Merge branch 'main' into argo-rollouts-fix-traefik

Signed-off-by: Kaswob <44066982+Kaswob@users.noreply.github.com>
2024-07-01 10:45:47 +02:00 · 2024-07-01 10:45:47 +02:00 · 0259cd3b90
commit 0259cd3b90
parent 9c506b1ef3 24275df2aa
59 changed files with 1885 additions and 102 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -6,3 +6,11 @@ updates:
    schedule:
      interval: weekly
      day: "saturday"
+    commit-message:
+      prefix: "chore(deps)"
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@ -13,7 +13,7 @@ jobs:
      options: --user 1001
    steps:
      - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Run ah lint
        working-directory: ./charts
        run: ah lint
@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0

--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@ -19,7 +19,7 @@ jobs:
    name: Validate PR title
    runs-on: ubuntu-latest
    steps:
-      - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0

@ -66,7 +66,7 @@ jobs:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

      - name: Login to GHCR
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@ -16,21 +16,21 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Get token
-        uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
+        uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2
        id: get_token
        with:
          app-id: ${{ vars.RENOVATE_APP_ID }}
          private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}

      - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Self-hosted Renovate
-        uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11
+        uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12
        with:
          configurationFile: .github/configs/renovate-config.js
          # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
-          renovate-version: 37.332.0
+          renovate-version: 37.421.4
          token: '${{ steps.get_token.outputs.token }}'
        env:
          LOG_LEVEL: 'debug'
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -33,7 +33,7 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          persist-credentials: false

@ -68,6 +68,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
        with:
          sarif_file: results.sarif
--- a/README.md
+++ b/README.md
@ -42,3 +42,63 @@ Please refer to [SECURITY.md](SECURITY.md) for details on how to report security
 ### Changelog

 Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog).
+
+## Charts use Helm "Capabilities"
+
+Our charts make use of the Helm built-in object "Capabilities":
+> This provides information about what capabilities the Kubernetes cluster supports.  
+> *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/*
+
+Today we use:
+
+- `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster
+- `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1")
+
+If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster.
+
+For this you need to pass the `--api-versions` parameter to the `helm template` command:
+
+```bash
+helm template argocd \
+  oci://ghcr.io/argoproj/argo-helm/argo-cd \
+  --api-versions monitoring.coreos.com/v1 \
+  --values my-argocd-values.yaml
+```
+
+If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options.
+
+Example with Kustomize:
+
+```yaml
+# kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+helmCharts:
+- name: argo-cd
+  repo: oci://ghcr.io/argoproj/argo-helm
+  version: x.y.z
+  releaseName: argocd
+  apiVersions:
+  - monitoring.coreos.com/v1
+  valuesFile: my-argocd-values.yaml
+```
+
+Example with helmfile:
+
+```yaml
+# helmfile.yaml
+repositories:
+  - name: argo
+    url: https://argoproj.github.io/argo-helm
+
+apiVersions:
+  - monitoring.coreos.com/v1
+
+releases:
+  - name: argocd
+    namespace: argocd
+    chart: argo/argo-cd
+    values:
+      - my-argocd-values.yaml
+```
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.11.0
+appVersion: v2.11.3
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 6.9.3
+version: 7.3.3
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -26,5 +26,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: fixed
-      description: Restarting dex pod when `argocd-cm` configmap changes
+    - kind: changed
+      description: make REDIS_PASSWORD environment variables optional always
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -278,6 +278,39 @@ For full list of changes please check ArtifactHub [changelog].

 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.

