Merge pull request #676 from nflondo/main-source

Charts CI [modified charts]

charts/argo/argo-cd/Chart.yaml

@@ -1,13 +1,13 @@
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: Grouped component templates together
+      description: Upgrade Argo CD to v.2.6.3
   catalog.cattle.io/certified: partner
   catalog.cattle.io/display-name: Argo CD
   catalog.cattle.io/kube-version: '>=1.22.0-0'
   catalog.cattle.io/release-name: argo-cd
 apiVersion: v2
-appVersion: v2.6.2
+appVersion: v2.6.3
 dependencies:
 - condition: redis-ha.enabled
   name: redis-ha
@@ -29,4 +29,4 @@ name: argo-cd
 sources:
 - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
 - https://github.com/argoproj/argo-cd
-version: 5.22.1
+version: 5.23.3

charts/argo/argo-cd/README.md

@@ -509,7 +509,7 @@ NAME: my-release
 | controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb |
 | controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller |
 | controller.pdb.labels | object | `{}` | Labels to be added to application controller pdb |
-| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
 | controller.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
 | controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods |
 | controller.podLabels | object | `{}` | Labels to be added to application controller pods |
@@ -592,7 +592,7 @@ NAME: my-release
 | repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb |
 | repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server |
 | repoServer.pdb.labels | object | `{}` | Labels to be added to repo server pdb |
-| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
 | repoServer.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
 | repoServer.podAnnotations | object | `{}` | Annotations to be added to repo server pods |
 | repoServer.podLabels | object | `{}` | Labels to be added to repo server pods |
@@ -642,7 +642,7 @@ NAME: my-release
 | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
 | server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
 | server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` |
-| server.certificate.issuer.name | string | `""` | Certificate isser name. Eg. `letsencrypt` |
+| server.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` |
 | server.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` |
 | server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` |
 | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
@@ -725,7 +725,7 @@ NAME: my-release
 | server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb |
 | server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server |
 | server.pdb.labels | object | `{}` | Labels to be added to Argo CD server pdb |
-| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
 | server.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
 | server.podAnnotations | object | `{}` | Annotations to be added to server pods |
 | server.podLabels | object | `{}` | Labels to be added to server pods |
@@ -955,7 +955,7 @@ The main options are listed here:
 | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
 | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
 | redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag |
-| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes |
+| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
 | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
 | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""`  is disabled |
 | redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated |
@@ -1033,7 +1033,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb |
 | applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller |
 | applicationSet.pdb.labels | object | `{}` | Labels to be added to ApplicationSet controller pdb |
-| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
 | applicationSet.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
 | applicationSet.podAnnotations | object | `{}` | Annotations for the ApplicationSet controller pods |
 | applicationSet.podLabels | object | `{}` | Labels for the ApplicationSet controller pods |
@@ -1072,32 +1072,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 |-----|------|---------|-------------|
 | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
 | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
-| notifications.bots.slack.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
-| notifications.bots.slack.containerSecurityContext | object | See [values.yaml] | Slack bot container-level security Context |
-| notifications.bots.slack.dnsConfig | object | `{}` | [DNS configuration] |
-| notifications.bots.slack.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Slack bot pods |
-| notifications.bots.slack.enabled | bool | `false` | Enable slack bot |
-| notifications.bots.slack.extraArgs | list | `[]` | List of extra cli args to add for Slack bot |
-| notifications.bots.slack.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Slack bot |
-| notifications.bots.slack.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Slack bot |
-| notifications.bots.slack.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Slack bot |
-| notifications.bots.slack.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
-| notifications.bots.slack.logFormat | string | `""` (defaults to global.logging.format) | Slack bot log format. Either `text` or `json` |
-| notifications.bots.slack.logLevel | string | `""` (defaults to global.logging.level) | Slack bot log level. One of: `debug`, `info`, `warn`, `error` |
-| notifications.bots.slack.nodeSelector | object | `{}` | [Node selector] |
-| notifications.bots.slack.pdb.annotations | object | `{}` | Annotations to be added to Slack bot pdb |
-| notifications.bots.slack.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Slack bot |
-| notifications.bots.slack.pdb.labels | object | `{}` | Labels to be added to Slack bot pdb |
-| notifications.bots.slack.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
-| notifications.bots.slack.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
-| notifications.bots.slack.resources | object | `{}` | Resource limits and requests for the Slack bot |
-| notifications.bots.slack.service.annotations | object | `{}` | Service annotations for Slack bot |
-| notifications.bots.slack.service.port | int | `80` | Service port for Slack bot |
-| notifications.bots.slack.service.type | string | `"LoadBalancer"` | Service type for Slack bot |
-| notifications.bots.slack.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
-| notifications.bots.slack.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
-| notifications.bots.slack.serviceAccount.name | string | `"argocd-notifications-bot"` | The name of the service account to use. |
-| notifications.bots.slack.tolerations | list | `[]` | [Tolerations] for use with node taints |
 | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
 | notifications.containerPorts.metrics | int | `9001` | Metrics container port |
 | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
@@ -1138,7 +1112,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb |
 | notifications.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the notifications controller |
 | notifications.pdb.labels | object | `{}` | Labels to be added to notifications controller pdb |
-| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). |
+| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
 | notifications.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
 | notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods |
 | notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods |

charts/argo/argo-cd/templates/_helpers.tpl

@@ -158,17 +158,6 @@ Create the name of the notifications service account to use
 {{- end -}}
 {{- end -}}
 
-{{/*
-Create the name of the notifications bots slack service account to use
-*/}}
-{{- define "argo-cd.notificationsBotsSlackServiceAccountName" -}}
-{{- if .Values.notifications.bots.slack.serviceAccount.create -}}
-    {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.bots.slack.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.notifications.bots.slack.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Argo Configuration Preset Values (Incluenced by Values configuration)
 */}}

charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml

@@ -37,10 +37,15 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.global.securityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }}
       containers:
       - command:
         - argocd-application-controller
@@ -285,11 +290,6 @@ spec:
           {{- end }}
         {{- end }}
       {{- end }}
-      serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
       volumes:
       {{- with .Values.controller.volumes }}
         {{- toYaml . | nindent 6 }}

charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml

@@ -35,15 +35,15 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.global.securityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
       containers:
         - name: {{ .Values.applicationSet.name }}
           image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}

charts/argo/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml

@@ -1,71 +0,0 @@
-{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  name: {{ template "argo-cd.notifications.fullname" . }}-bot
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }}
-spec:
-  replicas: 1
-  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 8 }}
-    spec:
-      {{- with .Values.notifications.bots.slack.imagePullSecrets | default .Values.global.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.notificationsBotsSlackServiceAccountName" . }}
-      containers:
-        - name: {{ include "argo-cd.notifications.fullname" . }}-bot
-          image: {{ default .Values.global.image.repository .Values.notifications.bots.slack.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.bots.slack.image.tag }}
-          imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.bots.slack.image.pullPolicy }}
-          command:
-            - argocd-notifications
-            - bot
-            - --loglevel={{ default .Values.global.logging.level .Values.notifications.bots.slack.logLevel }}
-            - --logformat={{ default .Values.global.logging.format .Values.notifications.bots.slack.logFormat }}
-            {{- range .Values.notifications.bots.slack.extraArgs }}
-            - {{ . | squote }}
-            {{- end }}
-          workingDir: /app
-          ports:
-          - containerPort: 8080
-            name: http
-          resources:
-            {{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }}
-          securityContext:
-            {{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }}
-      affinity:
-        {{- include "argo-cd.affinity" (dict "context" . "component" .Values.notifications.bots.slack) | nindent 8 }}
-      {{- with .Values.notifications.bots.slack.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.notifications.bots.slack.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.notifications.bots.slack.dnsConfig }}
-      dnsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      dnsPolicy: {{ .Values.notifications.bots.slack.dnsPolicy }}
-{{ end }}

charts/argo/argo-cd/templates/argocd-notifications/bots/slack/pdb.yaml

@@ -1,26 +0,0 @@
-{{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.pdb.enabled }}
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ include "argo-cd.notifications.fullname" . }}-bot
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }}
-    {{- with .Values.notifications.bots.slack.pdb.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.notifications.bots.slack.pdb.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  {{- with .Values.notifications.bots.slack.pdb.maxUnavailable }}
-  maxUnavailable: {{ . }}
-  {{- else }}
-  minAvailable: {{ .Values.notifications.bots.slack.pdb.minAvailable | default 0 }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }}
-{{- end }}

charts/argo/argo-cd/templates/argocd-notifications/bots/slack/role.yaml

@@ -1,27 +0,0 @@
-{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "argo-cd.notifications.fullname" . }}-bot
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - appprojects
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-{{ end }}

charts/argo/argo-cd/templates/argocd-notifications/bots/slack/rolebinding.yaml

@@ -1,13 +0,0 @@
-{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "argo-cd.notifications.fullname" . }}-bot
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "argo-cd.notifications.fullname" . }}-bot
-subjects:
-- kind: ServiceAccount
-  name: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }}
-{{ end }}

charts/argo/argo-cd/templates/argocd-notifications/bots/slack/service.yaml

@@ -1,19 +0,0 @@
-{{ if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "argo-cd.notifications.fullname" . }}-bot
-  {{- if .Values.notifications.bots.slack.service.annotations }}
-  annotations:
-    {{- toYaml .Values.notifications.bots.slack.service.annotations | nindent 4 }}
-  {{- end }}
-spec:
-  ports:
-  - name: http
-    port: {{ .Values.notifications.bots.slack.service.port }}
-    protocol: TCP
-    targetPort: http
-  selector:
-    {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" "metrics") | nindent 6 }}
-  type: {{ .Values.notifications.bots.slack.service.type }}
-{{ end }}

charts/argo/argo-cd/templates/argocd-notifications/bots/slack/serviceaccount.yaml

