Merge branch 'rancher:main-source' into main-source

2023-07-06 22:04:12 -04:00 · 2023-07-06 22:04:12 -04:00 · 3c99a18c7e
parent c45e01aca6 db683dfe77
commit 3c99a18c7e
216 changed files with 1567 additions and 333 deletions
--- a/assets/argo/argo-cd-5.37.0.tgz
+++ b/assets/argo/argo-cd-5.37.0.tgz
--- a/assets/bitnami/airflow-14.3.0.tgz
+++ b/assets/bitnami/airflow-14.3.0.tgz
--- a/assets/bitnami/postgresql-12.6.2.tgz
+++ b/assets/bitnami/postgresql-12.6.2.tgz
--- a/assets/bitnami/redis-17.11.7.tgz
+++ b/assets/bitnami/redis-17.11.7.tgz
--- a/assets/bitnami/wordpress-16.1.23.tgz
+++ b/assets/bitnami/wordpress-16.1.23.tgz
--- a/assets/trilio/k8s-triliovault-operator-3.1.1.tgz
+++ b/assets/trilio/k8s-triliovault-operator-3.1.1.tgz
--- a/charts/argo/argo-cd/Chart.yaml
+++ b/charts/argo/argo-cd/Chart.yaml
@ -1,7 +1,7 @@
 annotations:
  artifacthub.io/changes: |
    - kind: added
-      description: Support for setting server certificate usages
+      description: add applicationSet deployment cmd-params checksum
  artifacthub.io/signKey: |
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@ -32,4 +32,4 @@ name: argo-cd
 sources:
 - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
 - https://github.com/argoproj/argo-cd
-version: 5.36.13
+version: 5.37.0
--- a/charts/argo/argo-cd/templates/_common.tpl
+++ b/charts/argo/argo-cd/templates/_common.tpl
@ -128,9 +128,9 @@ Common deployment strategy definition
 */}}
 {{- define "argo-cd.strategy" -}}
 {{- $preset := . -}}
-{{- if (eq $preset.type "Recreate") }}
+{{- if (eq (toString $preset.type) "Recreate") }}
 type: Recreate
-{{- else if (eq $preset.type "RollingUpdate") }}
+{{- else if (eq (toString $preset.type) "RollingUpdate") }}
 type: RollingUpdate
 {{- with $preset.rollingUpdate }}
 rollingUpdate:
--- a/charts/argo/argo-cd/templates/_helpers.tpl
+++ b/charts/argo/argo-cd/templates/_helpers.tpl
@ -207,7 +207,7 @@ applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.r
 Merge Argo Params Configuration with Preset Configuration
 */}}
 {{- define "argo-cd.config.params" -}}
-{{- $config := omit .Values.configs.params "annotations" }}
+{{- $config := omit .Values.configs.params "create" "annotations" }}
 {{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}}
 {{- range $key, $value := mergeOverwrite $preset $config }}
 {{ $key }}: {{ toString $value | toYaml }}
--- a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml
+++ b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml
@ -24,12 +24,13 @@ spec:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
  template:
    metadata:
-      {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }}
      annotations:
+        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
+        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
-      {{- end }}
+        {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }}
--- a/charts/bitnami/airflow/Chart.lock
+++ b/charts/bitnami/airflow/Chart.lock
@ -1,12 +1,12 @@
 dependencies:
 - name: redis
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 17.11.3
+  version: 17.11.6
 - name: postgresql
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 12.5.6
+  version: 12.6.1
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.4.0
-digest: sha256:242933a3b7012cac55a38edcf595cc34d1c13fab28734a0b4a4ed08422199c92
-generated: "2023-05-31T06:12:16.269658957Z"
+  version: 2.6.0
+digest: sha256:da2d2d80919c473ffd98aed99af081a62effc597ba0d521f2bb58e49e5dc3a53
+generated: "2023-07-04T17:27:20.120114+02:00"
--- a/charts/bitnami/airflow/Chart.yaml
+++ b/charts/bitnami/airflow/Chart.yaml
@ -6,7 +6,7 @@ annotations:
  category: WorkFlow
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.6.1
+appVersion: 2.6.2
 dependencies:
 - condition: redis.enabled
  name: redis
@ -37,4 +37,4 @@ maintainers:
 name: airflow
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/airflow
-version: 14.2.5
+version: 14.3.0
--- a/charts/bitnami/airflow/README.md
+++ b/charts/bitnami/airflow/README.md
@ -20,6 +20,8 @@ This chart bootstraps an [Apache Airflow](https://github.com/bitnami/containers/

 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.

+Looking to use Apache Airflow in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## Prerequisites

 - Kubernetes 1.19+
@ -88,7 +90,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow                                                                                         | `""`                    |
 | `dags.image.registry`    | Init container load-dags image registry                                                                                                                                   | `docker.io`             |
 | `dags.image.repository`  | Init container load-dags image repository                                                                                                                                 | `bitnami/bitnami-shell` |
-| `dags.image.tag`         | Init container load-dags image tag (immutable tags are recommended)                                                                                                       | `11-debian-11-r121`     |
+| `dags.image.tag`         | Init container load-dags image tag (immutable tags are recommended)                                                                                                       | `11-debian-11-r126`     |
 | `dags.image.digest`      | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                                  | `""`                    |
 | `dags.image.pullPolicy`  | Init container load-dags image pull policy                                                                                                                                | `IfNotPresent`          |
 | `dags.image.pullSecrets` | Init container load-dags image pull secrets                                                                                                                               | `[]`                    |
@ -107,7 +109,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- |
 | `web.image.registry`                        | Airflow image registry                                                                                                   | `docker.io`          |
 | `web.image.repository`                      | Airflow image repository                                                                                                 | `bitnami/airflow`    |
-| `web.image.tag`                             | Airflow image tag (immutable tags are recommended)                                                                       | `2.6.1-debian-11-r4` |
+| `web.image.tag`                             | Airflow image tag (immutable tags are recommended)                                                                       | `2.6.2-debian-11-r0` |
 | `web.image.digest`                          | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                  | `""`                 |
 | `web.image.pullPolicy`                      | Airflow image pull policy                                                                                                | `IfNotPresent`       |
 | `web.image.pullSecrets`                     | Airflow image pull secrets                                                                                               | `[]`                 |
@ -182,7 +184,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- |
 | `scheduler.image.registry`                        | Airflow Scheduler image registry                                                                                         | `docker.io`                 |
 | `scheduler.image.repository`                      | Airflow Scheduler image repository                                                                                       | `bitnami/airflow-scheduler` |
-| `scheduler.image.tag`                             | Airflow Scheduler image tag (immutable tags are recommended)                                                             | `2.6.1-debian-11-r4`        |
+| `scheduler.image.tag`                             | Airflow Scheduler image tag (immutable tags are recommended)                                                             | `2.6.2-debian-11-r3`        |
 | `scheduler.image.digest`                          | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag        | `""`                        |
 | `scheduler.image.pullPolicy`                      | Airflow Scheduler image pull policy                                                                                      | `IfNotPresent`              |
 | `scheduler.image.pullSecrets`                     | Airflow Scheduler image pull secrets                                                                                     | `[]`                        |
@ -236,7 +238,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
 | `worker.image.registry`                        | Airflow Worker image registry                                                                                            | `docker.io`              |
 | `worker.image.repository`                      | Airflow Worker image repository                                                                                          | `bitnami/airflow-worker` |
-| `worker.image.tag`                             | Airflow Worker image tag (immutable tags are recommended)                                                                | `2.6.1-debian-11-r4`     |
+| `worker.image.tag`                             | Airflow Worker image tag (immutable tags are recommended)                                                                | `2.6.2-debian-11-r3`     |
 | `worker.image.digest`                          | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag           | `""`                     |
 | `worker.image.pullPolicy`                      | Airflow Worker image pull policy                                                                                         | `IfNotPresent`           |
 | `worker.image.pullSecrets`                     | Airflow Worker image pull secrets                                                                                        | `[]`                     |
@ -312,33 +314,33 @@ The command removes all the Kubernetes components associated with the chart and

