Calculate tags and version automatically

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

hack/gen_versions_map.sh

@@ -20,28 +20,9 @@ miss_map=$(echo "$new_map" | awk 'NR==FNR { new_map[$1 " " $2] = $3; next } { if
 resolved_miss_map=$(
   echo "$miss_map" | while read chart version commit; do
     if [ "$commit" = HEAD ]; then
-      line=$(awk '/^version:/ {print NR; exit}' "./$chart/Chart.yaml")
-      change_commit=$(git --no-pager blame -L"$line",+1 -- "$chart/Chart.yaml" | awk '{print $1}')
-       
-      if [ "$change_commit" = "00000000" ]; then
-        # Not commited yet, use previus commit
-        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
-        commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
-        if [ $(echo $commit | cut -c1) = "^" ]; then
-          # Previus commit not exists
-          commit=$(echo $commit | cut -c2-)
-        fi
-      else
-        # Commited, but version_map wasn't updated
-        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
-        change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
-        if [ $(echo $change_commit | cut -c1) = "^" ]; then
-          # Previus commit not exists
-          commit=$(echo $change_commit | cut -c2-)
-        else
-          commit=$(git describe --always "$change_commit~1")
-        fi
-      fi
+      line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
+      change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
+      commit=$(git describe --always "$change_commit~1")
     fi
     echo "$chart $version $commit"
   done

packages/apps/Makefile

@@ -7,7 +7,7 @@ repo:
 	awk '$$3 != "HEAD" {print "mkdir -p $(TMP)/" $$1 "-" $$2}' versions_map | sh -ex
 	awk '$$3 != "HEAD" {print "git archive " $$3 " " $$1 " | tar -xf- --strip-components=1 -C $(TMP)/" $$1 "-" $$2 }' versions_map | sh -ex
 	helm package -d "$(OUT)" $$(find . $(TMP) -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")' | sort -V)
-	cd "$(OUT)" && helm repo index . --url http://cozystack.cozy-system.svc/repos/apps
+	cd "$(OUT)" && helm repo index .
 	rm -rf "$(TMP)"
 
 fix-chartnames:

packages/apps/clickhouse/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "24.3.0"
+appVersion: "1.16.0"

packages/apps/clickhouse/templates/clickhouse.yaml

@@ -21,8 +21,8 @@ spec:
     clusters:
       - name: "clickhouse"
         layout:
-          shardsCount: {{ .Values.shards }}
-          replicasCount: {{ .Values.replicas }}
+          shardsCount: 1
+          replicasCount: 2
   {{- with .Values.size }}
   templates:
     volumeClaimTemplates:

packages/apps/clickhouse/values.yaml

@@ -1,6 +1,4 @@
 size: 10Gi
-shards: 1
-replicas: 2
 
 users:
   user1:

packages/apps/http-cache/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.25.3"
+appVersion: "1.16.0"

packages/apps/http-cache/templates/haproxy/configmap.yaml

@@ -74,7 +74,7 @@ data:
         option redispatch 1
         default-server observe layer7 error-limit 10 on-error mark-down
 
-        {{- range $i, $e := until (int $.Values.nginx.replicas) }}
+        {{- range $i, $e := until (int $.Values.replicas) }}
         server cache{{ $i }} {{ $.Release.Name }}-nginx-cache-{{ $i }}:80 check
         {{- end }}
         {{- range $i, $e := $.Values.endpoints }} 

packages/apps/http-cache/templates/haproxy/deployment.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: {{ .Values.haproxy.replicas }}
+  replicas: 2
   selector:
     matchLabels:
       app: {{ .Release.Name }}-haproxy

packages/apps/http-cache/templates/nginx/deployment.yaml

@@ -11,7 +11,7 @@ spec:
   selector:
     matchLabels:
       app: {{ $.Release.Name }}-nginx-cache
-{{- range $i := until (int $.Values.nginx.replicas) }}
+{{- range $i := until 3 }}
 ---
 apiVersion: apps/v1
 kind: Deployment

packages/apps/http-cache/values.yaml

@@ -1,10 +1,4 @@
 external: false
-
-haproxy:
-  replicas: 2
-nginx:
-  replicas: 2
-
 size: 10Gi
 endpoints:
   - 10.100.3.1:80

packages/apps/kafka/Chart.yaml

@@ -22,4 +22,4 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.7.0"
+appVersion: "1.16.0"

packages/apps/kafka/templates/kafka.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
   kafka:
-    replicas: {{ .Values.replicas }}
+    replicas: 3
     listeners:
       - name: plain
         port: 9092
@@ -41,7 +41,7 @@ spec:
         {{- end }}
         deleteClaim: true
   zookeeper:
-    replicas: {{ .Values.replicas }}
+    replicas: 3
     storage:
       type: persistent-claim
       {{- with .Values.zookeeper.size }}

packages/apps/kafka/values.yaml

@@ -1,10 +1,8 @@
 external: false
 kafka:
   size: 10Gi
-  replicas: 3
 zookeeper:
   size: 5Gi
-  replicas: 3
 
 topics:
   - name: Results

packages/apps/kubernetes/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.19.0"
+appVersion: "1.16.0"

packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml

@@ -15,12 +15,6 @@ spec:
       labels:
         app: {{ .Release.Name }}-cluster-autoscaler
     spec:
-      tolerations:
-        - key: CriticalAddonsOnly
-          operator: Exists
-        - key: node-role.kubernetes.io/control-plane
-          operator: Exists
-          effect: "NoSchedule"
       containers:
       - image: ghcr.io/kvaps/test:cluster-autoscaller
         name: cluster-autoscaler

packages/apps/kubernetes/templates/cluster.yaml

@@ -64,13 +64,12 @@ metadata:
     cluster.x-k8s.io/managed-by: kamaji
   name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
-{{- range $groupName, $group := .Values.nodeGroups }}
 ---
 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
 kind: KubeadmConfigTemplate
 metadata:
-  name: {{ $.Release.Name }}-{{ $groupName }}
-  namespace: {{ $.Release.Namespace }}
+  name: {{ .Release.Name }}-md-0
+  namespace: {{ .Release.Namespace }}
 spec:
   template:
     spec:
@@ -79,7 +78,7 @@ spec:
           kubeletExtraArgs: {}
         discovery:
           bootstrapToken:
-            apiServerEndpoint: {{ $.Release.Name }}.{{ $.Release.Namespace }}.svc:6443
+            apiServerEndpoint: {{ .Release.Name }}.{{ .Release.Namespace }}.svc:6443
       initConfiguration:
         skipPhases:
         - addon/kube-proxy
@@ -87,8 +86,8 @@ spec:
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: KubevirtMachineTemplate
 metadata:
-  name: {{ $.Release.Name }}-{{ $groupName }}
-  namespace: {{ $.Release.Namespace }}
+  name: {{ .Release.Name }}-md-0
+  namespace: {{ .Release.Namespace }}
 spec:
   template:
     spec:
@@ -96,7 +95,7 @@ spec:
         checkStrategy: ssh
       virtualMachineTemplate:
         metadata:
-          namespace: {{ $.Release.Namespace }}
+          namespace: {{ .Release.Namespace }}
         spec:
           runStrategy: Always
           template:
@@ -104,7 +103,7 @@ spec:
               domain:
                 cpu:
                   threads: 1
-                  cores: {{ $group.resources.cpu }}
+                  cores: 2
                   sockets: 1
                 devices:
                   disks:
@@ -113,7 +112,7 @@ spec:
                     name: containervolume
                   networkInterfaceMultiqueue: true
                 memory:
-                  guest: {{ $group.resources.memory }}
+                  guest: 1024Mi
               evictionStrategy: External
               volumes:
               - containerDisk:
@@ -123,28 +122,29 @@ spec:
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachineDeployment
 metadata:
-  name: {{ $.Release.Name }}-{{ $groupName }}
-  namespace: {{ $.Release.Namespace }}
+  name: {{ .Release.Name }}-md-0
+  namespace: {{ .Release.Namespace }}
   annotations:
-    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "{{ $group.minReplicas }}"
-    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "{{ $group.maxReplicas }}"
-    capacity.cluster-autoscaler.kubernetes.io/memory: "{{ $group.resources.memory }}"
-    capacity.cluster-autoscaler.kubernetes.io/cpu: "{{ $group.resources.cpu }}"
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "2"
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "0"
+    capacity.cluster-autoscaler.kubernetes.io/memory: "1024Mi"
+    capacity.cluster-autoscaler.kubernetes.io/cpu: "2"
 spec:
-  clusterName: {{ $.Release.Name }}
+  clusterName: {{ .Release.Name }}
+  selector:
+    matchLabels: null
   template:
     spec:
       bootstrap:
         configRef:
           apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
           kind: KubeadmConfigTemplate
-          name: {{ $.Release.Name }}-{{ $groupName }}
+          name: {{ .Release.Name }}-md-0
           namespace: default
-      clusterName: {{ $.Release.Name }}
+      clusterName: {{ .Release.Name }}
       infrastructureRef:
         apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
         kind: KubevirtMachineTemplate
-        name: {{ $.Release.Name }}-{{ $groupName }}
+        name: {{ .Release.Name }}-md-0
         namespace: default
-      version: v1.29.0
-{{- end }}
+      version: v1.23.10

packages/apps/kubernetes/templates/csi/deploy.yaml

@@ -16,10 +16,12 @@ spec:
     spec:
       serviceAccountName: {{ .Release.Name }}-kcsi
       priorityClassName: system-cluster-critical
+      nodeSelector:
+        node-role.kubernetes.io/control-plane: ""
       tolerations:
         - key: CriticalAddonsOnly
           operator: Exists
-        - key: node-role.kubernetes.io/control-plane
+        - key: node-role.kubernetes.io/master
           operator: Exists
           effect: "NoSchedule"
       containers:

packages/apps/kubernetes/templates/helmreleases/delete.yaml

@@ -12,12 +12,6 @@ spec:
     spec:
       serviceAccountName: {{ .Release.Name }}-flux-teardown
       restartPolicy: Never
-      tolerations:
-        - key: CriticalAddonsOnly
-          operator: Exists
-        - key: node-role.kubernetes.io/control-plane
-          operator: Exists
-          effect: "NoSchedule"
       containers:
         - name: kubectl
           image: docker.io/clastix/kubectl:v1.29.1