@@ -1,15 +0,0 @@
-{{- if and .Values.notifications.enabled .Values.notifications.bots.slack.enabled .Values.notifications.bots.slack.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: {{ .Values.notifications.bots.slack.serviceAccount.automountServiceAccountToken }}
-metadata:
-  name: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }}
-{{- if .Values.notifications.bots.slack.serviceAccount.annotations }}
-  annotations:
-  {{- range $key, $value := .Values.notifications.bots.slack.serviceAccount.annotations }}
-    {{ $key }}: {{ $value | quote }}
-  {{- end }}
-{{- end }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.bots.slack.name "name" .Values.notifications.bots.slack.name) | nindent 4 }}
-{{- end }}

charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml

@@ -37,6 +37,10 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.global.securityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}

charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml

@@ -40,11 +40,15 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.global.securityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }}
       containers:
       - name: {{ .Values.repoServer.name }}
         image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
@@ -312,11 +316,6 @@ spec:
         {{- end }}
         {{- end }}
       {{- end }}
-      serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
       volumes:
       {{- with .Values.repoServer.volumes }}
         {{- toYaml . | nindent 6 }}

charts/argo/argo-cd/templates/argocd-server/deployment.yaml

@@ -37,10 +37,15 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.global.securityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }}
       containers:
       - name: {{ .Values.server.name }}
         image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }}
@@ -369,11 +374,6 @@ spec:
         {{- end }}
         {{- end }}
       {{- end }}
-      serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
       volumes:
       {{- with .Values.server.volumes }}
         {{- toYaml . | nindent 6}}

charts/argo/argo-cd/templates/dex/deployment.yaml

@@ -39,10 +39,15 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with.Values.global.securityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      serviceAccountName: {{ include "argo-cd.dexServiceAccountName" . }}
       containers:
       - name: {{ .Values.dex.name }}
         image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
@@ -159,11 +164,6 @@ spec:
           {{- end }}
         {{- end }}
       {{- end }}
-      serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
       volumes:
       - name: static-files
         emptyDir: {}

charts/argo/argo-cd/templates/redis/deployment.yaml

@@ -36,6 +36,10 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.redis.securityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}

charts/argo/argo-cd/values.yaml

@@ -499,7 +499,7 @@ controller:
     # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
     # @default -- `""` (defaults to 0 if not specified)
     minAvailable: ""
-    # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+    # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
     ## Has higher precedence over `controller.pdb.minAvailable`
     maxUnavailable: ""
 
@@ -623,7 +623,7 @@ controller:
       drop:
       - ALL
 
-  # Rediness probe for application controller
+  # Readiness probe for application controller
   ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
   readinessProbe:
     # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
@@ -1243,7 +1243,7 @@ redis-ha:
     # -- Tag to use for the redis-exporter
     tag: 1.45.0
   persistentVolume:
-    # -- Configures persistency on Redis nodes
+    # -- Configures persistence on Redis nodes
     enabled: false
   redis:
     # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
@@ -1342,7 +1342,7 @@ server:
     # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
     # @default -- `""` (defaults to 0 if not specified)
     minAvailable: ""
-    # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+    # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
     ## Has higher precedence over `server.pdb.minAvailable`
     maxUnavailable: ""
 
@@ -1380,7 +1380,7 @@ server:
   lifecycle: {}
 
   ## Argo UI extensions
-  ## This function in tech preview stage, do expect unstability or breaking changes in newer versions.
+  ## This function in tech preview stage, do expect instability or breaking changes in newer versions.
   ## Ref: https://github.com/argoproj-labs/argocd-extensions
   extensions:
     # -- Enable support for Argo UI extensions
@@ -1583,7 +1583,7 @@ server:
       group: ""
       # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
       kind: ""
-      # -- Certificate isser name. Eg. `letsencrypt`
+      # -- Certificate issuer name. Eg. `letsencrypt`
       name: ""
     # Private key of the certificate
     privateKey:
@@ -1885,7 +1885,7 @@ repoServer:
     # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
     # @default -- `""` (defaults to 0 if not specified)
     minAvailable: ""
-    # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+    # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
     ## Has higher precedence over `repoServer.pdb.minAvailable`
     maxUnavailable: ""
 
@@ -2171,7 +2171,7 @@ applicationSet:
     # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
     # @default -- `""` (defaults to 0 if not specified)
     minAvailable: ""
-    # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+    # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
     ## Has higher precedence over `applicationSet.pdb.minAvailable`
     maxUnavailable: ""
 
@@ -2445,7 +2445,7 @@ notifications:
     # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
     # @default -- `""` (defaults to 0 if not specified)
     minAvailable: ""
-    # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
+    # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
     ## Has higher precedence over `notifications.pdb.minAvailable`
     maxUnavailable: ""
 
@@ -2910,108 +2910,3 @@ notifications:
     # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers
     # defaultTriggers: |
     #   - on-sync-status-unknown
-
-  ## The optional bot component simplifies managing subscriptions
-  ## For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/
-  bots:
-    slack:
-      # -- Enable slack bot
-      ## You have to set secret.notifiers.slack.signingSecret
-      enabled: false
-
-      ## Slack bot Pod Disruption Budget
-      ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
-      pdb:
-        # -- Deploy a [PodDisruptionBudget] for the Slack bot
-        enabled: false
-        # -- Labels to be added to Slack bot pdb
-        labels: {}
-        # -- Annotations to be added to Slack bot pdb
-        annotations: {}
-        # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
-        # @default -- `""` (defaults to 0 if not specified)
-        minAvailable: ""
-        # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
-        ## Has higher precedence over `notifications.bots.slack.pdb.minAvailable`
-        maxUnavailable: ""
-
-      ## Slack bot image
-      image:
-        # -- Repository to use for the Slack bot
-        # @default -- `""` (defaults to global.image.repository)
-        repository: ""
-        # -- Tag to use for the Slack bot
-        # @default -- `""` (defaults to global.image.tag)
-        tag: ""
-        # -- Image pull policy for the Slack bot
-        # @default -- `""` (defaults to global.image.imagePullPolicy)
-        imagePullPolicy: ""
-
-      # -- Secrets with credentials to pull images from a private registry
-      # @default -- `[]` (defaults to global.imagePullSecrets)
-      imagePullSecrets: []
-
-      # -- Slack bot log format. Either `text` or `json`
-      # @default -- `""` (defaults to global.logging.format)
-      logFormat: ""
-      # -- Slack bot log level. One of: `debug`, `info`, `warn`, `error`
-      # @default -- `""` (defaults to global.logging.level)
-      logLevel: ""
-
-      # -- List of extra cli args to add for Slack bot
-      extraArgs: []
-
-      service:
-        # -- Service annotations for Slack bot
-        annotations: {}
-        # -- Service port for Slack bot
-        port: 80
-        # -- Service type for Slack bot
-        type: LoadBalancer
-
-      serviceAccount:
-        # -- Specifies whether a service account should be created
-        create: true
-
-        # -- The name of the service account to use.
-        ## If not set and create is true, a name is generated using the fullname template
-        name: argocd-notifications-bot
-
-        # -- Annotations applied to created service account
-        annotations: {}
-
-      # -- [DNS configuration]
-      dnsConfig: {}
-      # -- Alternative DNS policy for Slack bot pods
-      dnsPolicy: "ClusterFirst"
-
-      # -- Slack bot container-level security Context
-      # @default -- See [values.yaml]
-      containerSecurityContext:
-        runAsNonRoot: true
-        readOnlyRootFilesystem: true
-        allowPrivilegeEscalation: false
-        seccompProfile:
-          type: RuntimeDefault
-        capabilities:
-          drop:
-          - ALL
-
-      # -- Resource limits and requests for the Slack bot
-      resources: {}
-      # limits:
-      #   cpu: 100m
-      #   memory: 128Mi
-      # requests:
-      #   cpu: 100m
-      #   memory: 128Mi
-
-      # -- Assign custom [affinity] rules
-      # @default -- `{}` (defaults to global.affinity preset)
-      affinity: {}
-
-      # -- [Tolerations] for use with node taints
-      tolerations: []
-
-      # -- [Node selector]
-      nodeSelector: {}