 ### Airflow git sync parameters

-| Name                           | Description                                                                                         | Value                  |
-| ------------------------------ | --------------------------------------------------------------------------------------------------- | ---------------------- |
-| `git.image.registry`           | Git image registry                                                                                  | `docker.io`            |
-| `git.image.repository`         | Git image repository                                                                                | `bitnami/git`          |
-| `git.image.tag`                | Git image tag (immutable tags are recommended)                                                      | `2.40.1-debian-11-r11` |
-| `git.image.digest`             | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                   |
-| `git.image.pullPolicy`         | Git image pull policy                                                                               | `IfNotPresent`         |
-| `git.image.pullSecrets`        | Git image pull secrets                                                                              | `[]`                   |
-| `git.dags.enabled`             | Enable in order to download DAG files from git repositories.                                        | `false`                |
-| `git.dags.repositories`        | Array of repositories from which to download DAG files                                              | `[]`                   |
-| `git.plugins.enabled`          | Enable in order to download Plugins files from git repositories.                                    | `false`                |
-| `git.plugins.repositories`     | Array of repositories from which to download DAG files                                              | `[]`                   |
-| `git.clone.command`            | Override cmd                                                                                        | `[]`                   |
-| `git.clone.args`               | Override args                                                                                       | `[]`                   |
-| `git.clone.extraVolumeMounts`  | Add extra volume mounts                                                                             | `[]`                   |
-| `git.clone.extraEnvVars`       | Add extra environment variables                                                                     | `[]`                   |
-| `git.clone.extraEnvVarsCM`     | ConfigMap with extra environment variables                                                          | `""`                   |
-| `git.clone.extraEnvVarsSecret` | Secret with extra environment variables                                                             | `""`                   |
-| `git.clone.resources`          | Clone init container resource requests and limits                                                   | `{}`                   |
-| `git.sync.interval`            | Interval in seconds to pull the git repository containing the plugins and/or DAG files              | `60`                   |
-| `git.sync.command`             | Override cmd                                                                                        | `[]`                   |
-| `git.sync.args`                | Override args                                                                                       | `[]`                   |
-| `git.sync.extraVolumeMounts`   | Add extra volume mounts                                                                             | `[]`                   |
-| `git.sync.extraEnvVars`        | Add extra environment variables                                                                     | `[]`                   |
-| `git.sync.extraEnvVarsCM`      | ConfigMap with extra environment variables                                                          | `""`                   |
-| `git.sync.extraEnvVarsSecret`  | Secret with extra environment variables                                                             | `""`                   |
-| `git.sync.resources`           | Sync sidecar container resource requests and limits                                                 | `{}`                   |
+| Name                           | Description                                                                                         | Value                 |
+| ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- |
+| `git.image.registry`           | Git image registry                                                                                  | `docker.io`           |
+| `git.image.repository`         | Git image repository                                                                                | `bitnami/git`         |
+| `git.image.tag`                | Git image tag (immutable tags are recommended)                                                      | `2.41.0-debian-11-r5` |
+| `git.image.digest`             | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                  |
+| `git.image.pullPolicy`         | Git image pull policy                                                                               | `IfNotPresent`        |
+| `git.image.pullSecrets`        | Git image pull secrets                                                                              | `[]`                  |
+| `git.dags.enabled`             | Enable in order to download DAG files from git repositories.                                        | `false`               |
+| `git.dags.repositories`        | Array of repositories from which to download DAG files                                              | `[]`                  |
+| `git.plugins.enabled`          | Enable in order to download Plugins files from git repositories.                                    | `false`               |
+| `git.plugins.repositories`     | Array of repositories from which to download DAG files                                              | `[]`                  |
+| `git.clone.command`            | Override cmd                                                                                        | `[]`                  |
+| `git.clone.args`               | Override args                                                                                       | `[]`                  |
+| `git.clone.extraVolumeMounts`  | Add extra volume mounts                                                                             | `[]`                  |
+| `git.clone.extraEnvVars`       | Add extra environment variables                                                                     | `[]`                  |
+| `git.clone.extraEnvVarsCM`     | ConfigMap with extra environment variables                                                          | `""`                  |
+| `git.clone.extraEnvVarsSecret` | Secret with extra environment variables                                                             | `""`                  |
+| `git.clone.resources`          | Clone init container resource requests and limits                                                   | `{}`                  |
+| `git.sync.interval`            | Interval in seconds to pull the git repository containing the plugins and/or DAG files              | `60`                  |
+| `git.sync.command`             | Override cmd                                                                                        | `[]`                  |
+| `git.sync.args`                | Override args                                                                                       | `[]`                  |
+| `git.sync.extraVolumeMounts`   | Add extra volume mounts                                                                             | `[]`                  |
+| `git.sync.extraEnvVars`        | Add extra environment variables                                                                     | `[]`                  |
+| `git.sync.extraEnvVarsCM`      | ConfigMap with extra environment variables                                                          | `""`                  |
+| `git.sync.extraEnvVarsSecret`  | Secret with extra environment variables                                                             | `""`                  |
+| `git.sync.resources`           | Sync sidecar container resource requests and limits                                                 | `{}`                  |

 ### Airflow ldap parameters

@ -408,7 +410,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.enabled`                               | Whether or not to create a standalone Airflow exporter to expose Airflow metrics                                 | `false`                       |
 | `metrics.image.registry`                        | Airflow exporter image registry                                                                                  | `docker.io`                   |
 | `metrics.image.repository`                      | Airflow exporter image repository                                                                                | `bitnami/airflow-exporter`    |
-| `metrics.image.tag`                             | Airflow exporter image tag (immutable tags are recommended)                                                      | `0.20220314.0-debian-11-r126` |
+| `metrics.image.tag`                             | Airflow exporter image tag (immutable tags are recommended)                                                      | `0.20220314.0-debian-11-r132` |
 | `metrics.image.digest`                          | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                          |
 | `metrics.image.pullPolicy`                      | Airflow exporter image pull policy                                                                               | `IfNotPresent`                |
 | `metrics.image.pullSecrets`                     | Airflow exporter image pull secrets                                                                              | `[]`                          |
@ -456,7 +458,7 @@ The command removes all the Kubernetes components associated with the chart and
 | Name                                         | Description                                                                                            | Value             |
 | -------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ----------------- |
 | `postgresql.enabled`                         | Switch to enable or disable the PostgreSQL helm chart                                                  | `true`            |
-| `postgresql.auth.enablePostgresUser`         | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `false`           |
+| `postgresql.auth.enablePostgresUser`         | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true`            |
 | `postgresql.auth.username`                   | Name for a custom user to create                                                                       | `bn_airflow`      |
 | `postgresql.auth.password`                   | Password for the custom user to create                                                                 | `""`              |
 | `postgresql.auth.database`                   | Name for a custom database to create                                                                   | `bitnami_airflow` |
@ -690,7 +692,7 @@ Refer to the [chart documentation for more information about how to upgrade from

 ## License

-Copyright &copy; 2023 Bitnami
+Copyright &copy; 2023 VMware, Inc.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/charts/bitnami/airflow/charts/common/Chart.yaml
+++ b/charts/bitnami/airflow/charts/common/Chart.yaml
@ -2,7 +2,7 @@ annotations:
  category: Infrastructure
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.4.0
+appVersion: 2.6.0
 description: A Library Helm Chart for grouping common logic between bitnami charts.
  This chart is not deployable by itself.
 home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.4.0
+version: 2.6.0
--- a/charts/bitnami/airflow/charts/common/README.md
+++ b/charts/bitnami/airflow/charts/common/README.md
@ -2,8 +2,6 @@

 A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts.

-Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
-
 ## TL;DR

 ```yaml
@ -32,6 +30,8 @@ This chart provides a common template helpers which can be used to develop new c

 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.

+Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## Prerequisites

 - Kubernetes 1.19+
@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""

 ## License

-Copyright &copy; 2023 Bitnami
+Copyright &copy; 2023 VMware, Inc.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/charts/bitnami/airflow/charts/common/templates/_affinities.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_affinities.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}

 {{/*
--- a/charts/bitnami/airflow/charts/common/templates/_capabilities.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_capabilities.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}

 {{/*
--- a/charts/bitnami/airflow/charts/common/templates/_errors.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_errors.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Through error when upgrading using empty passwords values that must not be empty.
--- a/charts/bitnami/airflow/charts/common/templates/_images.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_images.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Return the proper image name
--- a/charts/bitnami/airflow/charts/common/templates/_ingress.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_ingress.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}

 {{/*
--- a/charts/bitnami/airflow/charts/common/templates/_labels.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_labels.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Kubernetes standard labels
--- a/charts/bitnami/airflow/charts/common/templates/_names.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_names.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
--- a/charts/bitnami/airflow/charts/common/templates/_secrets.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_secrets.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Generate secret name.
@ -72,7 +77,7 @@ Params:
  - strong - Boolean - Optional - Whether to add symbols to the generated random password.
  - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
  - context - Context - Required - Parent context.
-
+  - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
 The order in which this function returns a secret password:
  1. Already existing 'Secret' resource
     (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@ -86,6 +91,7 @@ The order in which this function returns a secret password:

 {{- $password := "" }}
 {{- $subchart := "" }}
+{{- $failOnNew := default true .failOnNew }}
 {{- $chartName := default "" .chartName }}
 {{- $passwordLength := default 10 .length }}
 {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@ -94,7 +100,7 @@ The order in which this function returns a secret password:
 {{- if $secretData }}
  {{- if hasKey $secretData .key }}
    {{- $password = index $secretData .key | quote }}
-  {{- else }}
+  {{- else if $failOnNew }}
    {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
  {{- end -}}
 {{- else if $providedPasswordValue }}
@ -137,15 +143,16 @@ Params:
 */}}
 {{- define "common.secrets.lookup" -}}
 {{- $value := "" -}}
-{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}}
 {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}}
 {{- if and $secretData (hasKey $secretData .key) -}}
  {{- $value = index $secretData .key -}}
-{{- else -}}
-  {{- $value = $defaultValue | toString | b64enc -}}
+{{- else if .defaultValue -}}
+  {{- $value = .defaultValue | toString | b64enc -}}
 {{- end -}}
+{{- if $value -}}
 {{- printf "%s" $value -}}
 {{- end -}}
+{{- end -}}

 {{/*
 Returns whether a previous generated secret already exists
--- a/charts/bitnami/airflow/charts/common/templates/_storage.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_storage.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Return  the proper Storage Class
--- a/charts/bitnami/airflow/charts/common/templates/_tplvalues.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_tplvalues.tpl
@ -1,13 +1,27 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
-Renders a value that contains template.
+Renders a value that contains template perhaps with scope if the scope is present.
 Usage:
-{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
+{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }}
+{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }}
 */}}
 {{- define "common.tplvalues.render" -}}
-    {{- if typeIs "string" .value }}
-        {{- tpl .value .context }}
-    {{- else }}
-        {{- tpl (.value | toYaml) .context }}
-    {{- end }}
+{{- if .scope }}
+  {{- if typeIs "string" .value }}
+    {{- tpl (cat "{{- with $.RelativeScope -}}" .value  "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
+  {{- else }}
+    {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml)  "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
+  {{- end }}
+{{- else }}
+  {{- if typeIs "string" .value }}
+    {{- tpl .value .context }}
+  {{- else }}
+    {{- tpl (.value | toYaml) .context }}
+  {{- end }}
+{{- end -}}
 {{- end -}}
--- a/charts/bitnami/airflow/charts/common/templates/_utils.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_utils.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Print instructions to get a secret value.
--- a/charts/bitnami/airflow/charts/common/templates/_warnings.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/_warnings.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Warning about using rolling tag.
--- a/charts/bitnami/airflow/charts/common/templates/validations/_cassandra.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/validations/_cassandra.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate Cassandra required passwords are not empty.
--- a/charts/bitnami/airflow/charts/common/templates/validations/_mariadb.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/validations/_mariadb.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate MariaDB required passwords are not empty.
--- a/charts/bitnami/airflow/charts/common/templates/validations/_mongodb.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/validations/_mongodb.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate MongoDB&reg; required passwords are not empty.
--- a/charts/bitnami/airflow/charts/common/templates/validations/_mysql.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/validations/_mysql.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate MySQL required passwords are not empty.
--- a/charts/bitnami/airflow/charts/common/templates/validations/_postgresql.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/validations/_postgresql.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate PostgreSQL required passwords are not empty.
--- a/charts/bitnami/airflow/charts/common/templates/validations/_redis.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/validations/_redis.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+

 {{/* vim: set filetype=mustache: */}}
 {{/*
--- a/charts/bitnami/airflow/charts/common/templates/validations/_validations.tpl
+++ b/charts/bitnami/airflow/charts/common/templates/validations/_validations.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate values must not be empty.
--- a/charts/bitnami/airflow/charts/common/values.yaml
+++ b/charts/bitnami/airflow/charts/common/values.yaml
@ -1,3 +1,6 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
 ## bitnami/common
 ## It is required by CI/CD tools and processes.
 ## @skip exampleValue
--- a/charts/bitnami/airflow/charts/postgresql/Chart.lock
+++ b/charts/bitnami/airflow/charts/postgresql/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.4.0
-digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3
-generated: "2023-05-21T19:47:56.903329844Z"
+  version: 2.5.0
+digest: sha256:79f3252b369ae10fe4c84a50441c7d2e014130b3a4b9b99b299611b02db3d58e
+generated: "2023-06-30T16:15:11.613863+02:00"
--- a/charts/bitnami/airflow/charts/postgresql/Chart.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/Chart.yaml
@ -27,4 +27,4 @@ maintainers:
 name: postgresql
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/postgresql
-version: 12.5.6
+version: 12.6.1
--- a/charts/bitnami/airflow/charts/postgresql/README.md
+++ b/charts/bitnami/airflow/charts/postgresql/README.md
@ -22,6 +22,8 @@ For HA, please see [this repo](https://github.com/bitnami/charts/tree/main/bitna

 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.

+Looking to use PostgreSQL in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## Prerequisites

 - Kubernetes 1.19+
@ -98,7 +100,7 @@ kubectl delete pvc -l release=my-release
 | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
 | `image.registry`                         | PostgreSQL image registry                                                                                                                                                                                                                                                                                                                     | `docker.io`                |
 | `image.repository`                       | PostgreSQL image repository                                                                                                                                                                                                                                                                                                                   | `bitnami/postgresql`       |
-| `image.tag`                              | PostgreSQL image tag (immutable tags are recommended)                                                                                                                                                                                                                                                                                         | `15.3.0-debian-11-r7`      |
+| `image.tag`                              | PostgreSQL image tag (immutable tags are recommended)                                                                                                                                                                                                                                                                                         | `15.3.0-debian-11-r17`     |
 | `image.digest`                           | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                                                                                                                                                                                                                    | `""`                       |
 | `image.pullPolicy`                       | PostgreSQL image pull policy                                                                                                                                                                                                                                                                                                                  | `IfNotPresent`             |
 | `image.pullSecrets`                      | Specify image pull secrets                                                                                                                                                                                                                                                                                                                    | `[]`                       |
@ -375,7 +377,7 @@ kubectl delete pvc -l release=my-release
 | `volumePermissions.enabled`                            | Enable init container that changes the owner and group of the persistent volume                                                   | `false`                 |
 | `volumePermissions.image.registry`                     | Init container volume-permissions image registry                                                                                  | `docker.io`             |
 | `volumePermissions.image.repository`                   | Init container volume-permissions image repository                                                                                | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag`                          | Init container volume-permissions image tag (immutable tags are recommended)                                                      | `11-debian-11-r120`     |
+| `volumePermissions.image.tag`                          | Init container volume-permissions image tag (immutable tags are recommended)                                                      | `11-debian-11-r130`     |
 | `volumePermissions.image.digest`                       | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                    |
 | `volumePermissions.image.pullPolicy`                   | Init container volume-permissions image pull policy                                                                               | `IfNotPresent`          |
 | `volumePermissions.image.pullSecrets`                  | Init container volume-permissions image pull secrets                                                                              | `[]`                    |
@ -403,7 +405,7 @@ kubectl delete pvc -l release=my-release
 | `metrics.enabled`                               | Start a prometheus exporter                                                                                | `false`                     |
 | `metrics.image.registry`                        | PostgreSQL Prometheus Exporter image registry                                                              | `docker.io`                 |
 | `metrics.image.repository`                      | PostgreSQL Prometheus Exporter image repository                                                            | `bitnami/postgres-exporter` |
-| `metrics.image.tag`                             | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended)                                  | `0.12.0-debian-11-r91`      |
+| `metrics.image.tag`                             | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended)                                  | `0.13.1-debian-11-r0`       |
 | `metrics.image.digest`                          | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                        |
 | `metrics.image.pullPolicy`                      | PostgreSQL Prometheus Exporter image pull policy                                                           | `IfNotPresent`              |
 | `metrics.image.pullSecrets`                     | Specify image pull secrets                                                                                 | `[]`                        |
@ -466,7 +468,7 @@ helm install my-release \
 The above command sets the PostgreSQL `postgres` account password to `secretpassword`.

 > NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
-> **Warning** Setting a password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue. Refer to [issue 2061](https://github.com/bitnami/charts/issues/2061) for more details
+> **Warning** Setting a password will be ignored on new installation in case when previous PostgreSQL release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue. Refer to [issue 2061](https://github.com/bitnami/charts/issues/2061) for more details

 Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

@ -668,7 +670,7 @@ Refer to the [chart documentation for more information about how to upgrade from

 ## License

-Copyright &copy; 2023 Bitnami
+Copyright &copy; 2023 VMware, Inc.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml
@ -2,7 +2,7 @@ annotations:
  category: Infrastructure
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.4.0
+appVersion: 2.5.0
 description: A Library Helm Chart for grouping common logic between bitnami charts.
  This chart is not deployable by itself.
 home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.4.0
+version: 2.5.0
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/README.md
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/README.md
@ -2,8 +2,6 @@

 A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts.

-Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
-
 ## TL;DR

 ```yaml
@ -32,6 +30,8 @@ This chart provides a common template helpers which can be used to develop new c

 Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.

+Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## Prerequisites

 - Kubernetes 1.19+
@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01=""

 ## License

-Copyright &copy; 2023 Bitnami
+Copyright &copy; 2023 VMware, Inc.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_affinities.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_affinities.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}

 {{/*
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_capabilities.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_capabilities.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}

 {{/*
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_errors.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_errors.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Through error when upgrading using empty passwords values that must not be empty.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Return the proper image name
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_ingress.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_ingress.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}

 {{/*
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_labels.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_labels.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Kubernetes standard labels
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_names.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_names.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_secrets.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_secrets.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Generate secret name.
@ -72,7 +77,7 @@ Params:
  - strong - Boolean - Optional - Whether to add symbols to the generated random password.
  - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
  - context - Context - Required - Parent context.
-
+  - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
 The order in which this function returns a secret password:
  1. Already existing 'Secret' resource
     (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
@ -86,6 +91,7 @@ The order in which this function returns a secret password:

 {{- $password := "" }}
 {{- $subchart := "" }}
+{{- $failOnNew := default true .failOnNew }}
 {{- $chartName := default "" .chartName }}
 {{- $passwordLength := default 10 .length }}
 {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
@ -94,7 +100,7 @@ The order in which this function returns a secret password:
 {{- if $secretData }}
  {{- if hasKey $secretData .key }}
    {{- $password = index $secretData .key | quote }}
-  {{- else }}
+  {{- else if $failOnNew }}
    {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
  {{- end -}}
 {{- else if $providedPasswordValue }}
@ -137,15 +143,16 @@ Params:
 */}}
 {{- define "common.secrets.lookup" -}}
 {{- $value := "" -}}
-{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}}
 {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}}
 {{- if and $secretData (hasKey $secretData .key) -}}
  {{- $value = index $secretData .key -}}
-{{- else -}}
-  {{- $value = $defaultValue | toString | b64enc -}}
+{{- else if .defaultValue -}}
+  {{- $value = .defaultValue | toString | b64enc -}}
 {{- end -}}
+{{- if $value -}}
 {{- printf "%s" $value -}}
 {{- end -}}
+{{- end -}}

 {{/*
 Returns whether a previous generated secret already exists
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_storage.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_storage.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Return  the proper Storage Class
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_tplvalues.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_tplvalues.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Renders a value that contains template.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_utils.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_utils.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Print instructions to get a secret value.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_warnings.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_warnings.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Warning about using rolling tag.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_cassandra.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_cassandra.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate Cassandra required passwords are not empty.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_mariadb.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_mariadb.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate MariaDB required passwords are not empty.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_mongodb.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_mongodb.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate MongoDB&reg; required passwords are not empty.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_mysql.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_mysql.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate MySQL required passwords are not empty.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_postgresql.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_postgresql.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate PostgreSQL required passwords are not empty.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_redis.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_redis.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+

 {{/* vim: set filetype=mustache: */}}
 {{/*
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_validations.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/validations/_validations.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Validate values must not be empty.
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/values.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/values.yaml
@ -1,3 +1,6 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
 ## bitnami/common
 ## It is required by CI/CD tools and processes.
 ## @skip exampleValue
--- a/charts/bitnami/airflow/charts/postgresql/templates/NOTES.txt
+++ b/charts/bitnami/airflow/charts/postgresql/templates/NOTES.txt
@ -24,6 +24,14 @@ In order to replicate the container startup scripts execute this command:

 {{- else }}

+{{- $customUser := include "postgresql.username" . }}
+{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "common.names.fullname" .) "key" .Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary .Values.auth.postgresPassword .Values.auth.password  (eq $customUser "postgres")) "context" $) -}}
+{{- $authEnabled := and (not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret)) (or $postgresPassword .Values.auth.enablePostgresUser (and (not (empty $customUser)) (ne $customUser "postgres"))) }}
+{{- if not $authEnabled }}
+
+WARNING: PostgreSQL has been configured without authentication, this is not recommended for production environments.
+{{- end }}
+
 PostgreSQL can be accessed via port {{ include "postgresql.service.port" . }} on the following DNS names from within your cluster:

    {{ include "postgresql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection
@ -34,29 +42,36 @@ PostgreSQL can be accessed via port {{ include "postgresql.service.port" . }} on

 {{- end }}

-{{- $customUser := include "postgresql.username" . }}
-{{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }}
+{{- if and (not (empty $customUser)) (ne $customUser "postgres") }}
+{{- if .Values.auth.enablePostgresUser }}

 To get the password for "postgres" run:

    export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.adminPasswordKey" .}}}" | base64 -d)
+{{- end }}

 To get the password for "{{ $customUser }}" run:

    export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.userPasswordKey" .}}}" | base64 -d)
-
 {{- else }}
+{{- if .Values.auth.enablePostgresUser }}

 To get the password for "{{ default "postgres" $customUser }}" run:

    export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{ ternary "password" (include "postgresql.adminPasswordKey" .)  (and (not (empty $customUser)) (ne $customUser "postgres")) }}}" | base64 -d)
-
+{{- end }}
 {{- end }}

 To connect to your database run the following command:
+    {{- if $authEnabled }}

    kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ include "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" \
      --command -- psql --host {{ include "postgresql.primary.fullname" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }}
+    {{- else }}
+
+    kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ include "postgresql.image" . }} \
+      --command -- psql --host {{ include "postgresql.primary.fullname" . }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }}
+    {{- end }}

    > NOTE: If you access the container using bash, make sure that you execute "/opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash" in order to avoid the error "psql: local user with ID {{ .Values.primary.containerSecurityContext.runAsUser }}} does not exist"

@ -66,25 +81,34 @@ To connect to your database from outside the cluster execute the following comma

    export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "postgresql.primary.fullname" . }})
+    {{- if $authEnabled }}
    PGPASSWORD="$POSTGRES_PASSWORD" psql --host $NODE_IP --port $NODE_PORT -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }}
-
+    {{- else }}
+    psql --host $NODE_IP --port $NODE_PORT -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }}
+    {{- end }}
 {{- else if contains "LoadBalancer" .Values.primary.service.type }}

  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
        Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "postgresql.primary.fullname" . }}'

    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "postgresql.primary.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+    {{- if $authEnabled }}
    PGPASSWORD="$POSTGRES_PASSWORD" psql --host $SERVICE_IP --port {{ include "postgresql.service.port" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }}
-
+    {{- else }}
+    psql --host $SERVICE_IP --port {{ include "postgresql.service.port" . }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }}
+    {{- end }}
 {{- else if contains "ClusterIP" .Values.primary.service.type }}

    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "postgresql.primary.fullname" . }} {{ include "postgresql.service.port" . }}:{{ include "postgresql.service.port" . }} &
+    {{- if $authEnabled }}
    PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }}
-
+    {{- else }}
+    psql --host 127.0.0.1 -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }}
+    {{- end }}
 {{- end }}
 {{- end }}

-WARNING: The configured password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue.
+WARNING: The configured password will be ignored on new installation in case when previous PostgreSQL release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue.

 {{- include "postgresql.validateValues" . -}}
 {{- include "common.warnings.rollingTag" .Values.image -}}
--- a/charts/bitnami/airflow/charts/postgresql/templates/_helpers.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/templates/_helpers.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}

 {{/*
@ -5,7 +10,7 @@ Create a default fully qualified app name for PostgreSQL Primary objects
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "postgresql.primary.fullname" -}}
-{{- if eq .Values.architecture "replication" }}
+{{- if eq .Values.architecture "replication" -}}
    {{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
    {{- include "common.names.fullname" . -}}
@ -25,7 +30,7 @@ Create the default FQDN for PostgreSQL primary headless service
 We truncate at 63 chars because of the DNS naming spec.
 */}}
 {{- define "postgresql.primary.svc.headless" -}}
-{{- printf "%s-hl" (include "postgresql.primary.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- printf "%s-hl" (include "postgresql.primary.fullname" .) | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

 {{/*
@ -33,7 +38,7 @@ Create the default FQDN for PostgreSQL read-only replicas headless service
 We truncate at 63 chars because of the DNS naming spec.
 */}}
 {{- define "postgresql.readReplica.svc.headless" -}}
-{{- printf "%s-hl" (include "postgresql.readReplica.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- printf "%s-hl" (include "postgresql.readReplica.fullname" .) | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

 {{/*
@ -68,7 +73,7 @@ Return the proper Docker Image Registry Secret Names
 Return the name for a custom user to create
 */}}
 {{- define "postgresql.username" -}}
-{{- if .Values.global.postgresql.auth.username }}
+{{- if .Values.global.postgresql.auth.username -}}
    {{- .Values.global.postgresql.auth.username -}}
 {{- else -}}
    {{- .Values.auth.username -}}
@ -79,7 +84,7 @@ Return the name for a custom user to create
 Return the name for a custom database to create
 */}}
 {{- define "postgresql.database" -}}
-{{- if .Values.global.postgresql.auth.database }}
+{{- if .Values.global.postgresql.auth.database -}}
    {{- printf "%s" (tpl .Values.global.postgresql.auth.database $) -}}
 {{- else if .Values.auth.database -}}
    {{- printf "%s" (tpl .Values.auth.database $) -}}
@ -90,7 +95,7 @@ Return the name for a custom database to create
 Get the password secret.
 */}}
 {{- define "postgresql.secretName" -}}
-{{- if .Values.global.postgresql.auth.existingSecret }}
+{{- if .Values.global.postgresql.auth.existingSecret -}}
    {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}}
 {{- else if .Values.auth.existingSecret -}}
    {{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
@ -103,8 +108,8 @@ Get the password secret.
 Get the replication-password key.
 */}}
 {{- define "postgresql.replicationPasswordKey" -}}
-{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
-    {{- if .Values.global.postgresql.auth.secretKeys.replicationPasswordKey }}
+{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret -}}
+    {{- if .Values.global.postgresql.auth.secretKeys.replicationPasswordKey -}}
        {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.replicationPasswordKey $) -}}
    {{- else if .Values.auth.secretKeys.replicationPasswordKey -}}
        {{- printf "%s" (tpl .Values.auth.secretKeys.replicationPasswordKey $) -}}
@ -120,8 +125,8 @@ Get the replication-password key.
 Get the admin-password key.
 */}}
 {{- define "postgresql.adminPasswordKey" -}}
-{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
-    {{- if .Values.global.postgresql.auth.secretKeys.adminPasswordKey }}
+{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret -}}
+    {{- if .Values.global.postgresql.auth.secretKeys.adminPasswordKey -}}
        {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.adminPasswordKey $) -}}
    {{- else if .Values.auth.secretKeys.adminPasswordKey -}}
        {{- printf "%s" (tpl .Values.auth.secretKeys.adminPasswordKey $) -}}
@ -135,18 +140,18 @@ Get the admin-password key.
 Get the user-password key.
 */}}
 {{- define "postgresql.userPasswordKey" -}}
-{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }}
-    {{- if or (empty (include "postgresql.username" .)) (eq (include "postgresql.username" .) "postgres") }}
+{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret -}}
+    {{- if or (empty (include "postgresql.username" .)) (eq (include "postgresql.username" .) "postgres") -}}
        {{- printf "%s" (include "postgresql.adminPasswordKey" .) -}}
    {{- else -}}
-        {{- if .Values.global.postgresql.auth.secretKeys.userPasswordKey }}
+        {{- if .Values.global.postgresql.auth.secretKeys.userPasswordKey -}}
            {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.userPasswordKey $) -}}
        {{- else if .Values.auth.secretKeys.userPasswordKey -}}
            {{- printf "%s" (tpl .Values.auth.secretKeys.userPasswordKey $) -}}
        {{- end -}}
    {{- end -}}
 {{- else -}}
-    {{- ternary "password" "postgres-password" (and (not (empty (include "postgresql.username" .))) (ne (include "postgresql.username" .) "postgres")) -}}
+    {{- "password" -}}
 {{- end -}}
 {{- end -}}

