Positioning Cozystack as framework for building clouds

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-02-06 09:16:40 +00:00 · 2024-03-05 09:32:12 +01:00
249 changed files with 9560 additions and 56174 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1 @@
 _out
 .git
 .idea
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ You can use Cozystack as Kubernetes distribution for Bare Metal
 ## Documentation
-The documentation is located on official [cozystack.io](https://cozystack.io) website.
+The documentation is located on official [cozystack.io](cozystack.io) website.
 Read [Get Started](https://cozystack.io/docs/get-started/) section for a quick start.
@@ -44,8 +44,6 @@ If you encounter any difficulties, start with the [troubleshooting guide](https:
 Versioning adheres to the [Semantic Versioning](http://semver.org/) principles.  
 A full list of the available releases is available in the GitHub repository's [Release](https://github.com/aenix-io/cozystack/releases) section.
 - [Roadmap](https://github.com/orgs/aenix-io/projects/2)
 ## Contributions
 Contributions are highly appreciated and very welcomed!
--- a/hack/prepare_release.sh
+++ b/hack/prepare_release.sh
@@ -3,7 +3,7 @@ set -e
 if [ -e $1 ]; then
  echo "Please pass version in the first argument"
-  echo "Example: $0 0.2.0"
+  echo "Example: $0 v0.0.2"
  exit 1
 fi
@@ -12,14 +12,8 @@ talos_version=$(awk '/^version:/ {print $2}' packages/core/installer/images/talo
 set -x
-sed -i "/^TAG / s|=.*|= v${version}|" \
+sed -i "/^TAG / s|=.*|= ${version}|" \
  packages/apps/http-cache/Makefile \
  packages/apps/kubernetes/Makefile \
  packages/core/installer/Makefile \
  packages/system/dashboard/Makefile
 sed -i "/^VERSION / s|=.*|= ${version}|" \
  packages/core/Makefile \
  packages/system/Makefile
 make -C packages/core fix-chartnames
 make -C packages/system fix-chartnames
--- a/manifests/cozystack-installer.yaml
+++ b/manifests/cozystack-installer.yaml
@@ -70,7 +70,7 @@ spec:
      serviceAccountName: cozystack
      containers:
      - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.2.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.1.0"
        env:
        - name: KUBERNETES_SERVICE_HOST
          value: localhost
@@ -89,7 +89,7 @@ spec:
            fieldRef:
              fieldPath: metadata.name
      - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.2.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.1.0"
        command:
        - /usr/bin/darkhttpd
        - /cozystack/assets
@@ -102,6 +102,3 @@ spec:
      - key: "node.kubernetes.io/not-ready"
        operator: "Exists"
        effect: "NoSchedule"
      - key: "node.cilium.io/agent-not-ready"
        operator: "Exists"
        effect: "NoSchedule"
--- a/packages/apps/http-cache/Makefile
+++ b/packages/apps/http-cache/Makefile
@@ -2,7 +2,7 @@ PUSH := 1
 LOAD := 0
 REGISTRY := ghcr.io/aenix-io/cozystack
 NGINX_CACHE_TAG = v0.1.0
-TAG := v0.2.0
+TAG := v0.1.0
 image: image-nginx
--- a/packages/apps/http-cache/images/nginx-cache.json
+++ b/packages/apps/http-cache/images/nginx-cache.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:0487fc50bb5f870720b05e947185424a400fad38b682af8f1ca4b418ed3c5b4b",
+  "containerimage.config.digest": "sha256:318fd8d0d6f6127387042f6ad150e87023d1961c7c5059dd5324188a54b0ab4e",
-  "containerimage.digest": "sha256:be12f3834be0e2f129685f682fab83c871610985fc43668ce6a294c9de603798"
+  "containerimage.digest": "sha256:e3cf145238e6e45f7f13b9acaea445c94ff29f76a34ba9fa50828401a5a3cc68"
 }
--- a/packages/apps/kubernetes/Makefile
+++ b/packages/apps/kubernetes/Makefile
@@ -1,7 +1,7 @@
 PUSH := 1
 LOAD := 0
 REGISTRY := ghcr.io/aenix-io/cozystack
-TAG := v0.2.0
+TAG := v0.1.0
 UBUNTU_CONTAINER_DISK_TAG = v1.29.1
 image: image-ubuntu-container-disk
--- a/packages/apps/kubernetes/images/ubuntu-container-disk.json
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:43d0bfd01c5e364ba961f1e3dc2c7ccd7fd4ca65bd26bc8c4a5298d7ff2c9f4f",
+  "containerimage.config.digest": "sha256:ee8968be63c7c45621ec45f3687211e0875acb24e8d9784e8d2ebcbf46a3538c",
-  "containerimage.digest": "sha256:908b3c186bee86f1c9476317eb6582d07f19776b291aa068e5642f8fd08fa9e7"
+  "containerimage.digest": "sha256:16c3c07e74212585786dc1f1ae31d3ab90a575014806193e8e37d1d7751cb084"
 }
--- a/packages/core/Makefile
+++ b/packages/core/Makefile
@@ -1,6 +1,4 @@
 VERSION := 0.2.0
 gen: fix-chartnames
 fix-chartnames:
-	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do printf "name: cozy-%s\nversion: $(VERSION)\n" "$$i" > "$$i/Chart.yaml"; done
+	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do printf "name: cozy-%s\nversion: 1.0.0\n" "$$i" > "$$i/Chart.yaml"; done
--- a/packages/core/fluxcd/Makefile
+++ b/packages/core/fluxcd/Makefile
@@ -1,13 +0,0 @@
 NAMESPACE=cozy-fluxcd
 NAME=fluxcd
 API_VERSIONS_FLAGS=$(addprefix -a ,$(shell kubectl api-versions))
 show:
 	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS)
 apply:
 	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f-
 diff:
 	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f-
--- a/packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml
+++ b/packages/core/fluxcd/charts/flux2/templates/helm-controller.crds.yaml
--- a/packages/core/installer/Chart.yaml
+++ b/packages/core/installer/Chart.yaml
@@ -1,2 +1,2 @@
 name: cozy-installer
-version: 0.2.0
+version: 1.0.0
--- a/packages/core/installer/Makefile
+++ b/packages/core/installer/Makefile
@@ -1,9 +1,9 @@
-NAMESPACE=cozy-system
+NAMESPACE=cozy-installer
 NAME=installer
 PUSH := 1
 LOAD := 0
 REGISTRY := ghcr.io/aenix-io/cozystack
-TAG := v0.2.0
+TAG := v0.1.0
 TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' images/talos/profiles/installer.yaml)
 show:
@@ -21,7 +21,6 @@ update:
 image: image-cozystack image-talos image-matchbox
 image-cozystack:
 	make -C ../../.. repos
 	docker buildx build -f images/cozystack/Dockerfile ../../.. \
 		--provenance false \
 		--tag $(REGISTRY)/cozystack:$(TAG) \
--- a/packages/core/installer/images/cozystack.json
+++ b/packages/core/installer/images/cozystack.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:86175d33758c7f8c33396a3bea929c82c4181676e4ab269cfdb57a806d71528f",
+  "containerimage.config.digest": "sha256:ec8a4983a663f06a1503507482667a206e83e0d8d3663dff60ced9221855d6b0",
-  "containerimage.digest": "sha256:5fca385a497e8b50d06b5b01dde7dc46289e70c0e8a9eb0604939815c1275e39"
+  "containerimage.digest": "sha256:abb7b2fbc1f143c922f2a35afc4423a74b2b63c0bddfe620750613ed835aa861"
 }
--- a/packages/core/installer/images/cozystack.tag
+++ b/packages/core/installer/images/cozystack.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cozystack:v0.2.0
+ghcr.io/aenix-io/cozystack/cozystack:v0.1.0
--- a/packages/core/installer/images/matchbox.json
+++ b/packages/core/installer/images/matchbox.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:dc584f743bb73e04dcbebca7ab4f602f2c067190fd9609c3fd84412e83c20445",
+  "containerimage.config.digest": "sha256:b869a6324f9c0e6d1dd48eee67cbe3842ee14efd59bdde477736ad2f90568ff7",
-  "containerimage.digest": "sha256:39ab0bf769b269a8082eeb31a9672e39caa61dd342ba2157b954c642f54a32ff"
+  "containerimage.digest": "sha256:c30b237c5fa4fbbe47e1aba56e8f99569fe865620aa1953f31fc373794123cd7"
 }
--- a/packages/core/installer/templates/cozystack.yaml
+++ b/packages/core/installer/templates/cozystack.yaml
@@ -82,9 +82,6 @@ spec:
      - key: "node.kubernetes.io/not-ready"
        operator: "Exists"
        effect: "NoSchedule"
      - key: "node.cilium.io/agent-not-ready"
        operator: "Exists"
        effect: "NoSchedule"
 ---
 apiVersion: v1
 kind: Service
--- a/packages/core/platform/Chart.yaml
+++ b/packages/core/platform/Chart.yaml
@@ -1,2 +1,2 @@
 name: cozy-platform
-version: 0.2.0
+version: 1.0.0
--- a/packages/core/platform/Makefile
+++ b/packages/core/platform/Makefile
@@ -13,7 +13,7 @@ namespaces-show:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml
 namespaces-apply:
-	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -n $(NAMESPACE) -f-
+	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -f-
 diff:
-	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -f-
+	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl diff -f-
--- a/packages/core/platform/bundles/distro-full.yaml
+++ b/packages/core/platform/bundles/distro-full.yaml
@@ -1,102 +0,0 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 releases:
 - name: cilium
  releaseName: cilium
  chart: cozy-cilium
  namespace: cozy-cilium
  privileged: true
  dependsOn: []
  values:
    cilium:
      bpf:
        masquerade: true
      cni:
        chainingMode: ~
        customConf: false
        configMap: ""
      enableIPv4Masquerade: true
      enableIdentityMark: true
      ipv4NativeRoutingCIDR: "{{ index $cozyConfig.data "ipv4-pod-cidr" }}"
      autoDirectNodeRoutes: true
 - name: cert-manager
  releaseName: cert-manager
  chart: cozy-cert-manager
  namespace: cozy-cert-manager
  dependsOn: [cilium]
 - name: cert-manager-issuers
  releaseName: cert-manager-issuers
  chart: cozy-cert-manager-issuers
  namespace: cozy-cert-manager
  dependsOn: [cilium,cert-manager]
 - name: victoria-metrics-operator
  releaseName: victoria-metrics-operator
  chart: cozy-victoria-metrics-operator
  namespace: cozy-victoria-metrics-operator
  dependsOn: [cilium,cert-manager]
 - name: monitoring
  releaseName: monitoring
  chart: cozy-monitoring
  namespace: cozy-monitoring
  privileged: true
  dependsOn: [cilium,victoria-metrics-operator]
 - name: metallb
  releaseName: metallb
  chart: cozy-metallb
  namespace: cozy-metallb
  privileged: true
  dependsOn: [cilium]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
  namespace: cozy-grafana-operator
  dependsOn: [cilium]
 - name: mariadb-operator
  releaseName: mariadb-operator
  chart: cozy-mariadb-operator
  namespace: cozy-mariadb-operator
  dependsOn: [cilium,cert-manager,victoria-metrics-operator]
 - name: postgres-operator
  releaseName: postgres-operator
  chart: cozy-postgres-operator
  namespace: cozy-postgres-operator
  dependsOn: [cilium,cert-manager]
 - name: rabbitmq-operator
  releaseName: rabbitmq-operator
  chart: cozy-rabbitmq-operator
  namespace: cozy-rabbitmq-operator
  dependsOn: [cilium]
 - name: redis-operator
  releaseName: redis-operator
  chart: cozy-redis-operator
  namespace: cozy-redis-operator
  dependsOn: [cilium]
 - name: piraeus-operator
  releaseName: piraeus-operator
  chart: cozy-piraeus-operator
  namespace: cozy-linstor
  dependsOn: [cilium,cert-manager]
 - name: linstor
  releaseName: linstor
  chart: cozy-linstor
  namespace: cozy-linstor
  privileged: true
  dependsOn: [piraeus-operator,cilium,cert-manager]
 - name: telepresence
  releaseName: traffic-manager
  chart: cozy-telepresence
  namespace: cozy-telepresence
  dependsOn: []
--- a/packages/core/platform/bundles/distro-hosted.yaml
+++ b/packages/core/platform/bundles/distro-hosted.yaml
@@ -1,63 +0,0 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 releases:
 - name: cert-manager
  releaseName: cert-manager
  chart: cozy-cert-manager
  namespace: cozy-cert-manager
  dependsOn: []
 - name: cert-manager-issuers
  releaseName: cert-manager-issuers
  chart: cozy-cert-manager-issuers
  namespace: cozy-cert-manager
  dependsOn: [cert-manager]
 - name: victoria-metrics-operator
  releaseName: victoria-metrics-operator
  chart: cozy-victoria-metrics-operator
  namespace: cozy-victoria-metrics-operator
  dependsOn: [cert-manager]
 - name: monitoring
  releaseName: monitoring
  chart: cozy-monitoring
  namespace: cozy-monitoring
  privileged: true
  dependsOn: [victoria-metrics-operator]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
  namespace: cozy-grafana-operator
  dependsOn: []
 - name: mariadb-operator
  releaseName: mariadb-operator
  chart: cozy-mariadb-operator
  namespace: cozy-mariadb-operator
  dependsOn: [victoria-metrics-operator]
 - name: postgres-operator
  releaseName: postgres-operator
  chart: cozy-postgres-operator
  namespace: cozy-postgres-operator
  dependsOn: [cert-manager]
 - name: rabbitmq-operator
  releaseName: rabbitmq-operator
  chart: cozy-rabbitmq-operator
  namespace: cozy-rabbitmq-operator
  dependsOn: []
 - name: redis-operator
  releaseName: redis-operator
  chart: cozy-redis-operator
  namespace: cozy-redis-operator
  dependsOn: []
 - name: telepresence
  releaseName: traffic-manager
  chart: cozy-telepresence
  namespace: cozy-telepresence
  dependsOn: []
--- a/packages/core/platform/bundles/paas-full.yaml
+++ b/packages/core/platform/bundles/paas-full.yaml
@@ -1,171 +0,0 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 releases:
 - name: cilium
  releaseName: cilium
  chart: cozy-cilium
  namespace: cozy-cilium
  privileged: true
  dependsOn: []
 - name: kubeovn
  releaseName: kubeovn
  chart: cozy-kubeovn
  namespace: cozy-kubeovn
  privileged: true
  dependsOn: [cilium]
  values:
    cozystack:
      nodesHash: {{ include "cozystack.master-node-ips" . | sha256sum }}
    kube-ovn:
      ipv4:
        POD_CIDR: "{{ index $cozyConfig.data "ipv4-pod-cidr" }}"
        POD_GATEWAY: "{{ index $cozyConfig.data "ipv4-pod-gateway" }}"
        SVC_CIDR: "{{ index $cozyConfig.data "ipv4-svc-cidr" }}"
        JOIN_CIDR: "{{ index $cozyConfig.data "ipv4-join-cidr" }}"
 - name: cert-manager
  releaseName: cert-manager
  chart: cozy-cert-manager
  namespace: cozy-cert-manager
  dependsOn: [cilium,kubeovn]
 - name: cert-manager-issuers
  releaseName: cert-manager-issuers
  chart: cozy-cert-manager-issuers
  namespace: cozy-cert-manager
  dependsOn: [cilium,kubeovn,cert-manager]
 - name: victoria-metrics-operator
  releaseName: victoria-metrics-operator
  chart: cozy-victoria-metrics-operator
  namespace: cozy-victoria-metrics-operator
  dependsOn: [cilium,kubeovn,cert-manager]
 - name: monitoring
  releaseName: monitoring
  chart: cozy-monitoring
  namespace: cozy-monitoring
  privileged: true
  dependsOn: [cilium,kubeovn,victoria-metrics-operator]
 - name: kubevirt-operator
  releaseName: kubevirt-operator
  chart: cozy-kubevirt-operator
  namespace: cozy-kubevirt
  dependsOn: [cilium,kubeovn]
 - name: kubevirt
  releaseName: kubevirt
  chart: cozy-kubevirt
  namespace: cozy-kubevirt
  privileged: true
  dependsOn: [cilium,kubeovn,kubevirt-operator]
 - name: kubevirt-cdi-operator
  releaseName: kubevirt-cdi-operator
  chart: cozy-kubevirt-cdi-operator
  namespace: cozy-kubevirt-cdi
  dependsOn: [cilium,kubeovn]
 - name: kubevirt-cdi
  releaseName: kubevirt-cdi
  chart: cozy-kubevirt-cdi
  namespace: cozy-kubevirt-cdi
  dependsOn: [cilium,kubeovn,kubevirt-cdi-operator]
 - name: metallb
  releaseName: metallb
  chart: cozy-metallb
  namespace: cozy-metallb
  privileged: true
  dependsOn: [cilium,kubeovn]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
  namespace: cozy-grafana-operator
  dependsOn: [cilium,kubeovn]
 - name: mariadb-operator
  releaseName: mariadb-operator
  chart: cozy-mariadb-operator
  namespace: cozy-mariadb-operator
  dependsOn: [cilium,kubeovn,cert-manager,victoria-metrics-operator]
 - name: postgres-operator
  releaseName: postgres-operator
  chart: cozy-postgres-operator
  namespace: cozy-postgres-operator
  dependsOn: [cilium,kubeovn,cert-manager]
 - name: rabbitmq-operator
  releaseName: rabbitmq-operator
  chart: cozy-rabbitmq-operator
  namespace: cozy-rabbitmq-operator
  dependsOn: [cilium,kubeovn]
 - name: redis-operator
  releaseName: redis-operator
  chart: cozy-redis-operator
  namespace: cozy-redis-operator
  dependsOn: [cilium,kubeovn]
 - name: piraeus-operator
  releaseName: piraeus-operator
  chart: cozy-piraeus-operator
  namespace: cozy-linstor
  dependsOn: [cilium,kubeovn,cert-manager]
 - name: linstor
  releaseName: linstor
  chart: cozy-linstor
  namespace: cozy-linstor
  privileged: true
  dependsOn: [piraeus-operator,cilium,kubeovn,cert-manager]
 - name: telepresence
  releaseName: traffic-manager
  chart: cozy-telepresence
  namespace: cozy-telepresence
  dependsOn: [cilium,kubeovn]
 - name: dashboard
  releaseName: dashboard
  chart: cozy-dashboard
  namespace: cozy-dashboard
  dependsOn: [cilium,kubeovn]
  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }}
  {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }}
  values:
    kubeapps:
      redis:
        master:
          podAnnotations:
            {{- range $index, $repo := . }}
            {{- with (($repo.status).artifact).revision }}
            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
            {{- end }}
            {{- end }}
  {{- end }}
  {{- end }}
 - name: kamaji
  releaseName: kamaji
  chart: cozy-kamaji
  namespace: cozy-kamaji
  dependsOn: [cilium,kubeovn,cert-manager]
 - name: capi-operator
  releaseName: capi-operator
  chart: cozy-capi-operator
  namespace: cozy-cluster-api
  privileged: true
  dependsOn: [cilium,kubeovn,cert-manager]
 - name: capi-providers
  releaseName: capi-providers
  chart: cozy-capi-providers
  namespace: cozy-cluster-api
  privileged: true
  dependsOn: [cilium,kubeovn,capi-operator]
--- a/packages/core/platform/bundles/paas-hosted.yaml
+++ b/packages/core/platform/bundles/paas-hosted.yaml
@@ -1,89 +0,0 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 releases:
 - name: cert-manager
  releaseName: cert-manager
  chart: cozy-cert-manager
  namespace: cozy-cert-manager
  dependsOn: []
 - name: cert-manager-issuers
  releaseName: cert-manager-issuers
  chart: cozy-cert-manager-issuers
  namespace: cozy-cert-manager
  dependsOn: [cert-manager]
 - name: victoria-metrics-operator
  releaseName: victoria-metrics-operator
  chart: cozy-victoria-metrics-operator
  namespace: cozy-victoria-metrics-operator
  dependsOn: [cert-manager]
 - name: monitoring
  releaseName: monitoring
  chart: cozy-monitoring
  namespace: cozy-monitoring
  privileged: true
  dependsOn: [victoria-metrics-operator]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
  namespace: cozy-grafana-operator
  dependsOn: []
 - name: mariadb-operator
  releaseName: mariadb-operator
  chart: cozy-mariadb-operator
  namespace: cozy-mariadb-operator
  dependsOn: [cert-manager,victoria-metrics-operator]
 - name: postgres-operator
  releaseName: postgres-operator
  chart: cozy-postgres-operator
  namespace: cozy-postgres-operator
  dependsOn: [cert-manager]
 - name: rabbitmq-operator
  releaseName: rabbitmq-operator
  chart: cozy-rabbitmq-operator
  namespace: cozy-rabbitmq-operator
  dependsOn: []
 - name: redis-operator
  releaseName: redis-operator
  chart: cozy-redis-operator
  namespace: cozy-redis-operator
  dependsOn: []
 - name: piraeus-operator
  releaseName: piraeus-operator
  chart: cozy-piraeus-operator
  namespace: cozy-linstor
  dependsOn: [cert-manager]
 - name: telepresence
  releaseName: traffic-manager
  chart: cozy-telepresence
  namespace: cozy-telepresence
  dependsOn: []
 - name: dashboard
  releaseName: dashboard
  chart: cozy-dashboard
  namespace: cozy-dashboard
  dependsOn: []
  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }}
  {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }}
  values:
    kubeapps:
      redis:
        master:
          podAnnotations:
            {{- range $index, $repo := . }}
            {{- with (($repo.status).artifact).revision }}
            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
            {{- end }}
            {{- end }}
  {{- end }}
  {{- end }}
--- a/packages/core/platform/templates/_helpers.tpl
+++ b/packages/core/platform/templates/_helpers.tpl
@@ -1,7 +1,7 @@
 {{/*
 Get IP-addresses of master nodes
 */}}
-{{- define "cozystack.master-node-ips" -}}
+{{- define "master.nodeIPs" -}}
 {{- $nodes := lookup "v1" "Node" "" "" -}}
 {{- $ips := list -}}
 {{- range $node := $nodes.items -}}
--- a/packages/core/platform/templates/apps.yaml
+++ b/packages/core/platform/templates/apps.yaml
@@ -1,10 +1,7 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 {{- $bundleName := index $cozyConfig.data "bundle-name" }}
 {{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }}
 {{- $host := "example.org" }}
 {{- $tenantRoot := list }}
-{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2beta2" }}
+{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2beta1" }}
-{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2beta2" "HelmRelease" "tenant-root" "tenant-root" }}
+{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2beta1" "HelmRelease" "tenant-root" "tenant-root" }}
 {{- end }}
 {{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
 {{- $host = $tenantRoot.spec.values.host }}
@@ -22,7 +19,7 @@ metadata:
    namespace.cozystack.io/host: "{{ $host }}"
  name: tenant-root
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: tenant-root
@@ -48,9 +45,7 @@ spec:
  values:
    host: "{{ $host }}"
  dependsOn:
-  {{- range $x := $bundle.releases }}
+  - name: cilium
-  {{- if has $x.name (list "cilium" "kubeovn") }}
+    namespace: cozy-cilium
-  - name: {{ $x.name }}
+  - name: kubeovn
-    namespace: {{ $x.namespace }}
+    namespace: cozy-kubeovn
  {{- end }}
  {{- end }}
--- a/packages/core/platform/templates/helmreleases.yaml
+++ b/packages/core/platform/templates/helmreleases.yaml
@@ -1,27 +1,13 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
 {{- $bundleName := index $cozyConfig.data "bundle-name" }}
 {{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }}
 {{- $dependencyNamespaces := dict }}
 {{- $disabledComponents := splitList "," ((index $cozyConfig.data "bundle-disable") | default "") }}
 {{/* collect dependency namespaces from releases */}}
 {{- range $x := $bundle.releases }}
 {{- $_ := set $dependencyNamespaces $x.name $x.namespace }}
 {{- end }}
 {{- range $x := $bundle.releases }}
 {{- if not (has $x.name $disabledComponents) }}
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
-  name: {{ $x.name }}
+  name: cilium
-  namespace: {{ $x.namespace }}
+  namespace: cozy-cilium
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
-  releaseName: {{ $x.releaseName | default $x.name }}
+  releaseName: cilium
  install:
    remediation:
      retries: -1
@@ -30,31 +16,743 @@ spec:
      retries: -1
  chart:
    spec:
-      chart: {{ $x.chart }}
+      chart: cozy-cilium
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: kubeovn
  namespace: cozy-kubeovn
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: kubeovn
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-kubeovn
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  {{- $values := dict }}
  {{- with $x.values }}
  {{- $values = merge . $values }}
  {{- end }}
  {{- with index $cozyConfig.data (printf "values-%s" $x.name) }}
  {{- $values = merge (fromYaml .) $values }}
  {{- end }}
  {{- with $values }}
  values:
-    {{- toYaml . | nindent 4}}
+    cozystack:
-  {{- end }}
+      configHash: {{ index (lookup "v1" "ConfigMap" "cozy-system" "cozystack") "data" | toJson | sha256sum }}
-  {{- with $x.dependsOn }}
+      nodesHash: {{ include "master.nodeIPs" . | sha256sum }}
  dependsOn:
-  {{- range $dep := . }}
+  - name: cilium
-  {{- if not (has $dep $disabledComponents) }}
+    namespace: cozy-cilium
-  - name: {{ $dep }}
+---
-    namespace: {{ index $dependencyNamespaces $dep }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: cozy-fluxcd
  namespace: cozy-fluxcd
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: fluxcd
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-fluxcd
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: cert-manager
  namespace: cozy-cert-manager
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: cert-manager
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-cert-manager
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: cert-manager-issuers
  namespace: cozy-cert-manager
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: cert-manager-issuers
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-cert-manager-issuers
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: cert-manager
    namespace: cozy-cert-manager
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: victoria-metrics-operator
  namespace: cozy-victoria-metrics-operator
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: victoria-metrics-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-victoria-metrics-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: cert-manager
    namespace: cozy-cert-manager
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: monitoring
  namespace: cozy-monitoring
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: monitoring
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-monitoring
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: victoria-metrics-operator
    namespace: cozy-victoria-metrics-operator
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: kubevirt-operator
  namespace: cozy-kubevirt
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: kubevirt-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-kubevirt-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: kubevirt
  namespace: cozy-kubevirt
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: kubevirt
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-kubevirt
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: kubevirt-operator
    namespace: cozy-kubevirt
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: kubevirt-cdi-operator
  namespace: cozy-kubevirt-cdi
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: kubevirt-cdi-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-kubevirt-cdi-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: kubevirt-cdi
  namespace: cozy-kubevirt-cdi
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: kubevirt-cdi
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-kubevirt-cdi
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: kubevirt-cdi-operator