charts/bitnami/wordpress/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 6.3.7
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
-  version: 11.4.6
+  version: 11.5.0
 - name: common
   repository: https://charts.bitnami.com/bitnami
   version: 2.2.3
-digest: sha256:603f659cc8e943991bea143717b130c43a0cf14fc1b9019d97006bfa9f825581
+digest: sha256:9c6e8b16fcad61555ef0d4015cf8dd5643f88080c10588d0fc123f255b78f1b7
-generated: "2023-02-17T19:05:31.835880298Z"
+generated: "2023-02-23T11:02:34.782171834Z"

charts/bitnami/wordpress/Chart.yaml

@@ -41,4 +41,4 @@ name: wordpress
 sources:
 - https://github.com/bitnami/containers/tree/main/bitnami/wordpress
 - https://wordpress.org/
-version: 15.2.45
+version: 15.2.46

charts/bitnami/wordpress/README.md

@@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
 | `image.registry`    | WordPress image registry                                                                                  | `docker.io`           |
 | `image.repository`  | WordPress image repository                                                                                | `bitnami/wordpress`   |
-| `image.tag`         | WordPress image tag (immutable tags are recommended)                                                      | `6.1.1-debian-11-r49` |
+| `image.tag`         | WordPress image tag (immutable tags are recommended)                                                      | `6.1.1-debian-11-r53` |
 | `image.digest`      | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                  |
 | `image.pullPolicy`  | WordPress image pull policy                                                                               | `IfNotPresent`        |
 | `image.pullSecrets` | WordPress image pull secrets                                                                              | `[]`                  |
@@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `volumePermissions.enabled`                            | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`               | `false`                 |
 | `volumePermissions.image.registry`                     | Bitnami Shell image registry                                                                                  | `docker.io`             |
 | `volumePermissions.image.repository`                   | Bitnami Shell image repository                                                                                | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag`                          | Bitnami Shell image tag (immutable tags are recommended)                                                      | `11-debian-11-r86`      |
+| `volumePermissions.image.tag`                          | Bitnami Shell image tag (immutable tags are recommended)                                                      | `11-debian-11-r87`      |
 | `volumePermissions.image.digest`                       | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                    |
 | `volumePermissions.image.pullPolicy`                   | Bitnami Shell image pull policy                                                                               | `IfNotPresent`          |
 | `volumePermissions.image.pullSecrets`                  | Bitnami Shell image pull secrets                                                                              | `[]`                    |
@@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.enabled`                            | Start a sidecar prometheus exporter to expose metrics                                                           | `false`                   |
 | `metrics.image.registry`                     | Apache exporter image registry                                                                                  | `docker.io`               |
 | `metrics.image.repository`                   | Apache exporter image repository                                                                                | `bitnami/apache-exporter` |
-| `metrics.image.tag`                          | Apache exporter image tag (immutable tags are recommended)                                                      | `0.11.0-debian-11-r93`    |
+| `metrics.image.tag`                          | Apache exporter image tag (immutable tags are recommended)                                                      | `0.13.0-debian-11-r0`     |
 | `metrics.image.digest`                       | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                      |
 | `metrics.image.pullPolicy`                   | Apache exporter image pull policy                                                                               | `IfNotPresent`            |
 | `metrics.image.pullSecrets`                  | Apache exporter image pull secrets                                                                              | `[]`                      |

charts/bitnami/wordpress/charts/mariadb/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: https://charts.bitnami.com/bitnami
-  version: 2.2.2
+  version: 2.2.3
-digest: sha256:49ca75cf23ba5eb7df4becef52580f98c8bd8194eb80368b9d7b875f6eefa8e5
+digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
-generated: "2022-12-15T08:09:23.256191892Z"
+generated: "2023-02-17T18:41:00.54667787Z"

charts/bitnami/wordpress/charts/mariadb/Chart.yaml

@@ -28,4 +28,4 @@ sources:
 - https://github.com/bitnami/containers/tree/main/bitnami/mariadb
 - https://github.com/prometheus/mysqld_exporter
 - https://mariadb.org
-version: 11.4.6
+version: 11.5.0

charts/bitnami/wordpress/charts/mariadb/README.md

@@ -11,8 +11,8 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
 ## TL;DR
 
 ```console
-$ helm repo add my-repo https://charts.bitnami.com/bitnami
+helm repo add my-repo https://charts.bitnami.com/bitnami
-$ helm install my-release my-repo/mariadb
+helm install my-release my-repo/mariadb
 ```
 
 ## Introduction
@@ -34,8 +34,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
 To install the chart with the release name `my-release`:
 
 ```console
-$ helm repo add my-repo https://charts.bitnami.com/bitnami
+helm repo add my-repo https://charts.bitnami.com/bitnami
-$ helm install my-release my-repo/mariadb
+helm install my-release my-repo/mariadb
 ```
 
 The command deploys MariaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
@@ -47,7 +47,7 @@ The command deploys MariaDB on the Kubernetes cluster in the default configurati
 To uninstall/delete the `my-release` deployment:
 
 ```console
-$ helm delete my-release
+helm delete my-release
 ```
 
 The command removes all the Kubernetes components associated with the chart and deletes the release.
@@ -62,24 +62,23 @@ The command removes all the Kubernetes components associated with the chart and
 | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]`  |
 | `global.storageClass`     | Global storage class for dynamic provisioning   | `""`  |
 
-
 ### Common parameters
 
-| Name                     | Description                                                                             | Value           |
+| Name                      | Description                                                                             | Value           |
-| ------------------------ | --------------------------------------------------------------------------------------- | --------------- |
+| ------------------------- | --------------------------------------------------------------------------------------- | --------------- |
-| `kubeVersion`            | Force target Kubernetes version (using Helm capabilities if not set)                    | `""`            |
+| `kubeVersion`             | Force target Kubernetes version (using Helm capabilities if not set)                    | `""`            |
-| `nameOverride`           | String to partially override mariadb.fullname                                           | `""`            |
+| `nameOverride`            | String to partially override mariadb.fullname                                           | `""`            |
-| `fullnameOverride`       | String to fully override mariadb.fullname                                               | `""`            |
+| `fullnameOverride`        | String to fully override mariadb.fullname                                               | `""`            |
-| `clusterDomain`          | Default Kubernetes cluster domain                                                       | `cluster.local` |
+| `clusterDomain`           | Default Kubernetes cluster domain                                                       | `cluster.local` |
-| `commonAnnotations`      | Common annotations to add to all MariaDB resources (sub-charts are not considered)      | `{}`            |
+| `commonAnnotations`       | Common annotations to add to all MariaDB resources (sub-charts are not considered)      | `{}`            |
-| `commonLabels`           | Common labels to add to all MariaDB resources (sub-charts are not considered)           | `{}`            |
+| `commonLabels`            | Common labels to add to all MariaDB resources (sub-charts are not considered)           | `{}`            |
-| `schedulerName`          | Name of the scheduler (other than default) to dispatch pods                             | `""`            |
+| `schedulerName`           | Name of the scheduler (other than default) to dispatch pods                             | `""`            |
-| `runtimeClassName`       | Name of the Runtime Class for all MariaDB pods                                          | `""`            |
+| `runtimeClassName`        | Name of the Runtime Class for all MariaDB pods                                          | `""`            |
-| `extraDeploy`            | Array of extra objects to deploy with the release (evaluated as a template)             | `[]`            |
+| `extraDeploy`             | Array of extra objects to deploy with the release (evaluated as a template)             | `[]`            |
-| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false`         |
+| `diagnosticMode.enabled`  | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false`         |
-| `diagnosticMode.command` | Command to override all containers in the deployment                                    | `["sleep"]`     |
+| `diagnosticMode.command`  | Command to override all containers in the deployment                                    | `["sleep"]`     |
-| `diagnosticMode.args`    | Args to override all containers in the deployment                                       | `["infinity"]`  |
+| `diagnosticMode.args`     | Args to override all containers in the deployment                                       | `["infinity"]`  |
-
+| `serviceBindings.enabled` | Create secret for service binding (Experimental)                                        | `false`         |
 
 ### MariaDB common parameters
 
@@ -87,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
 | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
 | `image.registry`           | MariaDB image registry                                                                                                                                                                                                                                                        | `docker.io`            |
 | `image.repository`         | MariaDB image repository                                                                                                                                                                                                                                                      | `bitnami/mariadb`      |
-| `image.tag`                | MariaDB image tag (immutable tags are recommended)                                                                                                                                                                                                                            | `10.6.12-debian-11-r0` |
+| `image.tag`                | MariaDB image tag (immutable tags are recommended)                                                                                                                                                                                                                            | `10.6.12-debian-11-r3` |
 | `image.digest`             | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                                                                                                                                                       | `""`                   |
 | `image.pullPolicy`         | MariaDB image pull policy                                                                                                                                                                                                                                                     | `IfNotPresent`         |
 | `image.pullSecrets`        | Specify docker-registry secret names as an array                                                                                                                                                                                                                              | `[]`                   |
@@ -106,7 +105,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `initdbScripts`            | Dictionary of initdb scripts                                                                                                                                                                                                                                                  | `{}`                   |
 | `initdbScriptsConfigMap`   | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`)                                                                                                                                                                                                           | `""`                   |
 