@ -154,7 +159,10 @@ Get the user-password key.
 Return true if a secret object should be created
 */}}
 {{- define "postgresql.createSecret" -}}
-{{- if not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret) -}}
+{{- $customUser := include "postgresql.username" . -}}
+{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "common.names.fullname" .) "key" .Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary .Values.auth.postgresPassword .Values.auth.password  (eq $customUser "postgres")) "context" $) -}}
+{{- if and (not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret))
+    (or $postgresPassword .Values.auth.enablePostgresUser (and (not (empty $customUser)) (ne $customUser "postgres")) (eq .Values.architecture "replication") (and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw))) -}}
    {{- true -}}
 {{- end -}}
 {{- end -}}
@ -163,7 +171,7 @@ Return true if a secret object should be created
 Return PostgreSQL service port
 */}}
 {{- define "postgresql.service.port" -}}
-{{- if .Values.global.postgresql.service.ports.postgresql }}
+{{- if .Values.global.postgresql.service.ports.postgresql -}}
    {{- .Values.global.postgresql.service.ports.postgresql -}}
 {{- else -}}
    {{- .Values.primary.service.ports.postgresql -}}
@ -174,7 +182,7 @@ Return PostgreSQL service port
 Return PostgreSQL service port
 */}}
 {{- define "postgresql.readReplica.service.port" -}}
-{{- if .Values.global.postgresql.service.ports.postgresql }}
+{{- if .Values.global.postgresql.service.ports.postgresql -}}
    {{- .Values.global.postgresql.service.ports.postgresql -}}
 {{- else -}}
    {{- .Values.readReplicas.service.ports.postgresql -}}
@ -196,7 +204,7 @@ Get the PostgreSQL primary configuration ConfigMap name.
 Return true if a configmap object should be created for PostgreSQL primary with the configuration
 */}}
 {{- define "postgresql.primary.createConfigmap" -}}
-{{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) }}
+{{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) -}}
    {{- true -}}
 {{- else -}}
 {{- end -}}
@ -224,7 +232,7 @@ Get the PostgreSQL read replica extended configuration ConfigMap name.
 Return true if a configmap object should be created for PostgreSQL primary with the extended configuration
 */}}
 {{- define "postgresql.primary.createExtendedConfigmap" -}}
-{{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) }}
+{{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) -}}
    {{- true -}}
 {{- else -}}
 {{- end -}}
@ -234,7 +242,7 @@ Return true if a configmap object should be created for PostgreSQL primary with
 Return true if a configmap object should be created for PostgreSQL read replica with the extended configuration
 */}}
 {{- define "postgresql.readReplicas.createExtendedConfigmap" -}}
-{{- if .Values.readReplicas.extendedConfiguration }}
+{{- if .Values.readReplicas.extendedConfiguration -}}
    {{- true -}}
 {{- else -}}
 {{- end -}}
@ -255,7 +263,7 @@ Return true if a configmap object should be created for PostgreSQL read replica
 Return true if a configmap should be mounted with PostgreSQL configuration
 */}}
 {{- define "postgresql.mountConfigurationCM" -}}
-{{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }}
+{{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap -}}
    {{- true -}}
 {{- end -}}
 {{- end -}}
@ -271,13 +279,13 @@ Get the initialization scripts ConfigMap name.
 {{- end -}}
 {{- end -}}

-{/*
+{{/*
 Return true if TLS is enabled for LDAP connection
 */}}
 {{- define "postgresql.ldap.tls.enabled" -}}
-{{- if and (kindIs "string" .Values.ldap.tls) (not (empty .Values.ldap.tls)) }}
+{{- if and (kindIs "string" .Values.ldap.tls) (not (empty .Values.ldap.tls)) -}}
    {{- true -}}
-{{- else if and (kindIs "map" .Values.ldap.tls) .Values.ldap.tls.enabled }}
+{{- else if and (kindIs "map" .Values.ldap.tls) .Values.ldap.tls.enabled -}}
    {{- true -}}
 {{- end -}}
 {{- end -}}
@ -286,7 +294,7 @@ Return true if TLS is enabled for LDAP connection
 Get the readiness probe command
 */}}
 {{- define "postgresql.readinessProbeCommand" -}}
-{{- $customUser := include "postgresql.username" . }}
+{{- $customUser := include "postgresql.username" . -}}
 - |
 {{- if (include "postgresql.database" .) }}
  exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }}
@ -295,7 +303,7 @@ Get the readiness probe command
 {{- end }}
 {{- if contains "bitnami/" .Values.image.repository }}
  [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
-{{- end -}}
+{{- end }}
 {{- end -}}