packages/apps/kubernetes/templates/kccm/manager.yaml

@@ -14,12 +14,6 @@ spec:
       labels:
         k8s-app: {{ .Release.Name }}-kccm
     spec:
-      tolerations:
-        - key: CriticalAddonsOnly
-          operator: Exists
-        - key: node-role.kubernetes.io/control-plane
-          operator: Exists
-          effect: "NoSchedule"
       containers:
       - name: kubevirt-cloud-controller-manager
         args:

packages/apps/kubernetes/values.schema.json

@@ -0,0 +1,11 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "type": "object",
+  "properties": {
+    "host": {
+      "type": "string",
+      "title": "Domain name for this kubernetes cluster",
+      "description": "This host will be used for all apps deployed in this tenant"
+    }
+  }
+}

packages/apps/kubernetes/values.yaml

@@ -1,10 +1 @@
 host: ""
-controlPlane:
-  replicas: 2
-nodeGroups:
-  md0:
-    minReplicas: 0
-    maxReplicas: 10
-    resources:
-      cpu: 2
-      memory: 1024Mi

packages/apps/mysql/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "11.0.2"
+appVersion: "1.16.0"

packages/apps/mysql/templates/mariadb.yaml

@@ -12,7 +12,7 @@ spec:
 
   port: 3306
 
-  replicas: {{ .Values.replicas }}
+  replicas: 2
   affinity:
     podAntiAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -28,13 +28,11 @@ spec:
             - {{ .Release.Name }}
         topologyKey: "kubernetes.io/hostname"
 
-  {{- if gt (int .Values.replicas) 1 }}
   replication:
     enabled: true
     #primary:
     #  podIndex: 0
     #  automaticFailover: true
-  {{- end }}
 
   metrics:
     enabled: true

packages/apps/mysql/values.yaml

@@ -1,8 +1,6 @@
 external: false
 size: 10Gi
 
-replicas: 2
-
 users:
   root:
     password: strongpassword

packages/apps/postgres/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "16.2"
+appVersion: "1.16.0"

packages/apps/postgres/templates/db.yaml

@@ -4,7 +4,7 @@ kind: Cluster
 metadata:
   name: {{ .Release.Name }}
 spec:
-  instances: {{ .Values.replicas }}
+  instances: 2
   enableSuperuserAccess: true
 
   postgresql:

packages/apps/postgres/values.yaml

@@ -1,6 +1,5 @@
 external: false
 size: 10Gi
-replicas: 2
 
 users:
   user1:

packages/apps/rabbitmq/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.12.2"
+appVersion: "1.16.0"

packages/apps/rabbitmq/templates/rabbitmq.yaml

@@ -6,7 +6,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: {{ .Values.replicas }}
+  replicas: 3
   {{- if .Values.external }}
   service:
     type: LoadBalancer

packages/apps/rabbitmq/values.schema.json

@@ -5,10 +5,6 @@
     "external": {
       "type": "boolean",
       "title": "Enable external Access"
-    },
-    "replicas": {
-      "type": "integer",
-      "title": "Replicas"
     }
   }
 }

packages/apps/rabbitmq/values.yaml

@@ -1,2 +1 @@
-replicas: 3
 external: false

packages/apps/redis/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "6.2.6"
+appVersion: "1.16.0"

packages/apps/redis/templates/redisfailover.yaml

@@ -14,7 +14,7 @@ spec:
       limits:
         memory: 100Mi
   redis:
-    replicas: {{ .Values.replicas }}
+    replicas: 3
     resources:
       requests:
         cpu: 150m

packages/apps/redis/values.schema.json

@@ -9,10 +9,6 @@
     "size": {
       "type": "string",
       "title": "Disk Size"
-    },
-    "replicas": {
-      "type": "integer",
-      "title": "Replicas"
     }
   }
 }

packages/apps/redis/values.yaml

@@ -1,3 +1,2 @@
-replicas: 2
 external: false
 size: 5Gi

packages/apps/tcp-balancer/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "2.9.7"
+appVersion: "1.16.0"

packages/apps/tcp-balancer/templates/deployment.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: {{ .Values.replicas }}
+  replicas: 2
   selector:
     matchLabels:
       app: {{ .Release.Name }}-haproxy

packages/apps/tcp-balancer/values.yaml

@@ -1,5 +1,4 @@
 external: false
-replicas: 2
 httpAndHttps:
   mode: tcp
   targetPorts:

packages/apps/versions_map

@@ -1,26 +1,17 @@
-clickhouse 0.1.0 ca79f72
-clickhouse 0.2.0 HEAD
-http-cache 0.1.0 a956713
-http-cache 0.2.0 HEAD
+clickhouse 0.1.0 HEAD
+http-cache 0.1.0 HEAD
 kafka 0.1.0 HEAD
-kubernetes 0.1.0 f642698
-kubernetes 0.2.0 HEAD
+kubernetes 0.1.0 HEAD
 mysql 0.1.0 f642698
-mysql 0.2.0 8b975ff0
-mysql 0.3.0 HEAD
-postgres 0.1.0 f642698
-postgres 0.2.0 HEAD
-rabbitmq 0.1.0 f642698
-rabbitmq 0.2.0 HEAD
-redis 0.1.1 f642698
-redis 0.2.0 HEAD
-tcp-balancer 0.1.0 f642698
-tcp-balancer 0.2.0 HEAD
+mysql 0.2.0 HEAD
+postgres 0.1.0 HEAD
+rabbitmq 0.1.0 HEAD
+redis 0.1.1 HEAD
+tcp-balancer 0.1.0 HEAD
 tenant 0.1.3 3d1b86c
 tenant 0.1.4 d200480
 tenant 0.1.5 e3ab858
 tenant 1.0.0 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 HEAD
-vpn 0.1.0 f642698
-vpn 0.2.0 HEAD
+vpn 0.1.0 HEAD

packages/apps/vpn/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vpn
-description: Managed VPN service
+description: Establish a connection from your computer
 icon: https://upload.wikimedia.org/wikipedia/commons/thumb/6/60/Outline_VPN_icon.png/600px-Outline_VPN_icon.png
 
 # A chart can be either an 'application' or a 'library' chart.
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.8.1"
+appVersion: "1.16.0"

packages/apps/vpn/templates/deployment.yaml

@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   name: {{ .Release.Name }}-vpn
 spec:
-  replicas: {{ .Values.replicas }}
+  replicas: 2
   selector:
     matchLabels:
       app: {{ .Release.Name }}-vpn

packages/apps/vpn/values.yaml

@@ -1,5 +1,4 @@
 external: false
-replicas: 2
 
 users:
   user1:

packages/core/platform/bundles/distro-full.yaml

@@ -52,12 +52,6 @@ releases:
   privileged: true
   dependsOn: [cilium]
 
-- name: etcd-operator
-  releaseName: etcd-operator
-  chart: cozy-etcd-operator
-  namespace: cozy-etcd-operator
-  dependsOn: [cilium,cert-manager]
-
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator

packages/core/platform/bundles/distro-hosted.yaml

@@ -26,12 +26,6 @@ releases:
   privileged: true
   dependsOn: [victoria-metrics-operator]
 
-- name: etcd-operator
-  releaseName: etcd-operator
-  chart: cozy-etcd-operator
-  namespace: cozy-etcd-operator
-  dependsOn: [cert-manager]
-
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator

packages/core/platform/bundles/paas-full.yaml

@@ -81,12 +81,6 @@ releases:
   privileged: true
   dependsOn: [cilium,kubeovn]
 
-- name: etcd-operator
-  releaseName: etcd-operator
-  chart: cozy-etcd-operator
-  namespace: cozy-etcd-operator
-  dependsOn: [cilium,kubeovn,cert-manager]
-
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator

packages/core/platform/bundles/paas-hosted.yaml

@@ -26,12 +26,6 @@ releases:
   privileged: true
   dependsOn: [victoria-metrics-operator]
 
-- name: etcd-operator
-  releaseName: etcd-operator
-  chart: cozy-etcd-operator
-  namespace: cozy-etcd-operator
-  dependsOn: [cert-manager]
-
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator

packages/core/platform/templates/helmreleases.yaml

@@ -23,11 +23,9 @@ spec:
   interval: 1m
   releaseName: {{ $x.releaseName | default $x.name }}
   install:
-    crds: CreateReplace
     remediation:
       retries: -1
   upgrade:
-    crds: CreateReplace
     remediation:
       retries: -1
   chart:

packages/extra/Makefile

@@ -7,7 +7,7 @@ repo:
 	awk '$$3 != "HEAD" {print "mkdir -p $(TMP)/" $$1 "-" $$2}' versions_map | sh -ex
 	awk '$$3 != "HEAD" {print "git archive " $$3 " " $$1 " | tar -xf- --strip-components=1 -C $(TMP)/" $$1 "-" $$2 }' versions_map | sh -ex
 	helm package -d "$(OUT)" $$(find . $(TMP) -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")' | sort -V)
-	cd "$(OUT)" && helm repo index . --url http://cozystack.cozy-system.svc/repos/extra
+	cd "$(OUT)" && helm repo index .
 	rm -rf "$(TMP)"
 
 fix-chartnames:

packages/extra/etcd/Chart.yaml

@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: https://www.svgrepo.com/show/353714/etcd.svg
 type: application
-version: 2.0.0
+version: 1.0.0

packages/extra/etcd/templates/datastore.yaml

@@ -1,36 +0,0 @@
----
-apiVersion: kamaji.clastix.io/v1alpha1
-kind: DataStore
-metadata:
-  name: {{ .Release.Namespace }}
-  annotations:
-    helm.sh/hook: post-install,post-upgrade
-spec:
-  driver: etcd
-  endpoints:
-  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc:2379
-  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc:2379
-  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc:2379
-  tlsConfig:
-    certificateAuthority:
-      certificate:
-        secretReference:
-          keyPath: tls.crt
-          name: etcd-ca-tls
-          namespace: {{ .Release.Namespace }}
-      privateKey:
-        secretReference:
-          keyPath: tls.key
-          name: etcd-ca-tls
-          namespace: {{ .Release.Namespace }}
-    clientCertificate:
-      certificate:
-        secretReference:
-          keyPath: tls.crt
-          name: etcd-client-tls
-          namespace: {{ .Release.Namespace }}
-      privateKey:
-        secretReference:
-          keyPath: tls.key
-          name: etcd-client-tls
-          namespace: {{ .Release.Namespace }}