+### 6.10.0
+
+This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
+
+#### How to rotate Redis secret?
+
+Upstream steps in the [FAQ] are not enough, since we chose a different approach.
+(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
+
+Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
+* Delete `argocd-redis` secret in the namespace where Argo CD is installed.
+  ```bash
+  kubectl delete secret argocd-redis -n <argocd namesapce>
+  ```
+* **Perform a helm upgrade**
+  ```bash
+  helm upgrade argocd argo/argo-cd --reuse-values --wait
+  ```
+* If you are running Redis in HA mode, restart Redis in HA.
+  ```bash
+  kubectl rollout restart deployment argocd-redis-ha-haproxy
+  kubectl rollout restart statefulset argocd-redis-ha-server
+  ```
+* If you are running Redis in non-HA mode, restart Redis.
+  ```bash
+  kubectl rollout restart deployment argocd-redis
+  ```
+* Restart other components.
+  ```bash
+  kubectl rollout restart deployment argocd-server argocd-repo-server
+  kubectl rollout restart statefulset argocd-application-controller
+  ```
+
 ### 6.9.0
 ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). 

@ -638,6 +671,8 @@ NAME: my-release
 | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
 | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments |
 | global.domain | string | `"argocd.example.com"` | Default domain used by all components |
+| global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. |
+| global.dualStack.ipFamilyPolicy | string | `""` | IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) |
 | global.env | list | `[]` | Environment variables to pass to all deployed Deployments |
 | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
 | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments |
@ -662,7 +697,7 @@ NAME: my-release

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
+| configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
 | configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
 | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning |
 | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
@ -932,7 +967,7 @@ NAME: my-release
 | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
 | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
-| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
+| server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources |
 | server.certificate.usages | list | `[]` | Usages for the certificate |
 | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret |
 | server.certificateSecret.crt | string | `""` | Certificate data |
@ -1047,6 +1082,7 @@ NAME: my-release
 | server.service.externalIPs | list | `[]` | Server service external IPs |
 | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints |
 | server.service.labels | object | `{}` | Server service labels |
+| server.service.loadBalancerClass | string | `""` | The class of the load balancer implementation |
 | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field |
 | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from |
 | server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") |
@ -1271,8 +1307,10 @@ The main options are listed here:
 |-----|------|---------|-------------|
 | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. |
 | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. |
+| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH |
 | redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context |
 | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
+| redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. |
 | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
 | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
 | redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
@ -1309,13 +1347,40 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis credentials (must contain key `redis-password`). When it's set, the `externalRedis.password` parameter is ignored |
+| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored |
 | externalRedis.host | string | `""` | External Redis server host |
 | externalRedis.password | string | `""` | External Redis password |
 | externalRedis.port | int | `6379` | External Redis server port |
 | externalRedis.secretAnnotations | object | `{}` | External Redis Secret annotations |
 | externalRedis.username | string | `""` | External Redis username |

+### Redis secret-init
+
+The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed.
+If you use an External Redis (See Option 3 above), this Job is not deployed.
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
+| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods |
+| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job |
+| redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job |
+| redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job |
+| redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
+| redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job |
+| redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name |
+| redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job |
+| redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job |
+| redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job |
+| redisSecretInit.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for Redis secret-init Job |
+| redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job |
+| redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context |
+| redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
+| redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
+| redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod |
+| redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod |
+| redisSecretInit.tolerations | list | `[]` (defaults to global.tolerations) | Tolerations to be added to the Redis secret-init Job |
+
 ## ApplicationSet

 | Key | Type | Default | Description |
@ -1336,7 +1401,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
 | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
-| applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
 | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
 | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
 | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
@ -1507,8 +1571,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
 [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
 [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
+[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
 [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
 [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
+[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
 [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
 [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
 [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
--- a/charts/argo-cd/README.md.gotmpl
+++ b/charts/argo-cd/README.md.gotmpl
@ -278,6 +278,39 @@ For full list of changes please check ArtifactHub [changelog].

 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.