 {{/*
@ -317,7 +325,7 @@ Compile all warnings into a single message, and call fail.
 Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap
 */}}
 {{- define "postgresql.validateValues.ldapConfigurationMethod" -}}
-{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }}
+{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) -}}
 postgresql: ldap.url, ldap.server
    You cannot set both `ldap.url` and `ldap.server` at the same time.
    Please provide a unique way to configure LDAP.
@ -329,7 +337,7 @@ postgresql: ldap.url, ldap.server
 Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
 */}}
 {{- define "postgresql.validateValues.psp" -}}
-{{- if and .Values.psp.create (not .Values.rbac.create) }}
+{{- if and .Values.psp.create (not .Values.rbac.create) -}}
 postgresql: psp.create, rbac.create
    RBAC should be enabled if PSP is enabled in order for PSP to work.
    More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
@ -340,7 +348,7 @@ postgresql: psp.create, rbac.create
 Return the path to the cert file.
 */}}
 {{- define "postgresql.tlsCert" -}}
-{{- if .Values.tls.autoGenerated }}
+{{- if .Values.tls.autoGenerated -}}
    {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}}
 {{- else -}}
    {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
@ -351,7 +359,7 @@ Return the path to the cert file.
 Return the path to the cert key file.
 */}}
 {{- define "postgresql.tlsCertKey" -}}
-{{- if .Values.tls.autoGenerated }}
+{{- if .Values.tls.autoGenerated -}}
    {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}}
 {{- else -}}
 {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
@ -362,7 +370,7 @@ Return the path to the cert key file.
 Return the path to the CA cert file.
 */}}
 {{- define "postgresql.tlsCACert" -}}
-{{- if .Values.tls.autoGenerated }}
+{{- if .Values.tls.autoGenerated -}}
    {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}}
 {{- else -}}
    {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}}
@ -382,7 +390,7 @@ Return the path to the CRL file.
 Return true if a TLS credentials secret object should be created
 */}}
 {{- define "postgresql.createTlsSecret" -}}
-{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }}
+{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) -}}
    {{- true -}}
 {{- end -}}
 {{- end -}}
@ -391,7 +399,7 @@ Return true if a TLS credentials secret object should be created
 Return the path to the CA cert file.
 */}}
 {{- define "postgresql.tlsSecretName" -}}
-{{- if .Values.tls.autoGenerated }}
+{{- if .Values.tls.autoGenerated -}}
    {{- printf "%s-crt" (include "common.names.fullname" .) -}}
 {{- else -}}
    {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }}
--- a/charts/bitnami/airflow/charts/postgresql/templates/extra-list.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/extra-list.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- range .Values.extraDeploy }}
 ---
 {{ include "common.tplvalues.render" (dict "value" . "context" $) }}
--- a/charts/bitnami/airflow/charts/postgresql/templates/networkpolicy-egress.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/networkpolicy-egress.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }}
 apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
 kind: NetworkPolicy
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/configmap.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/configmap.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if (include "postgresql.primary.createConfigmap" .) }}
 apiVersion: v1
 kind: ConfigMap
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/extended-configmap.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/extended-configmap.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if (include "postgresql.primary.createExtendedConfigmap" .) }}
 apiVersion: v1
 kind: ConfigMap
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/initialization-configmap.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/initialization-configmap.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.primary.initdb.scripts (not .Values.primary.initdb.scriptsConfigMap) }}
 apiVersion: v1
 kind: ConfigMap
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/metrics-configmap.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/metrics-configmap.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
 apiVersion: v1
 kind: ConfigMap
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/metrics-svc.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/metrics-svc.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if .Values.metrics.enabled }}
 apiVersion: v1
 kind: Service
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/networkpolicy.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/networkpolicy.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }}
 apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
 kind: NetworkPolicy
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/servicemonitor.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/servicemonitor.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- $customUser := include "postgresql.username" . }}
 apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
 kind: StatefulSet
@ -44,10 +49,10 @@ spec:
      {{- if or (include "postgresql.primary.createConfigmap" .) (include "postgresql.primary.createExtendedConfigmap" .) .Values.primary.podAnnotations }}
      annotations:
        {{- if (include "postgresql.primary.createConfigmap" .) }}
-        checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }}
+        checksum/configuration: {{ pick (include (print $.Template.BasePath "/primary/configmap.yaml") . | fromYaml) "data" | toYaml | sha256sum }}
        {{- end }}
        {{- if (include "postgresql.primary.createExtendedConfigmap" .) }}
-        checksum/extended-configuration: {{ include (print $.Template.BasePath "/primary/extended-configmap.yaml") . | sha256sum }}
+        checksum/extended-configuration: {{ pick (include (print $.Template.BasePath "/primary/extended-configmap.yaml") . | fromYaml) "data" | toYaml | sha256sum }}
        {{- end }}
        {{- if .Values.primary.podAnnotations }}
        {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }}
@ -212,9 +217,7 @@ spec:
              value: {{ .Values.postgresqlDataDir | quote }}
            {{- end }}
            # Authentication
-          {{- if and (not (empty $customUser)) (ne $customUser "postgres") }}
-            - name: POSTGRES_USER
-              value: {{ $customUser | quote }}
+            {{- if or (eq $customUser "postgres") (empty $customUser) }}
            {{- if .Values.auth.enablePostgresUser }}
            {{- if .Values.auth.usePasswordFiles }}
            - name: POSTGRES_POSTGRES_PASSWORD_FILE
@ -226,8 +229,13 @@ spec:
                  name: {{ include "postgresql.secretName" . }}
                  key: {{ include "postgresql.adminPasswordKey" . }}
            {{- end }}
+            {{- else }}
+            - name: ALLOW_EMPTY_PASSWORD
+              value: "true"
            {{- end }}
-          {{- end }}
+            {{- else }}
+            - name: POSTGRES_USER
+              value: {{ $customUser | quote }}
            {{- if .Values.auth.usePasswordFiles }}
            - name: POSTGRES_PASSWORD_FILE
              value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.userPasswordKey" .) }}
@ -238,8 +246,24 @@ spec:
                  name: {{ include "postgresql.secretName" . }}
                  key: {{ include "postgresql.userPasswordKey" . }}
            {{- end }}
+            {{- if .Values.auth.enablePostgresUser }}
+            {{- if .Values.auth.usePasswordFiles }}
+            - name: POSTGRES_POSTGRES_PASSWORD_FILE
+              value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.adminPasswordKey" .) }}
+            {{- else if .Values.auth.postgresPassword }}
+            - name: POSTGRES_POSTGRES_PASSWORD
+              value: {{ .Values.auth.postgresPassword }}
+            {{- else }}
+            - name: POSTGRES_POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "postgresql.secretName" . }}
+                  key: {{ include "postgresql.adminPasswordKey" . }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
            {{- if (include "postgresql.database" .) }}
-            - name: POSTGRES_DB
+            - name: POSTGRES_DATABASE
              value: {{ (include "postgresql.database" .) | quote }}
            {{- end }}
            # Replication
@ -258,7 +282,7 @@ spec:
                  name: {{ include "postgresql.secretName" . }}
                  key: {{ include "postgresql.replicationPasswordKey" . }}
            {{- end }}
-            {{- if not (eq .Values.replication.synchronousCommit "off") }}
+            {{- if ne .Values.replication.synchronousCommit "off" }}
            - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE
              value: {{ .Values.replication.synchronousCommit | quote }}
            - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS
@ -277,11 +301,11 @@ spec:
              value: {{ .Values.primary.initdb.postgresqlWalDir | quote }}
            {{- end }}
            {{- if .Values.primary.initdb.user }}
-            - name: POSTGRESQL_INITSCRIPTS_USERNAME
+            - name: POSTGRES_INITSCRIPTS_USERNAME
              value: {{ .Values.primary.initdb.user }}
            {{- end }}
            {{- if .Values.primary.initdb.password }}
-            - name: POSTGRESQL_INITSCRIPTS_PASSWORD
+            - name: POSTGRES_INITSCRIPTS_PASSWORD
              value: {{ .Values.primary.initdb.password | quote }}
            {{- end }}
            # Standby
@ -614,7 +638,9 @@ spec:
          emptyDir: {}
  {{- else }}
  volumeClaimTemplates:
-    - metadata:
+    - apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
        name: data
        {{- if .Values.primary.persistence.annotations }}
        annotations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.annotations "context" $) | nindent 10 }}
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/svc-headless.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/svc-headless.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 apiVersion: v1
 kind: Service
 metadata:
--- a/charts/bitnami/airflow/charts/postgresql/templates/primary/svc.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/svc.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 apiVersion: v1
 kind: Service
 metadata:
--- a/charts/bitnami/airflow/charts/postgresql/templates/prometheusrule.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/prometheusrule.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
--- a/charts/bitnami/airflow/charts/postgresql/templates/psp.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/psp.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
 {{- if and $pspAvailable .Values.psp.create }}
 apiVersion: policy/v1beta1
--- a/charts/bitnami/airflow/charts/postgresql/templates/read/extended-configmap.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/read/extended-configmap.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }}
 apiVersion: v1
 kind: ConfigMap
--- a/charts/bitnami/airflow/charts/postgresql/templates/read/metrics-configmap.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/read/metrics-configmap.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.metrics.enabled .Values.metrics.customMetrics (eq .Values.architecture "replication") }}
 apiVersion: v1
 kind: ConfigMap
--- a/charts/bitnami/airflow/charts/postgresql/templates/read/metrics-svc.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/read/metrics-svc.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.metrics.enabled (eq .Values.architecture "replication") }}
 apiVersion: v1
 kind: Service
--- a/charts/bitnami/airflow/charts/postgresql/templates/read/networkpolicy.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/read/networkpolicy.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.networkPolicy.enabled (eq .Values.architecture "replication") .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled }}
 apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
 kind: NetworkPolicy
--- a/charts/bitnami/airflow/charts/postgresql/templates/read/servicemonitor.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/read/servicemonitor.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled (eq .Values.architecture "replication") }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
--- a/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if eq .Values.architecture "replication" }}
 {{- $customUser := include "postgresql.username" . }}
 apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
@ -45,7 +50,7 @@ spec:
      {{- if or (include "postgresql.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }}
      annotations:
        {{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }}
-        checksum/extended-configuration: {{ include (print $.Template.BasePath "/read/extended-configmap.yaml") . | sha256sum }}
+        checksum/extended-configuration: {{ pick (include (print $.Template.BasePath "/primary/extended-configmap.yaml") . | fromYaml) "data" | toYaml | sha256sum }}
        {{- end }}
        {{- if .Values.readReplicas.podAnnotations }}
        {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }}
@ -210,7 +215,36 @@ spec:
              value: {{ .Values.postgresqlDataDir | quote }}
            {{- end }}
            # Authentication
-          {{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }}
+            {{- if or (eq $customUser "postgres") (empty $customUser) }}
+            {{- if .Values.auth.enablePostgresUser }}
+            {{- if .Values.auth.usePasswordFiles }}
+            - name: POSTGRES_PASSWORD_FILE
+              value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.adminPasswordKey" .) }}
+            {{- else }}
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "postgresql.secretName" . }}
+                  key: {{ include "postgresql.adminPasswordKey" . }}
+            {{- end }}
+            {{- else }}
+            - name: ALLOW_EMPTY_PASSWORD
+              value: "true"
+            {{- end }}
+            {{- else }}
+            - name: POSTGRES_USER
+              value: {{ $customUser | quote }}
+            {{- if .Values.auth.usePasswordFiles }}
+            - name: POSTGRES_PASSWORD_FILE
+              value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.userPasswordKey" .) }}
+            {{- else }}
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "postgresql.secretName" . }}
+                  key: {{ include "postgresql.userPasswordKey" . }}
+            {{- end }}
+            {{- if .Values.auth.enablePostgresUser }}
            {{- if .Values.auth.usePasswordFiles }}
            - name: POSTGRES_POSTGRES_PASSWORD_FILE
              value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.adminPasswordKey" .) }}
@ -221,16 +255,7 @@ spec:
                  name: {{ include "postgresql.secretName" . }}
                  key: {{ include "postgresql.adminPasswordKey" . }}
            {{- end }}
-          {{- end }}
-            {{- if .Values.auth.usePasswordFiles }}
-            - name: POSTGRES_PASSWORD_FILE
-              value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.userPasswordKey" .) }}
-            {{- else }}
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "postgresql.secretName" . }}
-                  key: {{ include "postgresql.userPasswordKey" . }}
+            {{- end }}
            {{- end }}
            # Replication
            - name: POSTGRES_REPLICATION_MODE
--- a/charts/bitnami/airflow/charts/postgresql/templates/read/svc-headless.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/read/svc-headless.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if eq .Values.architecture "replication" }}
 apiVersion: v1
 kind: Service
--- a/charts/bitnami/airflow/charts/postgresql/templates/read/svc.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/read/svc.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if eq .Values.architecture "replication" }}
 apiVersion: v1
 kind: Service
--- a/charts/bitnami/airflow/charts/postgresql/templates/role.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/role.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if .Values.rbac.create }}
 kind: Role
 apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
