Merge pull request #805 from nflondo/main-source

Charts CI

charts/argo/argo-cd/Chart.yaml

@@ -1,9 +1,7 @@
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
+    - kind: added
-      description: Upgrade Argo CD to v2.7.6
+      description: Add `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL` and `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT` env vars to argo-notifications Deployment
-    - kind: changed
-      description: applicationSet.containerPorts.metrics to 8085
   artifacthub.io/signKey: |
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@@ -34,4 +32,4 @@ name: argo-cd
 sources:
 - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
 - https://github.com/argoproj/argo-cd
-version: 5.36.6
+version: 5.36.10

charts/argo/argo-cd/README.md

@@ -464,6 +464,7 @@ NAME: my-release
 | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets |
 | configs.params."server.x.frame.options" | string | `"sameorigin"` | Set X-Frame-Options header in HTTP responses to value. To disable, set to "". |
 | configs.params.annotations | object | `{}` | Annotations to be added to the argocd-cmd-params-cm ConfigMap |
+| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. |
 | configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. |
 | configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... |
 | configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap |
@@ -1044,7 +1045,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
 | applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
-| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port |
+| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
 | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
 | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
 | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context |
@@ -1075,7 +1076,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
 | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels |
 | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
-| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port |
+| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port |
 | applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
 | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |

charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.configs.params.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -13,3 +14,4 @@ metadata:
   {{- end }}
 data:
   {{- include "argo-cd.config.params" . | trim | nindent 2 }}
+{{- end }}

charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml

@@ -66,10 +66,22 @@ spec:
             {{- range .Values.notifications.extraArgs }}
             - {{ . | squote }}
             {{- end }}
-          {{- with (concat .Values.global.env .Values.notifications.extraEnv) }}
           env:
-            {{- toYaml . | nindent 12 }}
+            {{- with (concat .Values.global.env .Values.notifications.extraEnv) }}
-          {{- end }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL
+              valueFrom:
+                configMapKeyRef:
+                  key: notificationscontroller.log.level
+                  name: argocd-cmd-params-cm
+                  optional: true              
+            - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT
+              valueFrom:
+                configMapKeyRef:
+                  key: notificationscontroller.log.format
+                  name: argocd-cmd-params-cm
+                  optional: true
           {{- with .Values.notifications.extraEnvFrom }}
           envFrom:
             {{- toYaml . | nindent 12 }}

charts/argo/argo-cd/values.yaml

@@ -217,6 +217,10 @@ configs:
   # Argo CD configuration parameters
   ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
   params:
+    # -- Create the argocd-cmd-params-cm configmap
+    # If false, it is expected the configmap will be created by something else.
+    create: true
+
     # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap
     annotations: {}
 
@@ -2433,7 +2437,7 @@ applicationSet:
       # -- Metrics service labels
       labels: {}
       # -- Metrics service port
-      servicePort: 8085
+      servicePort: 8080
       # -- Metrics service port name
       portName: http-metrics
     serviceMonitor:
@@ -2506,7 +2510,7 @@ applicationSet:
   # ApplicationSet controller container ports
   containerPorts:
     # -- Metrics container port
-    metrics: 8085
+    metrics: 8080
     # -- Probe container port
     probe: 8081
     # -- Webhook container port

charts/bitnami/spark/Chart.yaml

@@ -6,7 +6,7 @@ annotations:
   category: Infrastructure
   licenses: Apache-2.0
 apiVersion: v2
-appVersion: 3.4.0
+appVersion: 3.4.1
 dependencies:
 - name: common
   repository: file://./charts/common
@@ -27,4 +27,4 @@ maintainers:
 name: spark
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/spark
-version: 7.0.1
+version: 7.0.2

charts/bitnami/spark/README.md

@@ -22,6 +22,8 @@ Apache Spark includes APIs for Java, Python, Scala and R.
 
 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
 
+Looking to use Apache Spark in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## Prerequisites
 
 - Kubernetes 1.19+
@@ -84,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------- | ----------------------------------------------------------------------------------------------------- | -------------------- |
 | `image.registry`    | Spark image registry                                                                                  | `docker.io`          |
 | `image.repository`  | Spark image repository                                                                                | `bitnami/spark`      |
-| `image.tag`         | Spark image tag (immutable tags are recommended)                                                      | `3.4.0-debian-11-r2` |
+| `image.tag`         | Spark image tag (immutable tags are recommended)                                                      | `3.4.1-debian-11-r0` |
 | `image.digest`      | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                 |
 | `image.pullPolicy`  | Spark image pull policy                                                                               | `IfNotPresent`       |
 | `image.pullSecrets` | Specify docker-registry secret names as an array                                                      | `[]`                 |
@@ -464,7 +466,7 @@ This version standardizes the way of defining Ingress rules. When configuring a
 
 ## License
 
-Copyright © 2023 VMware Inc
+Copyright © 2023 VMware, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

charts/bitnami/spark/values.yaml

@@ -92,7 +92,7 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/spark
-  tag: 3.4.0-debian-11-r2
+  tag: 3.4.1-debian-11-r0
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

charts/bitnami/wordpress/Chart.yaml

@@ -40,4 +40,4 @@ maintainers:
 name: wordpress
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
-version: 16.1.18
+version: 16.1.19

charts/bitnami/wordpress/README.md

@@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
 | `image.registry`    | WordPress image registry                                                                                  | `docker.io`           |
 | `image.repository`  | WordPress image repository                                                                                | `bitnami/wordpress`   |
-| `image.tag`         | WordPress image tag (immutable tags are recommended)                                                      | `6.2.2-debian-11-r18` |
+| `image.tag`         | WordPress image tag (immutable tags are recommended)                                                      | `6.2.2-debian-11-r19` |
 | `image.digest`      | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                  |
 | `image.pullPolicy`  | WordPress image pull policy                                                                               | `IfNotPresent`        |
 | `image.pullSecrets` | WordPress image pull secrets                                                                              | `[]`                  |
@@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.enabled`                            | Start a sidecar prometheus exporter to expose metrics                                                           | `false`                   |
 | `metrics.image.registry`                     | Apache exporter image registry                                                                                  | `docker.io`               |
 | `metrics.image.repository`                   | Apache exporter image repository                                                                                | `bitnami/apache-exporter` |
-| `metrics.image.tag`                          | Apache exporter image tag (immutable tags are recommended)                                                      | `0.13.4-debian-11-r7`     |
+| `metrics.image.tag`                          | Apache exporter image tag (immutable tags are recommended)                                                      | `0.13.4-debian-11-r8`     |
 | `metrics.image.digest`                       | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                      |
 | `metrics.image.pullPolicy`                   | Apache exporter image pull policy                                                                               | `IfNotPresent`            |
 | `metrics.image.pullSecrets`                  | Apache exporter image pull secrets                                                                              | `[]`                      |

charts/bitnami/wordpress/values.yaml

@@ -73,7 +73,7 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/wordpress
-  tag: 6.2.2-debian-11-r18
+  tag: 6.2.2-debian-11-r19
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -857,7 +857,7 @@ metrics:
   image:
     registry: docker.io
     repository: bitnami/apache-exporter
-    tag: 0.13.4-debian-11-r7
+    tag: 0.13.4-debian-11-r8
     digest: ""
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.

charts/datadog/datadog-operator/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 1.0.4
+
+* Update Datadog Operator version to 1.0.3.
+
 ## 1.0.3
 
 * Add `list` and `watch` permissions of `customresourcedefinitions` for the KSM core check to collect CRD resources.

charts/datadog/datadog-operator/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: datadog-crds
   repository: https://helm.datadoghq.com
-  version: 1.0.0
+  version: 1.0.1
-digest: sha256:46c620716bf7ab9e1ffd7eaf39dfd44b5a8cab49a5acb70de071dcbad4c7ee86
+digest: sha256:e882fa60c39302a3092cc43bcbf0a8412a2c63933efc9767740c4c6144c5b0b4
-generated: "2023-04-03T15:45:41.953207-04:00"
+generated: "2023-06-22T11:55:54.905315-04:00"

charts/datadog/datadog-operator/Chart.yaml

@@ -3,7 +3,7 @@ annotations:
   catalog.cattle.io/display-name: Datadog Operator
   catalog.cattle.io/release-name: datadog-operator
 apiVersion: v2
-appVersion: 1.0.0
+appVersion: 1.0.3
 dependencies:
 - alias: datadogCRDs
   condition: installCRDs
@@ -11,7 +11,7 @@ dependencies:
   repository: file://./charts/datadog-crds
   tags:
   - install-crds
-  version: =1.0.0
+  version: =1.0.1
 description: Datadog Operator
 home: https://www.datadoghq.com
 icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png
@@ -26,4 +26,4 @@ name: datadog-operator
 sources:
 - https://app.datadoghq.com/account/settings#agent/kubernetes
 - https://github.com/DataDog/datadog-agent
-version: 1.0.3
+version: 1.0.4

charts/datadog/datadog-operator/README.md

@@ -1,6 +1,6 @@
 # Datadog Operator
 
-![Version: 1.0.3](https://img.shields.io/badge/Version-1.0.3-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square)
 