packages/extra/etcd/templates/etcd-cluster.yaml

@@ -1,167 +0,0 @@
----
-apiVersion: etcd.aenix.io/v1alpha1
-kind: EtcdCluster
-metadata:
-  name: etcd
-spec:
-  storage: {}
-  security:
-    tls:
-      peerTrustedCASecret: etcd-peer-ca-tls
-      peerSecret: etcd-peer-tls
-      serverSecret: etcd-server-tls
-      clientTrustedCASecret: etcd-ca-tls
-      clientSecret: etcd-client-tls
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: etcd-selfsigning-issuer
-spec:
-  selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: etcd-peer-ca
-spec:
-  isCA: true
-  usages:
-  - "signing"
-  - "key encipherment"
-  - "cert sign"
-  commonName: etcd-peer-ca
-  subject:
-    organizations:
-      - ACME Inc.
-    organizationalUnits:
-      - Widgets
-  secretName: etcd-peer-ca-tls
-  privateKey:
-    algorithm: RSA
-    size: 4096
-  issuerRef:
-    name: etcd-selfsigning-issuer
-    kind: Issuer
-    group: cert-manager.io
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: etcd-ca
-spec:
-  isCA: true
-  usages:
-  - "signing"
-  - "key encipherment"
-  - "cert sign"
-  commonName: etcd-ca
-  subject:
-    organizations:
-      - ACME Inc.
-    organizationalUnits:
-      - Widgets
-  secretName: etcd-ca-tls
-  privateKey:
-    algorithm: RSA
-    size: 4096
-  issuerRef:
-    name: etcd-selfsigning-issuer
-    kind: Issuer
-    group: cert-manager.io
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: etcd-peer-issuer
-spec:
-  ca:
-    secretName: etcd-peer-ca-tls
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: etcd-issuer
-spec:
-  ca:
-    secretName: etcd-ca-tls
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: etcd-server
-spec:
-  secretName: etcd-server-tls
-  isCA: false
-  usages:
-    - "server auth"
-    - "signing"
-    - "key encipherment"
-  dnsNames:
-  - etcd-0
-  - etcd-0.etcd-headless
-  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
-  - etcd-1
-  - etcd-1.etcd-headless
-  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
-  - etcd-2
-  - etcd-2.etcd-headless
-  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
-  - localhost
-  - "127.0.0.1"
-  privateKey:
-    rotationPolicy: Always
-    algorithm: RSA
-    size: 4096
-  issuerRef:
-    name: etcd-issuer
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: etcd-peer
-spec:
-  secretName: etcd-peer-tls
-  isCA: false
-  usages:
-    - "server auth"
-    - "client auth"
-    - "signing"
-    - "key encipherment"
-  dnsNames:
-  - etcd-0
-  - etcd-0.etcd-headless
-  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
-  - etcd-1
-  - etcd-1.etcd-headless
-  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
-  - etcd-2
-  - etcd-2.etcd-headless
-  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
-  - localhost
-  - "127.0.0.1"
-  privateKey:
-    rotationPolicy: Always
-    algorithm: RSA
-    size: 4096
-  issuerRef:
-    name: etcd-peer-issuer
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: etcd-client
-spec:
-  commonName: root
-  secretName: etcd-client-tls
-  usages:
-  - "signing"
-  - "key encipherment"
-  - "client auth"
-  privateKey:
-    rotationPolicy: Always
-    algorithm: RSA
-    size: 4096
-  issuerRef:
-    name: etcd-issuer
-    kind: Issuer

packages/extra/etcd/templates/kamaji-etcd.yaml

@@ -0,0 +1,19 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kamaji-etcd
+spec:
+  chart:
+    spec:
+      chart: cozy-kamaji-etcd
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+      version: '*'
+  interval: 1m0s
+  timeout: 5m0s
+  values:
+    kamaji-etcd:
+      fullnameOverride: etcd

packages/extra/versions_map

@@ -1,4 +1,3 @@
-etcd 1.0.0 f7eaab0
-etcd 2.0.0 HEAD
+etcd 1.0.0 HEAD
 ingress 1.0.0 HEAD
 monitoring 1.0.0 HEAD

packages/system/capi-providers/templates/providers.yaml

@@ -13,7 +13,7 @@ spec:
   deployment:
     containers:
     - name: manager
-      imageUrl: ghcr.io/kvaps/test:cluster-api-control-plane-provider-kamaji-v0.7.1-fix
+      imageUrl: ghcr.io/kvaps/test:cluster-api-control-plane-provider-kamaji-v0.6.0-fix7
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: BootstrapProvider

packages/system/dashboard/charts/kubeapps/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 19.0.2
+  version: 18.19.2
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.2.4
+  version: 13.4.6
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.19.1
-digest: sha256:2ff034d67cb1b9c11f0243b3ab9a6a8642bf12142df2f86043f9006adf6dbba1
-generated: "2024-04-08T09:01:34.727544997Z"
+  version: 2.19.0
+digest: sha256:b4965a22517e61212e78abb8d1cbe86e800c8664b3139e2047f4bd62b3e55b24
+generated: "2024-03-13T11:51:34.216594+01:00"

packages/system/dashboard/charts/kubeapps/Chart.yaml

@@ -2,33 +2,33 @@ annotations:
   category: Infrastructure
   images: |
     - name: kubeapps-apis
-      image: docker.io/bitnami/kubeapps-apis:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-12-r19
     - name: kubeapps-apprepository-controller
-      image: docker.io/bitnami/kubeapps-apprepository-controller:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-12-r18
     - name: kubeapps-asset-syncer
-      image: docker.io/bitnami/kubeapps-asset-syncer:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-12-r19
     - name: kubeapps-dashboard
-      image: docker.io/bitnami/kubeapps-dashboard:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-12-r18
     - name: kubeapps-oci-catalog
-      image: docker.io/bitnami/kubeapps-oci-catalog:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-12-r17
     - name: kubeapps-pinniped-proxy
-      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.10.0-debian-12-r0
+      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-12-r17
     - name: nginx
-      image: docker.io/bitnami/nginx:1.25.4-debian-12-r7
+      image: docker.io/bitnami/nginx:1.25.4-debian-12-r3
     - name: oauth2-proxy
-      image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r7
+      image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r4
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.10.0
+appVersion: 2.9.0
 dependencies:
 - condition: packaging.flux.enabled
   name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 19.x.x
+  version: 18.x.x
 - condition: packaging.helm.enabled
   name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.x.x
+  version: 13.x.x
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
   tags:
@@ -51,4 +51,4 @@ maintainers:
 name: kubeapps
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kubeapps
-version: 15.0.2
+version: 14.7.2

packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml

@@ -2,7 +2,7 @@ annotations:
   category: Infrastructure
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.19.1
+appVersion: 2.19.0
 description: A Library Helm Chart for grouping common logic between bitnami charts.
   This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.19.1
+version: 2.19.0

packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl

@@ -11,7 +11,7 @@ These presets are for basic testing and not meant to be used in production
 {{ include "common.resources.preset" (dict "type" "nano") -}}
 */}}
 {{- define "common.resources.preset" -}}
-{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}}
+{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
 {{- $presets := dict 
   "nano" (dict 
       "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
@@ -34,11 +34,11 @@ These presets are for basic testing and not meant to be used in production
       "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
    )
   "xlarge" (dict 
-      "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
       "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
    )
   "2xlarge" (dict 
-      "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
       "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
    )
  }}
@@ -47,4 +47,4 @@ These presets are for basic testing and not meant to be used in production
 {{- else -}}
 {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
 {{- end -}}
-{{- end -}}
+{{- end -}}

packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml

@@ -35,4 +35,4 @@ maintainers:
 name: redis
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/redis
-version: 19.0.2
+version: 18.19.2

packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml

@@ -28,8 +28,8 @@ spec:
       {{- if .Values.metrics.podMonitor.honorLabels }}
       honorLabels: {{ .Values.metrics.podMonitor.honorLabels }}
       {{- end }}
-      {{- with concat .Values.metrics.podMonitor.relabelings .Values.metrics.podMonitor.relabellings }}
-      relabelings: {{- toYaml . | nindent 6 }}
+      {{- if .Values.metrics.podMonitor.relabellings }}
+      relabelings: {{- toYaml .Values.metrics.podMonitor.relabellings | nindent 6 }}
       {{- end }}
       {{- if .Values.metrics.podMonitor.metricRelabelings }}
       metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }}
@@ -45,8 +45,8 @@ spec:
       {{- if .honorLabels }}
       honorLabels: {{ .honorLabels }}
       {{- end }}
-      {{- with concat .Values.metrics.podMonitor.relabelings .Values.metrics.podMonitor.relabellings }}
-      relabelings: {{- toYaml . | nindent 6 }}
+      {{- if .relabellings }}
+      relabelings: {{- toYaml .relabellings | nindent 6 }}
       {{- end }}
       {{- if .metricRelabelings }}
       metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}

packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/statefulset.yaml

@@ -598,9 +598,8 @@ spec:
           image: {{ template "redis.kubectl.image" . }}
           imagePullPolicy: {{ .Values.kubectl.image.pullPolicy | quote }}
           command: {{- toYaml .Values.kubectl.command | nindent 12 }}
-          {{- if .Values.kubectl.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.kubectl.containerSecurityContext "context" $) | nindent 12 }}
-          {{- end }}
+          securityContext:
+            runAsUser: 0
           volumeMounts:
             - name: kubectl-shared
               mountPath: /etc/shared

packages/system/dashboard/charts/kubeapps/charts/redis/templates/servicemonitor.yaml