--- a/charts/bitnami/airflow/charts/postgresql/templates/rolebinding.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/rolebinding.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if .Values.rbac.create }}
 kind: RoleBinding
 apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
--- a/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/secrets.yaml
@ -1,8 +1,14 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- $host := include "postgresql.primary.fullname" . }}
 {{- $port := include "postgresql.service.port" . }}
-{{- $postgresPassword := "" }}
-{{- if .Values.auth.enablePostgresUser }}
-{{- $postgresPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.adminPasswordKey "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) | trimAll "\"" | b64dec }}
+{{- $customUser := include "postgresql.username" . }}
+{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary .Values.auth.postgresPassword .Values.auth.password  (eq $customUser "postgres")) "context" $) | trimAll "\"" | b64dec }}
+{{- if and (not $postgresPassword) .Values.auth.enablePostgresUser }}
+{{- $postgresPassword = randAlphaNum 10 }}
 {{- end }}
 {{- $replicationPassword := "" }}
 {{- if eq .Values.architecture "replication" }}
@ -12,9 +18,8 @@
 {{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }}
 {{- $ldapPassword = coalesce .Values.ldap.bind_password .Values.ldap.bindpw }}
 {{- end }}
-{{- $customUser := include "postgresql.username" . }}
 {{- $password := "" }}
-{{- if not (empty (include "postgresql.username" .)) }}
+{{- if and (not (empty $customUser)) (ne $customUser "postgres") }}
 {{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.userPasswordKey "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }}
 {{- end }}
 {{- $database := include "postgresql.database" . }}
@ -33,13 +38,13 @@ metadata:
  {{- end }}
 type: Opaque
 data:
-  {{- if .Values.auth.enablePostgresUser }}
+  {{- if $postgresPassword }}
  postgres-password: {{ $postgresPassword | b64enc | quote }}
  {{- end }}
-  {{- if not (empty (include "postgresql.username" .)) }}
+  {{- if $password }}
  password: {{ $password | b64enc | quote }}
  {{- end }}
-  {{- if eq .Values.architecture "replication" }}
+  {{- if $replicationPassword }}
  replication-password: {{ $replicationPassword | b64enc | quote }}
  {{- end }}
  # We don't auto-generate LDAP password when it's not provided as we do for other passwords
@ -48,7 +53,7 @@ data:
  {{- end }}
 {{- end }}
 {{- if .Values.serviceBindings.enabled }}
-{{- if .Values.auth.enablePostgresUser }}
+{{- if $postgresPassword }}
 ---
 apiVersion: v1
 kind: Secret
@ -73,7 +78,7 @@ data:
  password: {{ $postgresPassword | b64enc | quote }}
  uri: {{ printf "postgresql://postgres:%s@%s:%s/postgres" $postgresPassword $host $port | b64enc | quote }}
 {{- end }}
-{{- if and (not (empty $customUser)) (ne $customUser "postgres") }}
+{{- if $password }}
 ---
 apiVersion: v1
 kind: Secret
--- a/charts/bitnami/airflow/charts/postgresql/templates/serviceaccount.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/serviceaccount.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if .Values.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
--- a/charts/bitnami/airflow/charts/postgresql/templates/tls-secrets.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/templates/tls-secrets.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if (include "postgresql.createTlsSecret" . ) }}
 {{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
 {{- $ca := genCA "postgresql-ca" 365 }}
--- a/charts/bitnami/airflow/charts/postgresql/values.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/values.yaml
@ -1,3 +1,6 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
 ## @section Global parameters
 ## Please, note that this will override the parameters, including dependencies, configured to use the global value
 ##
@ -95,7 +98,7 @@ diagnosticMode:
 image:
  registry: docker.io
  repository: bitnami/postgresql
-  tag: 15.3.0-debian-11-r7
+  tag: 15.3.0-debian-11-r17
  digest: ""
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1136,7 +1139,7 @@ volumePermissions:
  image:
    registry: docker.io
    repository: bitnami/bitnami-shell
-    tag: 11-debian-11-r120
+    tag: 11-debian-11-r130
    digest: ""
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
@ -1231,7 +1234,7 @@ metrics:
  image:
    registry: docker.io
    repository: bitnami/postgres-exporter
-    tag: 0.12.0-debian-11-r91
+    tag: 0.13.1-debian-11-r0
    digest: ""
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
--- a/charts/bitnami/airflow/charts/redis/Chart.yaml
+++ b/charts/bitnami/airflow/charts/redis/Chart.yaml
@ -24,4 +24,4 @@ maintainers:
 name: redis
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/redis
-version: 17.11.3
+version: 17.11.6
--- a/charts/bitnami/airflow/charts/redis/README.md
+++ b/charts/bitnami/airflow/charts/redis/README.md
@ -99,7 +99,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------------- |
 | `image.registry`    | Redis&reg; image registry                                                                                  | `docker.io`            |
 | `image.repository`  | Redis&reg; image repository                                                                                | `bitnami/redis`        |
-| `image.tag`         | Redis&reg; image tag (immutable tags are recommended)                                                      | `7.0.11-debian-11-r12` |
+| `image.tag`         | Redis&reg; image tag (immutable tags are recommended)                                                      | `7.0.11-debian-11-r20` |
 | `image.digest`      | Redis&reg; image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                   |
 | `image.pullPolicy`  | Redis&reg; image pull policy                                                                               | `IfNotPresent`         |
 | `image.pullSecrets` | Redis&reg; image pull secrets                                                                              | `[]`                   |
@ -333,7 +333,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `sentinel.enabled`                            | Use Redis&reg; Sentinel on Redis&reg; pods.                                                                                                 | `false`                  |
 | `sentinel.image.registry`                     | Redis&reg; Sentinel image registry                                                                                                          | `docker.io`              |
 | `sentinel.image.repository`                   | Redis&reg; Sentinel image repository                                                                                                        | `bitnami/redis-sentinel` |
-| `sentinel.image.tag`                          | Redis&reg; Sentinel image tag (immutable tags are recommended)                                                                              | `7.0.11-debian-11-r10`   |
+| `sentinel.image.tag`                          | Redis&reg; Sentinel image tag (immutable tags are recommended)                                                                              | `7.0.11-debian-11-r18`   |
 | `sentinel.image.digest`                       | Redis&reg; Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                         | `""`                     |
 | `sentinel.image.pullPolicy`                   | Redis&reg; Sentinel image pull policy                                                                                                       | `IfNotPresent`           |
 | `sentinel.image.pullSecrets`                  | Redis&reg; Sentinel image pull secrets                                                                                                      | `[]`                     |
@ -366,15 +366,15 @@ The command removes all the Kubernetes components associated with the chart and
 | `sentinel.startupProbe.successThreshold`      | Success threshold for startupProbe                                                                                                          | `1`                      |
 | `sentinel.livenessProbe.enabled`              | Enable livenessProbe on Redis&reg; Sentinel nodes                                                                                           | `true`                   |
 | `sentinel.livenessProbe.initialDelaySeconds`  | Initial delay seconds for livenessProbe                                                                                                     | `20`                     |
-| `sentinel.livenessProbe.periodSeconds`        | Period seconds for livenessProbe                                                                                                            | `5`                      |
+| `sentinel.livenessProbe.periodSeconds`        | Period seconds for livenessProbe                                                                                                            | `10`                     |
 | `sentinel.livenessProbe.timeoutSeconds`       | Timeout seconds for livenessProbe                                                                                                           | `5`                      |
-| `sentinel.livenessProbe.failureThreshold`     | Failure threshold for livenessProbe                                                                                                         | `5`                      |
+| `sentinel.livenessProbe.failureThreshold`     | Failure threshold for livenessProbe                                                                                                         | `6`                      |
 | `sentinel.livenessProbe.successThreshold`     | Success threshold for livenessProbe                                                                                                         | `1`                      |
 | `sentinel.readinessProbe.enabled`             | Enable readinessProbe on Redis&reg; Sentinel nodes                                                                                          | `true`                   |
 | `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe                                                                                                    | `20`                     |
 | `sentinel.readinessProbe.periodSeconds`       | Period seconds for readinessProbe                                                                                                           | `5`                      |
 | `sentinel.readinessProbe.timeoutSeconds`      | Timeout seconds for readinessProbe                                                                                                          | `1`                      |
-| `sentinel.readinessProbe.failureThreshold`    | Failure threshold for readinessProbe                                                                                                        | `5`                      |
+| `sentinel.readinessProbe.failureThreshold`    | Failure threshold for readinessProbe                                                                                                        | `6`                      |
 | `sentinel.readinessProbe.successThreshold`    | Success threshold for readinessProbe                                                                                                        | `1`                      |
 | `sentinel.customStartupProbe`                 | Custom startupProbe that overrides the default one                                                                                          | `{}`                     |
 | `sentinel.customLivenessProbe`                | Custom livenessProbe that overrides the default one                                                                                         | `{}`                     |
@ -451,7 +451,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.enabled`                            | Start a sidecar prometheus exporter to expose Redis&reg; metrics                                                    | `false`                  |
 | `metrics.image.registry`                     | Redis&reg; Exporter image registry                                                                                  | `docker.io`              |
 | `metrics.image.repository`                   | Redis&reg; Exporter image repository                                                                                | `bitnami/redis-exporter` |
-| `metrics.image.tag`                          | Redis&reg; Exporter image tag (immutable tags are recommended)                                                      | `1.50.0-debian-11-r13`   |
+| `metrics.image.tag`                          | Redis&reg; Exporter image tag (immutable tags are recommended)                                                      | `1.50.0-debian-11-r21`   |
 | `metrics.image.digest`                       | Redis&reg; Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                     |
 | `metrics.image.pullPolicy`                   | Redis&reg; Exporter image pull policy                                                                               | `IfNotPresent`           |
 | `metrics.image.pullSecrets`                  | Redis&reg; Exporter image pull secrets                                                                              | `[]`                     |
@ -517,7 +517,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `volumePermissions.enabled`                            | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`               | `false`                 |
 | `volumePermissions.image.registry`                     | Bitnami Shell image registry                                                                                  | `docker.io`             |
 | `volumePermissions.image.repository`                   | Bitnami Shell image repository                                                                                | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag`                          | Bitnami Shell image tag (immutable tags are recommended)                                                      | `11-debian-11-r118`     |
+| `volumePermissions.image.tag`                          | Bitnami Shell image tag (immutable tags are recommended)                                                      | `11-debian-11-r125`     |
 | `volumePermissions.image.digest`                       | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                    |
 | `volumePermissions.image.pullPolicy`                   | Bitnami Shell image pull policy                                                                               | `IfNotPresent`          |
 | `volumePermissions.image.pullSecrets`                  | Bitnami Shell image pull secrets                                                                              | `[]`                    |
@ -527,7 +527,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `sysctl.enabled`                                       | Enable init container to modify Kernel settings                                                               | `false`                 |
 | `sysctl.image.registry`                                | Bitnami Shell image registry                                                                                  | `docker.io`             |
 | `sysctl.image.repository`                              | Bitnami Shell image repository                                                                                | `bitnami/bitnami-shell` |
-| `sysctl.image.tag`                                     | Bitnami Shell image tag (immutable tags are recommended)                                                      | `11-debian-11-r118`     |
+| `sysctl.image.tag`                                     | Bitnami Shell image tag (immutable tags are recommended)                                                      | `11-debian-11-r125`     |
 | `sysctl.image.digest`                                  | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                    |
 | `sysctl.image.pullPolicy`                              | Bitnami Shell image pull policy                                                                               | `IfNotPresent`          |
 | `sysctl.image.pullSecrets`                             | Bitnami Shell image pull secrets                                                                              | `[]`                    |
@ -937,7 +937,7 @@ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remo