    namespace: cozy-kubevirt-cdi
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: metallb
  namespace: cozy-metallb
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: metallb
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-metallb
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: grafana-operator
  namespace: cozy-grafana-operator
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: grafana-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-grafana-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: mariadb-operator
  namespace: cozy-mariadb-operator
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: mariadb-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-mariadb-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: cert-manager
    namespace: cozy-cert-manager
  - name: victoria-metrics-operator
    namespace: cozy-victoria-metrics-operator
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: postgres-operator
  namespace: cozy-postgres-operator
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: postgres-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-postgres-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: cert-manager
    namespace: cozy-cert-manager
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: rabbitmq-operator
  namespace: cozy-rabbitmq-operator
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: rabbitmq-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-rabbitmq-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: redis-operator
  namespace: cozy-redis-operator
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: redis-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-redis-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: piraeus-operator
  namespace: cozy-linstor
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: piraeus-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-piraeus-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: cert-manager
    namespace: cozy-cert-manager
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: linstor
  namespace: cozy-linstor
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: linstor
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-linstor
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: piraeus-operator
    namespace: cozy-linstor
  - name: cert-manager
    namespace: cozy-cert-manager
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: telepresence
  namespace: cozy-telepresence
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: traffic-manager
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-telepresence
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: dashboard
  namespace: cozy-dashboard
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: dashboard
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-dashboard
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }}
  {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }}
  values:
    kubeapps:
      redis:
        master:
          podAnnotations:
            {{- range $index, $repo := . }}
            {{- with (($repo.status).artifact).revision }}
            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
            {{- end }}
            {{- end }}
  {{- end }}
-{{- end }}
+  {{- end }}
-{{- end }}
+---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: kamaji
  namespace: cozy-kamaji
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: kamaji
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-kamaji
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: cert-manager
    namespace: cozy-cert-manager
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: capi-operator
  namespace: cozy-cluster-api
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: capi-operator
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-capi-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
  - name: cert-manager
    namespace: cozy-cert-manager
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: capi-providers
  namespace: cozy-cluster-api
  labels:
    cozystack.io/repository: system
 spec:
  interval: 1m
  releaseName: capi-providers
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  chart:
    spec:
      chart: cozy-capi-providers
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
  dependsOn:
  - name: capi-operator
    namespace: cozy-cluster-api
  - name: cilium
    namespace: cozy-cilium
  - name: kubeovn
    namespace: cozy-kubeovn
--- a/packages/core/platform/templates/namespaces.yaml
+++ b/packages/core/platform/templates/namespaces.yaml
@@ -1,33 +1,13 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- range $ns := .Values.namespaces }}
 {{- $bundleName := index $cozyConfig.data "bundle-name" }}
 {{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }}
 {{- $namespaces := dict }}
 {{/* collect namespaces from releases */}}
 {{- range $x := $bundle.releases }}
 {{- if not (hasKey $namespaces $x.namespace) }}
 {{- $_ := set $namespaces $x.namespace false }}
 {{- end }}
 {{/* if at least one release requires a privileged namespace, then it should be privileged */}}
 {{- if or $x.privileged (index $namespaces $x.namespace) }}
 {{- $_ := set $namespaces $x.namespace true }}
 {{- end }}
 {{- end }}
 {{/* Add extra namespaces */}}
 {{- $_ := set $namespaces "cozy-public" false }}
 {{- $_ := set $namespaces "cozy-fluxcd" false }}
 {{- range $namespace, $privileged := $namespaces }}
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    "helm.sh/resource-policy": keep
-  {{- if $privileged }}
+  {{- if $ns.privileged }}
  labels:
    pod-security.kubernetes.io/enforce: privileged
  {{- end }}
-  name: {{ $namespace }}
+  name: {{ $ns.name }}
 {{- end }}
--- a/packages/core/platform/values.yaml
+++ b/packages/core/platform/values.yaml
@@ -0,0 +1,30 @@
 namespaces:
 - name: cozy-public
 - name: cozy-system
  privileged: true
 - name: cozy-cert-manager
 - name: cozy-cilium
  privileged: true
 - name: cozy-fluxcd
 - name: cozy-grafana-operator
 - name: cozy-kamaji
 - name: cozy-cluster-api
  privileged: true # for capk only
 - name: cozy-dashboard
 - name: cozy-kubeovn
  privileged: true
 - name: cozy-kubevirt
  privileged: true
 - name: cozy-kubevirt-cdi
 - name: cozy-linstor
  privileged: true
 - name: cozy-mariadb-operator
 - name: cozy-metallb
  privileged: true
 - name: cozy-monitoring
  privileged: true
 - name: cozy-postgres-operator
 - name: cozy-rabbitmq-operator
 - name: cozy-redis-operator
 - name: cozy-telepresence
 - name: cozy-victoria-metrics-operator
--- a/packages/system/Makefile
+++ b/packages/system/Makefile
@@ -1,5 +1,4 @@
 OUT=../../_out/repos/system
 VERSION := 0.2.0
 gen: fix-chartnames
@@ -10,4 +9,4 @@ repo: fix-chartnames
 	cd "$(OUT)" && helm repo index .
 fix-chartnames:
-	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do printf "name: cozy-%s\nversion: $(VERSION)\n" "$$i" > "$$i/Chart.yaml"; done
+	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do printf "name: cozy-%s\nversion: 1.0.0\n" "$$i" > "$$i/Chart.yaml"; done
--- a/packages/system/capi-operator/Chart.yaml
+++ b/packages/system/capi-operator/Chart.yaml
@@ -1,2 +1,2 @@
 name: cozy-capi-operator
-version: 0.2.0
+version: 1.0.0
--- a/packages/system/capi-providers/Chart.yaml
+++ b/packages/system/capi-providers/Chart.yaml
@@ -1,2 +1,2 @@
 name: cozy-capi-providers
-version: 0.2.0
+version: 1.0.0
--- a/packages/system/cert-manager-issuers/Chart.yaml
+++ b/packages/system/cert-manager-issuers/Chart.yaml
@@ -1,2 +1,2 @@
 name: cozy-cert-manager-issuers
-version: 0.2.0
+version: 1.0.0
--- a/packages/system/cert-manager/Chart.yaml
+++ b/packages/system/cert-manager/Chart.yaml
@@ -1,2 +1,2 @@
 name: cozy-cert-manager
-version: 0.2.0
+version: 1.0.0
--- a/packages/system/cilium/Chart.yaml
+++ b/packages/system/cilium/Chart.yaml
@@ -1,2 +1,2 @@
 name: cozy-cilium
-version: 0.2.0
+version: 1.0.0
--- a/packages/system/cilium/Makefile
+++ b/packages/system/cilium/Makefile
@@ -2,18 +2,18 @@ NAMESPACE=cozy-cilium
 NAME=cilium
 show:
-	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm template --dry-run=server -n $(NAMESPACE) $(NAME) . -f -
+	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
 apply:
-	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm upgrade -i -n $(NAMESPACE) $(NAME) . -f -
+	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 diff:
-	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) . -f -
+	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
 update:
 	rm -rf charts
 	helm repo add cilium https://helm.cilium.io/
 	helm repo update cilium
-	helm pull cilium/cilium --untar --untardir charts --version 1.14
+	helm pull cilium/cilium --untar --untardir charts
 	sed -i -e '/Used in iptables/d' -e '/SYS_MODULE/d' charts/cilium/values.yaml
-	patch -p3 --no-backup-if-mismatch < patches/fix-cgroups.patch
+	patch -p3 < patches/fix-cgroups.patch
--- a/packages/system/cilium/charts/cilium/Chart.yaml
+++ b/packages/system/cilium/charts/cilium/Chart.yaml
@@ -122,7 +122,7 @@ annotations:
      description: |
        CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).
 apiVersion: v2
-appVersion: 1.14.9
+appVersion: 1.14.5
 description: eBPF-based Networking, Security, and Observability
 home: https://cilium.io/
 icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.14/Documentation/images/logo-solo.svg
@@ -138,4 +138,4 @@ kubeVersion: '>= 1.16.0-0'
 name: cilium
 sources:
 - https://github.com/cilium/cilium
-version: 1.14.9
+version: 1.14.5
--- a/packages/system/cilium/charts/cilium/README.md
+++ b/packages/system/cilium/charts/cilium/README.md
@@ -1,6 +1,6 @@
 # cilium
-![Version: 1.14.9](https://img.shields.io/badge/Version-1.14.9-informational?style=flat-square) ![AppVersion: 1.14.9](https://img.shields.io/badge/AppVersion-1.14.9-informational?style=flat-square)
+![Version: 1.14.5](https://img.shields.io/badge/Version-1.14.5-informational?style=flat-square) ![AppVersion: 1.14.5](https://img.shields.io/badge/AppVersion-1.14.5-informational?style=flat-square)
 Cilium is open source software for providing and transparently securing
 network connectivity and loadbalancing between application workloads such as
@@ -76,7 +76,7 @@ contributors across the globe, there is almost always someone available to help.
 | authentication.mutual.spire.install.agent.securityContext | object | `{}` | Security context to be added to spire agent containers. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container |
 | authentication.mutual.spire.install.agent.serviceAccount | object | `{"create":true,"name":"spire-agent"}` | SPIRE agent service account |
 | authentication.mutual.spire.install.agent.skipKubeletVerification | bool | `true` | SPIRE Workload Attestor kubelet verification. |
-| authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
+| authentication.mutual.spire.install.agent.tolerations | list | `[]` | SPIRE agent tolerations configuration ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
 | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true |
 | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into |
 | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration |
@@ -155,12 +155,12 @@ contributors across the globe, there is almost always someone available to help.
 | clustermesh.apiserver.extraEnv | list | `[]` | Additional clustermesh-apiserver environment variables. |
 | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. |
 | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. |
-| clustermesh.apiserver.image | object | `{"digest":"sha256:5c16f8b8e22ce41e11998e70846fbcecea3a6b683a38253809ead8d871f6d8a3","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.14.9","useDigest":true}` | Clustermesh API server image. |
+| clustermesh.apiserver.image | object | `{"digest":"sha256:7eaa35cf5452c43b1f7d0cde0d707823ae7e49965bcb54c053e31ea4e04c3d96","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.14.5","useDigest":true}` | Clustermesh API server image. |
 | clustermesh.apiserver.kvstoremesh.enabled | bool | `false` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. |
 | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. |
 | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. |
 | clustermesh.apiserver.kvstoremesh.extraVolumeMounts | list | `[]` | Additional KVStoreMesh volumeMounts. |
-| clustermesh.apiserver.kvstoremesh.image | object | `{"digest":"sha256:9d9efb25806660f3663b9cd803fb8679f2b115763470002a9770e2c1eb1e5b22","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/kvstoremesh","tag":"v1.14.9","useDigest":true}` | KVStoreMesh image. |
+| clustermesh.apiserver.kvstoremesh.image | object | `{"digest":"sha256:d7137edd0efa2b1407b20088af3980a9993bb616d85bf9b55ea2891d1b99023a","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/kvstoremesh","tag":"v1.14.5","useDigest":true}` | KVStoreMesh image. |
 | clustermesh.apiserver.kvstoremesh.resources | object | `{}` | Resource requests and limits for the KVStoreMesh container |
 | clustermesh.apiserver.kvstoremesh.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | KVStoreMesh Security context |
 | clustermesh.apiserver.metrics.enabled | bool | `true` | Enables exporting apiserver metrics in OpenMetrics format. |
@@ -300,7 +300,7 @@ contributors across the globe, there is almost always someone available to help.
 | eni.subnetIDsFilter | list | `[]` | Filter via subnet IDs which will dictate which subnets are going to be used to create new ENIs Important note: This requires that each instance has an ENI with a matching subnet attached when Cilium is deployed. If you only want to control subnets for ENIs attached by Cilium, use the CNI configuration file settings (cni.customConf) instead. |
 | eni.subnetTagsFilter | list | `[]` | Filter via tags (k=v) which will dictate which subnets are going to be used to create new ENIs Important note: This requires that each instance has an ENI with a matching subnet attached when Cilium is deployed. If you only want to control subnets for ENIs attached by Cilium, use the CNI configuration file settings (cni.customConf) instead. |
 | eni.updateEC2AdapterLimitViaAPI | bool | `true` | Update ENI Adapter limits from the EC2 API |
-| envoy.affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"cilium.io/no-schedule","operator":"NotIn","values":["true"]}]}]}},"podAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium"}},"topologyKey":"kubernetes.io/hostname"}]},"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium-envoy"}},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for cilium-envoy. |
+| envoy.affinity | object | `{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium-envoy"}},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for cilium-envoy. |
 | envoy.connectTimeoutSeconds | int | `2` | Time in seconds after which a TCP connection attempt times out |
 | envoy.dnsPolicy | string | `nil` | DNS policy for Cilium envoy pods. Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy |
 | envoy.enabled | bool | `false` | Enable Envoy Proxy in standalone DaemonSet. |
@@ -312,7 +312,7 @@ contributors across the globe, there is almost always someone available to help.
 | envoy.extraVolumes | list | `[]` | Additional envoy volumes. |
 | envoy.healthPort | int | `9878` | TCP port for the health API. |
 | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s |
-| envoy.image | object | `{"digest":"sha256:39b75548447978230dedcf25da8940e4d3540c741045ef391a8e74dbb9661a86","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.26.7-bbde4095997ea57ead209f56158790d47224a0f5","useDigest":true}` | Envoy container image. |
+| envoy.image | object | `{"digest":"sha256:992998398dadfff7117bfa9fdb7c9474fefab7f0237263f7c8114e106c67baca","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.26.6-ad82c7c56e88989992fd25d8d67747de865c823b","useDigest":true}` | Envoy container image. |
 | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe |
 | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe |
 | envoy.log.format | string | `"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"` | The format string to use for laying out the log message metadata of Envoy. |
@@ -324,15 +324,14 @@ contributors across the globe, there is almost always someone available to help.
 | envoy.podLabels | object | `{}` | Labels to be added to envoy pods |
 | envoy.podSecurityContext | object | `{}` | Security Context for cilium-envoy pods. |
 | envoy.priorityClassName | string | `nil` | The priority class to use for cilium-envoy. |
 | envoy.prometheus | object | `{"enabled":true,"port":"9964","serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}]}}` | Configure Cilium Envoy Prometheus options. Note that some of these apply to either cilium-agent or cilium-envoy. |
 | envoy.prometheus.enabled | bool | `true` | Enable prometheus metrics for cilium-envoy |
 | envoy.prometheus.port | string | `"9964"` | Serve prometheus metrics for cilium-envoy on the configured port |
 | envoy.prometheus.serviceMonitor.annotations | object | `{}` | Annotations to add to ServiceMonitor cilium-envoy |
-| envoy.prometheus.serviceMonitor.enabled | bool | `false` | Enable service monitors. This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) Note that this setting applies to both cilium-envoy _and_ cilium-agent with Envoy enabled. |
+| envoy.prometheus.serviceMonitor.enabled | bool | `false` | Enable service monitors. This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) |
 | envoy.prometheus.serviceMonitor.interval | string | `"10s"` | Interval for scrape metrics. |
 | envoy.prometheus.serviceMonitor.labels | object | `{}` | Labels to add to ServiceMonitor cilium-envoy |
-| envoy.prometheus.serviceMonitor.metricRelabelings | string | `nil` | Metrics relabeling configs for the ServiceMonitor cilium-envoy or for cilium-agent with Envoy configured. |
+| envoy.prometheus.serviceMonitor.metricRelabelings | string | `nil` | Metrics relabeling configs for the ServiceMonitor cilium-envoy |
-| envoy.prometheus.serviceMonitor.relabelings | list | `[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}]` | Relabeling configs for the ServiceMonitor cilium-envoy or for cilium-agent with Envoy configured. |
+| envoy.prometheus.serviceMonitor.relabelings | list | `[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}]` | Relabeling configs for the ServiceMonitor cilium-envoy |
 | envoy.readinessProbe.failureThreshold | int | `3` | failure threshold of readiness probe |
 | envoy.readinessProbe.periodSeconds | int | `30` | interval between checks of the readiness probe |
 | envoy.resources | object | `{}` | Envoy resource limits & requests ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
@@ -419,7 +418,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. |
 | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay |
 | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay |
-| hubble.relay.image | object | `{"digest":"sha256:f506f3c6e0a979437cde79eb781654fda4f10ddb5642cebc4dc81254cfb7eeaa","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.14.9","useDigest":true}` | Hubble-relay container image. |
+| hubble.relay.image | object | `{"digest":"sha256:dbef89f924a927043d02b40c18e417c1ea0e8f58b44523b80fef7e3652db24d4","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.14.5","useDigest":true}` | Hubble-relay container image. |
 | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. |
 | hubble.relay.listenPort | string | `"4245"` | Port to listen to. |
 | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
@@ -476,7 +475,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.ui.backend.extraEnv | list | `[]` | Additional hubble-ui backend environment variables. |
 | hubble.ui.backend.extraVolumeMounts | list | `[]` | Additional hubble-ui backend volumeMounts. |
 | hubble.ui.backend.extraVolumes | list | `[]` | Additional hubble-ui backend volumes. |
-| hubble.ui.backend.image | object | `{"digest":"sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.0","useDigest":true}` | Hubble-ui backend image. |
+| hubble.ui.backend.image | object | `{"digest":"sha256:1f86f3400827a0451e6332262467f894eeb7caf0eb8779bd951e2caa9d027cbe","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.12.1","useDigest":true}` | Hubble-ui backend image. |
 | hubble.ui.backend.resources | object | `{}` | Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment. |
 | hubble.ui.backend.securityContext | object | `{}` | Hubble-ui backend security context. |
 | hubble.ui.baseUrl | string | `"/"` | Defines base url prefix for all hubble-ui http requests. It needs to be changed in case if ingress for hubble-ui is configured under some sub-path. Trailing `/` is required for custom path, ex. `/service-map/` |
@@ -484,7 +483,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.ui.frontend.extraEnv | list | `[]` | Additional hubble-ui frontend environment variables. |
 | hubble.ui.frontend.extraVolumeMounts | list | `[]` | Additional hubble-ui frontend volumeMounts. |
 | hubble.ui.frontend.extraVolumes | list | `[]` | Additional hubble-ui frontend volumes. |
-| hubble.ui.frontend.image | object | `{"digest":"sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.0","useDigest":true}` | Hubble-ui frontend image. |
+| hubble.ui.frontend.image | object | `{"digest":"sha256:9e5f81ee747866480ea1ac4630eb6975ff9227f9782b7c93919c081c33f38267","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.12.1","useDigest":true}` | Hubble-ui frontend image. |
 | hubble.ui.frontend.resources | object | `{}` | Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment. |
 | hubble.ui.frontend.securityContext | object | `{}` | Hubble-ui frontend security context. |
 | hubble.ui.frontend.server.ipv6 | object | `{"enabled":true}` | Controls server listener for ipv6 |
@@ -511,7 +510,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. |
 | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). |
 | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. |
-| image | object | `{"digest":"sha256:4ef1eb7a3bc39d0fefe14685e6c0d4e01301c40df2a89bc93ffca9a1ab927301","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.9","useDigest":true}` | Agent container image. |
+| image | object | `{"digest":"sha256:d3b287029755b6a47dee01420e2ea469469f1b174a2089c10af7e5e9289ef05b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.5","useDigest":true}` | Agent container image. |
 | imagePullSecrets | string | `nil` | Configure image pull secrets for pulling container images |
 | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set |
 | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. |
@@ -619,7 +618,7 @@ contributors across the globe, there is almost always someone available to help.
 | operator.extraVolumes | list | `[]` | Additional cilium-operator volumes. |
 | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. |
 | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. |
-| operator.image | object | `{"alibabacloudDigest":"sha256:765314779093b54750f83280f009229f20fe1f28466a633d9bb4143d2ad669c5","awsDigest":"sha256:041ad5b49ae63ba0f1974e1a1d9ebf9f52541cd2813088fa687f9d544125a1ec","azureDigest":"sha256:2d3b9d868eb03fa9256d34192a734a2abab283f527a9c97b7cefcd3401649d17","genericDigest":"sha256:1552d653870dd8ebbd16ee985a5497dd78a2097370978b0cfbd2da2072f30712","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.14.9","useDigest":true}` | cilium-operator image. |
+| operator.image | object | `{"alibabacloudDigest":"sha256:e0152c498ba73c56a82eee2a706c8f400e9a6999c665af31a935bdf08e659bc3","awsDigest":"sha256:785ccf1267d0ed3ba9e4bd8166577cb4f9e4ce996af26b27c9d5c554a0d5b09a","azureDigest":"sha256:9203f5583aa34e716d7a6588ebd144e43ce3b77873f578fc12b2679e33591353","genericDigest":"sha256:303f9076bdc73b3fc32aaedee64a14f6f44c8bb08ee9e3956d443021103ebe7a","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.14.5","useDigest":true}` | cilium-operator image. |
 | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. |
 | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
 | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods |
@@ -666,7 +665,7 @@ contributors across the globe, there is almost always someone available to help.
 | preflight.extraEnv | list | `[]` | Additional preflight environment variables. |
 | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. |
 | preflight.extraVolumes | list | `[]` | Additional preflight volumes. |
-| preflight.image | object | `{"digest":"sha256:4ef1eb7a3bc39d0fefe14685e6c0d4e01301c40df2a89bc93ffca9a1ab927301","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.9","useDigest":true}` | Cilium pre-flight image. |
+| preflight.image | object | `{"digest":"sha256:d3b287029755b6a47dee01420e2ea469469f1b174a2089c10af7e5e9289ef05b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.5","useDigest":true}` | Cilium pre-flight image. |
 | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
 | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods |
 | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
--- a/packages/system/cilium/charts/cilium/files/agent/poststart-eni.bash
+++ b/packages/system/cilium/charts/cilium/files/agent/poststart-eni.bash
@@ -11,9 +11,9 @@ set -o nounset
 # dependencies on anything that is part of the startup script
 # itself, and can be safely run multiple times per node (e.g. in
 # case of a restart).
-if [[ "$(iptables-save | grep -E -c 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN')" != "0" ]];
+if [[ "$(iptables-save | grep -c 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN')" != "0" ]];
 then
    echo 'Deleting iptables rules created by the AWS CNI VPC plugin'
-    iptables-save | grep -E -v 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN' | iptables-restore
+    iptables-save | grep -v 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN' | iptables-restore
 fi
 echo 'Done!'