 ## Values
 
@@ -28,7 +28,7 @@
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image |
 | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image |
-| image.tag | string | `"1.0.0"` | Define the Datadog Operator version to use |
+| image.tag | string | `"1.0.3"` | Define the Datadog Operator version to use |
 | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) |
 | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs |
 | logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) |
@@ -93,7 +93,7 @@ and for the Datadog Operator chart:
 
 ```
 NAME                    	CHART VERSION	APP VERSION	DESCRIPTION
-datadog/datadog-operator	1.0.0        	1.0.0      	Datadog Operator
+datadog/datadog-operator	1.0.4        	1.0.3      	Datadog Operator
 ```
 
 Then you will need to install the cert manager if you don't have it already, add the chart:
@@ -115,7 +115,7 @@ You can update with the following:
 ```
 helm upgrade \
     datadog-operator datadog/datadog-operator \
-    --set image.tag=1.0.0 \
+    --set image.tag=1.0.3 \
     --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \
     --set datadogCRDs.migration.datadogAgents.useCertManager=true \
     --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true

charts/datadog/datadog-operator/README.md.gotmpl

@@ -46,7 +46,7 @@ and for the Datadog Operator chart:
 
 ```
 NAME                    	CHART VERSION	APP VERSION	DESCRIPTION
-datadog/datadog-operator	1.0.0        	1.0.0      	Datadog Operator
+datadog/datadog-operator	1.0.4        	1.0.3      	Datadog Operator
 ```
 
 Then you will need to install the cert manager if you don't have it already, add the chart:
@@ -68,7 +68,7 @@ You can update with the following:
 ```
 helm upgrade \
     datadog-operator datadog/datadog-operator \
-    --set image.tag=1.0.0 \
+    --set image.tag=1.0.3 \
     --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \
     --set datadogCRDs.migration.datadogAgents.useCertManager=true \
     --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true

charts/datadog/datadog-operator/charts/datadog-crds/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 1.0.1
+
+* Update CRDs from Datadog Operator v1.0.3.
+
 ## 1.0.0
 
 * Default DatadogAgent stored version is `v2alpha1` to align with the GA of the Datadog Operator.

charts/datadog/datadog-operator/charts/datadog-crds/Chart.yaml

@@ -15,4 +15,4 @@ sources:
 - https://app.datadoghq.com/account/settings#agent/kubernetes
 - https://github.com/DataDog/datadog-operator
 - https://docs.datadoghq.com/agent/cluster_agent/external_metrics
-version: 1.0.0
+version: 1.0.1

charts/datadog/datadog-operator/charts/datadog-crds/README.md

@@ -1,6 +1,6 @@
 # Datadog CRDs
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square)
+![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square)
 
 This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`.
 

charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml

@@ -5852,9 +5852,6 @@ spec:
                   x-kubernetes-list-map-keys:
                     - type
                   x-kubernetes-list-type: map
-                defaultOverride:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
               type: object
           type: object
       {{- if not (eq .Values.migration.datadogAgents.version "v2alpha1") }}
@@ -6407,6 +6404,10 @@ spec:
                       type: object
                     logLevel:
                       type: string
+                    namespaceLabelsAsTags:
+                      additionalProperties:
+                        type: string
+                      type: object
                     networkPolicy:
                       properties:
                         create:
@@ -6440,10 +6441,6 @@ spec:
                         flavor:
                           type: string
                       type: object
-                    namespaceLabelsAsTags:
-                      additionalProperties:
-                        type: string
-                      type: object
                     nodeLabelsAsTags:
                       additionalProperties:
                         type: string

charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml

@@ -1,4 +1,6 @@
 {{- if and .Values.crds.datadogAgents (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
+
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
@@ -6393,6 +6395,10 @@ spec:
                       type: object
                     logLevel:
                       type: string
+                    namespaceLabelsAsTags:
+                      additionalProperties:
+                        type: string
+                      type: object
                     networkPolicy:
                       properties:
                         create:
@@ -6426,6 +6432,10 @@ spec:
                         flavor:
                           type: string
                       type: object
+                    nodeLabelsAsTags:
+                      additionalProperties:
+                        type: string
+                      type: object
                     podAnnotationsAsTags:
                       additionalProperties:
                         type: string

charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml

@@ -1,4 +1,6 @@
 {{- if and .Values.crds.datadogMetrics (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
+
+---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -61,6 +63,9 @@ spec:
                 query:
                   description: Query is the raw datadog query
                   type: string
+                timeWindow:
+                  description: TimeWindow provides the time window for the metric query, defaults to MaxAge.
+                  type: string
               type: object
             status:
               description: DatadogMetricStatus defines the observed state of DatadogMetric

charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml

@@ -1,4 +1,6 @@
 {{- if and .Values.crds.datadogMetrics (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
+
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
@@ -61,6 +63,9 @@ spec:
             query:
               description: Query is the raw datadog query
               type: string
+            timeWindow:
+              description: TimeWindow provides the time window for the metric query, defaults to MaxAge.
+              type: string
           type: object
         status:
           description: DatadogMetricStatus defines the observed state of DatadogMetric
@@ -98,6 +103,9 @@ spec:
                   - type
                 type: object
               type: array
+              x-kubernetes-list-map-keys:
+                - type
+              x-kubernetes-list-type: map
             currentValue:
               description: Value is the latest value of the metric
               type: string

charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml

@@ -1,4 +1,6 @@
 {{- if and .Values.crds.datadogMonitors (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
+
+---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:

charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml

@@ -1,4 +1,6 @@
 {{- if and .Values.crds.datadogMonitors (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }}
+
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
@@ -185,6 +187,9 @@ spec:
                   - type
                 type: object
               type: array
+              x-kubernetes-list-map-keys:
+                - type
+              x-kubernetes-list-type: map
             created:
               description: Created is the time the monitor was created
               format: date-time

charts/datadog/datadog-operator/values.yaml

@@ -42,7 +42,7 @@ image:
   # image.repository -- Repository to use for Datadog Operator image
   repository: gcr.io/datadoghq/operator
   # image.tag -- Define the Datadog Operator version to use
-  tag: 1.0.0
+  tag: 1.0.3
   # image.pullPolicy -- Define the pullPolicy for Datadog Operator image
   pullPolicy: IfNotPresent
 # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials)

charts/dell/csi-isilon/Chart.yaml

@@ -1,10 +1,10 @@
 annotations:
   catalog.cattle.io/certified: partner
   catalog.cattle.io/display-name: Dell CSI PowerScale
-  catalog.cattle.io/kube-version: '>= 1.21.0 < 1.27.0'
+  catalog.cattle.io/kube-version: '>= 1.21.0 < 1.28.0'
   catalog.cattle.io/release-name: isilon
-apiVersion: v1
+apiVersion: v2
-appVersion: 2.6.1
+appVersion: 2.7.0
 description: 'PowerScale CSI (Container Storage Interface) driver Kubernetes integration.
   This chart includes everything required to provision via CSI as well as an Isilon
   StorageClass. '
@@ -12,10 +12,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
 keywords:
 - csi
 - storage
-kubeVersion: '>= 1.21.0 < 1.27.0'
+kubeVersion: '>= 1.21.0 < 1.28.0'
 maintainers:
 - name: DellEMC
 name: csi-isilon
 sources:
 - https://github.com/dell/csi-isilon
-version: 2.6.1
+version: 2.7.0

charts/dell/csi-isilon/templates/_helpers.tpl

@@ -3,48 +3,59 @@ Return the appropriate sidecar images based on k8s version
 */}}
 {{- define "csi-isilon.attacherImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-isilon.provisionerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-isilon.snapshotterImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-isilon.resizerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-isilon.registrarImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-isilon.healthmonitorImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
+
+{{/*
+Return true if storage capacity tracking is enabled and is supported based on k8s version
+*/}}
+{{- define "csi-isilon.isStorageCapacitySupported" -}}
+{{- if eq .Values.storageCapacity.enabled true -}}
+  {{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}}
+      {{- true -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}

charts/dell/csi-isilon/templates/csidriver.yaml

@@ -5,6 +5,7 @@ metadata:
 spec:
     attachRequired: true
     podInfoOnMount: true
+    storageCapacity: {{ (include "csi-isilon.isStorageCapacitySupported" .) | default false }}
     fsGroupPolicy: {{ .Values.fsGroupPolicy }}
     volumeLifecycleModes: 
     - Persistent

charts/dell/csi-isilon/values.yaml

@@ -2,7 +2,7 @@
 ########################
 # version: version of this values file
 # Note: Do not change this value
-version: "v2.6.1"
+version: "v2.7.0"
 