-
 ### MariaDB Primary parameters
 
 | Name                                                        | Description                                                                                                       | Value               |
@@ -199,7 +197,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `primary.pdb.maxUnavailable`                                | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction                      | `""`                |
 | `primary.revisionHistoryLimit`                              | Maximum number of revisions that will be maintained in the StatefulSet                                            | `10`                |
 
-
 ### MariaDB Secondary parameters
 
 | Name                                                          | Description                                                                                                           | Value               |
@@ -292,7 +289,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `secondary.pdb.maxUnavailable`                                | Maximum number/percentage of MariaDB secondary pods that may be made unavailable                                      | `""`                |
 | `secondary.revisionHistoryLimit`                              | Maximum number of revisions that will be maintained in the StatefulSet                                                | `10`                |
 
-
 ### RBAC parameters
 
 | Name                                          | Description                                                    | Value   |
@@ -303,7 +299,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` |
 | `rbac.create`                                 | Whether to create and use RBAC resources or not                | `false` |
 
-
 ### Volume Permissions parameters
 
 | Name                                   | Description                                                                                                                       | Value                   |
@@ -311,14 +306,13 @@ The command removes all the Kubernetes components associated with the chart and
 | `volumePermissions.enabled`            | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`              | `false`                 |
 | `volumePermissions.image.registry`     | Init container volume-permissions image registry                                                                                  | `docker.io`             |
 | `volumePermissions.image.repository`   | Init container volume-permissions image repository                                                                                | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag`          | Init container volume-permissions image tag (immutable tags are recommended)                                                      | `11-debian-11-r80`      |
+| `volumePermissions.image.tag`          | Init container volume-permissions image tag (immutable tags are recommended)                                                      | `11-debian-11-r86`      |
 | `volumePermissions.image.digest`       | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                    |
 | `volumePermissions.image.pullPolicy`   | Init container volume-permissions image pull policy                                                                               | `IfNotPresent`          |
 | `volumePermissions.image.pullSecrets`  | Specify docker-registry secret names as an array                                                                                  | `[]`                    |
 | `volumePermissions.resources.limits`   | Init container volume-permissions resource limits                                                                                 | `{}`                    |
 | `volumePermissions.resources.requests` | Init container volume-permissions resource requests                                                                               | `{}`                    |
 
-
 ### Metrics parameters
 
 | Name                                                        | Description                                                                                                                               | Value                     |
@@ -326,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.enabled`                                           | Start a side-car prometheus exporter                                                                                                      | `false`                   |
 | `metrics.image.registry`                                    | Exporter image registry                                                                                                                   | `docker.io`               |
 | `metrics.image.repository`                                  | Exporter image repository                                                                                                                 | `bitnami/mysqld-exporter` |
-| `metrics.image.tag`                                         | Exporter image tag (immutable tags are recommended)                                                                                       | `0.14.0-debian-11-r86`    |
+| `metrics.image.tag`                                         | Exporter image tag (immutable tags are recommended)                                                                                       | `0.14.0-debian-11-r90`    |
 | `metrics.image.digest`                                      | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag                                  | `""`                      |
 | `metrics.image.pullPolicy`                                  | Exporter image pull policy                                                                                                                | `IfNotPresent`            |
 | `metrics.image.pullSecrets`                                 | Specify docker-registry secret names as an array                                                                                          | `[]`                      |
@@ -365,7 +359,6 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.prometheusRule.additionalLabels`                   | Additional labels that can be used so PrometheusRule will be discovered by Prometheus                                                     | `{}`                      |
 | `metrics.prometheusRule.rules`                              | Prometheus Rule definitions                                                                                                               | `[]`                      |
 
-
 ### NetworkPolicy parameters
 
 | Name                                                                   | Description                                                                                                                            | Value   |
@@ -391,7 +384,7 @@ The above parameters map to the env variables defined in [bitnami/mariadb](https
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
 ```console
-$ helm install my-release \
+helm install my-release \
   --set auth.rootPassword=secretpassword,auth.database=app_database \
     my-repo/mariadb
 ```
@@ -403,7 +396,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`.
 Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
 
 ```console
-$ helm install my-release -f values.yaml my-repo/mariadb
+helm install my-release -f values.yaml my-repo/mariadb
 ```
 
 > **Tip**: You can use the default [values.yaml](values.yaml)
@@ -463,7 +456,7 @@ Find more information about how to deal with common errors related to Bitnami's
 It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart:
 
 ```console
-$ helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD]
+helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD]
 ```
 
 | Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes.
@@ -520,7 +513,7 @@ Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new
 - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`:
 
 ```console
-$ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC]
+helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC]
 ```
 
 | Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release.
@@ -529,7 +522,7 @@ $ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] -
 
 Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec.
 
-In https://github.com/helm/charts/pull/17308 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
+In <https://github.com/helm/charts/pull/17308> the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage.
 
 This major version bump signifies this change.
 
@@ -546,7 +539,7 @@ Backwards compatibility is not guaranteed unless you modify the labels used on t
 Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is mariadb:
 
 ```console
-$ kubectl delete statefulset opencart-mariadb --cascade=false
+kubectl delete statefulset opencart-mariadb --cascade=false
 ```
 
 ## License
@@ -557,7 +550,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+<http://www.apache.org/licenses/LICENSE-2.0>
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,

charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml

@@ -1,7 +1,8 @@
 annotations:
   category: Infrastructure
+  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.2.2
+appVersion: 2.2.3
 description: A Library Helm Chart for grouping common logic between bitnami charts.
   This chart is not deployable by itself.
 home: https://github.com/bitnami/charts/tree/main/bitnami/common
@@ -20,4 +21,4 @@ sources:
 - https://github.com/bitnami/charts
 - https://www.bitnami.com/
 type: library
-version: 2.2.2
+version: 2.2.3

charts/bitnami/wordpress/charts/mariadb/charts/common/README.md

@@ -11,7 +11,7 @@ dependencies:
     repository: https://charts.bitnami.com/bitnami
 ```
 
-```bash
+```console
 $ helm dependency update
 ```
 
@@ -336,7 +336,7 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
 
 ## License
 
-Copyright © 2022 Bitnami
+Copyright © 2023 Bitnami
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

charts/bitnami/wordpress/charts/mariadb/charts/common/templates/_images.tpl

@@ -1,7 +1,7 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Return the proper image name
-{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
+{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
 */}}
 {{- define "common.images.image" -}}
 {{- $registryName := .imageRoot.registry -}}

charts/bitnami/wordpress/charts/mariadb/templates/secrets.yaml

@@ -1,3 +1,7 @@
+{{- $host := include "mariadb.primary.fullname" . }}
+{{- $port := print .Values.primary.service.ports.mysql }}
+{{- $rootPassword := include "common.secrets.passwords.manage" (dict "secret" (include "mariadb.secretName" .) "key" "mariadb-root-password" "providedValues" (list "auth.rootPassword") "context" $) | trimAll "\"" | b64dec }}
+{{- $password := include "common.secrets.passwords.manage" (dict "secret" (include "mariadb.secretName" .) "key" "mariadb-password" "providedValues" (list "auth.password") "context" $) | trimAll "\"" | b64dec }}
 {{- if eq (include "mariadb.createSecret" .) "true" }}
 apiVersion: v1
 kind: Secret
@@ -14,13 +18,13 @@ metadata:
 type: Opaque
 data:
   {{- if (not .Values.auth.forcePassword) }}
-  mariadb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mariadb-root-password" "providedValues" (list "auth.rootPassword") "context" $) }}
+  mariadb-root-password: {{ print $rootPassword | b64enc | quote }}
   {{- else }}
   mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.auth.rootPassword | b64enc | quote }}
   {{- end }}
   {{- if (not (empty .Values.auth.username)) }}
   {{- if (not .Values.auth.forcePassword) }}
-  mariadb-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mariadb-password" "providedValues" (list "auth.password") "context" $) }}
+  mariadb-password: {{ print $password | b64enc | quote }}
   {{- else }}
   mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.auth.password | b64enc | quote }}
   {{- end }}
@@ -33,3 +37,57 @@ data:
   {{- end }}
   {{- end }}
 {{- end }}
+
+{{- if .Values.serviceBindings.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.names.fullname" . }}-svcbind-root
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: servicebinding.io/mysql
+data:
+  provider: {{ print "bitnami" | b64enc | quote }}
+  type: {{ print "mysql" | b64enc | quote }}
+  host: {{ print $host | b64enc | quote }}
+  port: {{ print $port | b64enc | quote }}
+  user: {{ print "root" | b64enc | quote }}
+  password: {{ print $rootPassword | b64enc | quote }}
+  uri: {{ printf "mysql://root:%s@%s:%s" $rootPassword $host $port | b64enc | quote }}
+
+{{- if .Values.auth.username }}
+{{- $database := .Values.auth.database  }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.names.fullname" . }}-svcbind-custom-user
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: servicebinding.io/mysql
+data:
+  provider: {{ print "bitnami" | b64enc | quote }}
+  type: {{ print "mysql" | b64enc | quote }}
+  host: {{ print $host | b64enc | quote }}
+  port: {{ print $port | b64enc | quote }}
+  user: {{ print .Values.auth.username | b64enc | quote }}
+  {{- if $database }}
+  database: {{ print $database | b64enc | quote }}
+  {{- end }}
+  password: {{ print $password | b64enc | quote }}
+  uri: {{ printf "mysql://%s:%s@%s:%s/%s" .Values.auth.username $password $host $port $database | b64enc | quote }}
+{{- end }}
+{{- end }}

charts/bitnami/wordpress/charts/mariadb/values.yaml

@@ -65,6 +65,12 @@ diagnosticMode:
   args:
     - infinity
 
+## @param serviceBindings.enabled Create secret for service binding (Experimental)
+## Ref: https://servicebinding.io/service-provider/
+##
+serviceBindings:
+  enabled: false
+
 ## @section MariaDB common parameters
 ##
 