--- a/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash
+++ b/packages/system/cilium/charts/cilium/files/nodeinit/startup.bash
@@ -100,7 +100,7 @@ then
    # Since that version containerd no longer allows missing configuration for the CNI,
    # not even for pods with hostNetwork set to true. Thus, we add a temporary one.
    # This will be replaced with the real config by the agent pod.
-    echo -e '{\n\t"cniVersion": "0.3.1",\n\t"name": "cilium",\n\t"type": "cilium-cni"\n}' > /etc/cni/net.d/05-cilium.conf
+    echo -e "{\n\t"cniVersion": "0.3.1",\n\t"name": "cilium",\n\t"type": "cilium-cni"\n}" > /etc/cni/net.d/05-cilium.conf
  fi
  # Start containerd. It won't create it's CNI configuration file anymore.
--- a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
+++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
@@ -447,9 +447,6 @@ spec:
        volumeMounts:
        - name: tmp
          mountPath: /tmp
        {{- with .Values.extraVolumeMounts }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
        terminationMessagePolicy: FallbackToLogsOnError
      {{- if .Values.cgroup.autoMount.enabled }}
      # Required to mount cgroup2 filesystem on the underlying Kubernetes node.
--- a/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml
+++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/servicemonitor.yaml
@@ -34,20 +34,6 @@ spec:
    metricRelabelings:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- if .Values.envoy.prometheus.serviceMonitor.enabled }}
  - port: envoy-metrics
    interval: {{ .Values.envoy.prometheus.serviceMonitor.interval | quote }}
    honorLabels: true
    path: /metrics
    {{- with .Values.envoy.prometheus.serviceMonitor.relabelings }}
    relabelings:
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.envoy.prometheus.serviceMonitor.metricRelabelings }}
    metricRelabelings:
    {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- end }}
  targetLabels:
  - k8s-app
 {{- end }}
--- a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml
+++ b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml
@@ -13,7 +13,6 @@
 {{- $fragmentTracking := "true" -}}
 {{- $defaultKubeProxyReplacement := "false" -}}
 {{- $azureUsePrimaryAddress := "true" -}}
 {{- $defaultDNSProxyEnableTransparentMode := "false" -}}
 {{- /* Default values when 1.8 was initially deployed */ -}}
 {{- if semverCompare ">=1.8" (default "1.8" .Values.upgradeCompatibility) -}}
@@ -49,7 +48,6 @@
      {{- $azureUsePrimaryAddress = "false" -}}
  {{- end }}
  {{- $defaultKubeProxyReplacement = "disabled" -}}
  {{- $defaultDNSProxyEnableTransparentMode = "true" -}}
 {{- end -}}
 {{- /* Default values when 1.14 was initially deployed */ -}}
@@ -432,16 +430,10 @@ data:
  #   - vxlan (default)
  #   - geneve
 {{- if .Values.gke.enabled }}
  {{- if ne (.Values.routingMode | default "native") "native" }}
    {{- fail (printf "RoutingMode must be set to native when gke.enabled=true" )}}
  {{- end }}
  routing-mode: "native"
  enable-endpoint-routes: "true"
  enable-local-node-route: "false"
 {{- else if .Values.aksbyocni.enabled }}
  {{- if ne (.Values.routingMode | default "tunnel") "tunnel" }}
    {{- fail (printf "RoutingMode must be set to tunnel when aksbyocni.enabled=true" )}}
  {{- end }}
  routing-mode: "tunnel"
  tunnel-protocol: "vxlan"
 {{- else if .Values.routingMode }}
@@ -1100,13 +1092,6 @@ data:
 {{- end }}
 {{- if .Values.dnsProxy }}
  {{- if hasKey .Values.dnsProxy "enableTransparentMode" }}
  # explicit setting gets precedence
  dnsproxy-enable-transparent-mode: {{ .Values.dnsProxy.enableTransparentMode | quote }}
  {{- else if eq $cniChainingMode "none" }}
  # default DNS proxy to transparent mode in non-chaining modes
  dnsproxy-enable-transparent-mode: {{ $defaultDNSProxyEnableTransparentMode | quote }}
  {{- end }}
  {{- if .Values.dnsProxy.dnsRejectResponseCode }}
  tofqdns-dns-reject-response-code: {{ .Values.dnsProxy.dnsRejectResponseCode | quote }}
  {{- end }}
--- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml
+++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/daemonset.yaml
@@ -82,7 +82,7 @@ spec:
        {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }}
        startupProbe:
          httpGet:
-            host: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }}
+            host: "localhost"
            path: /healthz
            port: {{ .Values.envoy.healthPort }}
            scheme: HTTP
@@ -92,7 +92,7 @@ spec:
        {{- end }}
        livenessProbe:
          httpGet:
-            host: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }}
+            host: "localhost"
            path: /healthz
            port: {{ .Values.envoy.healthPort }}
            scheme: HTTP
@@ -110,7 +110,7 @@ spec:
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
-            host: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }}
+            host: "localhost"
            path: /healthz
            port: {{ .Values.envoy.healthPort }}
            scheme: HTTP
--- a/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml
+++ b/packages/system/cilium/charts/cilium/templates/cilium-envoy/servicemonitor.yaml
@@ -7,7 +7,6 @@ metadata:
  namespace: {{ .Values.envoy.prometheus.serviceMonitor.namespace | default .Release.Namespace }}
  labels:
    app.kubernetes.io/part-of: cilium
    app.kubernetes.io/name: cilium-envoy
    {{- with .Values.envoy.prometheus.serviceMonitor.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
@@ -23,7 +22,7 @@ spec:
    matchNames:
    - {{ .Release.Namespace }}
  endpoints:
-  - port: envoy-metrics
+  - port: metrics
    interval: {{ .Values.envoy.prometheus.serviceMonitor.interval | quote }}
    honorLabels: true
    path: /metrics
--- a/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml
+++ b/packages/system/cilium/charts/cilium/templates/cilium-preflight/daemonset.yaml
@@ -66,13 +66,8 @@ spec:
              - /tmp/ready
            initialDelaySeconds: 5
            periodSeconds: 5
          env:
          - name: K8S_NODE_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: spec.nodeName
          {{- with .Values.preflight.extraEnv }}
          env:
            {{- toYaml . | trim | nindent 12 }}
          {{- end }}
          volumeMounts:
--- a/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml
+++ b/packages/system/cilium/charts/cilium/templates/spire/agent/daemonset.yaml
@@ -88,12 +88,10 @@ spec:
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      tolerations:
      {{- with .Values.authentication.mutual.spire.install.agent.tolerations }}
      tolerations:
        {{- toYaml . | trim | nindent 8 }}
      {{- end }}
        - key:  {{ .Values.agentNotReadyTaintKey | default "node.cilium.io/agent-not-ready" }}
          effect: NoSchedule
      volumes:
        - name: spire-config
          configMap:
--- a/packages/system/cilium/charts/cilium/values.yaml
+++ b/packages/system/cilium/charts/cilium/values.yaml
@@ -143,10 +143,10 @@ rollOutCiliumPods: false
 image:
  override: ~
  repository: "quay.io/cilium/cilium"
-  tag: "v1.14.9"
+  tag: "v1.14.5"
  pullPolicy: "IfNotPresent"
  # cilium-digest
-  digest: "sha256:4ef1eb7a3bc39d0fefe14685e6c0d4e01301c40df2a89bc93ffca9a1ab927301"
+  digest: "sha256:d3b287029755b6a47dee01420e2ea469469f1b174a2089c10af7e5e9289ef05b"
  useDigest: true
 # -- Affinity for cilium-agent.
@@ -1109,9 +1109,9 @@ hubble:
    image:
      override: ~
      repository: "quay.io/cilium/hubble-relay"
-      tag: "v1.14.9"
+      tag: "v1.14.5"
       # hubble-relay-digest
-      digest: "sha256:f506f3c6e0a979437cde79eb781654fda4f10ddb5642cebc4dc81254cfb7eeaa"
+      digest: "sha256:dbef89f924a927043d02b40c18e417c1ea0e8f58b44523b80fef7e3652db24d4"
      useDigest: true
      pullPolicy: "IfNotPresent"
@@ -1337,8 +1337,8 @@ hubble:
      image:
        override: ~
        repository: "quay.io/cilium/hubble-ui-backend"
-        tag: "v0.13.0"
+        tag: "v0.12.1"
-        digest: "sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803"
+        digest: "sha256:1f86f3400827a0451e6332262467f894eeb7caf0eb8779bd951e2caa9d027cbe"
        useDigest: true
        pullPolicy: "IfNotPresent"
@@ -1368,8 +1368,8 @@ hubble:
      image:
        override: ~
        repository: "quay.io/cilium/hubble-ui"
-        tag: "v0.13.0"
+        tag: "v0.12.1"
-        digest: "sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666"
+        digest: "sha256:9e5f81ee747866480ea1ac4630eb6975ff9227f9782b7c93919c081c33f38267"
        useDigest: true
        pullPolicy: "IfNotPresent"
@@ -1853,9 +1853,9 @@ envoy:
  image:
    override: ~
    repository: "quay.io/cilium/cilium-envoy"
-    tag: "v1.26.7-bbde4095997ea57ead209f56158790d47224a0f5"
+    tag: "v1.26.6-ad82c7c56e88989992fd25d8d67747de865c823b"
    pullPolicy: "IfNotPresent"
-    digest: "sha256:39b75548447978230dedcf25da8940e4d3540c741045ef391a8e74dbb9661a86"
+    digest: "sha256:992998398dadfff7117bfa9fdb7c9474fefab7f0237263f7c8114e106c67baca"
    useDigest: true
  # -- Additional containers added to the cilium Envoy DaemonSet.
@@ -1968,20 +1968,7 @@ envoy:
        labelSelector:
          matchLabels:
            k8s-app: cilium-envoy
-    podAffinity:
+
      requiredDuringSchedulingIgnoredDuringExecution:
      - topologyKey: kubernetes.io/hostname
        labelSelector:
          matchLabels:
            k8s-app: cilium
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          - matchExpressions:
            - key: cilium.io/no-schedule
              operator: NotIn
              values:
              - "true"
  # -- Node selector for cilium-envoy.
  nodeSelector:
    kubernetes.io/os: linux
@@ -2002,16 +1989,12 @@ envoy:
  # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
  dnsPolicy: ~
  # -- Configure Cilium Envoy Prometheus options.
  # Note that some of these apply to either cilium-agent or cilium-envoy.
  prometheus:
    # -- Enable prometheus metrics for cilium-envoy
    enabled: true
    serviceMonitor:
      # -- Enable service monitors.
      # This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml)
      # Note that this setting applies to both cilium-envoy _and_ cilium-agent
      # with Envoy enabled.
      enabled: false
      # -- Labels to add to ServiceMonitor cilium-envoy
      labels: {}
@@ -2023,14 +2006,12 @@ envoy:
      # service monitors configured.
      # namespace: ""
      # -- Relabeling configs for the ServiceMonitor cilium-envoy
      # or for cilium-agent with Envoy configured.
      relabelings:
        - sourceLabels:
            - __meta_kubernetes_pod_node_name
          targetLabel: node
          replacement: ${1}
      # -- Metrics relabeling configs for the ServiceMonitor cilium-envoy
      # or for cilium-agent with Envoy configured.
      metricRelabelings: ~
    # -- Serve prometheus metrics for cilium-envoy on the configured port
    port: "9964"
@@ -2269,15 +2250,15 @@ operator:
  image:
    override: ~
    repository: "quay.io/cilium/operator"
-    tag: "v1.14.9"
+    tag: "v1.14.5"
    # operator-generic-digest
-    genericDigest: "sha256:1552d653870dd8ebbd16ee985a5497dd78a2097370978b0cfbd2da2072f30712"
+    genericDigest: "sha256:303f9076bdc73b3fc32aaedee64a14f6f44c8bb08ee9e3956d443021103ebe7a"
    # operator-azure-digest
-    azureDigest: "sha256:2d3b9d868eb03fa9256d34192a734a2abab283f527a9c97b7cefcd3401649d17"
+    azureDigest: "sha256:9203f5583aa34e716d7a6588ebd144e43ce3b77873f578fc12b2679e33591353"
    # operator-aws-digest
-    awsDigest: "sha256:041ad5b49ae63ba0f1974e1a1d9ebf9f52541cd2813088fa687f9d544125a1ec"
+    awsDigest: "sha256:785ccf1267d0ed3ba9e4bd8166577cb4f9e4ce996af26b27c9d5c554a0d5b09a"
    # operator-alibabacloud-digest
-    alibabacloudDigest: "sha256:765314779093b54750f83280f009229f20fe1f28466a633d9bb4143d2ad669c5"
+    alibabacloudDigest: "sha256:e0152c498ba73c56a82eee2a706c8f400e9a6999c665af31a935bdf08e659bc3"
    useDigest: true
    pullPolicy: "IfNotPresent"
    suffix: ""
@@ -2554,9 +2535,9 @@ preflight:
  image:
    override: ~
    repository: "quay.io/cilium/cilium"
-    tag: "v1.14.9"
+    tag: "v1.14.5"
    # cilium-digest
-    digest: "sha256:4ef1eb7a3bc39d0fefe14685e6c0d4e01301c40df2a89bc93ffca9a1ab927301"
+    digest: "sha256:d3b287029755b6a47dee01420e2ea469469f1b174a2089c10af7e5e9289ef05b"
    useDigest: true
    pullPolicy: "IfNotPresent"
@@ -2704,9 +2685,9 @@ clustermesh:
    image:
      override: ~
      repository: "quay.io/cilium/clustermesh-apiserver"
-      tag: "v1.14.9"
+      tag: "v1.14.5"
      # clustermesh-apiserver-digest
-      digest: "sha256:5c16f8b8e22ce41e11998e70846fbcecea3a6b683a38253809ead8d871f6d8a3"
+      digest: "sha256:7eaa35cf5452c43b1f7d0cde0d707823ae7e49965bcb54c053e31ea4e04c3d96"
      useDigest: true
      pullPolicy: "IfNotPresent"
@@ -2751,9 +2732,9 @@ clustermesh:
      image:
        override: ~
        repository: "quay.io/cilium/kvstoremesh"
-        tag: "v1.14.9"
+        tag: "v1.14.5"
        # kvstoremesh-digest
-        digest: "sha256:9d9efb25806660f3663b9cd803fb8679f2b115763470002a9770e2c1eb1e5b22"
+        digest: "sha256:d7137edd0efa2b1407b20088af3980a9993bb616d85bf9b55ea2891d1b99023a"
        useDigest: true
        pullPolicy: "IfNotPresent"
@@ -3105,8 +3086,6 @@ dnsProxy:
  proxyPort: 0
  # -- The maximum time the DNS proxy holds an allowed DNS response before sending it along. Responses are sent as soon as the datapath is updated with the new IP information.
  proxyResponseMaxDelay: 100ms
  # -- DNS proxy operation mode (true/false, or unset to use version dependent defaults)
  # enableTransparentMode: true
 # -- SCTP Configuration Values
 sctp:
@@ -3157,21 +3136,8 @@ authentication:
          # -- SPIRE Workload Attestor kubelet verification.
          skipKubeletVerification: true
          # -- SPIRE agent tolerations configuration
          # By default it follows the same tolerations as the agent itself
          # to allow the Cilium agent on this node to connect to SPIRE.
          # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
-          tolerations:
+          tolerations: []
          - key: node.kubernetes.io/not-ready
            effect: NoSchedule
          - key: node-role.kubernetes.io/master
            effect: NoSchedule
          - key: node-role.kubernetes.io/control-plane
            effect: NoSchedule
          - key: node.cloudprovider.kubernetes.io/uninitialized
            effect: NoSchedule
            value: "true"
          - key: CriticalAddonsOnly
            operator: "Exists"
          # -- SPIRE agent affinity configuration
          affinity: {}
          # -- SPIRE agent nodeSelector configuration
--- a/packages/system/cilium/charts/cilium/values.yaml.tmpl
+++ b/packages/system/cilium/charts/cilium/values.yaml.tmpl
@@ -1854,9 +1854,9 @@ envoy:
  image:
    override: ~
    repository: "quay.io/cilium/cilium-envoy"
-    tag: "v1.26.7-bbde4095997ea57ead209f56158790d47224a0f5"
+    tag: "v1.26.6-ad82c7c56e88989992fd25d8d67747de865c823b"
    pullPolicy: "${PULL_POLICY}"
-    digest: "sha256:39b75548447978230dedcf25da8940e4d3540c741045ef391a8e74dbb9661a86"
+    digest: "sha256:992998398dadfff7117bfa9fdb7c9474fefab7f0237263f7c8114e106c67baca"
    useDigest: true
  # -- Additional containers added to the cilium Envoy DaemonSet.
@@ -1969,20 +1969,7 @@ envoy:
        labelSelector:
          matchLabels:
            k8s-app: cilium-envoy
-    podAffinity:
+
      requiredDuringSchedulingIgnoredDuringExecution:
      - topologyKey: kubernetes.io/hostname
        labelSelector:
          matchLabels:
            k8s-app: cilium
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          - matchExpressions:
            - key: cilium.io/no-schedule
              operator: NotIn
              values:
              - "true"
  # -- Node selector for cilium-envoy.
  nodeSelector:
    kubernetes.io/os: linux
@@ -2003,16 +1990,12 @@ envoy:
  # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
  dnsPolicy: ~
  # -- Configure Cilium Envoy Prometheus options.
  # Note that some of these apply to either cilium-agent or cilium-envoy.
  prometheus:
    # -- Enable prometheus metrics for cilium-envoy
    enabled: true
    serviceMonitor:
      # -- Enable service monitors.
      # This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml)
      # Note that this setting applies to both cilium-envoy _and_ cilium-agent
      # with Envoy enabled.
      enabled: false
      # -- Labels to add to ServiceMonitor cilium-envoy
      labels: {}
@@ -2024,14 +2007,12 @@ envoy:
      # service monitors configured.
      # namespace: ""
      # -- Relabeling configs for the ServiceMonitor cilium-envoy
      # or for cilium-agent with Envoy configured.
      relabelings:
        - sourceLabels:
            - __meta_kubernetes_pod_node_name
          targetLabel: node
          replacement: ${1}
      # -- Metrics relabeling configs for the ServiceMonitor cilium-envoy
      # or for cilium-agent with Envoy configured.
      metricRelabelings: ~
    # -- Serve prometheus metrics for cilium-envoy on the configured port
    port: "9964"
@@ -3108,8 +3089,6 @@ dnsProxy:
  proxyPort: 0
  # -- The maximum time the DNS proxy holds an allowed DNS response before sending it along. Responses are sent as soon as the datapath is updated with the new IP information.