 # CSI driver log level
 # Allowed values: "error", "warn"/"warning", "info", "debug"
@@ -63,7 +63,7 @@ enableCustomTopology: false
 # Allowed values:
 #   ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined
 #   and the volume's accessModes contains ReadWriteOnce.
-#   File: kubernetes may use fsGroup to change permissions and ownership of the volume 
+#   File: kubernetes may use fsGroup to change permissions and ownership of the volume
 #   to match user requested fsGroup in the pod's security policy regardless of fstype or access mode.
 #   None: volumes will be mounted with no modifications.
 # Default value: ReadWriteOnceWithFSType
@@ -110,6 +110,10 @@ controller:
     # Default value: 5s
     leaderElectionRetryPeriod: 5s
 
+  # Image for csi-metadata-retriever
+  metadataretriever:
+    image: dellemc/csi-metadata-retriever:v1.4.0
+
   # replication: allows to configure replication
   # Replication CRDs must be installed before installing driver
   replication:
@@ -123,11 +127,11 @@ controller:
     # image: Image to use for dell-csi-replicator. This shouldn't be changed
     # Allowed values: string
     # Default value: None
-    image: dellemc/dell-csi-replicator:v1.4.0
+    image: dellemc/dell-csi-replicator:v1.5.0
 
     # replicationContextPrefix: prefix to use for naming of resources created by replication feature
     # Allowed values: string
-    # Default value: powerstore
+    # Default value: powerscale
     replicationContextPrefix: "powerscale"
 
     # replicationPrefix: prefix to prepend to storage classes parameters
@@ -273,7 +277,6 @@ node:
     # Default value: None
     enabled: false
 
-
 ## PLATFORM ATTRIBUTES
 ######################
 # endpointPort: Specify the HTTPs port number of the PowerScale OneFS API server
@@ -357,22 +360,36 @@ autoProbe: true
 authorization:
   enabled: false
   # sidecarProxyImage: the container image used for the csm-authorization-sidecar.
-  # Default value: dellemc/csm-authorization-sidecar:v1.6.0
+  # Default value: dellemc/csm-authorization-sidecar:v1.7.0
-  sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0
+  sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0
   # proxyHost: hostname of the csm-authorization server
   # Default value: None
   proxyHost:
   # skipCertificateValidation: certificate validation of the csm-authorization server
   # Allowed Values:
   #   "true" - TLS certificate verification will be skipped
-  #   "false" - TLS certificate will be verified 
+  #   "false" - TLS certificate will be verified
-  # Default value: "true" 
+  # Default value: "true"
   skipCertificateValidation: true
 
+# Storage Capacity Tracking
+# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions.
+storageCapacity:
+  # enabled : Enable/Disable storage capacity tracking
+  # Allowed values:
+  #   true: enable storage capacity tracking
+  #   false: disable storage capacity tracking
+  # Default value: true
+  enabled: true
+  # pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity
+  # Allowed values: 1m,2m,3m,...,10m,...,60m etc
+  # Default value: 5m
+  pollInterval: 5m
+
 # Enable this feature only after contact support for additional information
 podmon:
   enabled: false
-  image: dellemc/podmon:v1.5.0
+  image: dellemc/podmon:v1.6.0
   #controller:
   #  args:
   #    - "--csisock=unix:/var/run/csi/csi.sock"
@@ -413,15 +430,15 @@ encryption:
   # logLevel: Log level of the encryption driver.
   # Allowed values: "error", "warning", "info", "debug", "trace".
   logLevel: "error"
-  
+
-  # livenessPort: HTTP liveness probe port number. 
+  # livenessPort: HTTP liveness probe port number.
   # Leave empty to disable the liveness probe.
   # Example: 8080
   livenessPort:
 
   # ocp: Enable when running on OpenShift Container Platform with CoreOS worker nodes.
   ocp: false
-  
+
   # ocpCoreID: User ID and group ID of user core on CoreOS worker nodes.
   # Ignored when ocp is set to false.
   ocpCoreID: "1000:1000"

charts/dell/csi-powermax/Chart.yaml

@@ -1,15 +1,15 @@
 annotations:
   catalog.cattle.io/certified: partner
   catalog.cattle.io/display-name: Dell CSI PowerMax
-  catalog.cattle.io/kube-version: '>= 1.23.0 < 1.27.0'
+  catalog.cattle.io/kube-version: '>= 1.23.0 < 1.28.0'
   catalog.cattle.io/release-name: csi-powermax
 apiVersion: v2
-appVersion: 2.6.0
+appVersion: 2.7.0
 dependencies:
 - condition: required
   name: csireverseproxy
   repository: file://./charts/csireverseproxy
-  version: 2.5.0
+  version: 2.6.0
 description: 'PowerMax CSI (Container Storage Interface) driver Kubernetes integration.
   This chart includes everything required to provision via CSI as well as a PowerMax
   StorageClass. '
@@ -18,10 +18,11 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
 keywords:
 - csi
 - storage
-kubeVersion: '>= 1.23.0 < 1.27.0'
+kubeVersion: '>= 1.23.0 < 1.28.0'
 maintainers:
 - name: DellEMC
 name: csi-powermax
 sources:
 - https://github.com/dell/csi-powermax
-version: 2.6.0
+type: application
+version: 2.7.0

charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 2.5.0
+appVersion: 2.6.0
 description: A Helm chart for CSI PowerMax ReverseProxy
 name: csireverseproxy
 type: application
-version: 2.5.0
+version: 2.6.0

charts/dell/csi-powermax/charts/csireverseproxy/templates/certificate.yaml

@@ -0,0 +1,70 @@
+# If the csireverseproxy cert and key are provided, deploy a CA Issuer using the cert and key
+{{- if ne .Values.certManager.selfSignedCert true }}
+apiVersion: v1
+data:
+  tls.crt: {{ .Values.certManager.certificateFile }}
+  tls.key: {{ .Values.certManager.privateKeyFile  }}
+kind: Secret
+type: kubernetes.io/tls
+metadata:
+  name: csirevproxy-tls-secret
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: csirevproxy-issuer
+  namespace: {{ .Release.Namespace }}
+spec:
+  ca:
+    secretName: csirevproxy-tls-secret
+---
+{{- else }}
+# deploy a selfsigned-issuer
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}
+
+---
+{{- end }}
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: csirevproxy-tls-cert
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretName: csirevproxy-tls-secret
+  commonName: powermax-reverseproxy
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  subject:
+    organizations:
+      - dellemc
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+    - powermax-reverseproxy
+    - powermax-reverseproxy.powermax.svc.cluster.local
+    - reverseproxy
+  issuerRef:
+  {{- if ne .Values.certManager.selfSignedCert true }}
+    name: csirevproxy-issuer
+  {{- else }}
+    name: selfsigned-issuer
+  {{- end }}
+    kind: Issuer
+    group: cert-manager.io
+---

charts/dell/csi-powermax/charts/csireverseproxy/templates/configmap.yaml

@@ -2,6 +2,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ .Release.Name }}-reverseproxy-config
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 data:
 {{ tpl (.Files.Glob "conf/config.yaml").AsConfig . | indent 2 }}

charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy-rbac.yaml

@@ -3,7 +3,7 @@ kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-reverseproxy
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
@@ -13,11 +13,11 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-reverseproxy
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 subjects:
   - kind: ServiceAccount
     name: {{ .Release.Name }}-reverseproxy
-    namespace: {{ include "custom.namespace" . }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: Role
   name: {{ .Release.Name }}-reverseproxy

charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml

@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ .Release.Name }}-reverseproxy
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:
@@ -29,7 +29,7 @@ spec:
             - name: X_CSI_REVPROXY_TLS_CERT_DIR
               value: /app/tls
             - name: X_CSI_REVPROXY_WATCH_NAMESPACE
-              value: {{ include "custom.namespace" . }}
+              value: {{ .Release.Namespace }}
           volumeMounts:
             - name: configmap-volume
               mountPath: /etc/config/configmap

charts/dell/csi-powermax/charts/csireverseproxy/templates/service.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Release.Name }}-reverseproxy
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 spec:
   ports:
     - port: {{ .Values.port }}

charts/dell/csi-powermax/charts/csireverseproxy/templates/serviceaccount.yaml

@@ -3,5 +3,5 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Release.Name }}-reverseproxy
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}

charts/dell/csi-powermax/charts/csireverseproxy/values.yaml

@@ -1,4 +1,4 @@
-image: dellemc/csipowermax-reverseproxy:v2.5.0
+image: dellemc/csipowermax-reverseproxy:v2.6.0
 port: 2222
 