@@ -81,7 +87,7 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/mariadb
-  tag: 10.6.12-debian-11-r0
+  tag: 10.6.12-debian-11-r3
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -989,7 +995,7 @@ volumePermissions:
   image:
     registry: docker.io
     repository: bitnami/bitnami-shell
-    tag: 11-debian-11-r80
+    tag: 11-debian-11-r86
     digest: ""
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@@ -1025,7 +1031,7 @@ metrics:
   image:
     registry: docker.io
     repository: bitnami/mysqld-exporter
-    tag: 0.14.0-debian-11-r86
+    tag: 0.14.0-debian-11-r90
     digest: ""
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)

charts/bitnami/wordpress/values.yaml

@@ -73,7 +73,7 @@ diagnosticMode:
 image:
   registry: docker.io
   repository: bitnami/wordpress
-  tag: 6.1.1-debian-11-r49
+  tag: 6.1.1-debian-11-r53
   digest: ""
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -757,7 +757,7 @@ volumePermissions:
   image:
     registry: docker.io
     repository: bitnami/bitnami-shell
-    tag: 11-debian-11-r86
+    tag: 11-debian-11-r87
     digest: ""
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
@@ -851,7 +851,7 @@ metrics:
   image:
     registry: docker.io
     repository: bitnami/apache-exporter
-    tag: 0.11.0-debian-11-r93
+    tag: 0.13.0-debian-11-r0
     digest: ""
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.

charts/btp/sextant/Chart.yaml

@@ -22,4 +22,4 @@ keywords:
 kubeVersion: '>=1.19-0'
 name: sextant
 type: application
-version: 2.2.21
+version: 2.3.0

charts/clastix/kamaji/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>=1.21.0-0'
   catalog.cattle.io/release-name: kamaji
 apiVersion: v2
-appVersion: v0.2.0
+appVersion: v0.2.1
 description: Kamaji is a tool aimed to build and operate a Managed Kubernetes Service
   with a fraction of the operational burden. With Kamaji, you can deploy and operate
   hundreds of Kubernetes clusters as a hyper-scaler.
@@ -22,4 +22,4 @@ name: kamaji
 sources:
 - https://github.com/clastix/kamaji
 type: application
-version: 0.11.2
+version: 0.11.3

charts/clastix/kamaji/README.md

@@ -1,6 +1,6 @@
 # kamaji
 
-![Version: 0.11.2](https://img.shields.io/badge/Version-0.11.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square)
+![Version: 0.11.3](https://img.shields.io/badge/Version-0.11.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.1](https://img.shields.io/badge/AppVersion-v0.2.1-informational?style=flat-square)
 
 Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler.
 

charts/codefresh/cf-runtime/Chart.yaml

@@ -4,9 +4,9 @@ annotations:
   catalog.cattle.io/kube-version: '>=1.18-0'
   catalog.cattle.io/release-name: cf-runtime
 apiVersion: v2
-appVersion: 1.9.7
+appVersion: 1.9.10
 description: A Helm chart for Codefresh Runner
 icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg
 name: cf-runtime
 type: application
-version: 1.9.7
+version: 1.9.10

charts/codefresh/cf-runtime/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml

@@ -28,3 +28,6 @@ rules:
   - apiGroups: [ "" ]
     resources: [ "endpoints" ]
     verbs: [ "get", "list", "watch", "create", "update", "delete" ]
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get", "create", "update" ]

charts/codefresh/cf-runtime/values.yaml

@@ -24,7 +24,7 @@ dockerRegistry: "quay.io" # Registry prefix for the runtime images (default quay
 newRelicLicense: "" # NEWRELIC_LICENSE_KEY (for app-proxy and runner deployments)
 
 runner: # Runner Deployment
-  image: "codefresh/venona:1.9.7"
+  image: "codefresh/venona:1.9.10"
   env: {}
   ## e.g:
   # env:
@@ -53,7 +53,7 @@ runner: # Runner Deployment
   #   effect: NoSchedule
 
 volumeProvisioner: # Volume-Provisioner Deployment
-  image: "codefresh/dind-volume-provisioner:1.31.9"
+  image: "codefresh/dind-volume-provisioner:1.33.1"
   serviceAccount: {} # annotate volume-provisioner service account
   ## e.g:
   # serviceAccount:
@@ -74,8 +74,8 @@ volumeProvisioner: # Volume-Provisioner Deployment
   annotations: {} # annotate volume-provisioner pod
 
 storage: # Storage parameters for Volume-Provisioner
-  backend: local    # volume type: local(default), ebs, gcedisk or azuredisk
+  backend: local # volume type: local(default), ebs, gcedisk or azuredisk
-  fsType: "ext4"    # filesystem type: ext4(default) or xfs
+  fsType: "ext4" # filesystem type: ext4(default) or xfs
 
   # Storage example for local volumes on the K8S nodes filesystem
   # https://kubernetes.io/docs/concepts/storage/volumes/#local
@@ -154,7 +154,6 @@ storage: # Storage parameters for Volume-Provisioner
     # DiskIOPSReadWrite: 500
     # DiskMBpsReadWrite: 100
 
-
 re:
   # Optionally add an AWS IAM role to your pipelines
   # More info: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster
@@ -186,11 +185,11 @@ appProxy: # App-Proxy Deployment
   # env:
   #   LOG_LEVEL: debug
   ingress:
-    pathPrefix: ""      # Specify path prefix for ingress (default is '/')
+    pathPrefix: "" # Specify path prefix for ingress (default is '/')
-    class: ""           # Specify ingress class
+    class: "" # Specify ingress class
-    host: ""            # Specify DNS hostname the ingress will use
+    host: "" # Specify DNS hostname the ingress will use
-    tlsSecret: ""       # Specify k8s tls secret for the ingress object
+    tlsSecret: "" # Specify k8s tls secret for the ingress object
-    annotations: {}     # Specify extra annotations for ingress object
+    annotations: {} # Specify extra annotations for ingress object
   ## e.g:
   # ingress:
   #   pathPrefix: "/app-proxy"
@@ -207,12 +206,11 @@ monitor: # Monitor Deployment
   enabled: false
   image: "codefresh/agent:stable"
   helm3: true
-  useNamespaceWideRole: false     # Use ClusterRole(false) or Role(true)
+  useNamespaceWideRole: false # Use ClusterRole(false) or Role(true)
-  clusterId: ""                   # Cluster name as it registered in account
+  clusterId: "" # Cluster name as it registered in account
-  token: ""                       # API token from Codefresh
+  token: "" # API token from Codefresh
-  existingMonitorToken: ""        # Existing secret (name-of-existing-secret) with API token from Codefresh (supersedes value of monitor.token; secret must contain `codefresh.token` key)
+  existingMonitorToken: "" # Existing secret (name-of-existing-secret) with API token from Codefresh (supersedes value of monitor.token; secret must contain `codefresh.token` key)
   env: {}
   resources: {}
   serviceAccount:
     annotations: {}
-

charts/crate/crate-operator/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: crate-operator-crds
   repository: file://../crate-operator-crds
-  version: 2.22.0
+  version: 2.23.0
-digest: sha256:ea59e13300da29acfb32097bfb382649618e7bf503248896fc5c9a66846ee36a
+digest: sha256:3fffe754574fad639050c4717e064e275fc0fb165dd21fc4564feb66cba406b1
-generated: "2023-01-31T14:30:10.49197227Z"
+generated: "2023-02-28T11:48:10.16603821Z"

charts/crate/crate-operator/Chart.yaml

@@ -3,16 +3,16 @@ annotations:
   catalog.cattle.io/display-name: CrateDB Operator
   catalog.cattle.io/release-name: crate-operator
 apiVersion: v2
-appVersion: 2.22.0
+appVersion: 2.23.0
 dependencies:
 - condition: crate-operator-crds.enabled
   name: crate-operator-crds
   repository: file://./charts/crate-operator-crds
-  version: 2.22.0
+  version: 2.23.0
 description: Crate Operator - Helm chart for installing and upgrading Crate Operator.
 icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg
 maintainers:
 - name: Crate.io
 name: crate-operator
 type: application
-version: 2.22.0
+version: 2.23.0

charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: 2.22.0
+appVersion: 2.23.0
 description: Crate Operator CRDs - Helm chart for installing and upgrading Custom
   Resource Definitions (CRDs) for the Crate Operator.
 maintainers:
 - name: Crate.io
 name: crate-operator-crds
 type: application
-version: 2.22.0
+version: 2.23.0

charts/datadog/datadog/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Datadog changelog
 