  proxyResponseMaxDelay: 100ms
  # -- DNS proxy operation mode (true/false, or unset to use version dependent defaults)
  # enableTransparentMode: true
 # -- SCTP Configuration Values
 sctp:
@@ -3160,21 +3139,8 @@ authentication:
          # -- SPIRE Workload Attestor kubelet verification.
          skipKubeletVerification: true
          # -- SPIRE agent tolerations configuration
          # By default it follows the same tolerations as the agent itself
          # to allow the Cilium agent on this node to connect to SPIRE.
          # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
-          tolerations:
+          tolerations: []
          - key: node.kubernetes.io/not-ready
            effect: NoSchedule
          - key: node-role.kubernetes.io/master
            effect: NoSchedule
          - key: node-role.kubernetes.io/control-plane
            effect: NoSchedule
          - key: node.cloudprovider.kubernetes.io/uninitialized
            effect: NoSchedule
            value: "true"
          - key: CriticalAddonsOnly
            operator: "Exists"
          # -- SPIRE agent affinity configuration
          affinity: {}
          # -- SPIRE agent nodeSelector configuration
--- a/packages/system/cilium/values.yaml
+++ b/packages/system/cilium/values.yaml
@@ -3,10 +3,11 @@ cilium:
    enabled: false
  externalIPs:
    enabled: true
  tunnel: disabled
  autoDirectNodeRoutes: false
  kubeProxyReplacement: strict
  bpf:
-    masquerade: false
+    masquerade: true
  loadBalancer:
    algorithm: maglev
  cgroup:
@@ -24,4 +25,3 @@ cilium:
    configMap: cni-configuration
  routingMode: native
  enableIPv4Masquerade: false
  enableIdentityMark: false
--- a/packages/system/dashboard/Chart.yaml
+++ b/packages/system/dashboard/Chart.yaml
@@ -1,2 +1,2 @@
 name: cozy-dashboard
-version: 0.2.0
+version: 1.0.0
--- a/packages/system/dashboard/Makefile
+++ b/packages/system/dashboard/Makefile
@@ -3,7 +3,7 @@ NAMESPACE=cozy-dashboard
 PUSH := 1
 LOAD := 0
 REPOSITORY := ghcr.io/aenix-io/cozystack
-TAG := v0.2.0
+TAG := v0.1.0
 show:
 	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
--- a/packages/system/dashboard/charts/kubeapps/.helmignore
+++ b/packages/system/dashboard/charts/kubeapps/.helmignore
@@ -22,5 +22,3 @@
 .project
 .idea/
 *.tmproj
 # img folder
 img/
--- a/packages/system/dashboard/charts/kubeapps/Chart.lock
+++ b/packages/system/dashboard/charts/kubeapps/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: redis
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 18.19.2
+  version: 18.4.0
 - name: postgresql
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 13.4.6
+  version: 13.2.14
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.19.0
+  version: 2.13.3
-digest: sha256:b4965a22517e61212e78abb8d1cbe86e800c8664b3139e2047f4bd62b3e55b24
+digest: sha256:7bede05a463745ea72d332aaaf406d84e335d8af09dce403736f4e4e14c3554d
-generated: "2024-03-13T11:51:34.216594+01:00"
+generated: "2023-11-21T18:18:20.024990735Z"
--- a/packages/system/dashboard/charts/kubeapps/Chart.yaml
+++ b/packages/system/dashboard/charts/kubeapps/Chart.yaml
@@ -2,21 +2,21 @@ annotations:
  category: Infrastructure
  images: |
    - name: kubeapps-apis
-      image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-12-r19
+      image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-11-r13
    - name: kubeapps-apprepository-controller
-      image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-12-r18
+      image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-11-r12
    - name: kubeapps-asset-syncer
-      image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-12-r19
+      image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-11-r13
    - name: kubeapps-dashboard
      image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-12-r18
    - name: kubeapps-oci-catalog
-      image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-12-r17
+      image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-11-r6
    - name: kubeapps-pinniped-proxy
-      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-12-r17
+      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-11-r10
    - name: kubeapps-dashboard
      image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-11-r16
    - name: nginx
-      image: docker.io/bitnami/nginx:1.25.4-debian-12-r3
+      image: docker.io/bitnami/nginx:1.25.3-debian-11-r1
    - name: oauth2-proxy
-      image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r4
+      image: docker.io/bitnami/oauth2-proxy:7.5.1-debian-11-r11
  licenses: Apache-2.0
 apiVersion: v2
 appVersion: 2.9.0
@@ -51,4 +51,4 @@ maintainers:
 name: kubeapps
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kubeapps
-version: 14.7.2
+version: 14.1.2
--- a/packages/system/dashboard/charts/kubeapps/README.md
+++ b/packages/system/dashboard/charts/kubeapps/README.md
@@ -62,11 +62,10 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 ### Global parameters
 | Name                      | Description                                     | Value |
-| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
+| ------------------------- | ----------------------------------------------- | ----- |
 | `global.imageRegistry`    | Global Docker image registry                    | `""`  |
 | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]`  |
 | `global.storageClass`     | Global StorageClass for Persistent Volume(s)    | `""`  |
 | `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
 ### Common parameters
@@ -113,7 +112,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 ### Frontend parameters
 | Name                                                         | Description                                                                                           | Value                   |
-| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
+| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------- | ----------------------- |
 | `frontend.image.registry`                                    | NGINX image registry                                                                                  | `REGISTRY_NAME`         |
 | `frontend.image.repository`                                  | NGINX image repository                                                                                | `REPOSITORY_NAME/nginx` |
 | `frontend.image.digest`                                      | NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                    |
@@ -125,7 +124,6 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `frontend.largeClientHeaderBuffers`                          | Set large_client_header_buffers in NGINX config                                                       | `4 32k`                 |
 | `frontend.replicaCount`                                      | Number of frontend replicas to deploy                                                                 | `2`                     |
 | `frontend.updateStrategy.type`                               | Frontend deployment strategy type.                                                                    | `RollingUpdate`         |
 | `frontend.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production). | `none`                  |
 | `frontend.resources.limits.cpu`                              | The CPU limits for the NGINX container                                                                | `250m`                  |
 | `frontend.resources.limits.memory`                           | The memory limits for the NGINX container                                                             | `128Mi`                 |
 | `frontend.resources.requests.cpu`                            | The requested CPU for the NGINX container                                                             | `25m`                   |
@@ -135,14 +133,9 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `frontend.extraEnvVarsSecret`                                | Name of existing Secret containing extra env vars for the NGINX container                             | `""`                    |
 | `frontend.containerPorts.http`                               | NGINX HTTP container port                                                                             | `8080`                  |
 | `frontend.podSecurityContext.enabled`                        | Enabled frontend pods' Security Context                                                               | `true`                  |
 | `frontend.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy                                                                                                                                                                                           | `Always`                |
 | `frontend.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface                                                                                                                                                                               | `[]`                    |
 | `frontend.podSecurityContext.supplementalGroups`             | Set filesystem extra groups                                                                                                                                                                                                  | `[]`                    |
 | `frontend.podSecurityContext.fsGroup`                        | Set frontend pod's Security Context fsGroup                                                           | `1001`                  |
 | `frontend.containerSecurityContext.enabled`                  | Enabled containers' Security Context                                                                  | `true`                  |
 | `frontend.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                             | `nil`                   |
 | `frontend.containerSecurityContext.runAsUser`                | Set containers' Security Context runAsUser                                                            | `1001`                  |
 | `frontend.containerSecurityContext.runAsGroup`               | Set containers' Security Context runAsGroup                                                                                                                                                                                  | `0`                     |
 | `frontend.containerSecurityContext.runAsNonRoot`             | Set container's Security Context runAsNonRoot                                                         | `true`                  |
 | `frontend.containerSecurityContext.privileged`               | Set container's Security Context privileged                                                           | `false`                 |
 | `frontend.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context readOnlyRootFilesystem                                               | `false`                 |
@@ -186,7 +179,6 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `frontend.priorityClassName`                                 | Priority class name for frontend pods                                                                 | `""`                    |
 | `frontend.schedulerName`                                     | Name of the k8s scheduler (other than default)                                                        | `""`                    |
 | `frontend.topologySpreadConstraints`                         | Topology Spread Constraints for pod assignment                                                        | `[]`                    |
 | `frontend.automountServiceAccountToken`                      | Mount Service Account token in pod                                                                                                                                                                                           | `true`                  |
 | `frontend.hostAliases`                                       | Custom host aliases for frontend pods                                                                 | `[]`                    |
 | `frontend.extraVolumes`                                      | Optionally specify extra list of additional volumes for frontend pods                                 | `[]`                    |
 | `frontend.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for frontend container(s)                    | `[]`                    |
@@ -207,7 +199,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 ### Dashboard parameters
 | Name                                                          | Description                                                                                               | Value                                |
-| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------ |
+| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------ |
 | `dashboard.enabled`                                           | Specifies whether Kubeapps Dashboard should be deployed or not                                            | `true`                               |
 | `dashboard.image.registry`                                    | Dashboard image registry                                                                                  | `REGISTRY_NAME`                      |
 | `dashboard.image.repository`                                  | Dashboard image repository                                                                                | `REPOSITORY_NAME/kubeapps-dashboard` |
@@ -229,20 +221,14 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `dashboard.extraEnvVarsCM`                                    | Name of existing ConfigMap containing extra env vars for the Dashboard container                          | `""`                                 |
 | `dashboard.extraEnvVarsSecret`                                | Name of existing Secret containing extra env vars for the Dashboard container                             | `""`                                 |
 | `dashboard.containerPorts.http`                               | Dashboard HTTP container port                                                                             | `8080`                               |
 | `dashboard.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production). | `none`                               |
 | `dashboard.resources.limits.cpu`                              | The CPU limits for the Dashboard container                                                                | `250m`                               |
 | `dashboard.resources.limits.memory`                           | The memory limits for the Dashboard container                                                             | `128Mi`                              |
 | `dashboard.resources.requests.cpu`                            | The requested CPU for the Dashboard container                                                             | `25m`                                |
 | `dashboard.resources.requests.memory`                         | The requested memory for the Dashboard container                                                          | `32Mi`                               |
 | `dashboard.podSecurityContext.enabled`                        | Enabled Dashboard pods' Security Context                                                                  | `true`                               |
 | `dashboard.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy                                                                                                                                                                                             | `Always`                             |
 | `dashboard.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface                                                                                                                                                                                 | `[]`                                 |
 | `dashboard.podSecurityContext.supplementalGroups`             | Set filesystem extra groups                                                                                                                                                                                                    | `[]`                                 |
 | `dashboard.podSecurityContext.fsGroup`                        | Set Dashboard pod's Security Context fsGroup                                                              | `1001`                               |
 | `dashboard.containerSecurityContext.enabled`                  | Enabled containers' Security Context                                                                      | `true`                               |
 | `dashboard.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                               | `nil`                                |
 | `dashboard.containerSecurityContext.runAsUser`                | Set containers' Security Context runAsUser                                                                | `1001`                               |
 | `dashboard.containerSecurityContext.runAsGroup`               | Set containers' Security Context runAsGroup                                                                                                                                                                                    | `0`                                  |
 | `dashboard.containerSecurityContext.runAsNonRoot`             | Set container's Security Context runAsNonRoot                                                             | `true`                               |
 | `dashboard.containerSecurityContext.privileged`               | Set container's Security Context privileged                                                               | `false`                              |
 | `dashboard.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context readOnlyRootFilesystem                                                   | `false`                              |
@@ -286,7 +272,6 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `dashboard.priorityClassName`                                 | Priority class name for Dashboard pods                                                                    | `""`                                 |
 | `dashboard.schedulerName`                                     | Name of the k8s scheduler (other than default)                                                            | `""`                                 |
 | `dashboard.topologySpreadConstraints`                         | Topology Spread Constraints for pod assignment                                                            | `[]`                                 |
 | `dashboard.automountServiceAccountToken`                      | Mount Service Account token in pod                                                                                                                                                                                             | `true`                               |
 | `dashboard.hostAliases`                                       | Custom host aliases for Dashboard pods                                                                    | `[]`                                 |
 | `dashboard.extraVolumes`                                      | Optionally specify extra list of additional volumes for Dashboard pods                                    | `[]`                                 |
 | `dashboard.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for Dashboard container(s)                       | `[]`                                 |
@@ -298,7 +283,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 ### AppRepository Controller parameters
 | Name                                                              | Description                                                                                                                                                                                              | Value                                               |
-| ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- |
+| ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- |
 | `apprepository.image.registry`                                    | Kubeapps AppRepository Controller image registry                                                                                                                                                         | `REGISTRY_NAME`                                     |
 | `apprepository.image.repository`                                  | Kubeapps AppRepository Controller image repository                                                                                                                                                       | `REPOSITORY_NAME/kubeapps-apprepository-controller` |
 | `apprepository.image.digest`                                      | Kubeapps AppRepository Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                                                        | `""`                                                |
@@ -322,20 +307,14 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `apprepository.extraFlags`                                        | Additional command line flags for AppRepository Controller                                                                                                                                               | `[]`                                                |
 | `apprepository.replicaCount`                                      | Number of AppRepository Controller replicas to deploy                                                                                                                                                    | `1`                                                 |
 | `apprepository.updateStrategy.type`                               | AppRepository Controller deployment strategy type.                                                                                                                                                       | `RollingUpdate`                                     |
 | `apprepository.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production). | `none`                                              |
 | `apprepository.resources.limits.cpu`                              | The CPU limits for the AppRepository Controller container                                                                                                                                                | `250m`                                              |
 | `apprepository.resources.limits.memory`                           | The memory limits for the AppRepository Controller container                                                                                                                                             | `128Mi`                                             |
 | `apprepository.resources.requests.cpu`                            | The requested CPU for the AppRepository Controller container                                                                                                                                             | `25m`                                               |
 | `apprepository.resources.requests.memory`                         | The requested memory for the AppRepository Controller container                                                                                                                                          | `32Mi`                                              |
 | `apprepository.podSecurityContext.enabled`                        | Enabled AppRepository Controller pods' Security Context                                                                                                                                                  | `true`                                              |
 | `apprepository.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy                                                                                                                                                                                                     | `Always`                                            |
 | `apprepository.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface                                                                                                                                                                                         | `[]`                                                |
 | `apprepository.podSecurityContext.supplementalGroups`             | Set filesystem extra groups                                                                                                                                                                                                            | `[]`                                                |
 | `apprepository.podSecurityContext.fsGroup`                        | Set AppRepository Controller pod's Security Context fsGroup                                                                                                                                              | `1001`                                              |
 | `apprepository.containerSecurityContext.enabled`                  | Enabled containers' Security Context                                                                                                                                                                     | `true`                                              |
 | `apprepository.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                                       | `nil`                                               |
 | `apprepository.containerSecurityContext.runAsUser`                | Set containers' Security Context runAsUser                                                                                                                                                               | `1001`                                              |
 | `apprepository.containerSecurityContext.runAsGroup`               | Set containers' Security Context runAsGroup                                                                                                                                                                                            | `0`                                                 |
 | `apprepository.containerSecurityContext.runAsNonRoot`             | Set container's Security Context runAsNonRoot                                                                                                                                                            | `true`                                              |
 | `apprepository.containerSecurityContext.privileged`               | Set container's Security Context privileged                                                                                                                                                              | `false`                                             |
 | `apprepository.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context readOnlyRootFilesystem                                                                                                                                                  | `false`                                             |
@@ -363,19 +342,18 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `apprepository.priorityClassName`                                 | Priority class name for AppRepository Controller pods                                                                                                                                                    | `""`                                                |
 | `apprepository.schedulerName`                                     | Name of the k8s scheduler (other than default)                                                                                                                                                           | `""`                                                |
 | `apprepository.topologySpreadConstraints`                         | Topology Spread Constraints for pod assignment                                                                                                                                                           | `[]`                                                |
 | `apprepository.automountServiceAccountToken`                      | Mount Service Account token in pod                                                                                                                                                                                                     | `true`                                              |
 | `apprepository.hostAliases`                                       | Custom host aliases for AppRepository Controller pods                                                                                                                                                    | `[]`                                                |
 | `apprepository.sidecars`                                          | Add additional sidecar containers to the AppRepository Controller pod(s)                                                                                                                                 | `[]`                                                |
 | `apprepository.initContainers`                                    | Add additional init containers to the AppRepository Controller pod(s)                                                                                                                                    | `[]`                                                |
 | `apprepository.serviceAccount.create`                             | Specifies whether a ServiceAccount should be created                                                                                                                                                     | `true`                                              |
 | `apprepository.serviceAccount.name`                               | Name of the service account to use. If not set and create is true, a name is generated using the fullname template.                                                                                      | `""`                                                |
-| `apprepository.serviceAccount.automountServiceAccountToken`       | Automount service account token for the server service account                                                                                                                                                                         | `false`                                             |
+| `apprepository.serviceAccount.automountServiceAccountToken`       | Automount service account token for the server service account                                                                                                                                           | `true`                                              |
 | `apprepository.serviceAccount.annotations`                        | Annotations for service account. Evaluated as a template. Only used if `create` is `true`.                                                                                                               | `{}`                                                |
 ### Auth Proxy parameters
 | Name                                                          | Description                                                                                                                         | Value                          |
-| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------ |
+| ------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
 | `authProxy.enabled`                                           | Specifies whether Kubeapps should configure OAuth login/logout                                                                      | `false`                        |
 | `authProxy.image.registry`                                    | OAuth2 Proxy image registry                                                                                                         | `REGISTRY_NAME`                |
 | `authProxy.image.repository`                                  | OAuth2 Proxy image repository                                                                                                       | `REPOSITORY_NAME/oauth2-proxy` |
@@ -404,16 +382,13 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `authProxy.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the Auth Proxy container(s)                                            | `[]`                           |
 | `authProxy.containerPorts.proxy`                              | Auth Proxy HTTP container port                                                                                                      | `3000`                         |
 | `authProxy.containerSecurityContext.enabled`                  | Enabled containers' Security Context                                                                                                | `true`                         |
 | `authProxy.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                               | `nil`                          |
 | `authProxy.containerSecurityContext.runAsUser`                | Set containers' Security Context runAsUser                                                                                          | `1001`                         |
 | `authProxy.containerSecurityContext.runAsGroup`               | Set containers' Security Context runAsGroup                                                                                                                                                                                    | `0`                            |
 | `authProxy.containerSecurityContext.runAsNonRoot`             | Set container's Security Context runAsNonRoot                                                                                       | `true`                         |
 | `authProxy.containerSecurityContext.privileged`               | Set container's Security Context privileged                                                                                         | `false`                        |
 | `authProxy.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context readOnlyRootFilesystem                                                                             | `false`                        |
 | `authProxy.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation                                                                           | `false`                        |
 | `authProxy.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                                                  | `["ALL"]`                      |
 | `authProxy.containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                                                    | `RuntimeDefault`               |
 | `authProxy.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production). | `none`                         |
 | `authProxy.resources.limits.cpu`                              | The CPU limits for the OAuth2 Proxy container                                                                                       | `250m`                         |
 | `authProxy.resources.limits.memory`                           | The memory limits for the OAuth2 Proxy container                                                                                    | `128Mi`                        |
 | `authProxy.resources.requests.cpu`                            | The requested CPU for the OAuth2 Proxy container                                                                                    | `25m`                          |
@@ -422,7 +397,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 ### Pinniped Proxy parameters
 | Name                                                              | Description                                                                                                    | Value                                     |
-| ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- |
+| ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ----------------------------------------- |
 | `pinnipedProxy.enabled`                                           | Specifies whether Kubeapps should configure Pinniped Proxy                                                     | `false`                                   |
 | `pinnipedProxy.image.registry`                                    | Pinniped Proxy image registry                                                                                  | `REGISTRY_NAME`                           |
 | `pinnipedProxy.image.repository`                                  | Pinniped Proxy image repository                                                                                | `REPOSITORY_NAME/kubeapps-pinniped-proxy` |
@@ -444,16 +419,13 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `pinnipedProxy.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the Pinniped Proxy container(s)                   | `[]`                                      |
 | `pinnipedProxy.containerPorts.pinnipedProxy`                      | Pinniped Proxy container port                                                                                  | `3333`                                    |
 | `pinnipedProxy.containerSecurityContext.enabled`                  | Enabled containers' Security Context                                                                           | `true`                                    |
 | `pinnipedProxy.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                                       | `nil`                                     |
 | `pinnipedProxy.containerSecurityContext.runAsUser`                | Set containers' Security Context runAsUser                                                                     | `1001`                                    |
 | `pinnipedProxy.containerSecurityContext.runAsGroup`               | Set containers' Security Context runAsGroup                                                                                                                                                                                            | `0`                                       |
 | `pinnipedProxy.containerSecurityContext.runAsNonRoot`             | Set container's Security Context runAsNonRoot                                                                  | `true`                                    |
 | `pinnipedProxy.containerSecurityContext.privileged`               | Set container's Security Context privileged                                                                    | `false`                                   |
 | `pinnipedProxy.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context readOnlyRootFilesystem                                                        | `false`                                   |
 | `pinnipedProxy.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation                                                      | `false`                                   |
 | `pinnipedProxy.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped                                                                             | `["ALL"]`                                 |
 | `pinnipedProxy.containerSecurityContext.seccompProfile.type`      | Set container's Security Context seccomp profile                                                               | `RuntimeDefault`                          |
 | `pinnipedProxy.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production). | `none`                                    |
 | `pinnipedProxy.resources.limits.cpu`                              | The CPU limits for the Pinniped Proxy container                                                                | `250m`                                    |
 | `pinnipedProxy.resources.limits.memory`                           | The memory limits for the Pinniped Proxy container                                                             | `128Mi`                                   |
 | `pinnipedProxy.resources.requests.cpu`                            | The requested CPU for the Pinniped Proxy container                                                             | `25m`                                     |
@@ -480,7 +452,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 ### Database Parameters
 | Name                                     | Description                                                                  | Value        |
-| ---------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
+| ---------------------------------------- | ---------------------------------------------------------------------------- | ------------ |
 | `postgresql.enabled`                     | Deploy a PostgreSQL server to satisfy the applications database requirements | `true`       |
 | `postgresql.auth.username`               | Username for PostgreSQL server                                               | `postgres`   |
 | `postgresql.auth.postgresPassword`       | Password for 'postgres' user                                                 | `""`         |
@@ -489,7 +461,6 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `postgresql.primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC                         | `false`      |
 | `postgresql.architecture`                | PostgreSQL architecture (`standalone` or `replication`)                      | `standalone` |
 | `postgresql.securityContext.enabled`     | Enabled PostgreSQL replicas pods' Security Context                           | `false`      |
 | `postgresql.resourcesPreset`             | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production). | `none`       |
 | `postgresql.resources.limits`            | The resources limits for the PostgreSQL container                            | `{}`         |
 | `postgresql.resources.requests.cpu`      | The requested CPU for the PostgreSQL container                               | `250m`       |
 | `postgresql.resources.requests.memory`   | The requested memory for the PostgreSQL container                            | `256Mi`      |
@@ -497,7 +468,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 ### kubeappsapis parameters
 | Name                                                                                            | Description                                                                                                                                                                | Value                              |
-| ----------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------- |
+| ----------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
 | `kubeappsapis.enabledPlugins`                                                                   | Manually override which plugins are enabled for the Kubeapps-APIs service                                                                                                  | `[]`                               |
 | `kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.major`                      | Number of major versions to display in the summary                                                                                                                         | `3`                                |
 | `kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.minor`                      | Number of minor versions to display in the summary                                                                                                                         | `3`                                |
@@ -527,20 +498,14 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `kubeappsapis.extraEnvVarsCM`                                                                   | Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container                                                                                        | `""`                               |
 | `kubeappsapis.extraEnvVarsSecret`                                                               | Name of existing Secret containing extra env vars for the KubeappsAPIs container                                                                                           | `""`                               |
 | `kubeappsapis.containerPorts.http`                                                              | KubeappsAPIs HTTP container port                                                                                                                                           | `50051`                            |
 | `kubeappsapis.resourcesPreset`                                                                  | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production). | `none`                             |
 | `kubeappsapis.resources.limits.cpu`                                                             | The CPU limits for the KubeappsAPIs container                                                                                                                              | `250m`                             |
 | `kubeappsapis.resources.limits.memory`                                                          | The memory limits for the KubeappsAPIs container                                                                                                                           | `256Mi`                            |
 | `kubeappsapis.resources.requests.cpu`                                                           | The requested CPU for the KubeappsAPIs container                                                                                                                           | `25m`                              |
 | `kubeappsapis.resources.requests.memory`                                                        | The requested memory for the KubeappsAPIs container                                                                                                                        | `32Mi`                             |
 | `kubeappsapis.podSecurityContext.enabled`                                                       | Enabled KubeappsAPIs pods' Security Context                                                                                                                                | `true`                             |
 | `kubeappsapis.podSecurityContext.fsGroupChangePolicy`                                           | Set filesystem group change policy                                                                                                                                                                                                   | `Always`                           |
 | `kubeappsapis.podSecurityContext.sysctls`                                                       | Set kernel settings using the sysctl interface                                                                                                                                                                                       | `[]`                               |
 | `kubeappsapis.podSecurityContext.supplementalGroups`                                            | Set filesystem extra groups                                                                                                                                                                                                          | `[]`                               |
 | `kubeappsapis.podSecurityContext.fsGroup`                                                       | Set KubeappsAPIs pod's Security Context fsGroup                                                                                                                            | `1001`                             |
 | `kubeappsapis.containerSecurityContext.enabled`                                                 | Enabled containers' Security Context                                                                                                                                       | `true`                             |
 | `kubeappsapis.containerSecurityContext.seLinuxOptions`                                          | Set SELinux options in container                                                                                                                                                                                                     | `nil`                              |
 | `kubeappsapis.containerSecurityContext.runAsUser`                                               | Set containers' Security Context runAsUser                                                                                                                                 | `1001`                             |
 | `kubeappsapis.containerSecurityContext.runAsGroup`                                              | Set containers' Security Context runAsGroup                                                                                                                                                                                          | `0`                                |
 | `kubeappsapis.containerSecurityContext.runAsNonRoot`                                            | Set container's Security Context runAsNonRoot                                                                                                                              | `true`                             |
 | `kubeappsapis.containerSecurityContext.privileged`                                              | Set container's Security Context privileged                                                                                                                                | `false`                            |
 | `kubeappsapis.containerSecurityContext.readOnlyRootFilesystem`                                  | Set container's Security Context readOnlyRootFilesystem                                                                                                                    | `false`                            |
@@ -586,7 +551,6 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `kubeappsapis.priorityClassName`                                                                | Priority class name for KubeappsAPIs pods                                                                                                                                  | `""`                               |
 | `kubeappsapis.schedulerName`                                                                    | Name of the k8s scheduler (other than default)                                                                                                                             | `""`                               |
 | `kubeappsapis.topologySpreadConstraints`                                                        | Topology Spread Constraints for pod assignment                                                                                                                             | `[]`                               |
 | `kubeappsapis.automountServiceAccountToken`                                                     | Mount Service Account token in pod                                                                                                                                                                                                   | `true`                             |
 | `kubeappsapis.hostAliases`                                                                      | Custom host aliases for KubeappsAPIs pods                                                                                                                                  | `[]`                               |
 | `kubeappsapis.sidecars`                                                                         | Add additional sidecar containers to the KubeappsAPIs pod(s)                                                                                                               | `[]`                               |
 | `kubeappsapis.initContainers`                                                                   | Add additional init containers to the KubeappsAPIs pod(s)                                                                                                                  | `[]`                               |
@@ -594,13 +558,13 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `kubeappsapis.service.annotations`                                                              | Additional custom annotations for KubeappsAPIs service                                                                                                                     | `{}`                               |
 | `kubeappsapis.serviceAccount.create`                                                            | Specifies whether a ServiceAccount should be created                                                                                                                       | `true`                             |
 | `kubeappsapis.serviceAccount.name`                                                              | Name of the service account to use. If not set and create is true, a name is generated using the fullname template.                                                        | `""`                               |
-| `kubeappsapis.serviceAccount.automountServiceAccountToken`                                      | Automount service account token for the server service account                                                                                                                                                                       | `false`                            |
+| `kubeappsapis.serviceAccount.automountServiceAccountToken`                                      | Automount service account token for the server service account                                                                                                             | `true`                             |
 | `kubeappsapis.serviceAccount.annotations`                                                       | Annotations for service account. Evaluated as a template. Only used if `create` is `true`.                                                                                 | `{}`                               |
 ### OCI Catalog chart configuration
 | Name                                                           | Description                                                                                                 | Value                                  |
-| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- |
+| -------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | -------------------------------------- |
 | `ociCatalog.enabled`                                           | Enable the OCI catalog gRPC service for cataloging                                                          | `false`                                |
 | `ociCatalog.image.registry`                                    | OCI Catalog image registry                                                                                  | `REGISTRY_NAME`                        |
 | `ociCatalog.image.repository`                                  | OCI Catalog image repository                                                                                | `REPOSITORY_NAME/kubeapps-oci-catalog` |
@@ -613,15 +577,12 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
 | `ociCatalog.extraEnvVarsCM`                                    | Name of existing ConfigMap containing extra env vars for the OCI Catalog container                          | `""`                                   |
 | `ociCatalog.extraEnvVarsSecret`                                | Name of existing Secret containing extra env vars for the OCI Catalog container                             | `""`                                   |
 | `ociCatalog.containerPorts.grpc`                               | OCI Catalog gRPC container port                                                                             | `50061`                                |
 | `ociCatalog.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production). | `none`                                 |
 | `ociCatalog.resources.limits.cpu`                              | The CPU limits for the OCI Catalog container                                                                | `250m`                                 |
 | `ociCatalog.resources.limits.memory`                           | The memory limits for the OCI Catalog container                                                             | `256Mi`                                |
 | `ociCatalog.resources.requests.cpu`                            | The requested CPU for the OCI Catalog container                                                             | `25m`                                  |
 | `ociCatalog.resources.requests.memory`                         | The requested memory for the OCI Catalog container                                                          | `32Mi`                                 |
 | `ociCatalog.containerSecurityContext.enabled`                  | Enabled containers' Security Context                                                                        | `true`                                 |
 | `ociCatalog.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                                 | `nil`                                  |
 | `ociCatalog.containerSecurityContext.runAsUser`                | Set containers' Security Context runAsUser                                                                  | `1001`                                 |
 | `ociCatalog.containerSecurityContext.runAsGroup`               | Set containers' Security Context runAsGroup                                                                                                                                                                                      | `0`                                    |
 | `ociCatalog.containerSecurityContext.runAsNonRoot`             | Set container's Security Context runAsNonRoot                                                               | `true`                                 |
 | `ociCatalog.containerSecurityContext.privileged`               | Set container's Security Context privileged                                                                 | `false`                                |
 | `ociCatalog.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context readOnlyRootFilesystem                                                     | `false`                                |
@@ -691,12 +652,6 @@ helm install kubeapps --namespace kubeapps -f custom-values.yaml oci://REGISTRY_
 ## Configuration and installation details
 ### Resource requests and limits
 Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
 To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
 ### Configuring Initial Repositories
 By default, Kubeapps will track the [Bitnami Application Catalog](https://github.com/bitnami/charts). To change these defaults, override with your desired parameters the `apprepository.initialRepos` object present in the [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/kubeapps/values.yaml) file.