 # TLS secret which is used for setting up the proxy HTTPS server

charts/dell/csi-powermax/templates/_helpers.tpl

@@ -3,58 +3,48 @@ Return the appropriate sidecar images based on k8s version
 */}}
 {{- define "csi-powermax.attacherImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
+      {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.3.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powermax.provisionerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
+      {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.5.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powermax.snapshotterImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
+      {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.2" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powermax.resizerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
+      {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powermax.registrarImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
+      {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powermax.healthmonitorImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
-
-{{/*
-Namespace for all resources to be installed into
-If not defined in values file then the helm release namespace is used
-By default this is not set so the helm release namespace will be used
-*/}}
-
-{{- define "custom.namespace" -}}
-	{{ .Values.namespace | default .Release.Namespace }}
-{{- end -}}

charts/dell/csi-powermax/templates/controller.yaml

@@ -2,13 +2,13 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{.Release.Name}}-controller
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   {{- if eq .Values.customDriverName.enabled true}}
-  name: {{printf "%s-%s-controller" ( include "custom.namespace" . ) .Values.customDriverName.value}}
+  name: {{printf "%s-%s-controller" .Release.Namespace .Values.customDriverName.value}}
   {{- else }}
   name: {{ .Release.Name }}-controller
   {{- end }}
@@ -97,18 +97,18 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   {{- if eq .Values.customDriverName.enabled true}}
-  name: {{ printf "%s-%s-controller" ( include "custom.namespace" . ) .Values.customDriverName.value }}
+  name: {{ printf "%s-%s-controller" .Release.Namespace .Values.customDriverName.value }}
   {{- else }}
   name: {{ .Release.Name }}-controller
   {{- end }}
 subjects:
   - kind: ServiceAccount
     name: {{ .Release.Name }}-controller
-    namespace: {{ include "custom.namespace" . }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
   {{- if eq .Values.customDriverName.enabled true}}
-  name: {{ printf "%s-%s-controller" ( include "custom.namespace" . ) .Values.customDriverName.value }}
+  name: {{ printf "%s-%s-controller" .Release.Namespace .Values.customDriverName.value }}
   {{- else }}
   name: {{ .Release.Name }}-controller
   {{- end }}
@@ -118,7 +118,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ .Release.Name }}-controller
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
   {{- if hasKey .Values "authorization" }}
   {{- if eq .Values.authorization.enabled true }}
   annotations:
@@ -345,7 +345,7 @@ spec:
             {{- end }}
             - name: X_CSI_POWERMAX_DRIVER_NAME
               {{- if eq .Values.customDriverName.enabled true}}
-              value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" ( include "custom.namespace" . ) .Values.customDriverName.value) }}
+              value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" .Release.Namespace .Values.customDriverName.value) }}
               {{- else }}
               value: csi-powermax.dellemc.com
               {{- end }}
@@ -448,7 +448,7 @@ spec:
             - name: X_CSI_REVPROXY_TLS_CERT_DIR
               value: /app/tls
             - name: X_CSI_REVPROXY_WATCH_NAMESPACE
-              value: {{ include "custom.namespace" . }}
+              value: {{ .Release.Namespace }}
             - name: X_CSI_REVPROXY_IS_LEADER_ENABLED
               value: "true"
           volumeMounts:

charts/dell/csi-powermax/templates/csidriver.yaml

@@ -2,7 +2,7 @@ apiVersion: storage.k8s.io/v1
 kind: CSIDriver
 metadata:
   {{- if eq .Values.customDriverName.enabled true}}
-    name: {{ printf "%s-%s" ( include "custom.namespace" . ) .Values.customDriverName.value }}
+    name: {{ printf "%s-%s" .Release.Namespace .Values.customDriverName.value }}
   {{- else }}
     name: csi-powermax
   {{- end }}

charts/dell/csi-powermax/templates/driver-config-params.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ .Release.Name }}-config-params
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 data:
   driver-config-params.yaml: |
     CSI_LOG_LEVEL: {{ .Values.global.logLevel | default "debug" }}

charts/dell/csi-powermax/templates/node.yaml

@@ -3,13 +3,13 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Release.Name }}-node
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   {{- if eq .Values.customDriverName.enabled true}}
-  name: {{ printf "%s-%s-node" ( include "custom.namespace" . ) .Values.customDriverName.value }}
+  name: {{ printf "%s-%s-node" .Release.Namespace .Values.customDriverName.value }}
   {{- else }}
   name: {{ .Release.Name }}-node
   {{- end }}
@@ -43,18 +43,18 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   {{- if eq .Values.customDriverName.enabled true}}
-  name: {{ printf "%s-%s-node" ( include "custom.namespace" . ) .Values.customDriverName.value }}
+  name: {{ printf "%s-%s-node" .Release.Namespace .Values.customDriverName.value }}
   {{- else }}
   name: {{ .Release.Name }}-node
   {{- end }}
 subjects:
   - kind: ServiceAccount
     name: {{ .Release.Name }}-node
-    namespace: {{ include "custom.namespace" . }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
   {{- if eq .Values.customDriverName.enabled true}}
-  name: {{ printf "%s-%s-node" ( include "custom.namespace" . ) .Values.customDriverName.value }}
+  name: {{ printf "%s-%s-node" .Release.Namespace .Values.customDriverName.value }}
   {{- else }}
   name: {{ .Release.Name }}-node
   {{- end }}
@@ -65,7 +65,7 @@ kind: DaemonSet
 apiVersion: apps/v1
 metadata:
   name: {{ .Release.Name }}-node
-  namespace: {{ include "custom.namespace" . }}
+  namespace: {{ .Release.Namespace }}
   {{- if hasKey .Values "authorization" }}
   {{- if eq .Values.authorization.enabled true }}
   annotations:
@@ -113,7 +113,7 @@ spec:
           env:
             - name: X_CSI_POWERMAX_DRIVER_NAME
               {{- if eq .Values.customDriverName.enabled true }}
-              value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" ( include "custom.namespace" . ) .Values.customDriverName.value) }}
+              value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" .Release.Namespace .Values.customDriverName.value) }}
               {{- else }}
               value: csi-powermax.dellemc.com
               {{- end }}

charts/dell/csi-powermax/values.yaml

@@ -49,7 +49,7 @@ global:
 
 # Current version of the driver
 # Don't modify this value as this value will be used by the install script
-version: "v2.6.0"
+version: "v2.7.0"
 
 images:
   # "driver" defines the container image, used for the driver container.
@@ -255,8 +255,8 @@ enableCHAP: false
 csireverseproxy:
   # image: Define the container images used for the reverse proxy
   # Default value: None
-  # Example: "csipowermax-reverseproxy:v2.5.0"
+  # Example: "csipowermax-reverseproxy:v2.6.0"
-  image: dellemc/csipowermax-reverseproxy:v2.5.0
+  image: dellemc/csipowermax-reverseproxy:v2.6.0
   # "tlsSecret" defines the TLS secret that is created with certificate
   # and its associated key
   # Default value: None
@@ -277,9 +277,21 @@ csireverseproxy:
   # Default value: None
   # Example: "StandAlone"
   mode: StandAlone
-  # Optionally, uncomment and specify the name of the pre-created namespace to install the sidecar in it
+  # Auto-create TLS certificate for csi-reverseproxy
-  # namespace:
+  certManager:
-
+    # Set selfSignedCert to use a self-signed certificate
+    # Default value: true
+    selfSignedCert: true
+    # certificateFile has tls.key content in encoded format
+    # Allowed Values:
+    #    - encoded base64 value of tls.crt: cat tls.crt | base64
+    #    - comment the param, if selfsigned should be used
+    certificateFile: tls.crt.encoded64
+    # privateKeyFile has tls.key content in encoded format
+    # Allowed Values:
+    #   - encoded base64 value of tls.key: cat tls.key | base64
+    #   - comment the param, if selfsigned should be used
+    privateKeyFile: tls.key.encoded64
 # clusterPrefix: Define a prefix that is appended onto
 # all resources created in the Array
 # This should be unique per K8s/CSI deployment
@@ -363,7 +375,7 @@ replication:
   enabled: false
   # Change this to use any specific version of the dell-csi-replicator sidecar
   # Default value: None
-  image: dellemc/dell-csi-replicator:v1.4.0
+  image: dellemc/dell-csi-replicator:v1.5.0
   # replicationContextPrefix enables side cars to read
   # required information from the volume context
   # Default value: "powermax"
@@ -384,10 +396,10 @@ migration:
   enabled: false
   # Change this to use any specific version of the dell-csi-migrator sidecar
   # Default value: None
-  image: dellemc/dell-csi-migrator:v1.1.0
+  image: dellemc/dell-csi-migrator:v1.1.1
   # Node rescan sidecar does a rescan on nodes for identifying new paths
-  # Default value: dellemc/dell-csi-node-rescanner:v1.0.0
+  # Default value: dellemc/dell-csi-node-rescanner:v1.0.1
-  nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.0
+  nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.1
   # migrationPrefix: Determine if migration is enabled
   # Default value: "migration.storage.dell.com"
   # Examples: "migration.storage.dell.com"
@@ -403,8 +415,8 @@ migration:
 authorization:
   enabled: false
   # sidecarProxyImage: the container image used for the csm-authorization-sidecar.
-  # Default value: dellemc/csm-authorization-sidecar:v1.6.0
+  # Default value: dellemc/csm-authorization-sidecar:v1.7.0
-  sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0
+  sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0
   # proxyHost: hostname of the csm-authorization server
   # Default value: None
   proxyHost:
@@ -435,6 +447,3 @@ vSphere:
   vCenterHost: "00.000.000.00"
   # vCenterCredSecret: secret name for the vCenter credentials
   vCenterCredSecret: vcenter-creds
-
-# Optionally, uncomment and specify the name of the pre-created namespace to install the driver in it
-# namespace:

