300
-            periodSeconds: 7
-            failureThreshold: 5
-            timeoutSeconds: 45
-          resources:
-            requests:
-              cpu: {{ index .Values "kube-ovn-controller" "requests" "cpu" }}
-              memory: {{ index .Values "kube-ovn-controller" "requests" "memory" }}
-            limits:
-              cpu: {{ index .Values "kube-ovn-controller" "limits" "cpu" }}
-              memory: {{ index .Values "kube-ovn-controller" "limits" "memory" }}
-      nodeSelector:
-        kubernetes.io/os: "linux"
-      volumes:
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: kube-ovn-log
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
-        - name: ovn-log
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls
-

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml

@@ -1,16 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: kube-ovn-controller
-  namespace: {{ .Values.namespace }}
-  labels:
-    app: kube-ovn-controller
-spec:
-  selector:
-    app: kube-ovn-controller
-  ports:
-    - port: 10660
-      name: metrics
-  {{- if eq .Values.networking.NET_STACK "dual_stack" }}
-  ipFamilyPolicy: PreferDualStack
-  {{- end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ic-controller-deploy.yaml

@@ -1,109 +0,0 @@
-{{- if .Values.func.ENABLE_IC }}
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: ovn-ic-controller
-  namespace: kube-system
-  annotations:
-    kubernetes.io/description: |
-      OVN IC Client
-spec:
-  replicas: 1
-  strategy:
-    rollingUpdate:
-      maxSurge: 0
-      maxUnavailable: 1
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app: ovn-ic-controller
-  template:
-    metadata:
-      labels:
-        app: ovn-ic-controller
-        component: network
-        type: infra
-    spec:
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-        - effect: NoExecute
-          operator: Exists
-        - key: CriticalAddonsOnly
-          operator: Exists
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchLabels:
-                  app: ovn-ic-controller
-              topologyKey: kubernetes.io/hostname
-      priorityClassName: system-cluster-critical
-      serviceAccountName: ovn
-      hostNetwork: true
-      containers:
-        - name: ovn-ic-controller
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: ["/kube-ovn/start-ic-controller.sh"]
-          args:
-          - --log_file=/var/log/kube-ovn/kube-ovn-ic-controller.log
-          - --log_file_max_size=0
-          - --logtostderr=false
-          - --alsologtostderr=true
-          securityContext:
-            capabilities:
-              add: ["SYS_NICE"]
-          env:
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: OVN_DB_IPS
-              value: "{{ .Values.MASTER_NODES }}"
-          resources:
-            requests:
-              cpu: 300m
-              memory: 200Mi
-            limits:
-              cpu: 3
-              memory: 1Gi
-          volumeMounts:
-            - mountPath: /var/run/ovn
-              name: host-run-ovn
-            - mountPath: /etc/ovn
-              name: host-config-ovn
-            - mountPath: /var/log/ovn
-              name: host-log-ovn
-            - mountPath: /etc/localtime
-              name: localtime
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-            - mountPath: /var/log/kube-ovn
-              name: kube-ovn-log
-      nodeSelector:
-        kubernetes.io/os: "linux"
-        kube-ovn/role: "master"
-      volumes:
-        - name: host-run-ovn
-          hostPath:
-            path: /run/ovn
-        - name: host-config-ovn
-          hostPath:
-            path: /etc/origin/ovn
-        - name: host-log-ovn
-          hostPath:
-            path: /var/log/ovn
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: kube-ovn-log
-          hostPath:
-            path: /var/log/kube-ovn
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls
-{{- end }}