@@ -954,7 +909,7 @@ Feel free to [open an issue](https://github.com/vmware-tanzu/kubeapps/issues/new
 This major release renames several values in this chart and adds missing features, in order to get aligned with the rest of the assets in the Bitnami charts repository.
 Additionally, it updates both the [PostgreSQL](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) and the [Redis](https://github.com/bitnami/charts/tree/main/bitnami/redis) subcharts to their latest major versions, 11.0.0 and 16.0.0 respectively, where similar changes have been also performed.
-Check [PostgreSQL Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1100) and [Redis Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-1600) for more information.
+Check [PostgreSQL Upgrading Notes](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/#to-1100) and [Redis Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-1600) for more information.
 The following values have been renamed:
@@ -1178,7 +1133,7 @@ After that, you should be able to upgrade Kubeapps as always and the database wi
 ## License
-Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+Copyright &copy; 2023 VMware, Inc.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/packages/system/dashboard/charts/kubeapps/charts/common/.helmignore
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/.helmignore
@@ -20,5 +20,3 @@
 .idea/
 *.tmproj
 .vscode/
 # img folder
 img/
--- a/packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
  category: Infrastructure
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.19.0
+appVersion: 2.13.3
 description: A Library Helm Chart for grouping common logic between bitnami charts.
  This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.19.0
+version: 2.13.3
--- a/packages/system/dashboard/charts/kubeapps/charts/common/README.md
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/README.md
@@ -24,14 +24,14 @@ data:
  myvalue: "Hello World"
 ```
 Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
 ## Introduction
 This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
 Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
 ## Prerequisites
 - Kubernetes 1.23+
@@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""
 ## License
-Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+Copyright &copy; 2023 VMware, Inc.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_compatibility.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_compatibility.tpl
@@ -1,39 +0,0 @@
 {{/*
 Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 {{/* vim: set filetype=mustache: */}}
 {{/* 
 Return true if the detected platform is Openshift
 Usage:
 {{- include "common.compatibility.isOpenshift" . -}}
 */}}
 {{- define "common.compatibility.isOpenshift" -}}
 {{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
 {{- true -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
 Usage:
 {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
 */}}
 {{- define "common.compatibility.renderSecurityContext" -}}
 {{- $adaptedContext := .secContext -}}
 {{- if .context.Values.global.compatibility -}}
  {{- if .context.Values.global.compatibility.openshift -}}
    {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
      {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
      {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
      {{- if not .secContext.seLinuxOptions -}}
      {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
      {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{- omit $adaptedContext "enabled" | toYaml -}}
 {{- end -}}
--- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_resources.tpl
@@ -1,50 +0,0 @@
 {{/*
 Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Return a resource request/limit object based on a given preset.
 These presets are for basic testing and not meant to be used in production
 {{ include "common.resources.preset" (dict "type" "nano") -}}
 */}}
 {{- define "common.resources.preset" -}}
 {{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
 {{- $presets := dict 
  "nano" (dict 
      "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi")
   )
  "micro" (dict 
      "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi")
   )
  "small" (dict 
      "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi")
   )
  "medium" (dict 
      "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi")
   )
  "large" (dict 
      "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
   )
  "xlarge" (dict 
      "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
   )
  "2xlarge" (dict 
      "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
   )
 }}
 {{- if hasKey $presets .type -}}
 {{- index $presets .type | toYaml -}}
 {{- else -}}
 {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
 {{- end -}}
 {{- end -}}
--- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_secrets.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_secrets.tpl
@@ -78,8 +78,6 @@ Params:
  - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
  - context - Context - Required - Parent context.
  - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
  - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
  - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
 The order in which this function returns a secret password:
  1. Already existing 'Secret' resource
     (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@@ -93,6 +91,7 @@ The order in which this function returns a secret password:
 {{- $password := "" }}
 {{- $subchart := "" }}
 {{- $failOnNew := default true .failOnNew }}
 {{- $chartName := default "" .chartName }}
 {{- $passwordLength := default 10 .length }}
 {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@@ -100,14 +99,12 @@ The order in which this function returns a secret password:
 {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
 {{- if $secretData }}
  {{- if hasKey $secretData .key }}
-    {{- $password = index $secretData .key | b64dec }}
+    {{- $password = index $secretData .key | quote }}
-  {{- else if not (eq .failOnNew false) }}
+  {{- else if $failOnNew }}
    {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
  {{- else if $providedPasswordValue }}
    {{- $password = $providedPasswordValue | toString }}
  {{- end -}}
 {{- else if $providedPasswordValue }}
-  {{- $password = $providedPasswordValue | toString }}
+  {{- $password = $providedPasswordValue | toString | b64enc | quote }}
 {{- else }}
  {{- if .context.Values.enabled }}
@@ -123,19 +120,12 @@ The order in which this function returns a secret password:
    {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
    {{- $password = randAscii $passwordLength }}
    {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
-    {{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
+    {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
  {{- else }}
-    {{- $password = randAlphaNum $passwordLength }}
+    {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
  {{- end }}
 {{- end -}}
 {{- if not .skipB64enc }}
 {{- $password = $password | b64enc }}
 {{- end -}}
 {{- if .skipQuote -}}
 {{- printf "%s" $password -}}
 {{- else -}}
 {{- printf "%s" $password | quote -}}
 {{- end -}}
 {{- end -}}
 {{/*
--- a/packages/system/dashboard/charts/kubeapps/charts/common/templates/_warnings.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/templates/_warnings.tpl
@@ -13,70 +13,7 @@ Usage:
 {{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
 WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
-+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
 {{- end }}
 {{- end -}}
 {{/*
 Warning about not setting the resource object in all deployments.
 Usage:
 {{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }}
 Example:
 {{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }}
 The list in the example assumes that the following values exist:
  - csiProvider.provider.resources
  - server.resources
  - volumePermissions.resources
  - resources
 */}}
 {{- define "common.warnings.resources" -}}
 {{- $values := .context.Values -}}
 {{- $printMessage := false -}}
 {{ $affectedSections := list -}}
 {{- range .sections -}}
  {{- if eq . "" -}}
    {{/* Case where the resources section is at the root (one main deployment in the chart) */}}
    {{- if not (index $values "resources") -}}
    {{- $affectedSections = append $affectedSections "resources" -}}
    {{- $printMessage = true -}}
    {{- end -}}
  {{- else -}}
    {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}}
    {{- $keys := split "." . -}}
    {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}}
    {{- $section := $values -}}
    {{- range $keys -}}
      {{- $section = index $section . -}}
    {{- end -}}
    {{- if not (index $section "resources") -}}
      {{/* If the section has enabled=false or replicaCount=0, do not include it */}}
      {{- if and (hasKey $section "enabled") -}}
        {{- if index $section "enabled" -}}
          {{/* enabled=true */}}
          {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
          {{- $printMessage = true -}}
        {{- end -}}
      {{- else if and (hasKey $section "replicaCount")  -}}
        {{/* We need a casting to int because number 0 is not treated as an int by default */}}
        {{- if (gt (index $section "replicaCount" | int) 0) -}}
          {{/* replicaCount > 0 */}}
          {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
          {{- $printMessage = true -}}
        {{- end -}}
      {{- else -}}
        {{/* Default case, add it to the affected sections */}}
        {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
        {{- $printMessage = true -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{- if $printMessage }}
 WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
 {{- range $affectedSections }}
  - {{ . }}
 {{- end }}
 +info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 {{- end -}}
 {{- end -}}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/.helmignore
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/.helmignore
@@ -19,5 +19,3 @@
 .project
 .idea/
 *.tmproj
 # img folder
 img/
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.lock
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.19.0
+  version: 2.13.3
-digest: sha256:ac559eb57710d8904e266424ee364cd686d7e24517871f0c5c67f7c4500c2bcc
+digest: sha256:9a971689db0c66ea95ac2e911c05014c2b96c6077c991131ff84f2982f88fb83
-generated: "2024-03-08T15:56:40.04210215Z"
+generated: "2023-10-19T12:32:36.790999138Z"
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/Chart.yaml
@@ -1,19 +1,17 @@
 annotations:
  category: Database
  images: |
    - name: kubectl
      image: docker.io/bitnami/kubectl:1.29.2-debian-12-r3
    - name: os-shell
-      image: docker.io/bitnami/os-shell:12-debian-12-r16
+      image: docker.io/bitnami/os-shell:11-debian-11-r91
    - name: redis
      image: docker.io/bitnami/redis:7.2.4-debian-12-r9
    - name: redis-exporter
-      image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
+      image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r2
    - name: redis-sentinel
-      image: docker.io/bitnami/redis-sentinel:7.2.4-debian-12-r7
+      image: docker.io/bitnami/redis-sentinel:7.2.3-debian-11-r1
    - name: redis
      image: docker.io/bitnami/redis:7.2.3-debian-11-r1
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 7.2.4
+appVersion: 7.2.3
 dependencies:
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
@@ -35,4 +33,4 @@ maintainers:
 name: redis
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/redis
-version: 18.19.2
+version: 18.4.0
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/README.md
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/README.md
@@ -11,10 +11,10 @@ Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are
 ## TL;DR
 ```console
-helm install my-release oci://registry-1.docker.io/bitnamicharts/redis
+helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/redis
 ```
-Looking to use Redisreg; in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
 ## Introduction
@@ -37,6 +37,8 @@ The main features of each chart are the following:
 | Single write point (single master)                     | Multiple write points (multiple masters)                               |
 | ![Redis&reg; Topology](img/redis-topology.png) | ![Redis&reg; Cluster Topology](img/redis-cluster-topology.png) |
 Looking to use Redisreg; in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
 ## Prerequisites
 - Kubernetes 1.23+
@@ -72,12 +74,11 @@ The command removes all the Kubernetes components associated with the chart and
 ### Global parameters
 | Name                      | Description                                            | Value |
-| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
+| ------------------------- | ------------------------------------------------------ | ----- |
 | `global.imageRegistry`    | Global Docker image registry                           | `""`  |
 | `global.imagePullSecrets` | Global Docker registry secret names as an array        | `[]`  |
 | `global.storageClass`     | Global StorageClass for Persistent Volume(s)           | `""`  |
 | `global.redis.password`   | Global Redis&reg; password (overrides `auth.password`) | `""`  |
 | `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
 ### Common parameters
@@ -86,7 +87,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `kubeVersion`             | Override Kubernetes version                                                                                    | `""`            |
 | `nameOverride`            | String to partially override common.names.fullname                                                             | `""`            |
 | `fullnameOverride`        | String to fully override common.names.fullname                                                                 | `""`            |
 | `namespaceOverride`       | String to fully override common.names.namespace                                                                | `""`            |
 | `commonLabels`            | Labels to add to all deployed objects                                                                          | `{}`            |
 | `commonAnnotations`       | Annotations to add to all deployed objects                                                                     | `{}`            |
 | `secretAnnotations`       | Annotations to add to secret                                                                                   | `{}`            |
@@ -121,14 +121,13 @@ The command removes all the Kubernetes components associated with the chart and
 | `auth.existingSecret`            | The name of an existing secret with Redis&reg; credentials                            | `""`          |
 | `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret                                     | `""`          |
 | `auth.usePasswordFiles`          | Mount credentials as files instead of using an environment variable                   | `false`       |
 | `auth.usePasswordFileFromSecret` | Mount password file from secret                                                       | `true`        |
 | `commonConfiguration`            | Common configuration to be added into the ConfigMap                                   | `""`          |
 | `existingConfigmap`              | The name of an existing ConfigMap with your custom configuration for Redis&reg; nodes | `""`          |
 ### Redis&reg; master configuration parameters
 | Name                                                       | Description                                                                                           | Value                    |
-| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
+| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
 | `master.count`                                             | Number of Redis&reg; master instances to deploy (experimental, requires additional configuration)     | `1`                      |
 | `master.configuration`                                     | Configuration for Redis&reg; master nodes                                                             | `""`                     |
 | `master.disableCommands`                                   | Array with Redis&reg; commands to disable on master nodes                                             | `["FLUSHDB","FLUSHALL"]` |
@@ -162,20 +161,15 @@ The command removes all the Kubernetes components associated with the chart and
 | `master.customStartupProbe`                                | Custom startupProbe that overrides the default one                                                    | `{}`                     |
 | `master.customLivenessProbe`                               | Custom livenessProbe that overrides the default one                                                   | `{}`                     |
 | `master.customReadinessProbe`                              | Custom readinessProbe that overrides the default one                                                  | `{}`                     |
-| `master.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). | `none`                   |
+| `master.resources.limits`                                  | The resources limits for the Redis&reg; master containers                                             | `{}`                     |
-| `master.resources`                                         | Set container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                        | `{}`                     |
+| `master.resources.requests`                                | The requested resources for the Redis&reg; master containers                                          | `{}`                     |
 | `master.podSecurityContext.enabled`                        | Enabled Redis&reg; master pods' Security Context                                                      | `true`                   |
 | `master.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy                                                                                                                                                                                       | `Always`                 |
 | `master.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface                                                                                                                                                                           | `[]`                     |
 | `master.podSecurityContext.supplementalGroups`             | Set filesystem extra groups                                                                                                                                                                                              | `[]`                     |
 | `master.podSecurityContext.fsGroup`                        | Set Redis&reg; master pod's Security Context fsGroup                                                  | `1001`                   |
 | `master.containerSecurityContext.enabled`                  | Enabled Redis&reg; master containers' Security Context                                                | `true`                   |
 | `master.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                         | `nil`                    |
 | `master.containerSecurityContext.runAsUser`                | Set Redis&reg; master containers' Security Context runAsUser                                          | `1001`                   |
 | `master.containerSecurityContext.runAsGroup`               | Set Redis&reg; master containers' Security Context runAsGroup                                         | `0`                      |
 | `master.containerSecurityContext.runAsNonRoot`             | Set Redis&reg; master containers' Security Context runAsNonRoot                                       | `true`                   |
 | `master.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate Redis&reg; pod(s) privileges                                               | `false`                  |
 | `master.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context read-only root filesystem                                                                                                                                                               | `false`                  |
 | `master.containerSecurityContext.seccompProfile.type`      | Set Redis&reg; master containers' Security Context seccompProfile                                     | `RuntimeDefault`         |
 | `master.containerSecurityContext.capabilities.drop`        | Set Redis&reg; master containers' Security Context capabilities to drop                               | `["ALL"]`                |
 | `master.kind`                                              | Use either Deployment, StatefulSet (default) or DaemonSet                                             | `StatefulSet`            |
@@ -183,7 +177,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `master.updateStrategy.type`                               | Redis&reg; master statefulset strategy type                                                           | `RollingUpdate`          |
 | `master.minReadySeconds`                                   | How many seconds a pod needs to be ready before killing the next, during update                       | `0`                      |
 | `master.priorityClassName`                                 | Redis&reg; master pods' priorityClassName                                                             | `""`                     |
 | `master.automountServiceAccountToken`                      | Mount Service Account token in pod                                                                                                                                                                                       | `false`                  |
 | `master.hostAliases`                                       | Redis&reg; master pods host aliases                                                                   | `[]`                     |
 | `master.podLabels`                                         | Extra labels for Redis&reg; master pods                                                               | `{}`                     |
 | `master.podAnnotations`                                    | Annotations for Redis&reg; master pods                                                                | `{}`                     |
@@ -229,22 +222,21 @@ The command removes all the Kubernetes components associated with the chart and
 | `master.service.internalTrafficPolicy`                     | Redis&reg; master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster`                |
 | `master.service.clusterIP`                                 | Redis&reg; master service Cluster IP                                                                  | `""`                     |
 | `master.service.loadBalancerIP`                            | Redis&reg; master service Load Balancer IP                                                            | `""`                     |
 | `master.service.loadBalancerClass`                         | master service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)                                                                                                                          | `""`                     |
 | `master.service.loadBalancerSourceRanges`                  | Redis&reg; master service Load Balancer sources                                                       | `[]`                     |
 | `master.service.externalIPs`                               | Redis&reg; master service External IPs                                                                | `[]`                     |
 | `master.service.annotations`                               | Additional custom annotations for Redis&reg; master service                                           | `{}`                     |
 | `master.service.sessionAffinity`                           | Session Affinity for Kubernetes service, can be "None" or "ClientIP"                                  | `None`                   |
 | `master.service.sessionAffinityConfig`                     | Additional settings for the sessionAffinity                                                           | `{}`                     |
 | `master.terminationGracePeriodSeconds`                     | Integer setting the termination grace period for the redis-master pods                                | `30`                     |
-| `master.serviceAccount.create`                             | Specifies whether a ServiceAccount should be created                                                                                                                                                                     | `true`                   |
+| `master.serviceAccount.create`                             | Specifies whether a ServiceAccount should be created                                                  | `false`                  |
 | `master.serviceAccount.name`                               | The name of the ServiceAccount to use.                                                                | `""`                     |
-| `master.serviceAccount.automountServiceAccountToken`       | Whether to auto mount the service account token                                                                                                                                                                          | `false`                  |
+| `master.serviceAccount.automountServiceAccountToken`       | Whether to auto mount the service account token                                                       | `true`                   |
 | `master.serviceAccount.annotations`                        | Additional custom annotations for the ServiceAccount                                                  | `{}`                     |
 ### Redis&reg; replicas configuration parameters
 | Name                                                        | Description                                                                                             | Value                    |
-| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
+| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------------ |
 | `replica.kind`                                              | Use either DaemonSet or StatefulSet (default)                                                           | `StatefulSet`            |
 | `replica.replicaCount`                                      | Number of Redis&reg; replicas to deploy                                                                 | `3`                      |
 | `replica.configuration`                                     | Configuration for Redis&reg; replicas nodes                                                             | `""`                     |
@@ -282,20 +274,15 @@ The command removes all the Kubernetes components associated with the chart and
 | `replica.customStartupProbe`                                | Custom startupProbe that overrides the default one                                                      | `{}`                     |
 | `replica.customLivenessProbe`                               | Custom livenessProbe that overrides the default one                                                     | `{}`                     |
 | `replica.customReadinessProbe`                              | Custom readinessProbe that overrides the default one                                                    | `{}`                     |
-| `replica.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if replica.resources is set (replica.resources is recommended for production). | `none`                   |
+| `replica.resources.limits`                                  | The resources limits for the Redis&reg; replicas containers                                             | `{}`                     |
-| `replica.resources`                                         | Set container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                          | `{}`                     |
+| `replica.resources.requests`                                | The requested resources for the Redis&reg; replicas containers                                          | `{}`                     |
 | `replica.podSecurityContext.enabled`                        | Enabled Redis&reg; replicas pods' Security Context                                                      | `true`                   |
 | `replica.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy                                                                                                                                                                                         | `Always`                 |
 | `replica.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface                                                                                                                                                                             | `[]`                     |
 | `replica.podSecurityContext.supplementalGroups`             | Set filesystem extra groups                                                                                                                                                                                                | `[]`                     |
 | `replica.podSecurityContext.fsGroup`                        | Set Redis&reg; replicas pod's Security Context fsGroup                                                  | `1001`                   |
 | `replica.containerSecurityContext.enabled`                  | Enabled Redis&reg; replicas containers' Security Context                                                | `true`                   |
 | `replica.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                           | `nil`                    |
 | `replica.containerSecurityContext.runAsUser`                | Set Redis&reg; replicas containers' Security Context runAsUser                                          | `1001`                   |
 | `replica.containerSecurityContext.runAsGroup`               | Set Redis&reg; replicas containers' Security Context runAsGroup                                         | `0`                      |
 | `replica.containerSecurityContext.runAsNonRoot`             | Set Redis&reg; replicas containers' Security Context runAsNonRoot                                       | `true`                   |
 | `replica.containerSecurityContext.allowPrivilegeEscalation` | Set Redis&reg; replicas pod's Security Context allowPrivilegeEscalation                                 | `false`                  |
 | `replica.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context read-only root filesystem                                                                                                                                                                 | `false`                  |
 | `replica.containerSecurityContext.seccompProfile.type`      | Set Redis&reg; replicas containers' Security Context seccompProfile                                     | `RuntimeDefault`         |
 | `replica.containerSecurityContext.capabilities.drop`        | Set Redis&reg; replicas containers' Security Context capabilities to drop                               | `["ALL"]`                |
 | `replica.schedulerName`                                     | Alternate scheduler for Redis&reg; replicas pods                                                        | `""`                     |
@@ -303,7 +290,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `replica.minReadySeconds`                                   | How many seconds a pod needs to be ready before killing the next, during update                         | `0`                      |
 | `replica.priorityClassName`                                 | Redis&reg; replicas pods' priorityClassName                                                             | `""`                     |
 | `replica.podManagementPolicy`                               | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods                         | `""`                     |
 | `replica.automountServiceAccountToken`                      | Mount Service Account token in pod                                                                                                                                                                                         | `false`                  |
 | `replica.hostAliases`                                       | Redis&reg; replicas pods host aliases                                                                   | `[]`                     |
 | `replica.podLabels`                                         | Extra labels for Redis&reg; replicas pods                                                               | `{}`                     |
 | `replica.podAnnotations`                                    | Annotations for Redis&reg; replicas pods                                                                | `{}`                     |
@@ -349,7 +335,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `replica.service.extraPorts`                                | Extra ports to expose (normally used with the `sidecar` value)                                          | `[]`                     |
 | `replica.service.clusterIP`                                 | Redis&reg; replicas service Cluster IP                                                                  | `""`                     |
 | `replica.service.loadBalancerIP`                            | Redis&reg; replicas service Load Balancer IP                                                            | `""`                     |
 | `replica.service.loadBalancerClass`                         | replicas service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)                                                                                                                          | `""`                     |
 | `replica.service.loadBalancerSourceRanges`                  | Redis&reg; replicas service Load Balancer sources                                                       | `[]`                     |
 | `replica.service.annotations`                               | Additional custom annotations for Redis&reg; replicas service                                           | `{}`                     |
 | `replica.service.sessionAffinity`                           | Session Affinity for Kubernetes service, can be "None" or "ClientIP"                                    | `None`                   |
@@ -360,15 +345,15 @@ The command removes all the Kubernetes components associated with the chart and
 | `replica.autoscaling.maxReplicas`                           | Maximum replicas for the pod autoscaling                                                                | `11`                     |
 | `replica.autoscaling.targetCPU`                             | Percentage of CPU to consider when autoscaling                                                          | `""`                     |
 | `replica.autoscaling.targetMemory`                          | Percentage of Memory to consider when autoscaling                                                       | `""`                     |
-| `replica.serviceAccount.create`                             | Specifies whether a ServiceAccount should be created                                                                                                                                                                       | `true`                   |