@@ -28,8 +28,8 @@ spec:
       {{- if .Values.metrics.serviceMonitor.honorLabels }}
       honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
       {{- end }}
-      {{- with concat .Values.metrics.serviceMonitor.relabelings .Values.metrics.serviceMonitor.relabellings }}
-      relabelings: {{- toYaml . | nindent 6 }}
+      {{- if .Values.metrics.serviceMonitor.relabellings }}
+      relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
       {{- end }}
       {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
       metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }}
@@ -45,8 +45,8 @@ spec:
       {{- if .honorLabels }}
       honorLabels: {{ .honorLabels }}
       {{- end }}
-      {{- with concat .Values.metrics.serviceMonitor.relabelings .Values.metrics.serviceMonitor.relabellings }}
-      relabelings: {{- toYaml . | nindent 6 }}
+      {{- if .relabellings }}
+      relabelings: {{- toYaml .relabellings | nindent 6 }}
       {{- end }}
       {{- if .metricRelabelings }}
       metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}

packages/system/dashboard/charts/kubeapps/charts/redis/values.yaml

@@ -30,7 +30,7 @@ global:
     openshift:
       ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
       ##
-      adaptSecurityContext: auto
+      adaptSecurityContext: disabled
 ## @section Common parameters
 ##
 
@@ -275,7 +275,7 @@ master:
   ## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
   ## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
   ## Example:
   ## resources:
@@ -315,12 +315,12 @@ master:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: {}
+    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     seccompProfile:
       type: RuntimeDefault
     capabilities:
@@ -737,7 +737,7 @@ replica:
   ## @param replica.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
   ## @param replica.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
   ## Example:
   ## resources:
@@ -777,12 +777,12 @@ replica:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: {}
+    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     seccompProfile:
       type: RuntimeDefault
     capabilities:
@@ -1306,7 +1306,7 @@ sentinel:
   ## @param sentinel.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
   ## @param sentinel.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
   ## Example:
   ## resources:
@@ -1332,12 +1332,12 @@ sentinel:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: {}
+    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     seccompProfile:
       type: RuntimeDefault
     capabilities:
@@ -1708,12 +1708,12 @@ metrics:
   ##
   containerSecurityContext:
     enabled: true
-    seLinuxOptions: {}
+    seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     seccompProfile:
       type: RuntimeDefault
     capabilities:
@@ -1729,7 +1729,7 @@ metrics:
   ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
   ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
   ## Example:
   ## resources:
@@ -1812,10 +1812,7 @@ metrics:
     ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended
     ##
     scrapeTimeout: ""
-    ## @param metrics.serviceMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
-    ##
-    relabelings: []
-    ## @skip metrics.serviceMonitor.relabellings DEPRECATED: Use `metrics.serviceMonitor.relabelings` instead.
+    ## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
     ##
     relabellings: []
     ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
@@ -1869,10 +1866,7 @@ metrics:
     ## @param metrics.podMonitor.scrapeTimeout The timeout after which the scrape is ended
     ##
     scrapeTimeout: ""
-    ## @param metrics.podMonitor.relabelings Metrics RelabelConfigs to apply to samples before scraping.
-    ##
-    relabelings: []
-    ## @skip metrics.podMonitor.relabellings DEPRECATED: Use `metrics.podMonitor.relabelings` instead.
+    ## @param metrics.podMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping.
     ##
     relabellings: []
     ## @param metrics.podMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion.
@@ -1994,7 +1988,7 @@ volumePermissions:
   ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
   ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
   ## Example:
   ## resources:
@@ -2015,7 +2009,7 @@ volumePermissions:
   ##   "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
   ##
   containerSecurityContext:
-    seLinuxOptions: {}
+    seLinuxOptions: null
     runAsUser: 0
 
 ## Kubectl InitContainer
@@ -2052,30 +2046,6 @@ kubectl:
   ## @param kubectl.command kubectl command to execute
   ##
   command: ["/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh"]
-  ## Configure Container Security Context
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
-  ## @param kubectl.containerSecurityContext.enabled Enabled kubectl containers' Security Context
-  ## @param kubectl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
-  ## @param kubectl.containerSecurityContext.runAsUser Set kubectl containers' Security Context runAsUser
-  ## @param kubectl.containerSecurityContext.runAsGroup Set kubectl containers' Security Context runAsGroup
-  ## @param kubectl.containerSecurityContext.runAsNonRoot Set kubectl containers' Security Context runAsNonRoot
-  ## @param kubectl.containerSecurityContext.allowPrivilegeEscalation Set kubectl containers' Security Context allowPrivilegeEscalation
-  ## @param kubectl.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem
-  ## @param kubectl.containerSecurityContext.seccompProfile.type Set kubectl containers' Security Context seccompProfile
-  ## @param kubectl.containerSecurityContext.capabilities.drop Set kubectl containers' Security Context capabilities to drop
-  ##
-  containerSecurityContext:
-    enabled: true
-    seLinuxOptions: {}
-    runAsUser: 1001
-    runAsGroup: 1001
-    runAsNonRoot: true
-    allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: true
-    seccompProfile:
-      type: RuntimeDefault
-    capabilities:
-      drop: ["ALL"]
   ## Bitnami Kubectl resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
   ## @param kubectl.resources.limits The resources limits for the kubectl containers
@@ -2126,7 +2096,7 @@ sysctl:
   ## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "nano"
+  resourcesPreset: "none"
   ## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
   ## Example:
   ## resources:

packages/system/dashboard/charts/kubeapps/templates/apprepository/deployment.yaml

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
   name: {{ template "kubeapps.apprepository.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/apprepository/networkpolicy.yaml

@@ -1,59 +0,0 @@
-{{- /*
-Copyright VMware, Inc.
-SPDX-License-Identifier: APACHE-2.0
-*/}}
-
-{{- if and .Values.packaging.helm.enabled .Values.apprepository.networkPolicy.enabled }}
-kind: NetworkPolicy
-apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
-metadata:
-  name: {{ include "kubeapps.apprepository.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
-  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }}
-  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: apprepository
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-spec:
-  policyTypes:
-    - Ingress
-    - Egress
-  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.apprepository.podLabels .Values.commonLabels ) "context" . ) }}
-  podSelector:
-    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
-      app.kubernetes.io/component: apprepository
-  {{- if .Values.apprepository.networkPolicy.allowExternalEgress }}
-  egress:
-    - {}
-  {{- else }}
-  egress:
-    # Allow dns resolution
-    - ports:
-        - port: 53
-          protocol: UDP
-        - port: 53
-          protocol: TCP
-        {{- range $port := .Values.apprepository.networkPolicy.kubeAPIServerPorts }}
-        - port: {{ $port }}
-        {{- end }}
-    # Allow connection to PostgreSQL
-    - ports:
-        - port: {{ include "kubeapps.postgresql.port" . }}
-      {{- if .Values.postgresql.enabled }}
-      to:
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/name: postgresql
-              app.kubernetes.io/instance: {{ .Release.Name }}
-      {{- end }}
-    {{- if .Values.apprepository.networkPolicy.extraEgress }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.apprepository.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
-    {{- end }}
-  {{- end }}
-  ingress:
-    {{- if .Values.apprepository.networkPolicy.extraIngress }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.apprepository.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
-    {{- end }}
-{{- end }}

packages/system/dashboard/charts/kubeapps/templates/apprepository/rbac.yaml

@@ -12,7 +12,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: Role
 metadata:
   name: {{ template "kubeapps.apprepository.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: apprepository
   {{- if .Values.commonAnnotations }}
@@ -73,7 +73,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: RoleBinding
 metadata:
   name: {{ template "kubeapps.apprepository.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: apprepository
   {{- if .Values.commonAnnotations }}
@@ -112,7 +112,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: Role
 metadata:
   name: {{ printf "%s-repositories-read" .Release.Name }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: apprepository
   {{- if .Values.commonAnnotations }}
@@ -132,7 +132,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: Role
 metadata:
   name: {{ printf "%s-repositories-write" .Release.Name }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: apprepository
   {{- if .Values.commonAnnotations }}

packages/system/dashboard/charts/kubeapps/templates/apprepository/serviceaccount.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "kubeapps.apprepository.serviceAccountName" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.apprepository.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "kubeapps.dashboard-config.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/dashboard/deployment.yaml

@@ -3,12 +3,12 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- if .Values.dashboard.enabled }}
+{{- if .Values.dashboard.enabled -}}
 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
   name: {{ template "kubeapps.dashboard.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/dashboard/networkpolicy.yaml

@@ -1,71 +0,0 @@
-{{- /*
-Copyright VMware, Inc.
-SPDX-License-Identifier: APACHE-2.0
-*/}}
-
-{{- if and .Values.dashboard.enabled .Values.dashboard.networkPolicy.enabled }}
-kind: NetworkPolicy
-apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
-metadata:
-  name: {{ include "kubeapps.dashboard.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
-  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
-  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: dashboard
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-spec:
-  policyTypes:
-    - Ingress
-    - Egress
-  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.dashboard.podLabels .Values.commonLabels $versionLabel ) "context" . ) }}
-  podSelector:
-    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
-      app.kubernetes.io/component: dashboard
-  {{- if .Values.dashboard.networkPolicy.allowExternalEgress }}
-  egress:
-    - {}
-  {{- else }}
-  egress:
-    # Allow dns resolution
-    - ports:
-        - port: 53
-          protocol: UDP
-        - port: 53
-          protocol: TCP
-        {{- range $port := .Values.dashboard.networkPolicy.kubeAPIServerPorts }}
-        - port: {{ $port }}
-        {{- end }}
-    {{- if .Values.dashboard.networkPolicy.extraEgress }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
-    {{- end }}
-  {{- end }}
-  ingress:
-    # Allow inbound connections
-    - ports:
-        - port: {{ .Values.dashboard.containerPorts.http }}
-      {{- if not .Values.dashboard.networkPolicy.allowExternal }}
-      from:
-        - podSelector:
-            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
-        {{- if .Values.dashboard.networkPolicy.ingressNSMatchLabels }}
-        - namespaceSelector:
-            matchLabels:
-              {{- range $key, $value := .Values.dashboard.networkPolicy.ingressNSMatchLabels }}
-              {{ $key | quote }}: {{ $value | quote }}
-              {{- end }}
-          {{- if .Values.dashboard.networkPolicy.ingressNSPodMatchLabels }}
-          podSelector:
-            matchLabels:
-              {{- range $key, $value := .Values.dashboard.networkPolicy.ingressNSPodMatchLabels }}
-              {{ $key | quote }}: {{ $value | quote }}
-              {{- end }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-    {{- if .Values.dashboard.networkPolicy.extraIngress }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.dashboard.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
-    {{- end }}
-{{- end }}

packages/system/dashboard/charts/kubeapps/templates/dashboard/service.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "kubeapps.dashboard.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.dashboard.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/frontend/configmap.yaml