charts/dell/csi-powerstore/Chart.yaml

@@ -1,10 +1,10 @@
 annotations:
   catalog.cattle.io/certified: partner
   catalog.cattle.io/display-name: Dell CSI PowerStore
-  catalog.cattle.io/kube-version: '>= 1.22.0 < 1.27.0'
+  catalog.cattle.io/kube-version: '>= 1.22.0 < 1.28.0'
-  catalog.cattle.io/release-name: csi-powerstore
+  catalog.cattle.io/release-name: powerstore
 apiVersion: v2
-appVersion: 2.6.0
+appVersion: 2.7.0
 description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration.
   This chart includes everything required to provision via CSI as well as a PowerStore
   StorageClass. '
@@ -13,10 +13,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
 keywords:
 - csi
 - storage
-kubeVersion: '>= 1.22.0 < 1.27.0'
+kubeVersion: '>= 1.22.0 < 1.28.0'
 maintainers:
 - name: DellEMC
 name: csi-powerstore
 sources:
 - https://github.com/dell/csi-powerstore
-version: 2.6.0
+version: 2.7.0

charts/dell/csi-powerstore/templates/_helpers.tpl

@@ -3,48 +3,48 @@ Return the appropriate sidecar images based on k8s version
 */}}
 {{- define "csi-powerstore.attacherImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powerstore.provisionerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powerstore.snapshotterImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powerstore.resizerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powerstore.registrarImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-powerstore.healthmonitorImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}

charts/dell/csi-powerstore/templates/controller.yaml

@@ -1,6 +1,6 @@
 #
 #
-# Copyright © 2020-2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

charts/dell/csi-powerstore/templates/node.yaml

@@ -1,6 +1,6 @@
 #
 #
-# Copyright © 2020-2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -105,7 +105,7 @@ spec:
       tolerations:
       {{- toYaml .Values.node.tolerations | nindent 6 }}
       {{ end }}
-      serviceAccount: {{ .Release.Name }}-node
+      serviceAccountName: {{ .Release.Name }}-node
       dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
       hostIPC: true

charts/dell/csi-powerstore/values.yaml

@@ -1,6 +1,6 @@
 #
 #
-# Copyright © 2020-2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@
 driverName: "csi-powerstore.dellemc.com"
 
 # Driver version required to pull the latest driver image
-version: "v2.6.0"
+version: "v2.7.0"
 
 # Specify kubelet config dir path.
 # Ensure that the config.yaml file is present at this path.
@@ -151,7 +151,7 @@ controller:
     # image: Image to use for dell-csi-replicator. This shouldn't be changed
     # Allowed values: string
     # Default value: None
-    image: dellemc/dell-csi-replicator:v1.4.0
+    image: dellemc/dell-csi-replicator:v1.5.0
 
     # replicationContextPrefix: prefix to use for naming of resources created by replication feature
     # Allowed values: string
@@ -164,7 +164,7 @@ controller:
     replicationPrefix: "replication.storage.dell.com"
 
   # Image for csi-metadata-retriever
-  metadataretriever: dellemc/csi-metadata-retriever:v1.3.0
+  metadataretriever: dellemc/csi-metadata-retriever:v1.4.0
 
   # nodeSelector: Define node selection constraints for controller pods.
   # For the pod to be eligible to run on a node, the node must have each
@@ -311,7 +311,7 @@ storageCapacity:
 # Enable this feature only after contact support for additional information
 podmon:
   enabled: false
-  image: dellemc/podmon:v1.5.0
+  image: dellemc/podmon:v1.6.0
   #controller:
   #  args:
   #    - "--csisock=unix:/var/run/csi/csi.sock"

charts/dell/csi-unity/Chart.yaml

@@ -1,11 +1,10 @@
 annotations:
   catalog.cattle.io/certified: partner
   catalog.cattle.io/display-name: Dell CSI Unity
-  catalog.cattle.io/kube-version: '>= 1.24.0 < 1.27.0'
+  catalog.cattle.io/kube-version: '>= 1.24.0 < 1.28.0'
-  catalog.cattle.io/namespace: unity
+  catalog.cattle.io/release-name: unity
-  catalog.cattle.io/release-name: csi-unity
 apiVersion: v1
-appVersion: 2.6.0
+appVersion: 2.7.0
 description: 'Unity XT CSI (Container Storage Interface) driver Kubernetes integration.
   This chart includes everything required to provision via CSI as well as a Unity
   XT StorageClass. '
@@ -13,10 +12,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
 keywords:
 - csi
 - storage
-kubeVersion: '>= 1.24.0 < 1.27.0'
+kubeVersion: '>= 1.24.0 < 1.28.0'
 maintainers:
 - name: DellEMC
 name: csi-unity
 sources:
 - https://github.com/dell/csi-unity
-version: 2.6.0
+version: 2.7.0

charts/dell/csi-unity/templates/_helpers.tpl

@@ -3,48 +3,48 @@ Return the appropriate sidecar images based on k8s version
 */}}
 {{- define "csi-unity.attacherImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-unity.provisionerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-unity.snapshotterImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-unity.resizerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-unity.registrarImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-unity.healthmonitorImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
     {{- end -}}
   {{- end -}}
-{{- end -}}
+{{- end -}}

charts/dell/csi-unity/values.yaml

@@ -3,8 +3,8 @@
 
 # version: version of this values file
 # Note: Do not change this value
-# Examples : "v2.6.0" , "nightly"
+# Examples : "v2.7.0" , "nightly"
-version: "v2.6.0"
+version: "v2.7.0"
 
 # LogLevel is used to set the logging level of the driver.
 # Allowed values: "error", "warn"/"warning", "info", "debug"
@@ -181,6 +181,7 @@ node:
   #  - key: "isilon.podmon.storage.dell.com"
   #    operator: "Exists"
   #    effect: "NoSchedule"
+
 # CSM module attributes
 # service to monitor failing jobs and notify
 podmon:
@@ -193,27 +194,27 @@ podmon:
   # allowed values - string
   # default value : None
   # Example : "podman:latest", "pod:latest"
-  image: dellemc/podmon:v1.5.0
+  image: dellemc/podmon:v1.6.0
-#  controller:
+  controller:
-#    args:
+    args:
-#      - "--csisock=unix:/var/run/csi/csi.sock"
+      - "--csisock=unix:/var/run/csi/csi.sock"
-#      - "--labelvalue=csi-unity"
+      - "--labelvalue=csi-unity"
-#      - "--driverPath=csi-unity.dellemc.com"
+      - "--driverPath=csi-unity.dellemc.com"
-#      - "--mode=controller"
+      - "--mode=controller"
-#      - "--skipArrayConnectionValidation=false"
+      - "--skipArrayConnectionValidation=false"
-#      - "--driver-config-params=/unity-config/driver-config-params.yaml"
+      - "--driver-config-params=/unity-config/driver-config-params.yaml"
-#      - "--driverPodLabelValue=dell-storage"
+      - "--driverPodLabelValue=dell-storage"
-#      - "--ignoreVolumelessPods=false"
+      - "--ignoreVolumelessPods=false"
-#  node:
+  node:
-#    args:
+    args:
-#      - "--csisock=unix:/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock"
+      - "--csisock=unix:/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock"
-#      - "--labelvalue=csi-unity"
+      - "--labelvalue=csi-unity"
-#      - "--driverPath=csi-unity.dellemc.com"
+      - "--driverPath=csi-unity.dellemc.com"
-#      - "--mode=node"
+      - "--mode=node"
-#      - "--leaderelection=false"
+      - "--leaderelection=false"
-#      - "--driver-config-params=/unity-config/driver-config-params.yaml"
+      - "--driver-config-params=/unity-config/driver-config-params.yaml"
-#      - "--driverPodLabelValue=dell-storage"
+      - "--driverPodLabelValue=dell-storage"
-#      - "--ignoreVolumelessPods=false"
+      - "--ignoreVolumelessPods=false"
 