+| `replica.serviceAccount.create`                             | Specifies whether a ServiceAccount should be created                                                    | `false`                  |
 | `replica.serviceAccount.name`                               | The name of the ServiceAccount to use.                                                                  | `""`                     |
-| `replica.serviceAccount.automountServiceAccountToken`       | Whether to auto mount the service account token                                                                                                                                                                            | `false`                  |
+| `replica.serviceAccount.automountServiceAccountToken`       | Whether to auto mount the service account token                                                         | `true`                   |
 | `replica.serviceAccount.annotations`                        | Additional custom annotations for the ServiceAccount                                                    | `{}`                     |
 ### Redis&reg; Sentinel configuration parameters
 | Name                                                         | Description                                                                                                                                 | Value                            |
-| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
+| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
 | `sentinel.enabled`                                           | Use Redis&reg; Sentinel on Redis&reg; pods.                                                                                                 | `false`                          |
 | `sentinel.image.registry`                                    | Redis&reg; Sentinel image registry                                                                                                          | `REGISTRY_NAME`                  |
 | `sentinel.image.repository`                                  | Redis&reg; Sentinel image repository                                                                                                        | `REPOSITORY_NAME/redis-sentinel` |
@@ -431,14 +416,12 @@ The command removes all the Kubernetes components associated with the chart and
 | `sentinel.persistentVolumeClaimRetentionPolicy.enabled`      | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet                                                                  | `false`                          |
 | `sentinel.persistentVolumeClaimRetentionPolicy.whenScaled`   | Volume retention behavior when the replica count of the StatefulSet is reduced                                                              | `Retain`                         |
 | `sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted`  | Volume retention behavior that applies when the StatefulSet is deleted                                                                      | `Retain`                         |
-| `sentinel.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sentinel.resources is set (sentinel.resources is recommended for production). | `none`                           |
+| `sentinel.resources.limits`                                  | The resources limits for the Redis&reg; Sentinel containers                                                                                 | `{}`                             |
-| `sentinel.resources`                                         | Set container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                            | `{}`                             |
+| `sentinel.resources.requests`                                | The requested resources for the Redis&reg; Sentinel containers                                                                              | `{}`                             |
 | `sentinel.containerSecurityContext.enabled`                  | Enabled Redis&reg; Sentinel containers' Security Context                                                                                    | `true`                           |
 | `sentinel.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                             | `nil`                            |
 | `sentinel.containerSecurityContext.runAsUser`                | Set Redis&reg; Sentinel containers' Security Context runAsUser                                                                              | `1001`                           |
 | `sentinel.containerSecurityContext.runAsGroup`               | Set Redis&reg; Sentinel containers' Security Context runAsGroup                                                                             | `0`                              |
 | `sentinel.containerSecurityContext.runAsNonRoot`             | Set Redis&reg; Sentinel containers' Security Context runAsNonRoot                                                                           | `true`                           |
 | `sentinel.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context read-only root filesystem                                                                                                                                                                   | `false`                          |
 | `sentinel.containerSecurityContext.allowPrivilegeEscalation` | Set Redis&reg; Sentinel containers' Security Context allowPrivilegeEscalation                                                               | `false`                          |
 | `sentinel.containerSecurityContext.seccompProfile.type`      | Set Redis&reg; Sentinel containers' Security Context seccompProfile                                                                         | `RuntimeDefault`                 |
 | `sentinel.containerSecurityContext.capabilities.drop`        | Set Redis&reg; Sentinel containers' Security Context capabilities to drop                                                                   | `["ALL"]`                        |
@@ -453,9 +436,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `sentinel.service.externalTrafficPolicy`                     | Redis&reg; Sentinel service external traffic policy                                                                                         | `Cluster`                        |
 | `sentinel.service.extraPorts`                                | Extra ports to expose (normally used with the `sidecar` value)                                                                              | `[]`                             |
 | `sentinel.service.clusterIP`                                 | Redis&reg; Sentinel service Cluster IP                                                                                                      | `""`                             |
 | `sentinel.service.createMaster`                              | Enable master service pointing to the current master (experimental)                                                                                                                                                          | `false`                          |
 | `sentinel.service.loadBalancerIP`                            | Redis&reg; Sentinel service Load Balancer IP                                                                                                | `""`                             |
 | `sentinel.service.loadBalancerClass`                         | sentinel service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)                                                                                                                            | `""`                             |
 | `sentinel.service.loadBalancerSourceRanges`                  | Redis&reg; Sentinel service Load Balancer sources                                                                                           | `[]`                             |
 | `sentinel.service.annotations`                               | Additional custom annotations for Redis&reg; Sentinel service                                                                               | `{}`                             |
 | `sentinel.service.sessionAffinity`                           | Session Affinity for Kubernetes service, can be "None" or "ClientIP"                                                                        | `None`                           |
@@ -468,9 +449,8 @@ The command removes all the Kubernetes components associated with the chart and
 | Name                                            | Description                                                                                                                                 | Value   |
 | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
 | `serviceBindings.enabled`                       | Create secret for service binding (Experimental)                                                                                            | `false` |
-| `networkPolicy.enabled`                         | Enable creation of NetworkPolicy resources                                                                                                  | `true`  |
+| `networkPolicy.enabled`                         | Enable creation of NetworkPolicy resources                                                                                                  | `false` |
 | `networkPolicy.allowExternal`                   | Don't require client label for connections                                                                                                  | `true`  |
 | `networkPolicy.allowExternalEgress`             | Allow the pod to access any range of port and all destinations.                                                                             | `true`  |
 | `networkPolicy.extraIngress`                    | Add extra ingress rules to the NetworkPolicy                                                                                                | `[]`    |
 | `networkPolicy.extraEgress`                     | Add extra egress rules to the NetworkPolicy                                                                                                 | `[]`    |
 | `networkPolicy.ingressNSMatchLabels`            | Labels to match to allow traffic from other namespaces                                                                                      | `{}`    |
@@ -484,7 +464,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `rbac.rules`                                    | Custom RBAC rules to set                                                                                                                    | `[]`    |
 | `serviceAccount.create`                         | Specifies whether a ServiceAccount should be created                                                                                        | `true`  |
 | `serviceAccount.name`                           | The name of the ServiceAccount to use.                                                                                                      | `""`    |
-| `serviceAccount.automountServiceAccountToken`   | Whether to auto mount the service account token                                                                                             | `false` |
+| `serviceAccount.automountServiceAccountToken`   | Whether to auto mount the service account token                                                                                             | `true`  |
 | `serviceAccount.annotations`                    | Additional custom annotations for the ServiceAccount                                                                                        | `{}`    |
 | `pdb.create`                                    | Specifies whether a PodDisruptionBudget should be created                                                                                   | `false` |
 | `pdb.minAvailable`                              | Min number of pods that must still be available after the eviction                                                                          | `1`     |
@@ -502,14 +482,13 @@ The command removes all the Kubernetes components associated with the chart and
 ### Metrics Parameters
 | Name                                                        | Description                                                                                                         | Value                            |
-| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
+| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
 | `metrics.enabled`                                           | Start a sidecar prometheus exporter to expose Redis&reg; metrics                                                    | `false`                          |
 | `metrics.image.registry`                                    | Redis&reg; Exporter image registry                                                                                  | `REGISTRY_NAME`                  |
 | `metrics.image.repository`                                  | Redis&reg; Exporter image repository                                                                                | `REPOSITORY_NAME/redis-exporter` |
 | `metrics.image.digest`                                      | Redis&reg; Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                             |
 | `metrics.image.pullPolicy`                                  | Redis&reg; Exporter image pull policy                                                                               | `IfNotPresent`                   |
 | `metrics.image.pullSecrets`                                 | Redis&reg; Exporter image pull secrets                                                                              | `[]`                             |
 | `metrics.containerPorts.http`                               | Metrics HTTP container port                                                                                                                                                                                                | `9121`                           |
 | `metrics.startupProbe.enabled`                              | Enable startupProbe on Redis&reg; replicas nodes                                                                    | `false`                          |
 | `metrics.startupProbe.initialDelaySeconds`                  | Initial delay seconds for startupProbe                                                                              | `10`                             |
 | `metrics.startupProbe.periodSeconds`                        | Period seconds for startupProbe                                                                                     | `10`                             |
@@ -536,31 +515,26 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.extraArgs`                                         | Extra arguments for Redis&reg; exporter, for example:                                                               | `{}`                             |
 | `metrics.extraEnvVars`                                      | Array with extra environment variables to add to Redis&reg; exporter                                                | `[]`                             |
 | `metrics.containerSecurityContext.enabled`                  | Enabled Redis&reg; exporter containers' Security Context                                                            | `true`                           |
 | `metrics.containerSecurityContext.seLinuxOptions`           | Set SELinux options in container                                                                                                                                                                                           | `nil`                            |
 | `metrics.containerSecurityContext.runAsUser`                | Set Redis&reg; exporter containers' Security Context runAsUser                                                      | `1001`                           |
 | `metrics.containerSecurityContext.runAsGroup`               | Set Redis&reg; exporter containers' Security Context runAsGroup                                                     | `0`                              |
 | `metrics.containerSecurityContext.runAsNonRoot`             | Set Redis&reg; exporter containers' Security Context runAsNonRoot                                                   | `true`                           |
 | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Redis&reg; exporter containers' Security Context allowPrivilegeEscalation                                       | `false`                          |
 | `metrics.containerSecurityContext.readOnlyRootFilesystem`   | Set container's Security Context read-only root filesystem                                                                                                                                                                 | `false`                          |
 | `metrics.containerSecurityContext.seccompProfile.type`      | Set Redis&reg; exporter containers' Security Context seccompProfile                                                 | `RuntimeDefault`                 |
 | `metrics.containerSecurityContext.capabilities.drop`        | Set Redis&reg; exporter containers' Security Context capabilities to drop                                           | `["ALL"]`                        |
 | `metrics.extraVolumes`                                      | Optionally specify extra list of additional volumes for the Redis&reg; metrics sidecar                              | `[]`                             |
 | `metrics.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the Redis&reg; metrics sidecar                         | `[]`                             |
-| `metrics.resourcesPreset`                                   | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none`                           |
+| `metrics.resources.limits`                                  | The resources limits for the Redis&reg; exporter container                                                          | `{}`                             |
-| `metrics.resources`                                         | Set container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                          | `{}`                             |
+| `metrics.resources.requests`                                | The requested resources for the Redis&reg; exporter container                                                       | `{}`                             |
 | `metrics.podLabels`                                         | Extra labels for Redis&reg; exporter pods                                                                           | `{}`                             |
 | `metrics.podAnnotations`                                    | Annotations for Redis&reg; exporter pods                                                                            | `{}`                             |
 | `metrics.service.enabled`                                   | Create Service resource(s) for scraping metrics using PrometheusOperator ServiceMonitor, can be disabled when using a PodMonitor                                                                                           | `true`                           |
 | `metrics.service.type`                                      | Redis&reg; exporter service type                                                                                    | `ClusterIP`                      |
-| `metrics.service.ports.http`                                | Redis&reg; exporter service port                                                                                                                                                                                           | `9121`                           |
+| `metrics.service.port`                                      | Redis&reg; exporter service port                                                                                    | `9121`                           |
 | `metrics.service.externalTrafficPolicy`                     | Redis&reg; exporter service external traffic policy                                                                 | `Cluster`                        |
 | `metrics.service.extraPorts`                                | Extra ports to expose (normally used with the `sidecar` value)                                                      | `[]`                             |
 | `metrics.service.loadBalancerIP`                            | Redis&reg; exporter service Load Balancer IP                                                                        | `""`                             |
 | `metrics.service.loadBalancerClass`                         | exporter service Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)                                                                                                                          | `""`                             |
 | `metrics.service.loadBalancerSourceRanges`                  | Redis&reg; exporter service Load Balancer sources                                                                   | `[]`                             |
 | `metrics.service.annotations`                               | Additional custom annotations for Redis&reg; exporter service                                                       | `{}`                             |
 | `metrics.service.clusterIP`                                 | Redis&reg; exporter service Cluster IP                                                                              | `""`                             |
 | `metrics.serviceMonitor.port`                               | the service port to scrape metrics from                                                                                                                                                                                    | `http-metrics`                   |
 | `metrics.serviceMonitor.enabled`                            | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator                                     | `false`                          |
 | `metrics.serviceMonitor.namespace`                          | The namespace in which the ServiceMonitor will be created                                                           | `""`                             |
 | `metrics.serviceMonitor.interval`                           | The interval at which metrics should be scraped                                                                     | `30s`                            |
@@ -572,8 +546,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.serviceMonitor.podTargetLabels`                    | Labels from the Kubernetes pod to be transferred to the created metrics                                             | `[]`                             |
 | `metrics.serviceMonitor.sampleLimit`                        | Limit of how many samples should be scraped from every Pod                                                          | `false`                          |
 | `metrics.serviceMonitor.targetLimit`                        | Limit of how many targets should be scraped                                                                         | `false`                          |
 | `metrics.serviceMonitor.additionalEndpoints`                | Additional endpoints to scrape (e.g sentinel)                                                                                                                                                                              | `[]`                             |
 | `metrics.podMonitor.port`                                   | the pod port to scrape metrics from                                                                                                                                                                                        | `metrics`                        |
 | `metrics.podMonitor.enabled`                                | Create PodMonitor resource(s) for scraping metrics using PrometheusOperator                                         | `false`                          |
 | `metrics.podMonitor.namespace`                              | The namespace in which the PodMonitor will be created                                                               | `""`                             |
 | `metrics.podMonitor.interval`                               | The interval at which metrics should be scraped                                                                     | `30s`                            |
@@ -585,7 +557,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.podMonitor.podTargetLabels`                        | Labels from the Kubernetes pod to be transferred to the created metrics                                             | `[]`                             |
 | `metrics.podMonitor.sampleLimit`                            | Limit of how many samples should be scraped from every Pod                                                          | `false`                          |
 | `metrics.podMonitor.targetLimit`                            | Limit of how many targets should be scraped                                                                         | `false`                          |
 | `metrics.podMonitor.additionalEndpoints`                    | Additional endpoints to scrape (e.g sentinel)                                                                                                                                                                              | `[]`                             |
 | `metrics.prometheusRule.enabled`                            | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator                               | `false`                          |
 | `metrics.prometheusRule.namespace`                          | The namespace in which the prometheusRule will be created                                                           | `""`                             |
 | `metrics.prometheusRule.additionalLabels`                   | Additional labels for the prometheusRule                                                                            | `{}`                             |
@@ -594,25 +565,16 @@ The command removes all the Kubernetes components associated with the chart and
 ### Init Container Parameters
 | Name                                                   | Description                                                                                                        | Value                      |
-| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- |
+| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | -------------------------- |
 | `volumePermissions.enabled`                            | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`                    | `false`                    |
 | `volumePermissions.image.registry`                     | OS Shell + Utility image registry                                                                                  | `REGISTRY_NAME`            |
 | `volumePermissions.image.repository`                   | OS Shell + Utility image repository                                                                                | `REPOSITORY_NAME/os-shell` |
 | `volumePermissions.image.digest`                       | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                       |
 | `volumePermissions.image.pullPolicy`                   | OS Shell + Utility image pull policy                                                                               | `IfNotPresent`             |
 | `volumePermissions.image.pullSecrets`                  | OS Shell + Utility image pull secrets                                                                              | `[]`                       |
-| `volumePermissions.resourcesPreset`                         | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none`                                                            |
+| `volumePermissions.resources.limits`                   | The resources limits for the init container                                                                        | `{}`                       |
-| `volumePermissions.resources`                               | Set container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                                              | `{}`                                                              |
+| `volumePermissions.resources.requests`                 | The requested resources for the init container                                                                     | `{}`                       |
 | `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container                                                                                                                                                                                                               | `nil`                                                             |
 | `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser                                                                    | `0`                        |
 | `kubectl.image.registry`                                    | Kubectl image registry                                                                                                                                                                                                                         | `REGISTRY_NAME`                                                   |
 | `kubectl.image.repository`                                  | Kubectl image repository                                                                                                                                                                                                                       | `REPOSITORY_NAME/kubectl`                                         |
 | `kubectl.image.digest`                                      | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                                                                                                                        | `""`                                                              |
 | `kubectl.image.pullPolicy`                                  | Kubectl image pull policy                                                                                                                                                                                                                      | `IfNotPresent`                                                    |
 | `kubectl.image.pullSecrets`                                 | Kubectl pull secrets                                                                                                                                                                                                                           | `[]`                                                              |
 | `kubectl.command`                                           | kubectl command to execute                                                                                                                                                                                                                     | `["/opt/bitnami/scripts/kubectl-scripts/update-master-label.sh"]` |
 | `kubectl.resources.limits`                                  | The resources limits for the kubectl containers                                                                                                                                                                                                | `{}`                                                              |
 | `kubectl.resources.requests`                                | The requested resources for the kubectl containers                                                                                                                                                                                             | `{}`                                                              |
 | `sysctl.enabled`                                       | Enable init container to modify Kernel settings                                                                    | `false`                    |
 | `sysctl.image.registry`                                | OS Shell + Utility image registry                                                                                  | `REGISTRY_NAME`            |
 | `sysctl.image.repository`                              | OS Shell + Utility image repository                                                                                | `REPOSITORY_NAME/os-shell` |
@@ -621,8 +583,8 @@ The command removes all the Kubernetes components associated with the chart and
 | `sysctl.image.pullSecrets`                             | OS Shell + Utility image pull secrets                                                                              | `[]`                       |
 | `sysctl.command`                                       | Override default init-sysctl container command (useful when using custom images)                                   | `[]`                       |
 | `sysctl.mountHostSys`                                  | Mount the host `/sys` folder to `/host-sys`                                                                        | `false`                    |
-| `sysctl.resourcesPreset`                                    | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production).                       | `none`                                                            |
+| `sysctl.resources.limits`                              | The resources limits for the init container                                                                        | `{}`                       |
-| `sysctl.resources`                                          | Set container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                                              | `{}`                                                              |
+| `sysctl.resources.requests`                            | The requested resources for the init container                                                                     | `{}`                       |
 ### useExternalDNS Parameters
@@ -654,17 +616,11 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/redis
 ```
 > Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
-> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/redis/values.yaml)
+> **Tip**: You can use the default [values.yaml](values.yaml)
 ## Configuration and installation details
-### Resource requests and limits
+### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
 Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
 To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
 ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
 It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
@@ -672,7 +628,7 @@ Bitnami will release a new chart updating its containers if a new version of the
 ### Use a different Redis&reg; version
-To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter.
+To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/redis/configuration/change-image-version/).
 ### Bootstrapping with an External Cluster
@@ -774,27 +730,13 @@ It's recommended to only change `master.count` if you know what you are doing.
 ### Using a password file
-To use a password file for Redis&reg; you need to create a secret containing the password and then deploy the chart using that secret. Follow these instructions:
+To use a password file for Redis&reg; you need to create a secret containing the password and then deploy the chart using that secret.