@@ -7,7 +7,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "kubeapps.frontend-config.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/frontend/deployment.yaml

@@ -7,7 +7,7 @@ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/frontend/networkpolicy.yaml

@@ -1,77 +0,0 @@
-{{- /*
-Copyright VMware, Inc.
-SPDX-License-Identifier: APACHE-2.0
-*/}}
-
-{{- if .Values.frontend.networkPolicy.enabled }}
-kind: NetworkPolicy
-apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
-metadata:
-  name: {{ include "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
-  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
-  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: frontend
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-spec:
-  policyTypes:
-    - Ingress
-    - Egress
-  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.frontend.podLabels .Values.commonLabels $versionLabel ) "context" . ) }}
-  podSelector:
-    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
-      app.kubernetes.io/component: frontend
-  {{- if .Values.frontend.networkPolicy.allowExternalEgress }}
-  egress:
-    - {}
-  {{- else }}
-  egress:
-    # Allow dns resolution
-    - ports:
-        - port: 53
-          protocol: UDP
-        - port: 53
-          protocol: TCP
-        {{- range $port := .Values.frontend.networkPolicy.kubeAPIServerPorts }}
-        - port: {{ $port }}
-        {{- end }}
-    {{- if .Values.frontend.networkPolicy.extraEgress }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.frontend.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
-    {{- end }}
-  {{- end }}
-  ingress:
-    # Allow inbound connections
-    - ports:
-        - port: {{ .Values.frontend.containerPorts.http }}
-        {{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }}
-        - port: {{ .Values.authProxy.containerPorts.proxy }}
-        {{- end }}
-        {{- if .Values.pinnipedProxy.enabled }}
-        - port: {{ .Values.pinnipedProxy.containerPorts.pinnipedProxy }}
-        {{- end }}
-      {{- if not .Values.frontend.networkPolicy.allowExternal }}
-      from:
-        - podSelector:
-            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
-        {{- if .Values.frontend.networkPolicy.ingressNSMatchLabels }}
-        - namespaceSelector:
-            matchLabels:
-              {{- range $key, $value := .Values.frontend.networkPolicy.ingressNSMatchLabels }}
-              {{ $key | quote }}: {{ $value | quote }}
-              {{- end }}
-          {{- if .Values.frontend.networkPolicy.ingressNSPodMatchLabels }}
-          podSelector:
-            matchLabels:
-              {{- range $key, $value := .Values.frontend.networkPolicy.ingressNSPodMatchLabels }}
-              {{ $key | quote }}: {{ $value | quote }}
-              {{- end }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-    {{- if .Values.frontend.networkPolicy.extraIngress }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.frontend.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
-    {{- end }}
-{{- end }}

packages/system/dashboard/charts/kubeapps/templates/frontend/oauth2-secret.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "kubeapps.oauth2_proxy-secret.name" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/frontend/service.yaml

@@ -7,7 +7,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.frontend.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
@@ -64,7 +64,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "kubeapps.pinniped-proxy.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     app.kubernetes.io/component: frontend
   {{- if or .Values.pinnipedProxy.service.annotations .Values.commonAnnotations }}

packages/system/dashboard/charts/kubeapps/templates/ingress-api.yaml

@@ -15,7 +15,7 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: {{ template "common.names.fullname" . }}-http-api
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
@@ -75,7 +75,7 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if or .Values.featureFlags.apiOnly.grpc.annotations .Values.ingress.annotations .Values.commonAnnotations }}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.featureFlags.apiOnly.grpc.annotations .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}

packages/system/dashboard/charts/kubeapps/templates/ingress.yaml

@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}

packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/configmap.yaml

@@ -7,7 +7,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ printf "%s-configmap" (include "kubeapps.kubeappsapis.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml

@@ -7,7 +7,7 @@ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
   name: {{ template "kubeapps.kubeappsapis.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/networkpolicy.yaml

@@ -1,74 +0,0 @@
-{{- /*
-Copyright VMware, Inc.
-SPDX-License-Identifier: APACHE-2.0
-*/}}
-
-{{- if .Values.kubeappsapis.networkPolicy.enabled }}
-kind: NetworkPolicy
-apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
-metadata:
-  name: {{ template "kubeapps.kubeappsapis.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
-  {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
-  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: kubeappsapis
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-spec:
-  policyTypes:
-    - Ingress
-    - Egress
-  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.kubeappsapis.podLabels .Values.commonLabels $versionLabel ) "context" . ) }}
-  podSelector:
-    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
-      app.kubernetes.io/component: kubeappsapis
-  {{- if .Values.kubeappsapis.networkPolicy.allowExternalEgress }}
-  egress:
-    - {}
-  {{- else }}
-  egress:
-    # Allow dns resolution
-    - ports:
-        - port: 53
-          protocol: UDP
-        - port: 53
-          protocol: TCP
-        {{- range $port := .Values.kubeappsapis.networkPolicy.kubeAPIServerPorts }}
-        - port: {{ $port }}
-        {{- end }}
-    {{- if .Values.kubeappsapis.networkPolicy.extraEgress }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.kubeappsapis.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
-    {{- end }}
-  {{- end }}
-  ingress:
-    # Allow inbound connections
-    - ports:
-        - port: {{ .Values.kubeappsapis.containerPorts.http }}
-        {{- if .Values.ociCatalog.enabled }}
-        - port: {{ .Values.ociCatalog.containerPorts.grpc }}
-        {{- end }}
-      {{- if not .Values.kubeappsapis.networkPolicy.allowExternal }}
-      from:
-        - podSelector:
-            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
-        {{- if .Values.kubeappsapis.networkPolicy.ingressNSMatchLabels }}
-        - namespaceSelector:
-            matchLabels:
-              {{- range $key, $value := .Values.kubeappsapis.networkPolicy.ingressNSMatchLabels }}
-              {{ $key | quote }}: {{ $value | quote }}
-              {{- end }}
-          {{- if .Values.kubeappsapis.networkPolicy.ingressNSPodMatchLabels }}
-          podSelector:
-            matchLabels:
-              {{- range $key, $value := .Values.kubeappsapis.networkPolicy.ingressNSPodMatchLabels }}
-              {{ $key | quote }}: {{ $value | quote }}
-              {{- end }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-    {{- if .Values.kubeappsapis.networkPolicy.extraIngress }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.kubeappsapis.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
-    {{- end }}
-{{- end }}

packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml

@@ -53,6 +53,6 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }}
-    namespace: {{ include "common.names.namespace" . | quote }}
+    namespace: {{ .Release.Namespace | quote }}
 {{- end }}
 {{- end }}

packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/service.yaml

@@ -7,7 +7,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "kubeapps.kubeappsapis.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/serviceaccount.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.kubeappsapis.image "chart" .Chart ) ) }}
   {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/shared/config.yaml

@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ template "kubeapps.clusters-config.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/templates/tls-secrets.yaml

@@ -30,7 +30,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ $secretName }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

packages/system/dashboard/charts/kubeapps/values.yaml

@@ -26,7 +26,7 @@ global:
     openshift:
       ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
       ##
-      adaptSecurityContext: auto
+      adaptSecurityContext: disabled
 ## @section Common parameters
 
 ## @param kubeVersion Override Kubernetes version
@@ -211,7 +211,7 @@ frontend:
   image:
     registry: docker.io
     repository: bitnami/nginx
-    tag: 1.25.4-debian-12-r7
+    tag: 1.25.4-debian-12-r3
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -258,21 +258,22 @@ frontend:
     type: RollingUpdate
   ## Frontend containers' resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param frontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production).
+  ## @param frontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "micro"
-  ## @param frontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
+  resourcesPreset: "none"
+  ## @param frontend.resources.limits.cpu The CPU limits for the NGINX container
+  ## @param frontend.resources.limits.memory The memory limits for the NGINX container
+  ## @param frontend.resources.requests.cpu The requested CPU for the NGINX container
+  ## @param frontend.resources.requests.memory The requested memory for the NGINX container
   ##
-  resources: {}
+  resources:
+    limits:
+      cpu: 250m
+      memory: 128Mi
+    requests:
+      cpu: 25m
+      memory: 32Mi
   ## @param frontend.extraEnvVars Array with extra environment variables to add to the NGINX container
   ## e.g:
   ## extraEnvVars:
@@ -321,10 +322,10 @@ frontend:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     allowPrivilegeEscalation: false
     capabilities:
       drop: ["ALL"]
@@ -536,64 +537,6 @@ frontend:
     ##     timeoutSeconds: 300
     ##
     sessionAffinityConfig: {}
-  ## Network Policies
-  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
-  ##
-  networkPolicy:
-    ## @param frontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
-    ##
-    enabled: true
-    ## @param frontend.networkPolicy.allowExternal Don't require server label for connections
-    ## The Policy model to apply. When set to false, only pods with the correct
-    ## server label will have network access to the ports server is listening
-    ## on. When true, server will accept connections from any source
-    ## (with the correct destination port).
-    ##
-    allowExternal: true
-    ## @param frontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
-    ##
-    allowExternalEgress: true
-    ## @param frontend.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
-    ##
-    kubeAPIServerPorts: [443, 6443, 8443]
-    ## @param frontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
-    ## e.g:
-    ## extraIngress:
-    ##   - ports:
-    ##       - port: 1234
-    ##     from:
-    ##       - podSelector:
-    ##           - matchLabels:
-    ##               - role: frontend
-    ##       - podSelector:
-    ##           - matchExpressions:
-    ##               - key: role
-    ##                 operator: In
-    ##                 values:
-    ##                   - frontend
-    extraIngress: []
-    ## @param frontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
-    ## e.g:
-    ## extraEgress:
-    ##   - ports:
-    ##       - port: 1234
-    ##     to:
-    ##       - podSelector:
-    ##           - matchLabels:
-    ##               - role: frontend
-    ##       - podSelector:
-    ##           - matchExpressions:
-    ##               - key: role
-    ##                 operator: In
-    ##                 values:
-    ##                   - frontend
-    ##
-    extraEgress: []
-    ## @param frontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
-    ## @param frontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
-    ##
-    ingressNSMatchLabels: {}
-    ingressNSPodMatchLabels: {}
 ## @section Dashboard parameters
 