+## 3.11.0
+
+* Default `Agent` and `Cluster-Agent` image tags to `7.43.0`.
+
 ## 3.10.9
 
 * Default `Agent` and `Cluster-Agent` image tags to `7.42.2`.

charts/datadog/datadog/Chart.yaml

@@ -19,4 +19,4 @@ name: datadog
 sources:
 - https://app.datadoghq.com/account/settings#agent/kubernetes
 - https://github.com/DataDog/datadog-agent
-version: 3.10.9
+version: 3.11.0

charts/datadog/datadog/README.md

@@ -1,6 +1,6 @@
 # Datadog
 
-![Version: 3.10.9](https://img.shields.io/badge/Version-3.10.9-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
+![Version: 3.11.0](https://img.shields.io/badge/Version-3.11.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
 
 [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
 
@@ -443,7 +443,7 @@ helm install <RELEASE_NAME> \
 | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
 | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
 | agents.image.repository | string | `nil` | Override default registry + image.name for Agent |
-| agents.image.tag | string | `"7.42.2"` | Define the Agent version to use |
+| agents.image.tag | string | `"7.43.0"` | Define the Agent version to use |
 | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
 | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. |
 | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node |
@@ -501,7 +501,7 @@ helm install <RELEASE_NAME> \
 | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy |
 | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) |
 | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent |
-| clusterAgent.image.tag | string | `"7.42.2"` | Cluster Agent image tag to use |
+| clusterAgent.image.tag | string | `"7.43.0"` | Cluster Agent image tag to use |
 | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings |
 | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) |
 | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) |
@@ -547,7 +547,7 @@ helm install <RELEASE_NAME> \
 | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy |
 | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) |
 | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners |
-| clusterChecksRunner.image.tag | string | `"7.42.2"` | Define the Agent version to use |
+| clusterChecksRunner.image.tag | string | `"7.43.0"` | Define the Agent version to use |
 | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag |
 | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings |
 | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead |

charts/datadog/datadog/values.yaml

@@ -794,7 +794,7 @@ clusterAgent:
     name: cluster-agent
 
     # clusterAgent.image.tag -- Cluster Agent image tag to use
-    tag: 7.42.2
+    tag: 7.43.0
 
     # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified
     digest: ""
@@ -1116,7 +1116,7 @@ agents:
     name: agent
 
     # agents.image.tag -- Define the Agent version to use
-    tag: 7.42.2
+    tag: 7.43.0
 
     # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified
     digest: ""
@@ -1557,7 +1557,7 @@ clusterChecksRunner:
     name: agent
 
     # clusterChecksRunner.image.tag -- Define the Agent version to use
-    tag: 7.42.2
+    tag: 7.43.0
 
     # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified
     digest: ""

charts/dell/csi-powerstore/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>= 1.21.0 < 1.26.0'
   catalog.cattle.io/release-name: csi-powerstore
 apiVersion: v2
-appVersion: 2.5.0
+appVersion: 2.5.1
 description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration.
   This chart includes everything required to provision via CSI as well as a PowerStore
   StorageClass. '
@@ -19,4 +19,4 @@ maintainers:
 name: csi-powerstore
 sources:
 - https://github.com/dell/csi-powerstore
-version: 2.5.0
+version: 2.5.1

charts/dell/csi-powerstore/values.yaml

@@ -23,7 +23,7 @@
 driverName: "csi-powerstore.dellemc.com"
 
 # Driver version required to pull the latest driver image
-version: "v2.5.0"
+version: "v2.5.1"
 
 # Specify kubelet config dir path.
 # Ensure that the config.yaml file is present at this path.

charts/dh2i/dxemssql/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/dh2i/dxemssql/Chart.yaml

@@ -16,4 +16,4 @@ maintainers:
   url: https://dh2i.com
 name: dxemssql
 type: application
-version: 1.0.1
+version: 1.0.2

charts/dh2i/dxemssql/templates/statefulset.yaml

@@ -17,8 +17,7 @@ spec:
         {{- include "dxemssql.labels" . | nindent 8 }}
     spec:
       securityContext:
-        fsGroup: 7979
+        fsGroup: 10001
-        fsGroupChangePolicy: "OnRootMismatch"
       containers:
       - name: sql
         image: "{{ .Values.sqlImage.repository }}:{{ .Values.sqlImage.tag }}"

charts/gitlab/gitlab/CHANGELOG.md

@@ -2,6 +2,50 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 6.9.1 (2023-02-23)
+
+### Changed (1 change)
+
+- [Update gitlab-org/charts/gitlab-runner from 0.49.3 to 0.50.1](gitlab-org/charts/gitlab@95cb8869b072a926117edd1335202120dd3db9bc) ([merge request](gitlab-org/charts/gitlab!2998))
+
+## 6.9.0 (2023-02-21)
+
+### Added (4 changes)
+
+- [Add troubleshooting docs and note about annotation-value-word-blocklist](gitlab-org/charts/gitlab@cef52d0a33abd089e01d77e0749bdfda8b7a3ec2) ([merge request](gitlab-org/charts/gitlab!2978))
+- [redis: Introduce support for Redis Cluster and specifying acl user](gitlab-org/charts/gitlab@630ce39a02927d40fa28a13f0590967a133fd2ef) ([merge request](gitlab-org/charts/gitlab!2873))
+- [Add ci_runners_stale_machines_cleanup_worker cronjob](gitlab-org/charts/gitlab@8742fcbb39033f5e3baaf8226d5a370fd5604357) ([merge request](gitlab-org/charts/gitlab!2913))
+- [Add support for toolbox.securityContext.fsGroupChangePolicy](gitlab-org/charts/gitlab@0217b7f8e8328fbec7c49af7c1f62cd34fcc03f6) ([merge request](gitlab-org/charts/gitlab!2905))
+
+### Fixed (4 changes)
+
+- [Fix unwanted 'v' prefix in helper image tag](gitlab-org/charts/gitlab@47aa2e34bbd38ba968033255e5e035ab9b7c5749) ([merge request](gitlab-org/charts/gitlab!2982))
+- [Fix certmanager http01 solver on global "none" ingress class](gitlab-org/charts/gitlab@dbf596421f7cd5ee7374c107f2d6776249c75c69) ([merge request](gitlab-org/charts/gitlab!2908))
+- [Force copy files in `configure` initContainer](gitlab-org/charts/gitlab@3c8bd2730aa117f9d1d76088a1e6e8d742a0d878) ([merge request](gitlab-org/charts/gitlab!2953))
+- [Fix logic for Self-Signed-Certs Job inclusion](gitlab-org/charts/gitlab@b2d98174b41a831ad3b205cb367bf9904ebc2e25) ([merge request](gitlab-org/charts/gitlab!2862))
+
+### Changed (9 changes)
+
+- [Update gitlab-org/container-registry from 3.66.0-gitlab to 3.67.0-gitlab](gitlab-org/charts/gitlab@6d0ecfb2bce4a1cc7ec021a4ab98e82e3cd8079e) ([merge request](gitlab-org/charts/gitlab!2980))
+- [Use 'gitlab.parseAppVersion' for helper image tags](gitlab-org/charts/gitlab@a350fe160cbb3bc549bafd8dd01d04e08a613623) ([merge request](gitlab-org/charts/gitlab!2878))
+- [Update gitlab-org/charts/gitlab-runner from 0.49.1 to 0.49.2](gitlab-org/charts/gitlab@0ef1d3fdbfb79d6f325bcf67da35b8cdfb9e36c0) ([merge request](gitlab-org/charts/gitlab!2970))
+- [Update gitlab-org/charts/gitlab-runner from 0.49.0 to 0.49.1](gitlab-org/charts/gitlab@89398c8f28e695a4f8416ddf729834e71258a70b) ([merge request](gitlab-org/charts/gitlab!2959))
+- [Update gitlab-org/gitlab-exporter from 12.1.0 to 12.1.1](gitlab-org/charts/gitlab@ec0922cef35b9c6799dcc2db4b6a38ddc8990969) ([merge request](gitlab-org/charts/gitlab!2958))
+- [Update gitlab-org/container-registry from 3.65.1-gitlab to 3.66.0-gitlab](gitlab-org/charts/gitlab@acecf98c3478f2faa1f5b39ef07ced9704184df3) ([merge request](gitlab-org/charts/gitlab!2946))
+- [Update link and information about Prometheus scraping TLS endpoint](gitlab-org/charts/gitlab@ed0e9d353e23f3f89e4685fd2d5ab3ded7b8eadb) ([merge request](gitlab-org/charts/gitlab!2931))
+- [Update gitlab-org/container-registry from 3.65.0-gitlab to 3.65.1-gitlab](gitlab-org/charts/gitlab@8a39c2456ae4fcd3169c8e6fb789b2c715e784ec) ([merge request](gitlab-org/charts/gitlab!2934))
+- [Update gitlab-org/charts/gitlab-runner from 0.48.1 to 0.49.0](gitlab-org/charts/gitlab@b0e0eadd387c10f9d2168902a33c7b07fbf1a331) ([merge request](gitlab-org/charts/gitlab!2933))
+
+### Deprecated (1 change)
+
+- [Deprecate sidekiq queueSelector and negateQueues](gitlab-org/charts/gitlab@4f6e5846dbabd0b16f5fad771b8bb78dfaa241b8) ([merge request](gitlab-org/charts/gitlab!2969))
+
+### Other (3 changes)
+
+- [Add defaultReplicationFactor in Praefect's ConfigMap.](gitlab-org/charts/gitlab@36e44f78978b368c1db99a5dc747686ab4363e8c) by @kyunam-jo ([merge request](gitlab-org/charts/gitlab!2844))
+- [Moved minio config to global in example config](gitlab-org/charts/gitlab@973557e4cf0c5ec1e0c399fcce557fae2a87de17) ([merge request](gitlab-org/charts/gitlab!2952))
+- [Doc - configure the GitLab chart with an decomposed database](gitlab-org/charts/gitlab@af72661b6f82f8f16dab591c8af67e44baf0b998) ([merge request](gitlab-org/charts/gitlab!2890))
+
 ## 6.8.3 (2023-02-15)
 