- Create the secret with the password. It is important that the file with the password must be called `redis-password`.
+Refer to the chart documentation for more information on [using a password file for Redis&reg;](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/use-password-file/).
 ```console
 kubectl create secret generic redis-password-secret --from-file=redis-password.yaml
 ```
 - Deploy the Helm Chart using the secret name as parameter:
 ```text
 usePassword=true
 usePasswordFile=true
 existingSecret=redis-password-secret
 sentinels.enabled=true
 metrics.enabled=true
 ```
 ### Securing traffic using TLS
-TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster:
+TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart:
 - `tls.enabled`: Enable TLS support. Defaults to `false`
 - `tls.existingSecret`: Name of the secret that contains the certificates. No defaults.
@@ -802,23 +744,7 @@ TLS support can be enabled in the chart by specifying the `tls.` parameters whil
 - `tls.certKeyFilename`: Certificate key filename. No defaults.
 - `tls.certCAFilename`: CA Certificate filename. No defaults.
-For example:
+Refer to the chart documentation for more information on [creating the secret and a TLS deployment example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-tls/).
 First, create the secret with the certificates files:
 ```console
 kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem
 ```
 Then, use the following parameters:
 ```console
 tls.enabled="true"
 tls.existingSecret="certificates-tls-secret"
 tls.certFilename="cert.pem"
 tls.certKeyFilename="cert.key"
 tls.certCAFilename="ca.pem"
 ```
 ### Metrics
@@ -834,65 +760,11 @@ tls-client-cert-file
 tls-ca-cert-file
 ```
 ### Deploy a custom metrics script in the sidecar
 A custom Lua script can be added to the `redis-exporter` sidecar by way of the `metrics.extraArgs.script` parameter.  The pathname of the script must exist on the container, or the `redis_exporter` process (and therefore the whole pod) will refuse to start.  The script can be provided to the sidecar containers via the `metrics.extraVolumes` and `metrics.extraVolumeMounts` parameters:
 ```yaml
 metrics:
  extraVolumeMounts:
    - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}'
      mountPath: '{{ printf "/mnt/%s/" (include "common.names.name" .) }}'
      readOnly: true
  extraVolumes:
    - name: '{{ printf "%s-metrics-script-file" (include "common.names.fullname" .) }}'
      configMap:
        name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}'
  extraArgs:
    script: '{{ printf "/mnt/%s/my_custom_metrics.lua" (include "common.names.name" .) }}'
 ```
 Then deploy the script into the correct location via `extraDeploy`:
 ```yaml
 extraDeploy:
  - apiVersion: v1
    kind: ConfigMap
    metadata:
      name: '{{ printf "%s-metrics-script" (include "common.names.fullname" .) }}'
    data:
      my_custom_metrics.lua: |
        -- LUA SCRIPT CODE HERE, e.g.,
        return {'bitnami_makes_the_best_charts', '1'}
 ```
 ### Host Kernel Settings
-Redis&reg; may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. To do so, you can set up a privileged `initContainer` with the `sysctlImage` config values, for example:
+Redis&reg; may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages.
-```yaml
+Refer to the chart documentation for more information on [configuring host kernel settings with an example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/configure-kernel-settings/).
 sysctlImage:
  enabled: true
  mountHostSys: true
  command:
    - /bin/sh
    - -c
    - |-
      install_packages procps
      sysctl -w net.core.somaxconn=10000
      echo never > /host-sys/kernel/mm/transparent_hugepage/enabled
 ```
 Alternatively, for Kubernetes 1.12+ you can set `securityContext.sysctls` which will configure `sysctls` for master and slave pods. Example:
 ```yaml
 securityContext:
  sysctls:
  - name: net.core.somaxconn
    value: "10000"
 ```
 Note that this will not disable transparent huge tables.
 ## Persistence
@@ -912,115 +784,13 @@ helm install my-release --set master.persistence.existingClaim=PVC_NAME oci://RE
 ## Backup and restore
-To backup and restore Redis deployments on Kubernetes, you will need to create a snapshot of the data in the source cluster, and later restore it in a new cluster with the new parameters. Follow the instructions below:
+Refer to the chart documentation for more information on [backing up and restoring Redis&reg; deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/backup-restore/).
 ### Step 1: Backup the deployment
 - Connect to one of the nodes and start the Redis CLI tool. Then, run the commands below:
    ```text
    $ kubectl exec -it my-release-master-0 bash
    $ redis-cli
    127.0.0.1:6379> auth your_current_redis_password
    OK
    127.0.0.1:6379> save
    OK
    ```
 - Copy the dump file from the Redis node:
    ```console
    kubectl cp my-release-master-0:/data/dump.rdb dump.rdb -c redis
    ```
 ### Step 2: Restore the data on the destination cluster
 To restore the data in a new cluster, you will need to create a PVC and then upload the *dump.rdb* file to the new volume.
 Follow the following steps:
 - In the [*values.yaml*](https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml) file set the *appendonly* parameter to *no*. You can skip this step if it is already configured as *no*
    ```yaml
    commonConfiguration: |-
       # Enable AOF https://redis.io/topics/persistence#append-only-file
       appendonly no
       # Disable RDB persistence, AOF persistence already enabled.
       save ""
    ```
    > *Note that the `Enable AOF` comment belongs to the original config file and what you're actually doing is disabling it. This change will only be neccessary for the temporal cluster you're creating to upload the dump.*
 - Start the new cluster to create the PVCs. Use the command below as an example:
    ```console
    helm install new-redis  -f values.yaml .  --set cluster.enabled=true  --set cluster.slaveCount=3
    ```
 - Now that the PVC were created, stop it and copy the *dump.rdp* file on the persisted data by using a helping pod.
    ```text
    $ helm delete new-redis
    $ kubectl run --generator=run-pod/v1 -i --rm --tty volpod --overrides='
    {
        "apiVersion": "v1",
        "kind": "Pod",
        "metadata": {
            "name": "redisvolpod"
        },
        "spec": {
            "containers": [{
               "command": [
                    "tail",
                    "-f",
                    "/dev/null"
               ],
               "image": "bitnami/minideb",
               "name": "mycontainer",
               "volumeMounts": [{
                   "mountPath": "/mnt",
                   "name": "redisdata"
                }]
            }],
            "restartPolicy": "Never",
            "volumes": [{
                "name": "redisdata",
                "persistentVolumeClaim": {
                    "claimName": "redis-data-new-redis-master-0"
                }
            }]
        }
    }' --image="bitnami/minideb"
    $ kubectl cp dump.rdb redisvolpod:/mnt/dump.rdb
    $ kubectl delete pod volpod
    ```
 - Restart the cluster:
    > **INFO:** The *appendonly* parameter can be safely restored to your desired value.
    ```console
    helm install new-redis  -f values.yaml .  --set cluster.enabled=true  --set cluster.slaveCount=3
    ```
 ## NetworkPolicy
 To enable network policy for Redis&reg;, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`.
-With NetworkPolicy enabled, only pods with the generated client label will be able to connect to Redis. This label will be displayed in the output after a successful install.
+Refer to the chart documenation for more information on [enabling the network policy in Redis&reg; deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-network-policy/).
 With `networkPolicy.ingressNSMatchLabels` pods from other namespaces can connect to Redis. Set `networkPolicy.ingressNSPodMatchLabels` to match pod labels in matched namespace. For example, for a namespace labeled `redis=external` and pods in that namespace labeled `redis-client=true` the fields should be set:
 ```yaml
 networkPolicy:
  enabled: true
  ingressNSMatchLabels:
    redis: external
  ingressNSPodMatchLabels:
    redis-client: true
 ```
 ### Setting Pod's affinity
@@ -1094,7 +864,7 @@ The Redis&reg; sentinel exporter was removed in this version because the upstrea
  - `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones.
 - New parameters to add custom command, environment variables, sidecars, init containers, etc. were added.
 - Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels).
- values.yaml metadata was adapted to follow the format supported by [Readme Generator for Helm](https://github.com/bitnami/readme-generator-for-helm).
+- values.yaml metadata was adapted to follow the format supported by [Readme Generator for Helm](https://github.com/bitnami-labs/readme-generator-for-helm).
 Consequences:
@@ -1234,7 +1004,7 @@ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remo
 ## License
-Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+Copyright &copy; 2023 VMware, Inc.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/.helmignore
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/.helmignore
@@ -20,5 +20,3 @@
 .idea/
 *.tmproj
 .vscode/
 # img folder
 img/
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/Chart.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
  category: Infrastructure
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.19.0
+appVersion: 2.13.3
 description: A Library Helm Chart for grouping common logic between bitnami charts.
  This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.19.0
+version: 2.13.3
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/README.md
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/README.md
@@ -24,14 +24,14 @@ data:
  myvalue: "Hello World"
 ```
 Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
 ## Introduction
 This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
 Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
 ## Prerequisites
 - Kubernetes 1.23+
@@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""
 ## License
-Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+Copyright &copy; 2023 VMware, Inc.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_compatibility.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_compatibility.tpl
@@ -1,39 +0,0 @@
 {{/*
 Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 {{/* vim: set filetype=mustache: */}}
 {{/* 
 Return true if the detected platform is Openshift
 Usage:
 {{- include "common.compatibility.isOpenshift" . -}}
 */}}
 {{- define "common.compatibility.isOpenshift" -}}
 {{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
 {{- true -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
 Usage:
 {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
 */}}
 {{- define "common.compatibility.renderSecurityContext" -}}
 {{- $adaptedContext := .secContext -}}
 {{- if .context.Values.global.compatibility -}}
  {{- if .context.Values.global.compatibility.openshift -}}
    {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}}
      {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
      {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
      {{- if not .secContext.seLinuxOptions -}}
      {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
      {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{- omit $adaptedContext "enabled" | toYaml -}}
 {{- end -}}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_resources.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_resources.tpl
@@ -1,50 +0,0 @@
 {{/*
 Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Return a resource request/limit object based on a given preset.
 These presets are for basic testing and not meant to be used in production
 {{ include "common.resources.preset" (dict "type" "nano") -}}
 */}}
 {{- define "common.resources.preset" -}}
 {{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
 {{- $presets := dict 
  "nano" (dict 
      "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi")
   )
  "micro" (dict 
      "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi")
   )
  "small" (dict 
      "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi")
   )
  "medium" (dict 
      "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi")
   )
  "large" (dict 
      "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
   )
  "xlarge" (dict 
      "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
   )
  "2xlarge" (dict 
      "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
      "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
   )
 }}
 {{- if hasKey $presets .type -}}
 {{- index $presets .type | toYaml -}}
 {{- else -}}
 {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
 {{- end -}}
 {{- end -}}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_secrets.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_secrets.tpl
@@ -78,8 +78,6 @@ Params:
  - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
  - context - Context - Required - Parent context.
  - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
  - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
  - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
 The order in which this function returns a secret password:
  1. Already existing 'Secret' resource
     (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@@ -93,6 +91,7 @@ The order in which this function returns a secret password:
 {{- $password := "" }}
 {{- $subchart := "" }}
 {{- $failOnNew := default true .failOnNew }}
 {{- $chartName := default "" .chartName }}
 {{- $passwordLength := default 10 .length }}
 {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@@ -100,14 +99,12 @@ The order in which this function returns a secret password:
 {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
 {{- if $secretData }}
  {{- if hasKey $secretData .key }}
-    {{- $password = index $secretData .key | b64dec }}
+    {{- $password = index $secretData .key | quote }}
-  {{- else if not (eq .failOnNew false) }}
+  {{- else if $failOnNew }}
    {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
  {{- else if $providedPasswordValue }}
    {{- $password = $providedPasswordValue | toString }}
  {{- end -}}
 {{- else if $providedPasswordValue }}
-  {{- $password = $providedPasswordValue | toString }}
+  {{- $password = $providedPasswordValue | toString | b64enc | quote }}
 {{- else }}
  {{- if .context.Values.enabled }}
@@ -123,19 +120,12 @@ The order in which this function returns a secret password:
    {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
    {{- $password = randAscii $passwordLength }}
    {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
-    {{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
+    {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
  {{- else }}
-    {{- $password = randAlphaNum $passwordLength }}
+    {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
  {{- end }}
 {{- end -}}
 {{- if not .skipB64enc }}
 {{- $password = $password | b64enc }}
 {{- end -}}
 {{- if .skipQuote -}}
 {{- printf "%s" $password -}}
 {{- else -}}
 {{- printf "%s" $password | quote -}}
 {{- end -}}
 {{- end -}}
 {{/*
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_warnings.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/charts/common/templates/_warnings.tpl
@@ -13,70 +13,7 @@ Usage:
 {{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
 WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
-+info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
 {{- end }}
 {{- end -}}
 {{/*
 Warning about not setting the resource object in all deployments.
 Usage:
 {{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }}
 Example:
 {{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }}
 The list in the example assumes that the following values exist:
  - csiProvider.provider.resources
  - server.resources
  - volumePermissions.resources
  - resources
 */}}
 {{- define "common.warnings.resources" -}}
 {{- $values := .context.Values -}}
 {{- $printMessage := false -}}
 {{ $affectedSections := list -}}
 {{- range .sections -}}
  {{- if eq . "" -}}
    {{/* Case where the resources section is at the root (one main deployment in the chart) */}}
    {{- if not (index $values "resources") -}}
    {{- $affectedSections = append $affectedSections "resources" -}}
    {{- $printMessage = true -}}
    {{- end -}}
  {{- else -}}
    {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}}
    {{- $keys := split "." . -}}
    {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}}
    {{- $section := $values -}}
    {{- range $keys -}}
      {{- $section = index $section . -}}
    {{- end -}}
    {{- if not (index $section "resources") -}}
      {{/* If the section has enabled=false or replicaCount=0, do not include it */}}
      {{- if and (hasKey $section "enabled") -}}
        {{- if index $section "enabled" -}}
          {{/* enabled=true */}}
          {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
          {{- $printMessage = true -}}
        {{- end -}}
      {{- else if and (hasKey $section "replicaCount")  -}}
        {{/* We need a casting to int because number 0 is not treated as an int by default */}}
        {{- if (gt (index $section "replicaCount" | int) 0) -}}
          {{/* replicaCount > 0 */}}
          {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
          {{- $printMessage = true -}}
        {{- end -}}
      {{- else -}}
        {{/* Default case, add it to the affected sections */}}
        {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
        {{- $printMessage = true -}}
      {{- end -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{- if $printMessage }}
 WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
 {{- range $affectedSections }}
  - {{ . }}
 {{- end }}
 +info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 {{- end -}}
 {{- end -}}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/img/redis-cluster-topology.png
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/img/redis-cluster-topology.png
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/img/redis-topology.png
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/img/redis-topology.png
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/NOTES.txt
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/NOTES.txt
@@ -12,11 +12,11 @@ The chart has been deployed in diagnostic mode. All probes have been disabled an
 Get the list of pods by executing:
-  kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
+  kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
 Access the pod you want to debug by executing
-  kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
+  kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
 In order to replicate the container startup scripts execute this command:
@@ -53,28 +53,12 @@ For Redis Sentinel:
 {{- end }}
 {{- end }}
 {{- if and .Values.auth.usePasswordFiles (not .Values.auth.usePasswordFileFromSecret) (or (empty .Values.master.initContainers) (empty .Values.replica.initContainers)) }}
 -------------------------------------------------------------------------------
 WARNING
    By specifying ".Values.auth.usePasswordFiles=true" and ".Values.auth.usePasswordFileFromSecret=false"
    Redis is expecting that the password is mounted as a file in each pod
    (by default in /opt/bitnami/redis/secrets/redis-password)
    Ensure that you specify the respective initContainers in
    both .Values.master.initContainers and .Values.replica.initContainers
    in order to populate the contents of this file.
 -------------------------------------------------------------------------------
 {{- end }}
 {{- if eq .Values.architecture "replication" }}
 {{- if .Values.sentinel.enabled }}
 Redis&reg; can be accessed via port {{ .Values.sentinel.service.ports.redis }} on the following DNS name from within your cluster:
-    {{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} for read only operations
+    {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations
 For read/write operations, first access the Redis&reg; Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above.
@@ -82,15 +66,15 @@ For read/write operations, first access the Redis&reg; Sentinel cluster, which i
 Redis&reg; can be accessed on the following DNS names from within your cluster:
-    {{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }})
+    {{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }})
-    {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" . ) .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }})
+    {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }})
 {{- end }}
 {{- else }}
 Redis&reg; can be accessed via port {{ .Values.master.service.ports.redis }} on the following DNS name from within your cluster:
-    {{ template "common.names.fullname" . }}-master.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
+    {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
 {{- end }}
@@ -98,7 +82,7 @@ Redis&reg; can be accessed via port {{ .Values.master.service.ports.redis }} on
 To get your password run:
-    export REDIS_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d)
+    export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d)
 {{- end }}
@@ -106,15 +90,15 @@ To connect to your Redis&reg; server:
 1. Run a Redis&reg; pod that you can use as a client:
-   kubectl run --namespace {{ include "common.names.namespace" . }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity
+   kubectl run --namespace {{ .Release.Namespace }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity
 {{- if .Values.tls.enabled }}
   Copy your TLS certificates to the pod:
-   kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.cert redis-client:/tmp/client.cert
+   kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert redis-client:/tmp/client.cert
-   kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/client.key redis-client:/tmp/client.key
+   kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key redis-client:/tmp/client.key
-   kubectl cp --namespace {{ include "common.names.namespace" . }} /path/to/CA.cert redis-client:/tmp/CA.cert
+   kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert redis-client:/tmp/CA.cert
 {{- end }}
@@ -122,7 +106,7 @@ To connect to your Redis&reg; server:
   kubectl exec --tty -i redis-client \
   {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }}
-   --namespace {{ include "common.names.namespace" . }} -- bash
+   --namespace {{ .Release.Namespace }} -- bash
 2. Connect using the Redis&reg; CLI:
@@ -149,42 +133,42 @@ To connect to your database from outside the cluster execute the following comma
 {{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }}
 {{- if contains "NodePort" .Values.sentinel.service.type }}
-    export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-    export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
+    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
    {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 {{- else if contains "LoadBalancer" .Values.sentinel.service.type }}
  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-        Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
+        Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
-    export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
    {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 {{- else if contains "ClusterIP" .Values.sentinel.service.type }}
-    kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} &
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} &
    {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 {{- end }}
 {{- else }}
 {{- if contains "NodePort" .Values.master.service.type }}
-    export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-    export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }})
+    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }})
    {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 {{- else if contains "LoadBalancer" .Values.master.service.type }}
  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-        Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
+        Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}'
-    export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
    {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 {{- else if contains "ClusterIP" .Values.master.service.type }}
-    kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} &
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} &
    {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }}
 {{- end }}
@@ -205,4 +189,3 @@ No need to upgrade, ports and nodeports have been set from values
 YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED
 {{- end }}
 {{- end }}
 {{- include "common.warnings.resources" (dict "sections" (list "master" "metrics" "replica" "sentinel" "sysctl" "volumePermissions") "context" $) }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/_helpers.tpl
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/_helpers.tpl
@@ -33,13 +33,6 @@ Return the proper image name (for the init container volume-permissions image)
 {{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
 {{- end -}}
 {{/*
 Return kubectl image
 */}}
 {{- define "redis.kubectl.image" -}}
 {{ include "common.images.image" (dict "imageRoot" .Values.kubectl.image "global" .Values.global) }}
 {{- end -}}
 {{/*
 Return sysctl image
 */}}
@@ -247,7 +240,7 @@ Return Redis&reg; password
    {{- else if not (empty .Values.auth.password) -}}
        {{- .Values.auth.password -}}
    {{- else -}}
-        {{- include "getValueFromSecret" (dict "Namespace" (include "common.names.namespace" .) "Name" (include "redis.secretName" .) "Length" 10 "Key" (include "redis.secretPasswordKey" .))  -}}
+        {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "redis.secretName" .) "Length" 10 "Key" (include "redis.secretPasswordKey" .))  -}}
    {{- end -}}
 {{- end -}}
 {{- end }}
@@ -268,7 +261,6 @@ Compile all warnings into a single message, and call fail.
 {{- $messages := append $messages (include "redis.validateValues.architecture" .) -}}
 {{- $messages := append $messages (include "redis.validateValues.podSecurityPolicy.create" .) -}}
 {{- $messages := append $messages (include "redis.validateValues.tls" .) -}}
 {{- $messages := append $messages (include "redis.validateValues.createMaster" .) -}}
 {{- $messages := without $messages "" -}}
 {{- $message := join "\n" $messages -}}
@@ -320,16 +312,6 @@ redis: tls.enabled
 {{- end -}}
 {{- end -}}
 {{/* Validate values of Redis&reg; - master service enabled */}}
 {{- define "redis.validateValues.createMaster" -}}
 {{- if and .Values.sentinel.service.createMaster (or (not .Values.rbac.create) (not .Values.replica.automountServiceAccountToken) (not .Values.serviceAccount.create)) }}
 redis: sentinel.service.createMaster
    In order to redirect requests only to the master pod via the service, you also need to
    create rbac and serviceAccount. In addition, you need to enable
    replica.automountServiceAccountToken.