 ## Dashboard parameters
@@ -615,7 +558,7 @@ dashboard:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-dashboard
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r18
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -711,21 +654,22 @@ dashboard:
     http: 8080
   ## Dashboard containers' resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param dashboard.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production).
+  ## @param dashboard.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "micro"
-  ## @param dashboard.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
+  resourcesPreset: "none"
+  ## @param dashboard.resources.limits.cpu The CPU limits for the Dashboard container
+  ## @param dashboard.resources.limits.memory The memory limits for the Dashboard container
+  ## @param dashboard.resources.requests.cpu The requested CPU for the Dashboard container
+  ## @param dashboard.resources.requests.memory The requested memory for the Dashboard container
   ##
-  resources: {}
+  resources:
+    limits:
+      cpu: 250m
+      memory: 128Mi
+    requests:
+      cpu: 25m
+      memory: 32Mi
   ## Configure Pods Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context
@@ -757,10 +701,10 @@ dashboard:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     allowPrivilegeEscalation: false
     capabilities:
       drop: ["ALL"]
@@ -932,64 +876,6 @@ dashboard:
     ## @param dashboard.service.annotations Additional custom annotations for Dashboard service
     ##
     annotations: {}
-  ## Network Policies
-  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
-  ##
-  networkPolicy:
-    ## @param dashboard.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
-    ##
-    enabled: true
-    ## @param dashboard.networkPolicy.allowExternal Don't require server label for connections
-    ## The Policy model to apply. When set to false, only pods with the correct
-    ## server label will have network access to the ports server is listening
-    ## on. When true, server will accept connections from any source
-    ## (with the correct destination port).
-    ##
-    allowExternal: true
-    ## @param dashboard.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
-    ##
-    allowExternalEgress: true
-    ## @param dashboard.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
-    ##
-    kubeAPIServerPorts: [443, 6443, 8443]
-    ## @param dashboard.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
-    ## e.g:
-    ## extraIngress:
-    ##   - ports:
-    ##       - port: 1234
-    ##     from:
-    ##       - podSelector:
-    ##           - matchLabels:
-    ##               - role: frontend
-    ##       - podSelector:
-    ##           - matchExpressions:
-    ##               - key: role
-    ##                 operator: In
-    ##                 values:
-    ##                   - frontend
-    extraIngress: []
-    ## @param dashboard.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
-    ## e.g:
-    ## extraEgress:
-    ##   - ports:
-    ##       - port: 1234
-    ##     to:
-    ##       - podSelector:
-    ##           - matchLabels:
-    ##               - role: frontend
-    ##       - podSelector:
-    ##           - matchExpressions:
-    ##               - key: role
-    ##                 operator: In
-    ##                 values:
-    ##                   - frontend
-    ##
-    extraEgress: []
-    ## @param dashboard.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
-    ## @param dashboard.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
-    ##
-    ingressNSMatchLabels: {}
-    ingressNSPodMatchLabels: {}
 ## @section AppRepository Controller parameters
 
 ## AppRepository Controller parameters
@@ -1007,7 +893,7 @@ apprepository:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-apprepository-controller
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r18
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1034,7 +920,7 @@ apprepository:
   syncImage:
     registry: docker.io
     repository: bitnami/kubeapps-asset-syncer
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r19
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1143,21 +1029,22 @@ apprepository:
     type: RollingUpdate
   ## AppRepository Controller containers' resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param apprepository.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production).
+  ## @param apprepository.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "micro"
-  ## @param apprepository.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
+  resourcesPreset: "none"
+  ## @param apprepository.resources.limits.cpu The CPU limits for the AppRepository Controller container
+  ## @param apprepository.resources.limits.memory The memory limits for the AppRepository Controller container
+  ## @param apprepository.resources.requests.cpu The requested CPU for the AppRepository Controller container
+  ## @param apprepository.resources.requests.memory The requested memory for the AppRepository Controller container
   ##
-  resources: {}
+  resources:
+    limits:
+      cpu: 250m
+      memory: 128Mi
+    requests:
+      cpu: 25m
+      memory: 32Mi
   ## Configure Pods Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param apprepository.podSecurityContext.enabled Enabled AppRepository Controller pods' Security Context
@@ -1189,10 +1076,10 @@ apprepository:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     allowPrivilegeEscalation: false
     capabilities:
       drop: ["ALL"]
@@ -1312,52 +1199,6 @@ apprepository:
   ##    command: ['sh', '-c', 'echo "hello world"']
   ##
   initContainers: []
-  ## Network Policies
-  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
-  ##
-  networkPolicy:
-    ## @param apprepository.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
-    ##
-    enabled: true
-    ## @param apprepository.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
-    ##
-    allowExternalEgress: true
-    ## @param apprepository.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
-    ##
-    kubeAPIServerPorts: [443, 6443, 8443]
-    ## @param apprepository.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
-    ## e.g:
-    ## extraIngress:
-    ##   - ports:
-    ##       - port: 1234
-    ##     from:
-    ##       - podSelector:
-    ##           - matchLabels:
-    ##               - role: frontend
-    ##       - podSelector:
-    ##           - matchExpressions:
-    ##               - key: role
-    ##                 operator: In
-    ##                 values:
-    ##                   - frontend
-    extraIngress: []
-    ## @param apprepository.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
-    ## e.g:
-    ## extraEgress:
-    ##   - ports:
-    ##       - port: 1234
-    ##     to:
-    ##       - podSelector:
-    ##           - matchLabels:
-    ##               - role: frontend
-    ##       - podSelector:
-    ##           - matchExpressions:
-    ##               - key: role
-    ##                 operator: In
-    ##                 values:
-    ##                   - frontend
-    ##
-    extraEgress: []
   ## AppRepository Controller Service Account
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
   ## @param apprepository.serviceAccount.create Specifies whether a ServiceAccount should be created
@@ -1391,7 +1232,7 @@ authProxy:
   image:
     registry: docker.io
     repository: bitnami/oauth2-proxy
-    tag: 7.6.0-debian-12-r7
+    tag: 7.6.0-debian-12-r4
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1501,10 +1342,10 @@ authProxy:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     allowPrivilegeEscalation: false
     capabilities:
       drop: ["ALL"]
@@ -1512,21 +1353,22 @@ authProxy:
       type: "RuntimeDefault"
   ## OAuth2 Proxy containers' resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param authProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production).
+  ## @param authProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "micro"
-  ## @param authProxy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
+  resourcesPreset: "none"
+  ## @param authProxy.resources.limits.cpu The CPU limits for the OAuth2 Proxy container
+  ## @param authProxy.resources.limits.memory The memory limits for the OAuth2 Proxy container
+  ## @param authProxy.resources.requests.cpu The requested CPU for the OAuth2 Proxy container
+  ## @param authProxy.resources.requests.memory The requested memory for the OAuth2 Proxy container
   ##
-  resources: {}
+  resources:
+    limits:
+      cpu: 250m
+      memory: 128Mi
+    requests:
+      cpu: 25m
+      memory: 32Mi
 ## @section Pinniped Proxy parameters
 