 No changes.
@@ -36,6 +80,16 @@ No changes.
 - [Update gitlab-org/gitlab-exporter from 11.18.2 to 12.1.0](gitlab-org/charts/gitlab@428de3dd7c208a0469b18b927fece2bc54029b19) ([merge request](gitlab-org/charts/gitlab!2911))
 - [Update gitlab-org/container-registry from 3.63.0-gitlab to 3.64.0-gitlab](gitlab-org/charts/gitlab@a1edaea5f4d9d2a6d972b7412deafe6a2b50aedb) ([merge request](gitlab-org/charts/gitlab!2904))
 
+## 6.7.7 (2023-02-10)
+
+No changes.
+
+## 6.7.6 (2023-01-30)
+
+### Fixed (1 change)
+
+- [Fix indent for priorityClassName in Toolbox backup job](gitlab-org/security/charts/gitlab@3ef41cf43a34d56bcdfd1353cffc5edec3fe9e08)
+
 ## 6.7.4 (2023-01-12)
 
 No changes.
@@ -78,6 +132,16 @@ No changes.
 
 - [Use kubectl image with kubectl 1.24.7, yq 4.30.1](gitlab-org/charts/gitlab@e0c892e060ac405d8a2c90f7b4d632e1b3512728) ([merge request](gitlab-org/charts/gitlab!2871))
 
+## 6.6.8 (2023-02-10)
+
+No changes.
+
+## 6.6.7 (2023-01-30)
+
+### Fixed (1 change)
+
+- [Fix indent for priorityClassName in Toolbox backup job](gitlab-org/security/charts/gitlab@47836b96b8ae6dd8fd7f7bab4f59e5321ecb023c)
+
 ## 6.6.5 (2023-01-12)
 
 No changes.

charts/gitlab/gitlab/Chart.yaml

@@ -3,7 +3,7 @@ annotations:
   catalog.cattle.io/display-name: GitLab
   catalog.cattle.io/release-name: gitlab
 apiVersion: v1
-appVersion: 15.8.3
+appVersion: 15.9.1
 description: The One DevOps Platform
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
@@ -15,4 +15,4 @@ maintainers:
 name: gitlab
 sources:
 - https://gitlab.com/gitlab-org/charts/gitlab
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/certmanager-issuer/templates/_helpers.tpl

@@ -26,3 +26,15 @@ reduce collision
 {{- $name := printf "%s-issuer" .Release.Name | trunc 55 | trimSuffix "-" -}}
 {{- printf "%s-%d" $name .Release.Revision | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Returns the http01 solver's ingress class field. Takes the IngressClass as paramter.
+If the IngressClass is "none", the field is not set.
+  See: https://cert-manager.io/docs/configuration/acme/http01/#class
+*/}}
+{{- define "certmanager-issuer.http01.ingress.class.field" -}}
+{{- $ingressClass := . | default "" -}}
+{{- if ne "none" $ingressClass -}}
+class: {{ $ingressClass }}
+{{- end -}}
+{{- end -}}

charts/gitlab/gitlab/charts/certmanager-issuer/templates/_issuer.yaml

@@ -1,5 +1,6 @@
 {{ if (pluck "configureCertmanager" .Values.global.ingress (dict "configureCertmanager" false) | first) }}
 {{- $ingressCfg := dict "global" $.Values.global.ingress "local" .ingress "context" $ -}}
+{{- $ingressClassName := include "ingress.class.name" $ingressCfg -}}
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
@@ -22,5 +23,5 @@ spec:
     - selector: {}
       http01:
         ingress:
-          class: {{ template "ingress.class.name" $ingressCfg }}
+          {{ include "certmanager-issuer.http01.ingress.class.field" $ingressClassName -}}
 {{ end }}

charts/gitlab/gitlab/charts/certmanager-issuer/templates/issuer-job.yaml

@@ -28,7 +28,7 @@ spec:
       {{- include "gitlab.priorityClassName" . | nindent 6 }}
       containers:
         - name: create-issuer
-          image: {{ include "gitlab.kubectl.image" . | quote }}
+          image: {{ include "gitlab.kubectl.image" . }}
           command: ['/bin/bash', '/scripts/create-issuer', '/scripts/issuer.yml']
           {{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }}
           volumeMounts:

charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/.common.release.yml

@@ -0,0 +1,31 @@
+.new-runner-version-changelog: &new-runner-version-changelog
+  changelog_entry:
+    scope: new-feature
+    entry: Update GitLab Runner version to v{{ .Release.AppVersion }}
+
+.update-chart-versions: &update-chart-versions
+  write:
+    file: Chart.yaml
+    contents: |
+      apiVersion: v1
+      name: gitlab-runner
+      version: {{ .Release.Version }}
+      appVersion: {{ .Release.AppVersion }}
+      description: GitLab Runner
+      keywords:
+      - git
+      - ci
+      - deploy
+      sources:
+      - https://gitlab.com/gitlab-org/charts/gitlab-runner
+      - https://gitlab.com/gitlab-org/gitlab-runner
+      - https://docs.gitlab.com/runner/
+      icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png
+      maintainers:
+      - name: GitLab Inc.
+        email: support@gitlab.com
+
+.commit-chart-versions: &commit-chart-versions
+  commit:
+    files: [Chart.yaml]
+    message: Update Chart version to v{{ .Release.Version }} and used GitLab Runner version to v{{ .Release.AppVersion }}

charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/branch.release.yml

@@ -0,0 +1,7 @@
+include:
+  - .common.release.yml
+
+actions:
+  - *new-runner-version-changelog
+  - *update-chart-versions
+  - *commit-chart-versions

charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/changelog.release.yml

@@ -0,0 +1,5 @@
+include:
+  - .common.release.yml
+
+actions:
+  - *new-runner-version-changelog

charts/gitlab/gitlab/charts/gitlab-runner/.gitlab/changelog.yml

@@ -33,7 +33,7 @@ label_matchers:
   scope: maintenance
 - labels:
   - feature::enhancement
-  scope: feature
+  scope: new-feature
 - labels:
   - maintenance::refactor
   scope: maintenance

charts/gitlab/gitlab/charts/gitlab-runner/CHANGELOG.md

@@ -1,20 +1,21 @@
-## v0.49.2 (2023-02-10)
+## v0.50.1 (2023-02-21)
 
 ### New features
 
-- Update GitLab Runner version to 15.8.2
+- Update GitLab Runner version to v15.9.1
 
-## v0.49.1 (2023-02-03)
+## v0.50.0 (2023-02-21)
 
 ### New features
 
-- Update GitLab Runner version to 15.8.1
+- Update GitLab Runner version to v15.9.0
+- Add namespace to service account manifest !375 (Daniel Schömer @quatauta)
 
-## v0.49.0 (2023-01-19)
+### Maintenance
 
-### New features
+- Add Chart repository as source !379 (Geoffrey McQuat @gmcquat)
-
+- Fix grammatical error in instructional comment !376 (Shafiullah Khan @gitshafi)
-- Update GitLab Runner version to 15.8.0
+- Add reference to actual documentation method of obtaining runnerRegistrationToken !361 (SveLem @SveLem)
 