 {{- end -}}
 {{- end -}}
 {{/* Define the suffix utilized for external-dns */}}
 {{- define "redis.externalDNS.suffix" -}}
 {{ printf "%s.%s" (include "common.names.fullname" .) .Values.useExternalDNS.suffix }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/configmap.yaml
@@ -8,7 +8,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ printf "%s-configuration" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -48,13 +48,10 @@ data:
  sentinel.conf: |-
    dir "/tmp"
    port {{ .Values.sentinel.containerPorts.sentinel }}
-    sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }}
+    sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }}
    sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }}
    sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }}
    sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }}
    {{- if .Values.sentinel.service.createMaster}}
      sentinel client-reconfig-script {{ .Values.sentinel.masterSet }} /opt/bitnami/scripts/start-scripts/push-master-label.sh
    {{- end }}
    # User-supplied sentinel configuration:
    {{- if .Values.sentinel.configuration }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/headless-svc.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/headless-svc.yaml
@@ -7,16 +7,14 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ printf "%s-headless" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations (include "redis.externalDNS.annotations" .) }}
  annotations:
    {{- if or .Values.sentinel.service.headless.annotations .Values.commonAnnotations }}
    {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.sentinel.service.headless.annotations .Values.commonAnnotations ) "context" . ) }}
    {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
    {{- end }}
    {{- include "redis.externalDNS.annotations" . | nindent 4 }}
  {{- end }}
 spec:
  type: ClusterIP
  clusterIP: None
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/health-configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/health-configmap.yaml
@@ -7,7 +7,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ printf "%s-health" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/application.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/application.yaml
@@ -9,7 +9,7 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
 kind: {{ .Values.master.kind }}
 metadata:
  name: {{ printf "%s-master" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: master
  {{- if .Values.commonAnnotations }}
@@ -62,10 +62,10 @@ spec:
      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.master.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ template "redis.masterServiceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.master.automountServiceAccountToken }}
+      automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
      {{- if .Values.master.priorityClassName }}
      priorityClassName: {{ .Values.master.priorityClassName | quote }}
      {{- end }}
@@ -108,7 +108,7 @@ spec:
          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }}
          {{- end }}
          {{- if .Values.master.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          {{- if .Values.diagnosticMode.enabled }}
          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -226,8 +226,6 @@ spec:
          {{- end }}
          {{- if .Values.master.resources }}
          resources: {{- toYaml .Values.master.resources | nindent 12 }}
          {{- else if ne .Values.master.resourcesPreset "none" }}
          resources: {{- include "common.resources.preset" (dict "type" .Values.master.resourcesPreset) | nindent 12 }}
          {{- end }}
          volumeMounts:
            - name: start-scripts
@@ -247,12 +245,10 @@ spec:
              {{- end }}
            - name: config
              mountPath: /opt/bitnami/redis/mounted-etc
-            - name: empty-dir
+            - name: redis-tmp-conf
              mountPath: /opt/bitnami/redis/etc/
-              subPath: app-conf-dir
+            - name: tmp
            - name: empty-dir
              mountPath: /tmp
              subPath: tmp-dir
            {{- if .Values.tls.enabled }}
            - name: redis-certificates
              mountPath: /opt/bitnami/redis/certs
@@ -266,7 +262,7 @@ spec:
          image: {{ include "redis.metrics.image" . }}
          imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
          {{- if .Values.metrics.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          {{- if .Values.diagnosticMode.enabled }}
          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -288,8 +284,6 @@ spec:
          env:
            - name: REDIS_ALIAS
              value: {{ template "common.names.fullname" . }}
            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
              value: {{ printf ":%v" .Values.metrics.containerPorts.http }}
            {{- if .Values.auth.enabled }}
            - name: REDIS_USER
              value: default
@@ -318,7 +312,7 @@ spec:
            {{- end }}
          ports:
            - name: metrics
-              containerPort: {{ .Values.metrics.containerPorts.http }}
+              containerPort: 9121
          {{- if not .Values.diagnosticMode.enabled }}
          {{- if .Values.metrics.customStartupProbe }}
          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
@@ -345,13 +339,8 @@ spec:
          {{- end }}
          {{- if .Values.metrics.resources }}
          resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
          {{- else if ne .Values.metrics.resourcesPreset "none" }}
          resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
          {{- end }}
          volumeMounts:
            - name: empty-dir
              mountPath: /tmp
              subPath: app-tmp-dir
            {{- if .Values.auth.usePasswordFiles }}
            - name: redis-password
              mountPath: /secrets/
@@ -394,13 +383,8 @@ spec:
          {{- end }}
          {{- if .Values.volumePermissions.resources }}
          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
          {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
          resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
          {{- end }}
          volumeMounts:
            - name: empty-dir
              mountPath: /tmp
              subPath: tmp-dir
            - name: redis-data
              mountPath: {{ .Values.master.persistence.path }}
              {{- if .Values.master.persistence.subPath }}
@@ -421,14 +405,9 @@ spec:
          {{- end }}
          {{- if .Values.sysctl.resources }}
          resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
          {{- else if ne .Values.sysctl.resourcesPreset "none" }}
          resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }}
          {{- end }}
          {{- if .Values.sysctl.mountHostSys }}
          volumeMounts:
            - name: empty-dir
              mountPath: /tmp
              subPath: tmp-dir
            - name: host-sys
              mountPath: /host-sys
          {{- end }}
@@ -445,15 +424,11 @@ spec:
            defaultMode: 0755
        {{- if .Values.auth.usePasswordFiles }}
        - name: redis-password
          {{ if .Values.auth.usePasswordFileFromSecret }}
          secret:
            secretName: {{ template "redis.secretName" . }}
            items:
            - key: {{ template "redis.secretPasswordKey" . }}
              path: redis-password
          {{- else }}
          emptyDir: {}
          {{- end }}
        {{- end }}
        - name: config
          configMap:
@@ -463,7 +438,19 @@ spec:
          hostPath:
            path: /sys
        {{- end }}
-        - name: empty-dir
+        - name: redis-tmp-conf
          {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }}
          emptyDir:
            {{- if .Values.master.persistence.medium }}
            medium: {{ .Values.master.persistence.medium | quote }}
            {{- end }}
            {{- if .Values.master.persistence.sizeLimit }}
            sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }}
            {{- end }}
          {{- else }}
          emptyDir: {}
          {{- end }}
        - name: tmp
          {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }}
          emptyDir:
            {{- if .Values.master.persistence.medium }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/psp.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/psp.yaml
@@ -8,7 +8,7 @@ apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: {{ printf "%s-master" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pvc.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/pvc.yaml
@@ -8,7 +8,7 @@ kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.persistence.labels .Values.commonLabels ) "context" . ) }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: master
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/service.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/service.yaml
@@ -8,7 +8,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ printf "%s-master" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: master
  {{- if or .Values.master.service.annotations .Values.commonAnnotations }}
@@ -26,9 +26,6 @@ spec:
  {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerIP)) }}
  loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
  {{- end }}
  {{- if and (eq .Values.master.service.type "LoadBalancer")  .Values.master.service.loadBalancerClass }}
  loadBalancerClass: {{ .Values.master.service.loadBalancerClass }}
  {{- end }}
  {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }}
  loadBalancerSourceRanges: {{ toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }}
  {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/serviceaccount.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/master/serviceaccount.yaml
@@ -3,13 +3,13 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
-{{- if and .Values.master.serviceAccount.create (or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled)) }}
+{{- if .Values.master.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ template "redis.masterServiceAccountName" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if or .Values.master.serviceAccount.annotations .Values.commonAnnotations }}
  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/metrics-svc.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/metrics-svc.yaml
@@ -3,12 +3,12 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
-{{- if and .Values.metrics.enabled .Values.metrics.service.enabled }}
+{{- if .Values.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ printf "%s-metrics" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: metrics
  {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
@@ -26,15 +26,12 @@ spec:
  {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
  loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
  {{- end }}
  {{- if and (eq .Values.metrics.service.type "LoadBalancer")  .Values.metrics.service.loadBalancerClass }}
  loadBalancerClass: {{ .Values.metrics.service.loadBalancerClass }}
  {{- end }}
  {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }}
  {{- end }}
  ports:
    - name: http-metrics
-      port: {{ coalesce .Values.metrics.service.ports.http .Values.metrics.service.port }}
+      port: {{ .Values.metrics.service.port }}
      protocol: TCP
      targetPort: metrics
    {{- if .Values.metrics.service.extraPorts }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/networkpolicy.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/networkpolicy.yaml
@@ -8,7 +8,7 @@ kind: NetworkPolicy
 apiVersion: {{ template "networkPolicy.apiVersion" . }}
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -18,11 +18,8 @@ spec:
    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
  policyTypes:
    - Ingress
  {{- if or (eq .Values.architecture "replication") .Values.networkPolicy.extraEgress }}
    - Egress
  {{- if .Values.networkPolicy.allowExternalEgress }}
  egress:
    - {}
  {{- else }}
  egress:
    {{- if eq .Values.architecture "replication" }}
    # Allow dns resolution
@@ -79,7 +76,7 @@ spec:
    {{- if .Values.metrics.enabled }}
    # Allow prometheus scrapes for metrics
    - ports:
-        - port: {{ .Values.metrics.containerPorts.http }}
+        - port: 9121
      {{- if not .Values.networkPolicy.metrics.allowExternal }}
      from:
        {{- if or .Values.networkPolicy.metrics.ingressNSMatchLabels .Values.networkPolicy.metrics.ingressNSPodMatchLabels }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/pdb.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/pdb.yaml
@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
 kind: PodDisruptionBudget
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/podmonitor.yaml
@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ default (include "common.names.namespace" .) .Values.metrics.podMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.metrics.podMonitor.namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    {{- if .Values.metrics.podMonitor.additionalLabels }}
    {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podMonitor.additionalLabels "context" $) | nindent 4 }}
@@ -18,7 +18,7 @@ metadata:
  {{- end }}
 spec:
  podMetricsEndpoints:
-    - port: {{ .Values.metrics.podMonitor.port }}
+    - port: http-metrics
      {{- if .Values.metrics.podMonitor.interval }}
      interval: {{ .Values.metrics.podMonitor.interval }}
      {{- end }}
@@ -34,36 +34,6 @@ spec:
      {{- if .Values.metrics.podMonitor.metricRelabelings }}
      metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }}
      {{- end }}
    {{- range .Values.metrics.podMonitor.additionalEndpoints }}
    - port: {{ .port }}
      {{- if .interval }}
      interval: {{ .interval }}
      {{- end }}
      {{- if .path }}
      path: {{ .path }}
      {{- end }}
      {{- if .honorLabels }}
      honorLabels: {{ .honorLabels }}
      {{- end }}
      {{- if .relabellings }}
      relabelings: {{- toYaml .relabellings | nindent 6 }}
      {{- end }}
      {{- if .metricRelabelings }}
      metricRelabelings: {{- toYaml .metricRelabelings | nindent 6 }}
      {{- end }}
      {{- if .scrapeTimeout }}
      scrapeTimeout: {{ .scrapeTimeout }}
      {{- end }}
      {{- if .params }}
      params:
        {{- range $key, $value := .params }}
        {{ $key }}:
          {{- range $value }}
          - {{ . | quote }}
          {{- end }}
        {{- end }}
      {{- end }}
    {{- end }}
  {{- if .Values.metrics.serviceMonitor.podTargetLabels }}
  podTargetLabels: {{- toYaml .Values.metrics.podMonitor.podTargetLabels | nindent 4 }}
  {{- end }}
@@ -75,7 +45,8 @@ spec:
  {{- end }}
  namespaceSelector:
    matchNames:
-      - {{ include "common.names.namespace" . | quote }}
+      - {{ .Release.Namespace }}
  selector:
    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
      app.kubernetes.io/component: metrics
 {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/prometheusrule.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/prometheusrule.yaml
@@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    {{- if .Values.metrics.prometheusRule.additionalLabels }}
    {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/application.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/application.yaml
@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
 kind: {{ .Values.replica.kind }}
 metadata:
  name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: replica
  {{- if .Values.commonAnnotations }}
@@ -60,10 +60,10 @@ spec:
      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }}
      {{- end }}
      {{- if .Values.replica.podSecurityContext.enabled }}
-      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.podSecurityContext "context" $) | nindent 8 }}
+      securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ template "redis.replicaServiceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.replica.automountServiceAccountToken }}
+      automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }}
      {{- if .Values.replica.priorityClassName }}
      priorityClassName: {{ .Values.replica.priorityClassName | quote }}
      {{- end }}
@@ -108,7 +108,7 @@ spec:
          {{- end }}
          {{- end }}
          {{- if .Values.replica.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.replica.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          {{- if .Values.diagnosticMode.enabled }}
          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -136,9 +136,9 @@ spec:
            {{- if .Values.replica.externalMaster.enabled }}
              value: {{ .Values.replica.externalMaster.host | quote }}
            {{- else if and (eq (int64 .Values.master.count) 1) (eq .Values.master.kind "StatefulSet") }}
-              value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
+              value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
            {{- else }}
-              value: {{ template "common.names.fullname" . }}-master.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
+              value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
            {{- end }}
            - name: REDIS_MASTER_PORT_NUMBER
            {{- if .Values.replica.externalMaster.enabled }}
@@ -246,8 +246,6 @@ spec:
          {{- end }}
          {{- if .Values.replica.resources }}
          resources: {{- toYaml .Values.replica.resources | nindent 12 }}
          {{- else if ne .Values.replica.resourcesPreset "none" }}
          resources: {{- include "common.resources.preset" (dict "type" .Values.replica.resourcesPreset) | nindent 12 }}
          {{- end }}
          volumeMounts:
            - name: start-scripts
@@ -267,12 +265,8 @@ spec:
              {{- end }}
            - name: config
              mountPath: /opt/bitnami/redis/mounted-etc
-            - name: empty-dir
+            - name: redis-tmp-conf
              mountPath: /opt/bitnami/redis/etc
              subPath: app-conf-dir
            - name: empty-dir
              mountPath: /tmp
              subPath: tmp-dir
            {{- if .Values.tls.enabled }}
            - name: redis-certificates
              mountPath: /opt/bitnami/redis/certs
@@ -286,7 +280,7 @@ spec:
          image: {{ include "redis.metrics.image" . }}
          imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
          {{- if .Values.metrics.containerSecurityContext.enabled }}
-          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.containerSecurityContext "context" $) | nindent 12 }}
+          securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
          {{- if .Values.diagnosticMode.enabled }}
          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -308,8 +302,6 @@ spec:
          env:
            - name: REDIS_ALIAS
              value: {{ template "common.names.fullname" . }}
            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
              value: {{ printf ":%v" .Values.metrics.containerPorts.http }}
            {{- if .Values.auth.enabled }}
            - name: REDIS_USER
              value: default
@@ -338,7 +330,7 @@ spec:
            {{- end }}
          ports:
            - name: metrics
-              containerPort: {{ .Values.metrics.containerPorts.http }}
+              containerPort: 9121
          {{- if not .Values.diagnosticMode.enabled }}
          {{- if .Values.metrics.customStartupProbe }}
          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
@@ -365,13 +357,8 @@ spec:
          {{- end }}
          {{- if .Values.metrics.resources }}
          resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
          {{- else if ne .Values.metrics.resourcesPreset "none" }}
          resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
          {{- end }}
          volumeMounts:
            - name: empty-dir
              mountPath: /tmp
              subPath: tmp-dir
            {{- if .Values.auth.usePasswordFiles }}
            - name: redis-password
              mountPath: /secrets/
@@ -414,13 +401,8 @@ spec:
          {{- end }}
          {{- if .Values.volumePermissions.resources }}
          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
          {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
          resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
          {{- end }}
          volumeMounts:
            - name: empty-dir
              mountPath: /tmp
              subPath: tmp-dir
            - name: redis-data
              mountPath: {{ .Values.replica.persistence.path }}
              {{- if .Values.replica.persistence.subPath }}
@@ -441,14 +423,9 @@ spec:
          {{- end }}
          {{- if .Values.sysctl.resources }}
          resources: {{- toYaml .Values.sysctl.resources | nindent 12 }}
          {{- else if ne .Values.sysctl.resourcesPreset "none" }}
          resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }}
          {{- end }}
          {{- if .Values.sysctl.mountHostSys }}
          volumeMounts:
            - name: empty-dir
              mountPath: /tmp
              subPath: tmp-dir
            - name: host-sys
              mountPath: /host-sys
          {{- end }}
@@ -465,15 +442,11 @@ spec:
            defaultMode: 0755
        {{- if .Values.auth.usePasswordFiles }}
        - name: redis-password
          {{ if .Values.auth.usePasswordFileFromSecret }}
          secret:
            secretName: {{ template "redis.secretName" . }}
            items:
            - key: {{ template "redis.secretPasswordKey" . }}
              path: redis-password
          {{- else }}
          emptyDir: {}
          {{- end }}
        {{- end }}
        - name: config
          configMap:
@@ -483,7 +456,7 @@ spec:
          hostPath:
            path: /sys
        {{- end }}
-        - name: empty-dir
+        - name: redis-tmp-conf
          {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }}
          emptyDir:
            {{- if .Values.replica.persistence.medium }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/hpa.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/hpa.yaml
@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ )
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: replica
  {{- if .Values.commonAnnotations }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/service.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/service.yaml
@@ -8,7 +8,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ printf "%s-replicas" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: replica
  {{- if or .Values.replica.service.annotations .Values.commonAnnotations }}
@@ -26,9 +26,6 @@ spec:
  {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerIP)) }}
  loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }}
  {{- end }}
  {{- if and (eq .Values.replica.service.type "LoadBalancer")  .Values.replica.service.loadBalancerClass }}
  loadBalancerClass: {{ .Values.replica.service.loadBalancerClass }}
  {{- end }}
  {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }}
  loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }}
  {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/serviceaccount.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/replicas/serviceaccount.yaml
@@ -3,13 +3,13 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
-{{- if and .Values.replica.serviceAccount.create (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }}
+{{- if .Values.replica.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ template "redis.replicaServiceAccountName" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if or .Values.replica.serviceAccount.annotations .Values.commonAnnotations }}
  {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.replica.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/role.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/role.yaml
@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: Role
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -23,11 +23,6 @@ rules:
      - 'use'
    resourceNames: [{{ printf "%s-master" (include "common.names.fullname" .) }}]
  {{- end }}
  {{- if and .Values.sentinel.enabled .Values.sentinel.service.createMaster}}
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["list", "patch"]
  {{- end -}}
  {{- if .Values.rbac.rules }}
  {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
  {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/rolebinding.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/rolebinding.yaml
@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: RoleBinding
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/scripts-configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/scripts-configmap.yaml
@@ -7,7 +7,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ printf "%s-scripts" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -48,7 +48,7 @@ data:
        {{- if .Values.useExternalDNS.enabled }}
        full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
        {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
        {{- else }}
        full_hostname="${hostname}.${HEADLESS_SERVICE}"
        {{- end }}
@@ -71,12 +71,12 @@ data:
    REDISPORT=$(get_port "$HOSTNAME" "REDIS")
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    if [ -n "$REDIS_EXTERNAL_MASTER_HOST" ]; then
        REDIS_SERVICE="$REDIS_EXTERNAL_MASTER_HOST"
    else
-        REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+        REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    fi
    SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "SENTINEL")
@@ -251,8 +251,8 @@ data:
    . /opt/bitnami/scripts/libvalidations.sh
    . /opt/bitnami/scripts/libfile.sh
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
-    REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    get_port() {
        hostname="$1"
@@ -281,7 +281,7 @@ data:
        {{- if .Values.useExternalDNS.enabled }}
        full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
        {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
        {{- else }}
        full_hostname="${hostname}.${HEADLESS_SERVICE}"
        {{- end }}
@@ -366,13 +366,6 @@ data:
        REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
    fi
    {{- if .Values.sentinel.service.createMaster }}
    if [[ "${REDIS_REPLICATION_MODE}" == "master" ]]; then
        # Add isMaster label to master node for master service
        echo "${REDIS_MASTER_HOST/.*}" > /etc/shared/current
    fi
    {{- end }}
    if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then
      REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST"
      REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}"
@@ -457,7 +450,7 @@ data:
    . /opt/bitnami/scripts/libvalidations.sh
    . /opt/bitnami/scripts/libos.sh
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    get_full_hostname() {
        hostname="$1"
@@ -465,7 +458,7 @@ data:
        {{- if .Values.useExternalDNS.enabled }}
        full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
        {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
        {{- else }}
        full_hostname="${hostname}.${HEADLESS_SERVICE}"
        {{- end }}
@@ -488,7 +481,7 @@ data:
    run_sentinel_command() {
        if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
-            redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
+            redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
        else
            redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
        fi
@@ -499,7 +492,7 @@ data:
      [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
    }
-    REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    {{ if .Values.auth.sentinel -}}
    # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
@@ -537,7 +530,7 @@ data:
        [[ "$REDIS_ROLE" == "master" ]]
    }
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{- include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    get_full_hostname() {
        hostname="$1"
@@ -545,7 +538,7 @@ data:
        {{- if .Values.useExternalDNS.enabled }}
        full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
        {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
        {{- else }}
        full_hostname="${hostname}.${HEADLESS_SERVICE}"
        {{- end }}
@@ -568,7 +561,7 @@ data:
    run_sentinel_command() {
        if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
-            {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_TLS_PORT_NUMBER" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
+            {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
        else
            {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$REDIS_SENTINEL_PORT" sentinel "$@"
        fi
@@ -579,7 +572,7 @@ data:
        [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]]
    }
-    REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable
    [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
@@ -603,14 +596,6 @@ data:
        exit 0
    fi
  {{- if .Values.sentinel.service.createMaster}}
  push-master-label.sh: |
    #!/bin/bash
    # https://download.redis.io/redis-stable/sentinel.conf
    echo "${6/.*}" > /etc/shared/current
    echo "${4/.*}" > /etc/shared/previous
  {{- end }}
 {{- else }}
  start-master.sh: |
    #!/bin/bash
@@ -691,7 +676,7 @@ data:
        {{- if .Values.useExternalDNS.enabled }}
        full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
        {{- else if eq .Values.sentinel.service.type "NodePort" }}
-        full_hostname="${hostname}.{{- include "common.names.namespace" . }}"
+        full_hostname="${hostname}.{{- .Release.Namespace }}"
        {{- else }}
        full_hostname="${hostname}.${HEADLESS_SERVICE}"
        {{- end }}
@@ -713,7 +698,7 @@ data:
    }
    REDISPORT=$(get_port "$HOSTNAME" "REDIS")
-    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}"
+    HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
    [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
    [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
@@ -770,29 +755,3 @@ data:
    {{- end }}
  {{- end }}
 {{- end }}
 ---
 {{- if .Values.sentinel.service.createMaster}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ printf "%s-kubectl-scripts" (include "common.names.fullname" .) }}
  namespace: {{ include "common.names.namespace" . | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
 data:
  update-master-label.sh: |
    #!/bin/bash
    while true; do
        while [ ! -f "/etc/shared/current" ]; do
            sleep 1
        done
        echo "new master elected, updating label(s)..."
        kubectl label pod --field-selector metadata.name="$(< "/etc/shared/current")" isMaster="true" --overwrite
        if [ -f /etc/shared/previous ]; then
            kubectl label pod --field-selector metadata.name="$(< "/etc/shared/previous")" isMaster="false" --overwrite
        fi
        rm "/etc/shared/current" "/etc/shared/previous"
    done
 {{- end }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret-svcbind.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret-svcbind.yaml
@@ -17,7 +17,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "common.names.fullname" . }}-svcbind
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/secret.yaml
@@ -3,12 +3,12 @@ Copyright VMware, Inc.
 SPDX-License-Identifier: APACHE-2.0
 */}}
-{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) (or .Values.auth.usePasswordFileFromSecret (not .Values.auth.usePasswordFiles)) -}}
+{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) -}}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ template "common.names.fullname" . }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if or .Values.secretAnnotations .Values.commonAnnotations }}
  annotations:
--- a/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/hpa.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/redis/templates/sentinel/hpa.yaml
@@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ )
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ printf "%s-node" (include "common.names.fullname" .) }}
-  namespace: {{ include "common.names.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: replica
  {{- if .Values.commonAnnotations }}
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`name: cozy-installer`	`name: cozy-installer`
	`version: 0.2.0`	`version: 1.0.0`
`@@ -1 +1 @@`
	`ghcr.io/aenix-io/cozystack/cozystack:v0.2.0`	`ghcr.io/aenix-io/cozystack/cozystack:v0.1.0`
`@@ -1,2 +1,2 @@`
	`name: cozy-platform`	`name: cozy-platform`
	`version: 0.2.0`	`version: 1.0.0`
`@@ -1,2 +1,2 @@`
	`name: cozy-capi-operator`	`name: cozy-capi-operator`
	`version: 0.2.0`	`version: 1.0.0`
`@@ -1,2 +1,2 @@`
	`name: cozy-capi-providers`	`name: cozy-capi-providers`
	`version: 0.2.0`	`version: 1.0.0`
`@@ -1,2 +1,2 @@`
	`name: cozy-cert-manager-issuers`	`name: cozy-cert-manager-issuers`
	`version: 0.2.0`	`version: 1.0.0`
`@@ -1,2 +1,2 @@`
	`name: cozy-cert-manager`	`name: cozy-cert-manager`
	`version: 0.2.0`	`version: 1.0.0`
`@@ -1,2 +1,2 @@`
	`name: cozy-cilium`	`name: cozy-cilium`
	`version: 0.2.0`	`version: 1.0.0`
`@@ -1,2 +1,2 @@`
	`name: cozy-dashboard`	`name: cozy-dashboard`
	`version: 0.2.0`	`version: 1.0.0`