 ## Pinniped Proxy configuration for converting user OIDC tokens to k8s client authorization certs
@@ -1547,7 +1389,7 @@ pinnipedProxy:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-pinniped-proxy
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r17
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1631,10 +1473,10 @@ pinnipedProxy:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     allowPrivilegeEscalation: false
     capabilities:
       drop: ["ALL"]
@@ -1642,21 +1484,24 @@ pinnipedProxy:
       type: "RuntimeDefault"
   ## Pinniped Proxy containers' resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param pinnipedProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production).
+  ## @param pinnipedProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "micro"
-  ## @param pinnipedProxy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
+  resourcesPreset: "none"
+  ## Pinniped Proxy containers' resource requests and limits
+  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param pinnipedProxy.resources.limits.cpu The CPU limits for the Pinniped Proxy container
+  ## @param pinnipedProxy.resources.limits.memory The memory limits for the Pinniped Proxy container
+  ## @param pinnipedProxy.resources.requests.cpu The requested CPU for the Pinniped Proxy container
+  ## @param pinnipedProxy.resources.requests.memory The requested memory for the Pinniped Proxy container
   ##
-  resources: {}
+  resources:
+    limits:
+      cpu: 250m
+      memory: 128Mi
+    requests:
+      cpu: 25m
+      memory: 32Mi
   ## Pinniped Proxy service parameters
   ##
   service:
@@ -1764,22 +1609,19 @@ postgresql:
     enabled: false
   ## PostgreSQL containers' resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param postgresql.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production).
+  ## @param postgresql.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "micro"
-  ## @param postgresql.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
+  resourcesPreset: "none"
+  ## @param postgresql.resources.limits The resources limits for the PostgreSQL container
+  ## @param postgresql.resources.requests.cpu The requested CPU for the PostgreSQL container
+  ## @param postgresql.resources.requests.memory The requested memory for the PostgreSQL container
   ##
-  ##
-  resources: {}
+  resources:
+    limits: {}
+    requests:
+      memory: 256Mi
+      cpu: 250m
 ## @section kubeappsapis parameters
 kubeappsapis:
   ## @param kubeappsapis.enabledPlugins Manually override which plugins are enabled for the Kubeapps-APIs service
@@ -1862,7 +1704,7 @@ kubeappsapis:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-apis
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r19
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1923,21 +1765,22 @@ kubeappsapis:
     http: 50051
   ## KubeappsAPIs containers' resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-  ## @param kubeappsapis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production).
+  ## @param kubeappsapis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "micro"
-  ## @param kubeappsapis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
+  resourcesPreset: "none"
+  ## @param kubeappsapis.resources.limits.cpu The CPU limits for the KubeappsAPIs container
+  ## @param kubeappsapis.resources.limits.memory The memory limits for the KubeappsAPIs container
+  ## @param kubeappsapis.resources.requests.cpu The requested CPU for the KubeappsAPIs container
+  ## @param kubeappsapis.resources.requests.memory The requested memory for the KubeappsAPIs container
   ##
-  resources: {}
+  resources:
+    limits:
+      cpu: 250m
+      memory: 256Mi
+    requests:
+      cpu: 25m
+      memory: 32Mi
   ## Configure Pods Security Context
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
   ## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context
@@ -1969,10 +1812,10 @@ kubeappsapis:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     allowPrivilegeEscalation: false
     capabilities:
       drop: ["ALL"]
@@ -2144,64 +1987,6 @@ kubeappsapis:
     ## @param kubeappsapis.service.annotations Additional custom annotations for KubeappsAPIs service
     ##
     annotations: {}
-  ## Network Policies
-  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
-  ##
-  networkPolicy:
-    ## @param kubeappsapis.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
-    ##
-    enabled: true
-    ## @param kubeappsapis.networkPolicy.allowExternal Don't require server label for connections
-    ## The Policy model to apply. When set to false, only pods with the correct
-    ## server label will have network access to the ports server is listening
-    ## on. When true, server will accept connections from any source
-    ## (with the correct destination port).
-    ##
-    allowExternal: true
-    ## @param kubeappsapis.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
-    ##
-    allowExternalEgress: true
-    ## @param kubeappsapis.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
-    ##
-    kubeAPIServerPorts: [443, 6443, 8443]
-    ## @param kubeappsapis.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
-    ## e.g:
-    ## extraIngress:
-    ##   - ports:
-    ##       - port: 1234
-    ##     from:
-    ##       - podSelector:
-    ##           - matchLabels:
-    ##               - role: frontend
-    ##       - podSelector:
-    ##           - matchExpressions:
-    ##               - key: role
-    ##                 operator: In
-    ##                 values:
-    ##                   - frontend
-    extraIngress: []
-    ## @param kubeappsapis.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
-    ## e.g:
-    ## extraEgress:
-    ##   - ports:
-    ##       - port: 1234
-    ##     to:
-    ##       - podSelector:
-    ##           - matchLabels:
-    ##               - role: frontend
-    ##       - podSelector:
-    ##           - matchExpressions:
-    ##               - key: role
-    ##                 operator: In
-    ##                 values:
-    ##                   - frontend
-    ##
-    extraEgress: []
-    ## @param kubeappsapis.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
-    ## @param kubeappsapis.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
-    ##
-    ingressNSMatchLabels: {}
-    ingressNSPodMatchLabels: {}
   ## kubeappsapis Service Account
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
   ## @param kubeappsapis.serviceAccount.create Specifies whether a ServiceAccount should be created
@@ -2232,7 +2017,7 @@ ociCatalog:
   image:
     registry: docker.io
     repository: bitnami/kubeapps-oci-catalog
-    tag: 2.10.0-debian-12-r0
+    tag: 2.9.0-debian-12-r17
     digest: ""
     ## Specify a imagePullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -2272,21 +2057,22 @@ ociCatalog:
     grpc: 50061
   ## OCI Catalog containers' resource requests and limits
   ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-  ## @param ociCatalog.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production).
+  ## @param ociCatalog.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production).
   ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
   ##
-  resourcesPreset: "micro"
-  ## @param ociCatalog.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-  ## Example:
-  ## resources:
-  ##   requests:
-  ##     cpu: 2
-  ##     memory: 512Mi
-  ##   limits:
-  ##     cpu: 3
-  ##     memory: 1024Mi
+  resourcesPreset: "none"
+  ## @param ociCatalog.resources.limits.cpu The CPU limits for the OCI Catalog container
+  ## @param ociCatalog.resources.limits.memory The memory limits for the OCI Catalog container
+  ## @param ociCatalog.resources.requests.cpu The requested CPU for the OCI Catalog container
+  ## @param ociCatalog.resources.requests.memory The requested memory for the OCI Catalog container
   ##
-  resources: {}
+  resources:
+    limits:
+      cpu: 250m
+      memory: 256Mi
+    requests:
+      cpu: 25m
+      memory: 32Mi
   ## Configure Container Security Context (only main container)
   ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
   ## @param ociCatalog.containerSecurityContext.enabled Enabled containers' Security Context
@@ -2304,10 +2090,10 @@ ociCatalog:
     enabled: true
     seLinuxOptions: null
     runAsUser: 1001
-    runAsGroup: 1001
+    runAsGroup: 0
     runAsNonRoot: true
     privileged: false
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false
     allowPrivilegeEscalation: false
     capabilities:
       drop: ["ALL"]
@@ -2425,23 +2211,6 @@ redis:
       ## @param redis.master.persistence.enabled Enable Redis® master data persistence using PVC
       ##
       enabled: false
-    ## Redis® master resource requests and limits
-    ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
-    ## @param redis.master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
-    ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-    ##
-    resourcesPreset: "nano"
-    ## @param redis.master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
-    ## Example:
-    ## resources:
-    ##   requests:
-    ##     cpu: 2
-    ##     memory: 512Mi
-    ##   limits:
-    ##     cpu: 3
-    ##     memory: 1024Mi
-    ##
-    resources: {}
   replica:
     ## @param redis.replica.replicaCount Number of Redis® replicas to deploy
     ##

packages/system/dashboard/images/dashboard.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:ac9429d9bf66dd913a37fa9c22a6a2ccdc5d6bef50986bfef7868b5643ecaab2",
-  "containerimage.digest": "sha256:b551704d07e93f9837d36bb610ae5d10508325c31e9bd98a019452eed12ed96f"
+  "containerimage.config.digest": "sha256:ebf11c0997c964a7eeadabecf3bade4c42f623cd03d4c742c8e0748d744f2b48",
+  "containerimage.digest": "sha256:1f2ba6374064bdc927fc7e61c95f58a6f76c121c828d438d212f8772bc52b170"
 }

packages/system/dashboard/images/dashboard.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/dashboard:latest
+ghcr.io/aenix-io/cozystack/dashboard:v0.3.1

packages/system/dashboard/images/dashboard/Dockerfile

@@ -1,10 +1,10 @@
 # Copyright 2018-2023 the Kubeapps contributors.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM bitnami/node:20.12.1 AS build
+FROM bitnami/node:20.11.0 AS build
 WORKDIR /app
 
-ARG VERSION=2.10.0
+ARG VERSION=2.9.0
 RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/v${VERSION}.tar.gz | tar xzf - --strip-components=2 kubeapps-${VERSION}/dashboard
 
 COPY apple-touch-icon.png favicon-16x16.png favicon-32x32.png favicon.ico mstile-144x144.png mstile-150x150.png mstile-310x150.png mstile-310x310.png mstile-70x70.png safari-pinned-tab.svg public/
@@ -26,22 +26,8 @@ RUN yarn install --frozen-lockfile
 RUN yarn run prettier-check && yarn run ts-compile-check
 RUN yarn run build
 
-RUN sed -i \
-    -e 's/#2d4048/#202124/g' \
-    -e 's/#25333d/#1e2023/g'  \
-    -e 's/#fcfdfd/#f3f4f5/g' \
-    -e 's/#f1f6f8/#e7e9eb/g' \
-    -e 's/#e3eaed/#d3d6da/g' \
-    -e 's/#cbd4d8/#b7bbc1/g' \
-    -e 's/#aeb8bc/#989da3/g' \
-    -e 's/#859399/#7b7f85/g' \
-    -e 's/#6a7a81/#5b686e/g' \
-    -e 's/#4f6169/#4f5256/g' \
-    -e 's/#3a4d55/#3a3d41/g' \
-    -e 's/#2d4048/#202124/g' \
-    -e 's/#21333b/#383d44/g' \
-    -e 's/#1b2b32/#2a2d2f/g' \
-    $(grep -rl "#2d4048\|#25333d\|#fcfdfd\|#f1f6f8\|#e3eaed\|#cbd4d8\|#aeb8bc\|#859399\|#6a7a81\|#4f6169\|#3a4d55\|#2d4048\|#21333b\|#1b2b32")
+RUN sed -i 's/hsl(206, 25%, 25%)/hsl(225, 6%, 13%)/g' $(grep -rl 'hsl(206, 25\%, 25\%)')
+RUN sed -i 's/#304250/#202124/g' $(grep -rl "#304250")
 
 FROM bitnami/nginx:1.25.2
 COPY --from=build /app/build /app

packages/system/dashboard/images/kubeapps-apis.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:ab059b6397905b2a2084def06582e61b49c4a8a3374747e87b08c82621357420",
-  "containerimage.digest": "sha256:9c1093da42482f116b27407edcdf8b24122885e295cbb632e565213c66fc07c0"
+  "containerimage.config.digest": "sha256:e5f295cce1b460e2423f07326e812a201fac6ab594ecfc75eddfa81f46fd10fb",
+  "containerimage.digest": "sha256:6e32bb3f1afaf93e4e619d5655c43dcd1bf10e0d30aa8136e738484f1b0bd474"
 }

packages/system/dashboard/images/kubeapps-apis.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubeapps-apis:latest
+ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.3.1

packages/system/dashboard/images/kubeapps-apis/Dockerfile

@@ -1,19 +1,21 @@
-# Copyright 2021-2024 the Kubeapps contributors.
+# Copyright 2021-2023 the Kubeapps contributors.
 # SPDX-License-Identifier: Apache-2.0
 