 ## v0.48.0 (2022-12-17)
 

charts/gitlab/gitlab/charts/gitlab-runner/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 15.8.2
+appVersion: 15.9.1
 description: GitLab Runner
 icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png
 keywords:
@@ -11,6 +11,7 @@ maintainers:
   name: GitLab Inc.
 name: gitlab-runner
 sources:
+- https://gitlab.com/gitlab-org/charts/gitlab-runner
 - https://gitlab.com/gitlab-org/gitlab-runner
 - https://docs.gitlab.com/runner/
-version: 0.49.2
+version: 0.50.1

charts/gitlab/gitlab/charts/gitlab-runner/templates/service-account.yaml

@@ -7,6 +7,7 @@ metadata:
     {{   $key }}: {{ $value | quote }}
     {{- end }}
   name: {{ include "gitlab-runner.fullname" . }}
+  namespace: {{ default .Release.Namespace .Values.runners.namespace | quote }}
   labels:
     app: {{ include "gitlab-runner.fullname" . }}
     chart: {{ include "gitlab-runner.chart" . }}

charts/gitlab/gitlab/charts/gitlab-runner/values.yaml

@@ -53,6 +53,7 @@ imagePullPolicy: IfNotPresent
 ## The Registration Token for adding new Runners to the GitLab Server. This must
 ## be retrieved from your GitLab Instance.
 ## ref: https://docs.gitlab.com/ce/ci/runners/index.html
+## ref: https://docs.gitlab.com/runner/register/
 ##
 # runnerRegistrationToken: ""
 
@@ -123,7 +124,7 @@ checkInterval: 30
 ## ref:
 ##
 ## When sessionServer is enabled, the user can either provide a public publicIP
-## or either rely on the external IP auto discovery
+## or rely on the external IP auto discovery
 ## When a serviceAccountName is used with the automounting to the pod disable,
 ## we recommend the usage of the publicIP
 sessionServer:

charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 15.8.3
+appVersion: 15.9.1
 description: GitLab Geo logcursor
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -12,4 +12,4 @@ name: geo-logcursor
 sources:
 - https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 15.8.3
+appVersion: 15.9.1
 description: Git RPC service for handling all the git calls made by GitLab
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: gitaly
 sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 12.1.0
+appVersion: 12.1.1
 description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -14,4 +14,4 @@ sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter
 - https://gitlab.com/gitlab-org/gitlab-exporter
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 15.8.3
+appVersion: 15.9.1
 description: Adapt the Grafana chart to interface to the GitLab App
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: gitlab-grafana
 sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 15.8.3
+appVersion: 15.9.1
 description: Daemon for serving static websites from GitLab projects
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -14,4 +14,4 @@ sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-pages
 - https://gitlab.com/gitlab-org/gitlab-pages
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/templates/configmap.yml

@@ -51,8 +51,8 @@ data:
     root-key=/etc/gitlab-secrets/pages/{{ template "gitlab.pages.hostname" $ }}.key
       {{- end }}
     {{- end }}
-    {{- if .Values.propagateCorrelationId }}
+    {{- if kindIs "bool" .Values.propagateCorrelationId }}
-    propagate-correlation-id={{ .Values.propagateCorrelationId }}
+    propagate-correlation-id={{ eq .Values.propagateCorrelationId true }}
     {{- end }}
     pages-domain={{ template "gitlab.pages.hostname" . }}
     pages-root=/srv/gitlab-pages

charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 14.15.0
+appVersion: 14.17.0
 description: sshd for Gitlab
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -14,4 +14,4 @@ name: gitlab-shell
 sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/configmap.yml

@@ -83,6 +83,18 @@ data:
         - {%.%}
         {%- end %}
       {%- end %}
+      # GSSAPI-related settings
+      gssapi:
+        # Enable the gssapi-with-mic authentication method. Defaults to false.
+        enabled: {{ .Values.config.gssapi.enabled }}
+        # Library path for gssapi shared library - defaults to libgssapi_krb5.so.2  
+        libpath: {{ .Values.config.gssapi.libpath }}
+        # Keytab path. Defaults to "", system default (usually /etc/krb5.keytab).
+        keytab: "/etc/krb5.keytab"
+        # The Kerberos service name to be used by sshd. Defaults to "", accepts any service name in keytab file.
+        service_principal_name: {{ .Values.config.gssapi.servicePrincipalName }}
     {{- end }}
+  krb5.conf: |
+    {{- .Values.config.gssapi.krb5Config | nindent 4 }}
 # Leave this here - This line denotes end of block to the parser.
 {{- end }}

charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml

@@ -130,6 +130,16 @@ spec:
             - name: shell-secrets
               mountPath: '/etc/gitlab-secrets'
               readOnly: true
+            - name: shell-config
+              mountPath: '/etc/krb5.conf'
+              subPath: krb5.conf
+              readOnly: true
+            {{- if .Values.config.gssapi.enabled }}
+            - name: gssapi-keytab
+              mountPath: '/etc/krb5.keytab'
+              subPath: {{ .Values.config.gssapi.keytab.key }}
+              readOnly: true
+            {{- end }}
             {{- if eq .Values.sshDaemon "openssh" }}
             - name: sshd-config
               mountPath: /etc/ssh/sshd_config
@@ -177,6 +187,11 @@ spec:
       - name: shell-config
         configMap:
           name: {{ template "fullname" . }}
+      {{- if .Values.config.gssapi.enabled }}
+      - name: gssapi-keytab
+        secret:
+          secretName: {{ .Values.config.gssapi.keytab.secret }}
+      {{- end }}
       {{- if eq .Values.sshDaemon "openssh" }}
       - name: sshd-config
         configMap:

charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.schema.json

@@ -104,6 +104,40 @@
           "items": {
             "type": "string"
           }
+        },
+        "gssapi": {
+          "properties": {
+            "enabled": {
+              "title": "Enable GSS-API support for then gitlab-sshd daemon",
+              "type": "boolean"
+            },
+            "libpath": {
+              "title": "Library path for gssapi shared library",
+              "type": "string"
+            },
+            "keytab": {
+              "properties": {
+                "secret": {
+                    "title": "The Kubernetes secret name"
+                },
+                "key": {
+                    "title": "The Kubernetes secret key"
+                }
+              },
+              "title": "The Kubernetes secret holding the keytab for the gssapi-with-mic authentication method",
+              "type": "object"
+            },
+            "krb5Config": {
+              "title": "Content of the `/etc/krb5.conf` file in the gitlab-shell container",
+              "type": "string"
+            },
+            "servicePrincipalName": {
+              "title": "The Kerberos service name to be used by the gitlab-sshd daemon",
+              "type": "string"
+            }
+          },
+          "title": "GSS-API related settings",
+          "type": "object"
         }
       },
       "required": [

charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.yaml

@@ -111,6 +111,14 @@ config:
   ciphers: [aes128-gcm@openssh.com, chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr]
   kexAlgorithms: [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]
   macs: [hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1]
+  gssapi:
+    enabled: false
+    libpath: "libgssapi_krb5.so.2"
+    keytab:
+      #secret:
+      key: keytab
+    krb5Config: ""
+    servicePrincipalName: ""
 
 ## Allow to overwrite under which User and Group we're running.
 securityContext:

charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 15.8.0
+appVersion: v15.9.0
 description: GitLab Agent Server
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -17,4 +17,4 @@ name: kas
 sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas
 - https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml

@@ -13,4 +13,4 @@ name: mailroom
 sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 15.8.3
+appVersion: 15.9.1
 description: Database migrations and other versioning tasks for upgrading Gitlab
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -12,4 +12,4 @@ name: migrations
 sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 15.8.3
+appVersion: 15.9.1
 description: Praefect is a router and transaction manager for Gitaly, and a required
   component for running a Gitaly Cluster.
 home: https://about.gitlab.com/
@@ -16,4 +16,4 @@ sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/praefect
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
 - https://gitlab.com/gitlab-org/gitaly/-/tree/master/cmd/praefect
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/praefect/templates/configmap.yaml

@@ -42,7 +42,6 @@ data:
 
     [failover]
     enabled = {{ .Values.failover.enabled }}
-    election_strategy = '{{ .Values.electionStrategy }}'
     read_only_after_failover = {{ .Values.failover.readonlyAfter }}
 
     [auth]
@@ -80,6 +79,9 @@ data:
     {{- $storageName := .name }}
     [[virtual_storage]]
     name = '{{ $storageName }}'
+    {{- if .defaultReplicationFactor }}
+    default_replication_factor = {{ .defaultReplicationFactor }}
+    {{- end -}}
     {{- range until (.gitalyReplicas | int) }}
     [[virtual_storage.node]]
     {{- $serviceName := include "gitlab.praefect.gitaly.serviceName" (dict "context" $globalContext "name" $storageName) -}}

charts/gitlab/gitlab/charts/gitlab/charts/praefect/values.yaml

@@ -6,8 +6,6 @@ failover:
   enabled: true
   readonlyAfter: true
 
-electionStrategy: sql
-
 image:
   repository: registry.gitlab.com/gitlab-org/build/cng/gitaly
   # pullPolicy: IfNotPresent

charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 15.8.3
+appVersion: 15.9.1
 description: Gitlab Sidekiq for asynchronous task processing in rails
 home: https://about.gitlab.com/
 icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@@ -13,4 +13,4 @@ name: sidekiq
 sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/sidekiq
 - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-sidekiq
-version: 6.8.3
+version: 6.9.1

charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml

@@ -14,4 +14,4 @@ name: spamcheck
 sources:
 - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/spamcheck
 - https://gitlab.com/gitlab-org/spamcheck
-version: 6.8.3
+version: 6.9.1