 ### The below parameters have been discontinued for configuration from secret.yaml and will have to be configured only in values.yaml
 

charts/dell/csi-vxflexos/Chart.yaml

@@ -1,11 +1,11 @@
 annotations:
   catalog.cattle.io/certified: partner
   catalog.cattle.io/display-name: Dell CSI PowerFlex
-  catalog.cattle.io/kube-version: '>= 1.21.0 < 1.27.0'
+  catalog.cattle.io/kube-version: '>= 1.21.0 < 1.28.0'
   catalog.cattle.io/namespace: vxflexos
   catalog.cattle.io/release-name: vxflexos
 apiVersion: v2
-appVersion: 2.6.0
+appVersion: 2.7.0
 description: 'VxFlex OS CSI (Container Storage Interface) driver Kubernetes integration.
   This chart includes everything required to provision via CSI as well as a VxFlex
   OS StorageClass. '
@@ -13,10 +13,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png
 keywords:
 - csi
 - storage
-kubeVersion: '>= 1.21.0 < 1.27.0'
+kubeVersion: '>= 1.21.0 < 1.28.0'
 maintainers:
 - name: DellEMC
 name: csi-vxflexos
 sources:
 - https://github.com/dell/csi-vxflexos
-version: 2.6.0
+version: 2.7.0

charts/dell/csi-vxflexos/templates/_helpers.tpl

@@ -3,48 +3,48 @@ Return the appropriate sidecar images based on k8s version
 */}}
 {{- define "csi-vxflexos.attacherImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-vxflexos.provisionerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-vxflexos.snapshotterImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-vxflexos.resizerImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-vxflexos.registrarImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}
 
 {{- define "csi-vxflexos.healthmonitorImage" -}}
   {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}}
+    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
-      {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
+      {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
     {{- end -}}
   {{- end -}}
 {{- end -}}

charts/dell/csi-vxflexos/values.yaml

@@ -3,7 +3,7 @@
 
 # "version" is used to verify the values file matches driver version
 # Not recommend to change
-version: v2.6.0
+version: v2.7.0
 
 images:
   # "driver" defines the container image, used for the driver container.
@@ -95,7 +95,7 @@ controller:
     # image: Image to use for dell-csi-replicator. This shouldn't be changed
     # Allowed values: string
     # Default value: None
-    image: dellemc/dell-csi-replicator:v1.4.0
+    image: dellemc/dell-csi-replicator:v1.5.0
 
     # replicationContextPrefix: prefix to use for naming of resources created by replication feature
     # Allowed values: string
@@ -277,7 +277,7 @@ vgsnapshotter:
 # Enable this feature only after contact support for additional information
 podmon:
   enabled: false
-  image: dellemc/podmon:v1.5.0
+  image: dellemc/podmon:v1.6.0
   #controller:
   #  args:
   #    - "--csisock=unix:/var/run/csi/csi.sock"
@@ -308,8 +308,8 @@ authorization:
   enabled: false
 
   # sidecarProxyImage: the container image used for the csm-authorization-sidecar.
-  # Default value: dellemc/csm-authorization-sidecar:v1.6.0
+  # Default value: dellemc/csm-authorization-sidecar:v1.7.0
-  sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0
+  sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0
 
   # proxyHost: hostname of the csm-authorization server
   # Default value: None

charts/external-secrets/external-secrets/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>= 1.19.0-0'
   catalog.cattle.io/release-name: external-secrets
 apiVersion: v2
-appVersion: v0.8.3
+appVersion: v0.9.0
 description: External secret management for Kubernetes
 home: https://github.com/external-secrets/external-secrets
 icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png
@@ -17,4 +17,4 @@ maintainers:
   name: mcavoyk
 name: external-secrets
 type: application
-version: 0.8.3
+version: 0.9.0

charts/external-secrets/external-secrets/README.md

@@ -4,7 +4,7 @@
 
 [//]: # (README.md generated by gotmpl. DO NOT EDIT.)
 
-![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.8.3](https://img.shields.io/badge/Version-0.8.3-informational?style=flat-square)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square)
 
 External secret management for Kubernetes
 
@@ -82,6 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
 | certController.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
 | certController.tolerations | list | `[]` |  |
 | certController.topologySpreadConstraints | list | `[]` |  |
+| commonLabels | object | `{}` | Additional labels added to all helm chart resources. |
 | concurrent | int | `1` | Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at a time. |
 | controllerClass | string | `""` | If set external secrets will filter matching Secret Stores with the appropriate controller values. |
 | crds.annotations | object | `{}` |  |
@@ -151,6 +152,13 @@ The command removes all the Kubernetes components associated with the chart and
 | webhook.affinity | object | `{}` |  |
 | webhook.certCheckInterval | string | `"5m"` | Specifices the time to check if the cert is valid |
 | webhook.certDir | string | `"/tmp/certs"` |  |
+| webhook.certManager.addInjectorAnnotations | bool | `true` | Automatically add the cert-manager.io/inject-ca-from annotation to the webhooks and CRDs. As long as you have the cert-manager CA Injector enabled, this will automatically setup your webhook's CA to the one used by cert-manager. See https://cert-manager.io/docs/concepts/ca-injector |
+| webhook.certManager.cert.annotations | object | `{}` | Add extra annotations to the Certificate resource. |
+| webhook.certManager.cert.create | bool | `true` | Create a certificate resource within this chart. See https://cert-manager.io/docs/usage/certificate/ |
+| webhook.certManager.cert.duration | string | `""` | Set the requested duration (i.e. lifetime) of the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec |
+| webhook.certManager.cert.issuerRef | object | `{"group":"cert-manager.io","kind":"Issuer","name":"my-issuer"}` | For the Certificate created by this chart, setup the issuer. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec |
+| webhook.certManager.cert.renewBefore | string | `""` | How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Note that renewBefore should be greater than .webhook.lookaheadInterval since the webhook will check this far in advance that the certificate is valid. |
+| webhook.certManager.enabled | bool | `false` | Enabling cert-manager support will disable the built in secret and switch to using cert-manager (installed separately) to automatically issue and renew the webhook certificate. This chart does not install cert-manager for you, See https://cert-manager.io/docs/ |
 | webhook.create | bool | `true` | Specifies whether a webhook deployment be created. |
 | webhook.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
 | webhook.extraArgs | object | `{}` |  |

charts/external-secrets/external-secrets/templates/_helpers.tpl

@@ -40,6 +40,9 @@ helm.sh/chart: {{ include "external-secrets.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.commonLabels }}
+{{ toYaml . }}
+{{- end }}
 {{- end }}
 
 {{- define "external-secrets-webhook.labels" -}}
@@ -49,11 +52,17 @@ helm.sh/chart: {{ include "external-secrets.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.commonLabels }}
+{{ toYaml . }}
+{{- end }}
 {{- end }}
 
 {{- define "external-secrets-webhook-metrics.labels" -}}
 {{ include "external-secrets-webhook.selectorLabels" . }}
 app.kubernetes.io/metrics: "webhook"
+{{- with .Values.commonLabels }}
+{{ toYaml . }}
+{{- end }}
 {{- end }}
 
 {{- define "external-secrets-cert-controller.labels" -}}
@@ -63,11 +72,17 @@ helm.sh/chart: {{ include "external-secrets.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.commonLabels }}
+{{ toYaml . }}
+{{- end }}
 {{- end }}
 
 {{- define "external-secrets-cert-controller-metrics.labels" -}}
 {{ include "external-secrets-cert-controller.selectorLabels" . }}
 app.kubernetes.io/metrics: "cert-controller"
+{{- with .Values.commonLabels }}
+{{ toYaml . }}
+{{- end }}
 {{- end }}
 