 # syntax = docker/dockerfile:1
 
 FROM alpine as source
-ARG VERSION=v2.10.0
+ARG VERSION=v2.9.0
 RUN apk add --no-cache patch
 WORKDIR /source
 RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1
+COPY fix-flux.diff /patches/fix-flux.diff
 COPY labels.diff /patches/labels.diff
 COPY reconcile-strategy.diff /patches/reconcile-strategy.diff
+RUN patch -p1 < /patches/fix-flux.diff
 RUN patch -p1 < /patches/labels.diff
 RUN patch -p1 < /patches/reconcile-strategy.diff
 
-FROM bitnami/golang:1.22.2 as builder
+FROM bitnami/golang:1.21.1 as builder
 WORKDIR /go/src/github.com/vmware-tanzu/kubeapps
 COPY --from=source /source/go.mod /source/go.sum ./
 ARG VERSION="devel"
@@ -23,16 +25,16 @@ ARG TARGETARCH
 ARG lint
 
 # https://github.com/bufbuild/buf/releases/
-ARG BUF_VERSION="1.30.1"
+ARG BUF_VERSION="1.26.0"
 
 # https://github.com/golangci/golangci-lint/releases
-ARG GOLANGCILINT_VERSION="1.57.2"
+ARG GOLANGCILINT_VERSION="1.53.3"
 
 # https://github.com/grpc-ecosystem/grpc-health-probe/releases/
-ARG GRPC_HEALTH_PROBE_VERSION="0.4.25"
+ARG GRPC_HEALTH_PROBE_VERSION="0.4.19"
 
 # Install lint tools
-RUN if [ ! -z ${lint:-} ]; then \
+RUN if [ ! -z "$lint" ]; then \
     go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$GOLANGCILINT_VERSION; \
     fi
 
@@ -53,7 +55,7 @@ RUN --mount=type=cache,target=/go/pkg/mod  \
 COPY --from=source /source/pkg pkg
 COPY --from=source /source/cmd cmd
 
-RUN if [ ! -z ${lint:-} ]; then \
+RUN if [ ! -z "$lint" ]; then \
     # Run golangci-lint to detect issues
     golangci-lint run --timeout=10m ./cmd/kubeapps-apis/... && \
     golangci-lint run --timeout=10m ./pkg/...; \
@@ -65,7 +67,6 @@ RUN /tmp/buf lint ./cmd/kubeapps-apis
 # Build the main grpc server
 RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
-    GOPROXY="https://proxy.golang.org,direct" \
     go build \
     -ldflags "-X github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/cmd.version=$VERSION" \
     ./cmd/kubeapps-apis

packages/system/dashboard/images/kubeapps-apis/dockerfile.diff

@@ -1,27 +1,27 @@
+diff --git b/system/kubeapps/images/kubeapps-apis/Dockerfile a/system/kubeapps/images/kubeapps-apis/Dockerfile
+index e5fcd8c..f72964d 100644
 --- b/system/kubeapps/images/kubeapps-apis/Dockerfile
 +++ a/system/kubeapps/images/kubeapps-apis/Dockerfile
-@@ -3,9 +3,19 @@
+@@ -3,9 +3,17 @@
  
  # syntax = docker/dockerfile:1
  
 +FROM alpine as source
-+ARG VERSION=v2.10.0
++ARG VERSION=v2.9.0
 +RUN apk add --no-cache patch
 +WORKDIR /source
 +RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1
-+COPY labels.diff /patches/labels.diff
-+COPY reconcile-strategy.diff /patches/reconcile-strategy.diff
-+RUN patch -p1 < /patches/labels.diff
-+RUN patch -p1 < /patches/reconcile-strategy.diff
++COPY fix-flux.diff /patches/fix-flux.diff
++RUN patch -p1 < /patches/fix-flux.diff
 +
- FROM bitnami/golang:1.22.2 as builder
+ FROM bitnami/golang:1.21.1 as builder
  WORKDIR /go/src/github.com/vmware-tanzu/kubeapps
 -COPY go.mod go.sum ./
 +COPY --from=source /source/go.mod /source/go.sum ./
  ARG VERSION="devel"
  ARG TARGETARCH
  
-@@ -40,8 +52,8 @@
+@@ -40,8 +48,8 @@ RUN --mount=type=cache,target=/go/pkg/mod  \
  
  # We don't copy the pkg and cmd directories until here so the above layers can
  # be reused.
@@ -30,5 +30,5 @@
 +COPY --from=source /source/pkg pkg
 +COPY --from=source /source/cmd cmd
  
- RUN if [ ! -z ${lint:-} ]; then \
+ RUN if [ ! -z "$lint" ]; then \
      # Run golangci-lint to detect issues

packages/system/dashboard/images/kubeapps-apis/fix-flux.diff

@@ -0,0 +1,28 @@
+diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
+index 8886f4d479e..1ab08c074a5 100644
+--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
++++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
+@@ -579,9 +579,9 @@ func (s *repoEventSink) onAddRepo(key string, obj ctrlclient.Object) (interface{
+ // ref https://fluxcd.io/docs/components/source/helmrepositories/#status
+ func (s *repoEventSink) onAddHttpRepo(repo sourcev1.HelmRepository) ([]byte, bool, error) {
+ 	if artifact := repo.GetArtifact(); artifact != nil {
+-		if checksum := artifact.Checksum; checksum == "" {
++		if checksum := artifact.Digest; checksum == "" {
+ 			return nil, false, connect.NewError(connect.CodeInternal,
+-				fmt.Errorf("expected field status.artifact.checksum not found on HelmRepository\n[%s]",
++				fmt.Errorf("expected field status.artifact.digest not found on HelmRepository\n[%s]",
+ 					common.PrettyPrint(repo)))
+ 		} else {
+ 			return s.indexAndEncode(checksum, repo)
+@@ -721,9 +721,9 @@ func (s *repoEventSink) onModifyHttpRepo(key string, oldValue interface{}, repo
+ 	// ref https://fluxcd.io/docs/components/source/helmrepositories/#status
+ 	var newChecksum string
+ 	if artifact := repo.GetArtifact(); artifact != nil {
+-		if newChecksum = artifact.Checksum; newChecksum == "" {
++		if newChecksum = artifact.Digest; newChecksum == "" {
+ 			return nil, false, connect.NewError(connect.CodeInternal,
+-				fmt.Errorf("expected field status.artifact.checksum not found on HelmRepository\n[%s]",
++				fmt.Errorf("expected field status.artifact.digest not found on HelmRepository\n[%s]",
+ 					common.PrettyPrint(repo)))
+ 		}
+ 	} else {

packages/system/dashboard/images/kubeapps-apis/labels.diff

@@ -1,5 +1,5 @@
 diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-index c489cb6ca..8884a6484 100644
+index fe7ca772d..3b46afbd1 100644
 --- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
 +++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
 @@ -29,8 +29,10 @@ import (
@@ -16,7 +16,7 @@ index c489cb6ca..8884a6484 100644
 @@ -54,7 +56,10 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header,
  	// see any results created/updated/deleted after the first request is issued
  	// To fix this, we must make use of resourceVersion := relList.GetResourceVersion()
- 	var relList helmv2beta2.HelmReleaseList
+ 	var relList helmv2.HelmReleaseList
 -	if err = client.List(ctx, &relList); err != nil {
 +	listOptions := ctrlclient.ListOptions{
 +		LabelSelector: labels.SelectorFromSet(labels.Set{"cozystack.io/ui": "true"}),
@@ -25,18 +25,18 @@ index c489cb6ca..8884a6484 100644
  		return nil, connecterror.FromK8sError("list", "HelmRelease", namespace+"/*", err)
  	} else {
  		return relList.Items, nil
-@@ -512,6 +517,9 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
+@@ -511,6 +516,9 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
  		ObjectMeta: metav1.ObjectMeta{
- 			Name:      targetName.Name,
+ 			Name:      chart.Name + "-" + targetName.Name,
  			Namespace: targetName.Namespace,
 +			Labels: map[string]string{
 +				"cozystack.io/ui": "true",
 +			},
  		},
- 		Spec: helmv2beta2.HelmReleaseSpec{
- 			Chart: helmv2beta2.HelmChartTemplate{
+ 		Spec: helmv2.HelmReleaseSpec{
+ 			Chart: helmv2.HelmChartTemplate{
 diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
-index 790b21514..539276a17 100644
+index 1ab08c074..cd7b3b9aa 100644
 --- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
 +++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
 @@ -32,6 +32,7 @@ import (
@@ -49,7 +49,7 @@ index 790b21514..539276a17 100644
  	log "k8s.io/klog/v2"
 @@ -64,7 +65,8 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header,
  
- 	var repoList sourcev1beta2.HelmRepositoryList
+ 	var repoList sourcev1.HelmRepositoryList
  	listOptions := ctrlclient.ListOptions{
 -		Namespace: ns,
 +		Namespace:     ns,
@@ -57,13 +57,3 @@ index 790b21514..539276a17 100644
  	}
  	if err := client.List(backgroundCtx, &repoList, &listOptions); err != nil {
  		return nil, connecterror.FromK8sError("list", "HelmRepository", "", err)
-@@ -927,6 +929,9 @@ func newFluxHelmRepo(
- 		ObjectMeta: metav1.ObjectMeta{
- 			Name:      targetName.Name,
- 			Namespace: targetName.Namespace,
-+			Labels: map[string]string{
-+				"cozystack.io/ui": "true",
-+			},
- 		},
- 		Spec: sourcev1beta2.HelmRepositorySpec{
- 			URL:      url,

packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff

@@ -1,9 +1,9 @@
 diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-index 8884a6484..4bf77071c 100644
+index fe7ca772d..8111feb1c 100644
 --- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
 +++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-@@ -530,6 +530,7 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
- 						Kind:      sourcev1beta2.HelmRepositoryKind,
+@@ -521,6 +529,7 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
+ 						Kind:      sourcev1.HelmRepositoryKind,
  						Namespace: chart.Repo.Namespace,
  					},
 +					ReconcileStrategy: "Revision",

packages/system/dashboard/values.yaml

@@ -15,12 +15,3 @@ kubeapps:
       #serviceaccount-selector {
         display: none;
       }
-      .login-moreinfo {
-        display: none;
-      }
-      a[href="#/docs"] {
-        display: none;
-      }
-      .login-group .clr-form-control .clr-control-label {
-        display: none;
-      }