 ## License

-Copyright &copy; 2023 Bitnami
+Copyright &copy; 2023 VMware, Inc.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml
@ -65,6 +65,7 @@ spec:
      securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ template "redis.masterServiceAccountName" . }}
+      automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
      {{- if .Values.master.priorityClassName }}
      priorityClassName: {{ .Values.master.priorityClassName | quote }}
      {{- end }}
--- a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml
@ -64,6 +64,7 @@ spec:
      securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ template "redis.replicaServiceAccountName" . }}
+      automountServiceAccountToken: {{ .Values.replica.serviceAccount.automountServiceAccountToken }}
      {{- if .Values.replica.priorityClassName }}
      priorityClassName: {{ .Values.replica.priorityClassName | quote }}
      {{- end }}
--- a/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml
@ -68,6 +68,7 @@ spec:
      {{- if .Values.replica.podSecurityContext.enabled }}
      securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
+      automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
      serviceAccountName: {{ template "redis.serviceAccountName" . }}
      {{- if .Values.replica.priorityClassName }}
      priorityClassName: {{ .Values.replica.priorityClassName | quote }}
--- a/charts/bitnami/airflow/charts/redis/values.yaml
+++ b/charts/bitnami/airflow/charts/redis/values.yaml
@ -88,7 +88,7 @@ diagnosticMode:
 image:
  registry: docker.io
  repository: bitnami/redis
-  tag: 7.0.11-debian-11-r12
+  tag: 7.0.11-debian-11-r20
  digest: ""
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1001,7 +1001,7 @@ sentinel:
  image:
    registry: docker.io
    repository: bitnami/redis-sentinel
-    tag: 7.0.11-debian-11-r10
+    tag: 7.0.11-debian-11-r18
    digest: ""
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1113,10 +1113,10 @@ sentinel:
  livenessProbe:
    enabled: true
    initialDelaySeconds: 20
-    periodSeconds: 5
+    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
-    failureThreshold: 5
+    failureThreshold: 6
  ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis&reg; Sentinel nodes
  ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe
@ -1130,7 +1130,7 @@ sentinel:
    periodSeconds: 5
    timeoutSeconds: 1
    successThreshold: 1
-    failureThreshold: 5
+    failureThreshold: 6
  ## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: {}
@ -1443,7 +1443,7 @@ metrics:
  image:
    registry: docker.io
    repository: bitnami/redis-exporter
-    tag: 1.50.0-debian-11-r13
+    tag: 1.50.0-debian-11-r21
    digest: ""
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
@ -1697,7 +1697,7 @@ volumePermissions:
  image:
    registry: docker.io
    repository: bitnami/bitnami-shell
-    tag: 11-debian-11-r118
+    tag: 11-debian-11-r125
    digest: ""
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
@ -1745,7 +1745,7 @@ sysctl:
  image:
    registry: docker.io
    repository: bitnami/bitnami-shell
-    tag: 11-debian-11-r118
+    tag: 11-debian-11-r125
    digest: ""
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
--- a/charts/bitnami/airflow/templates/_git_helpers.tpl
+++ b/charts/bitnami/airflow/templates/_git_helpers.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Returns the name that will identify the repository internally and it will be used to create folders or
--- a/charts/bitnami/airflow/templates/_helpers.tpl
+++ b/charts/bitnami/airflow/templates/_helpers.tpl
@ -1,3 +1,8 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
@ -154,11 +159,11 @@ Get the Postgresql credentials secret.
        {{- if .Values.global.postgresql.auth }}
            {{- if .Values.global.postgresql.auth.existingSecret }}
                {{- tpl .Values.global.postgresql.auth.existingSecret $ -}}
-            {{- else -}}
-                {{- default (include "airflow.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}}
            {{- end -}}
        {{- else -}}
-            {{- default (include "airflow.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}}
+            {{- if and ( .Values.postgresql.auth.existingSecret ) ( .Values.postgresql.auth.enablePostgresUser ) }}
+                {{- default (include "airflow.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}}
+            {{- end -}}
        {{- end -}}
    {{- else -}}
        {{- default (include "airflow.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}}
@ -323,11 +328,16 @@ Add environment variables to configure database values
  value: {{ include "airflow.database.name" . }}
 - name: AIRFLOW_DATABASE_USERNAME
  value: {{ include "airflow.database.user" . }}
+{{- if or (not .Values.postgresql.enabled) .Values.postgresql.auth.enablePostgresUser }}
 - name: AIRFLOW_DATABASE_PASSWORD
  valueFrom:
    secretKeyRef:
      name: {{ include "airflow.postgresql.secretName" . }}
      key: {{ include "airflow.database.existingsecret.key" . }}
+{{- else }}
+- name: ALLOW_EMPTY_PASSWORD
+  value: "true"
+{{- end }}
 - name: AIRFLOW_DATABASE_HOST
  value: {{ include "airflow.database.host" . }}
 - name: AIRFLOW_DATABASE_PORT_NUMBER
--- a/charts/bitnami/airflow/templates/config/configmap.yaml
+++ b/charts/bitnami/airflow/templates/config/configmap.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- $kube := (contains "KubernetesExecutor" .Values.executor) -}}
 {{- if or .Values.configuration $kube }}
 apiVersion: v1
--- a/charts/bitnami/airflow/templates/config/secret-external-db.yaml
+++ b/charts/bitnami/airflow/templates/config/secret-external-db.yaml
@ -1,3 +1,8 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
 {{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.existingSecret) }}
 apiVersion: v1
 kind: Secret
--- a/Show More
+++ b/Show More