 {{/*

charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io

charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -50,6 +53,18 @@ spec:
             spec:
               description: ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.
               properties:
+                externalSecretMetadata:
+                  description: The metadata of the external secrets to be created
+                  properties:
+                    annotations:
+                      additionalProperties:
+                        type: string
+                      type: object
+                    labels:
+                      additionalProperties:
+                        type: string
+                      type: object
+                  type: object
                 externalSecretName:
                   description: The name of the external secrets to be created defaults to the name of the ClusterExternalSecret
                   type: string

charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -1496,6 +1499,24 @@ spec:
                             - SecretsManager
                             - ParameterStore
                           type: string
+                        sessionTags:
+                          description: AWS STS assume role session tags
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                              - key
+                              - value
+                            type: object
+                          type: array
+                        transitiveTagKeys:
+                          description: AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore
+                          items:
+                            type: string
+                          type: array
                       required:
                         - region
                         - service
@@ -1579,6 +1600,57 @@ spec:
                       required:
                         - vaultUrl
                       type: object
+                    conjur:
+                      description: Conjur configures this store to sync secrets using conjur provider
+                      properties:
+                        auth:
+                          properties:
+                            apikey:
+                              properties:
+                                account:
+                                  type: string
+                                apiKeyRef:
+                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  properties:
+                                    key:
+                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      type: string
+                                    name:
+                                      description: The name of the Secret resource being referred to.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      type: string
+                                  type: object
+                                userRef:
+                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  properties:
+                                    key:
+                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      type: string
+                                    name:
+                                      description: The name of the Secret resource being referred to.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      type: string
+                                  type: object
+                              required:
+                                - account
+                                - apiKeyRef
+                                - userRef
+                              type: object
+                          required:
+                            - apikey
+                          type: object
+                        caBundle:
+                          type: string
+                        url:
+                          type: string
+                      required:
+                        - auth
+                        - url
+                      type: object
                     doppler:
                       description: Doppler configures this store to sync secrets using the Doppler provider
                       properties:
@@ -1626,6 +1698,7 @@ spec:
                             - lower-snake
                             - tf-var
                             - dotnet-env
+                            - lower-kebab
                           type: string
                         project:
                           description: Doppler project (required if not using a Service Token)

charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io

charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io

charts/external-secrets/external-secrets/templates/crds/fake.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io

charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io

charts/external-secrets/external-secrets/templates/crds/password.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io

charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io

charts/external-secrets/external-secrets/templates/crds/secretstore.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -1496,6 +1499,24 @@ spec:
                             - SecretsManager
                             - ParameterStore
                           type: string
+                        sessionTags:
+                          description: AWS STS assume role session tags
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                              - key
+                              - value
+                            type: object
+                          type: array
+                        transitiveTagKeys:
+                          description: AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore
+                          items:
+                            type: string
+                          type: array
                       required:
                         - region
                         - service
@@ -1579,6 +1600,57 @@ spec:
                       required:
                         - vaultUrl
                       type: object
+                    conjur:
+                      description: Conjur configures this store to sync secrets using conjur provider
+                      properties:
+                        auth:
+                          properties:
+                            apikey:
+                              properties:
+                                account:
+                                  type: string
+                                apiKeyRef:
+                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  properties:
+                                    key:
+                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      type: string
+                                    name:
+                                      description: The name of the Secret resource being referred to.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      type: string
+                                  type: object
+                                userRef:
+                                  description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                  properties:
+                                    key:
+                                      description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                      type: string
+                                    name:
+                                      description: The name of the Secret resource being referred to.
+                                      type: string
+                                    namespace:
+                                      description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                      type: string
+                                  type: object
+                              required:
+                                - account
+                                - apiKeyRef
+                                - userRef
+                              type: object
+                          required:
+                            - apikey
+                          type: object
+                        caBundle:
+                          type: string
+                        url:
+                          type: string
+                      required:
+                        - auth
+                        - url
+                      type: object
                     doppler:
                       description: Doppler configures this store to sync secrets using the Doppler provider
                       properties:
@@ -1626,6 +1698,7 @@ spec:
                             - lower-snake
                             - tf-var
                             - dotnet-env
+                            - lower-kebab
                           type: string
                         project:
                           description: Doppler project (required if not using a Service Token)

charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml

@@ -6,7 +6,10 @@ metadata:
     {{- with .Values.crds.annotations }}
     {{- toYaml . | nindent 4}}
     {{- end }}
-    controller-gen.kubebuilder.io/version: v0.11.4
+    {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+    {{- end }}
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io

charts/external-secrets/external-secrets/templates/validatingwebhook.yaml

@@ -5,6 +5,13 @@ metadata:
   name: secretstore-validate
   labels:
     external-secrets.io/component: webhook
+    {{- with .Values.commonLabels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+  {{- end }}
 webhooks:
 - name: "validate.secretstore.external-secrets.io"
   rules:
@@ -44,6 +51,13 @@ metadata:
   name: externalsecret-validate
   labels:
     external-secrets.io/component: webhook
+    {{- with .Values.commonLabels }}
+    {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
+  {{- end }}
 webhooks:
 - name: "validate.externalsecret.external-secrets.io"
   rules:

charts/external-secrets/external-secrets/templates/webhook-certificate.yaml

@@ -0,0 +1,30 @@
+{{- if and .Values.webhook.create .Values.webhook.certManager.enabled .Values.webhook.certManager.cert.create }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "external-secrets.fullname" . }}-webhook
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "external-secrets-webhook.labels" . | nindent 4 }}
+    external-secrets.io/component: webhook
+  {{- with .Values.webhook.certManager.cert.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  commonName: {{ include "external-secrets.fullname" . }}-webhook
+  dnsNames:
+    - {{ include "external-secrets.fullname" . }}-webhook
+    - {{ include "external-secrets.fullname" . }}-webhook.{{ .Release.Namespace }}
+    - {{ include "external-secrets.fullname" . }}-webhook.{{ .Release.Namespace }}.svc
+  issuerRef:
+    {{- toYaml .Values.webhook.certManager.cert.issuerRef | nindent 4 }}
+  {{- with .Values.webhook.certManager.cert.duration }}
+  duration: {{ . | quote }}
+  {{- end }}
+  {{- with .Values.webhook.certManager.cert.renewBefore }}
+  renewBefore: {{ . | quote }}
+  {{- end }}
+  secretName: {{ include "external-secrets.fullname" . }}-webhook
+{{- end }}

charts/external-secrets/external-secrets/templates/webhook-secret.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.webhook.create }}
+{{- if and .Values.webhook.create (not .Values.webhook.certManager.enabled) }}
 apiVersion: v1
 kind: Secret
 metadata:

charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap

@@ -7,8 +7,8 @@ should match snapshot of default values:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: external-secrets-cert-controller
-        app.kubernetes.io/version: v0.8.3
+        app.kubernetes.io/version: v0.9.0
-        helm.sh/chart: external-secrets-0.8.3
+        helm.sh/chart: external-secrets-0.9.0
       name: RELEASE-NAME-external-secrets-cert-controller
       namespace: NAMESPACE
     spec:
@@ -33,7 +33,7 @@ should match snapshot of default values:
                 - --service-namespace=NAMESPACE
                 - --secret-name=RELEASE-NAME-external-secrets-webhook
                 - --secret-namespace=NAMESPACE
-              image: ghcr.io/external-secrets/external-secrets:v0.8.3
+              image: ghcr.io/external-secrets/external-secrets:v0.9.0
               imagePullPolicy: IfNotPresent
               name: cert-controller
               ports:

charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap

@@ -7,8 +7,8 @@ should match snapshot of default values:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: external-secrets
-        app.kubernetes.io/version: v0.8.3
+        app.kubernetes.io/version: v0.9.0
-        helm.sh/chart: external-secrets-0.8.3
+        helm.sh/chart: external-secrets-0.9.0
       name: RELEASE-NAME-external-secrets
       namespace: NAMESPACE
     spec:
@@ -28,7 +28,7 @@ should match snapshot of default values:
           containers:
             - args:
                 - --concurrent=1
-              image: ghcr.io/external-secrets/external-secrets:v0.8.3
+              image: ghcr.io/external-secrets/external-secrets:v0.9.0
               imagePullPolicy: IfNotPresent
               name: external-secrets
               ports:

charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap

@@ -4,7 +4,7 @@ should match snapshot of default values:
     kind: CustomResourceDefinition
     metadata:
       annotations:
-        controller-gen.kubebuilder.io/version: v0.11.4
+        controller-gen.kubebuilder.io/version: v0.12.0
       name: secretstores.external-secrets.io
     spec:
       conversion:
@@ -1504,6 +1504,24 @@ should match snapshot of default values:
                                 - SecretsManager
                                 - ParameterStore
                               type: string
+                            sessionTags:
+                              description: AWS STS assume role session tags
+                              items:
+                                properties:
+                                  key:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                  - key
+                                  - value
+                                type: object
+                              type: array
+                            transitiveTagKeys:
+                              description: AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore
+                              items:
+                                type: string
+                              type: array
                           required:
                             - region
                             - service
@@ -1587,6 +1605,57 @@ should match snapshot of default values:
                           required:
                             - vaultUrl
                           type: object
+                        conjur:
+                          description: Conjur configures this store to sync secrets using conjur provider
+                          properties:
+                            auth:
+                              properties:
+                                apikey:
+                                  properties:
+                                    account:
+                                      type: string
+                                    apiKeyRef:
+                                      description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                      properties:
+                                        key:
+                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          type: string
+                                        name:
+                                          description: The name of the Secret resource being referred to.
+                                          type: string
+                                        namespace:
+                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          type: string
+                                      type: object
+                                    userRef:
+                                      description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+                                      properties:
+                                        key:
+                                          description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+                                          type: string
+                                        name:
+                                          description: The name of the Secret resource being referred to.
+                                          type: string
+                                        namespace:
+                                          description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+                                          type: string
+                                      type: object
+                                  required:
+                                    - account
+                                    - apiKeyRef
+                                    - userRef
+                                  type: object
+                              required:
+                                - apikey
+                              type: object
+                            caBundle:
+                              type: string
+                            url:
+                              type: string
+                          required:
+                            - auth
+                            - url
+                          type: object
                         doppler:
                           description: Doppler configures this store to sync secrets using the Doppler provider
                           properties:
@@ -1634,6 +1703,7 @@ should match snapshot of default values:
                                 - lower-snake
                                 - tf-var
                                 - dotnet-env
+                                - lower-kebab
                               type: string
                             project:
                               description: Doppler project (required if not using a Service Token)

charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap

@@ -7,8 +7,8 @@ should match snapshot of default values:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: external-secrets-webhook
-        app.kubernetes.io/version: v0.8.3
+        app.kubernetes.io/version: v0.9.0
-        helm.sh/chart: external-secrets-0.8.3
+        helm.sh/chart: external-secrets-0.9.0
       name: RELEASE-NAME-external-secrets-webhook
       namespace: NAMESPACE
     spec:
@@ -34,7 +34,7 @@ should match snapshot of default values:
                 - --check-interval=5m
                 - --metrics-addr=:8080
                 - --healthz-addr=:8081
-              image: ghcr.io/external-secrets/external-secrets:v0.8.3
+              image: ghcr.io/external-secrets/external-secrets:v0.9.0
               imagePullPolicy: IfNotPresent
               name: webhook
               ports:
@@ -70,3 +70,16 @@ should match snapshot of default values:
             - name: certs
               secret:
                 secretName: RELEASE-NAME-external-secrets-webhook
+  2: |
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: external-secrets-webhook
+        app.kubernetes.io/version: v0.9.0
+        external-secrets.io/component: webhook
+        helm.sh/chart: external-secrets-0.9.0
+      name: RELEASE-NAME-external-secrets-webhook
+      namespace: NAMESPACE

charts/external-secrets/external-secrets/tests/webhook_test.yaml

@@ -1,10 +1,18 @@
 suite: test webhook deployment
 templates:
   - webhook-deployment.yaml
+  - webhook-secret.yaml
+  - webhook-certificate.yaml
+  - validatingwebhook.yaml
+  - crds/externalsecret.yaml
 tests:
   - it: should match snapshot of default values
     asserts:
       - matchSnapshot: {}
+    templates:
+      - webhook-deployment.yaml
+      - webhook-secret.yaml
+      # webhook-certificate.yaml is not rendered by default
   - it: should set imagePullPolicy to Always
     set:
       webhook.image.pullPolicy: Always
@@ -12,11 +20,13 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: Always
+    template: webhook-deployment.yaml
   - it: should imagePullPolicy to be default value IfNotPresent
     asserts:
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: IfNotPresent
+    template: webhook-deployment.yaml
   - it: should override securityContext
     set:
       webhook.podSecurityContext:
@@ -40,6 +50,7 @@ tests:
             runAsUser: 3000
             seccompProfile:
               type: RuntimeDefault
+    template: webhook-deployment.yaml
   - it: should override hostNetwork
     set:
       webhook.hostNetwork: true
@@ -47,3 +58,106 @@ tests:
       - equal:
           path: spec.template.spec.hostNetwork
           value: true
+    template: webhook-deployment.yaml
+  - it: should create a certificate CRD
+    set:
+      webhook.certManager.enabled: true
+      webhook.certManager.cert.duration: "10d"
+      webhook.certManager.cert.renewBefore: "5d"
+    asserts:
+      - equal:
+          path: metadata.name
+          value: "RELEASE-NAME-external-secrets-webhook"
+      - equal:
+          path: spec.secretName
+          value: "RELEASE-NAME-external-secrets-webhook"
+      - equal:
+          path: spec.commonName
+          value: "RELEASE-NAME-external-secrets-webhook"
+      - equal:
+          path: spec.dnsNames[0]
+          value: "RELEASE-NAME-external-secrets-webhook"
+      - equal:
+          path: spec.issuerRef.group
+          value: "cert-manager.io"
+      - equal:
+          path: spec.issuerRef.kind
+          value: "Issuer"
+      - equal:
+          path: spec.issuerRef.name
+          value: "my-issuer"
+      - equal:
+          path: spec.duration
+          value: "10d"
+      - equal:
+          path: spec.renewBefore
+          value: "5d"
+      - hasDocuments:
+          count: 1
+    templates:
+      - webhook-certificate.yaml
+  - it: should not create the webhook secret
+    set:
+      webhook.certManager.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
+    template: webhook-secret.yaml
+  - it: should not create the secret nor the certificate
+    set:
+      webhook.certManager.enabled: true
+      webhook.certManager.cert.create: false
+    asserts:
+      - hasDocuments:
+          count: 0
+    templates:
+      - webhook-secret.yaml
+      - webhook-certificate.yaml
+  - it: should
+    set:
+      webhook.certManager.enabled: true
+    asserts:
+      - equal:
+          path: metadata.name
+          value: "RELEASE-NAME-external-secrets-webhook"
+      - hasDocuments:
+          count: 1
+    template: webhook-certificate.yaml
+  - it: should allow using a cluster issuer
+    set:
+      webhook.certManager.enabled: true
+      webhook.certManager.cert.issuerRef.kind: ClusterIssuer
+      webhook.certManager.cert.issuerRef.name: my-other-issuer
+    asserts:
+      - equal:
+          path: spec.issuerRef.kind
+          value: "ClusterIssuer"
+      - equal:
+          path: spec.issuerRef.name
+          value: "my-other-issuer"
+    templates:
+      - webhook-certificate.yaml
+  - it: should add annotations to the webhook
+    set:
+      webhook.create: true
+      webhook.certManager.enabled: true
+      webhook.certManager.addInjectorAnnotations: true
+    asserts:
+      - equal:
+          path: metadata.annotations["cert-manager.io/inject-ca-from"]
+          value: "NAMESPACE/RELEASE-NAME-external-secrets-webhook"
+    templates:
+      - validatingwebhook.yaml
+      - crds/externalsecret.yaml
+  - it: should not add annotations to the webhook
+    set:
+      webhook.create: true
+      webhook.certManager.enabled: true
+      webhook.certManager.addInjectorAnnotations: false
+    asserts:
+      - isNull:
+          path: metadata.annotations["cert-manager.io/inject-ca-from"]
+          # value: "NAMESPACE/RELEASE-NAME-external-secrets-webhook"
+    templates:
+      - validatingwebhook.yaml
+      - crds/externalsecret.yaml

charts/external-secrets/external-secrets/values.yaml

@@ -30,6 +30,9 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+# -- Additional labels added to all helm chart resources.
+commonLabels: {}
+
 # -- If true, external-secrets will perform leader election between instances to ensure no more
 # than one instance of external-secrets operates at a time.
 leaderElect: false
@@ -245,6 +248,40 @@ webhook:
     name: ""
   nodeSelector: {}
 
+  certManager:
+    # -- Enabling cert-manager support will disable the built in secret and
+    # switch to using cert-manager (installed separately) to automatically issue
+    # and renew the webhook certificate. This chart does not install
+    # cert-manager for you, See https://cert-manager.io/docs/
+    enabled: false
+    # -- Automatically add the cert-manager.io/inject-ca-from annotation to the
+    # webhooks and CRDs. As long as you have the cert-manager CA Injector
+    # enabled, this will automatically setup your webhook's CA to the one used
+    # by cert-manager. See https://cert-manager.io/docs/concepts/ca-injector
+    addInjectorAnnotations: true
+    cert:
+      # -- Create a certificate resource within this chart. See
+      # https://cert-manager.io/docs/usage/certificate/
+      create: true
+      # -- For the Certificate created by this chart, setup the issuer. See
+      # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec
+      issuerRef:
+        group: cert-manager.io
+        kind: "Issuer"
+        name: "my-issuer"
+      # -- Set the requested duration (i.e. lifetime) of the Certificate. See
+      # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
+      duration: ""
+      # -- How long before the currently issued certificate’s expiry
+      # cert-manager should renew the certificate. See
+      # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
+      # Note that renewBefore should be greater than .webhook.lookaheadInterval
+      # since the webhook will check this far in advance that the certificate is
+      # valid.
+      renewBefore: ""
+      # -- Add extra annotations to the Certificate resource.
+      annotations: {}
+
   tolerations: []
 
   topologySpreadConstraints: []