+### 6.10.0
+
+This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
+
+#### How to rotate Redis secret?
+
+Upstream steps in the [FAQ] are not enough, since we chose a different approach.
+(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
+
+Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
+* Delete `argocd-redis` secret in the namespace where Argo CD is installed. 
+  ```bash
+  kubectl delete secret argocd-redis -n <argocd namesapce>
+  ```
+* **Perform a helm upgrade**
+  ```bash
+  helm upgrade argocd argo/argo-cd --reuse-values --wait
+  ```
+* If you are running Redis in HA mode, restart Redis in HA.
+  ```bash
+  kubectl rollout restart deployment argocd-redis-ha-haproxy
+  kubectl rollout restart statefulset argocd-redis-ha-server
+  ```
+* If you are running Redis in non-HA mode, restart Redis.
+  ```bash
+  kubectl rollout restart deployment argocd-redis
+  ```
+* Restart other components.
+  ```bash
+  kubectl rollout restart deployment argocd-server argocd-repo-server
+  kubectl rollout restart statefulset argocd-application-controller
+  ```
+
 ### 6.9.0
 ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9).  

@ -722,6 +755,19 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
  {{- end }}
 {{- end }}

+### Redis secret-init
+
+The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed.
+If you use an External Redis (See Option 3 above), this Job is not deployed.
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+{{- range .Values }}
+  {{- if hasPrefix "redisSecretInit" .Key }}
+| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
+  {{- end }}
+{{- end }}
+
 ## ApplicationSet

 | Key | Type | Default | Description |
@ -750,8 +796,10 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
 [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
 [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
+[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
 [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
 [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
+[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
 [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
 [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
 [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@ -86,6 +86,25 @@ Create the name of the redis service account to use
 {{- end -}}
 {{- end -}}

+
+{{/*
+Create Redis secret-init name
+*/}}
+{{- define "argo-cd.redisSecretInit.fullname" -}}
+{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the Redis secret-init service account to use
+*/}}
+{{- define "argo-cd.redisSecretInit.serviceAccountName" -}}
+{{- if .Values.redisSecretInit.serviceAccount.create -}}
+    {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.redisSecretInit.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create argocd server name and version as used by the chart label.
 */}}
@ -226,3 +245,15 @@ Allows overriding it for multi-namespace deployments in combined charts.
 {{- define "argo-cd.namespace" -}}
 {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
 {{- end }}
+
+{{/*
+Dual stack definition
+*/}}
+{{- define "argo-cd.dualStack" -}}
+{{- with .Values.global.dualStack.ipFamilyPolicy }}
+ipFamilyPolicy: {{ . }}
+{{- end }}
+{{- with .Values.global.dualStack.ipFamilies }}
+ipFamilies: {{ toYaml . | nindent 4 }}
+{{- end }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -199,15 +199,19 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                {{- if .Values.externalRedis.host }}
                key: redis-password
                optional: true
+                {{- else }}
+                key: auth
+                {{- end }}
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
--- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml
@ -24,6 +24,7 @@ spec:
  {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
  {{- end }}
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.controller.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
+{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
--- a/charts/argo-cd/templates/argocd-application-controller/role.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml
@ -43,3 +43,17 @@ rules:
  - get
  - list
  - watch
+{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }}
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - argocd-app-controller-shard-cm
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+{{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -198,14 +198,30 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                optional: true
+                {{- if .Values.externalRedis.host }}
                key: redis-password
+                {{- else }}
+                key: auth
+                {{- end }}
+          - name: REDIS_SENTINEL_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                key: redis-sentinel-username
+                optional: true
+          - name: REDIS_SENTINEL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
--- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
@ -13,7 +13,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
-  secretName: {{ .Values.applicationSet.certificate.secretName }}
+  secretName: argocd-applicationset-controller-tls
  commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
  dnsNames:
    - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
--- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml
@ -24,6 +24,7 @@ spec:
  {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }}
  {{- end }}
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name:  {{ .Values.applicationSet.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-applicationset/service.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml
@ -16,6 +16,7 @@ metadata:
 {{- end }}
 spec:
  type: {{ .Values.applicationSet.service.type }}
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.applicationSet.service.portName }}
    port: {{ .Values.applicationSet.service.port }}
--- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
+++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
@ -1,17 +1,17 @@
-{{- range .Values.configs.clusterCredentials }}
+{{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
+  name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }}
  namespace: {{ $.Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
-    {{- with .labels }}
+    {{- with $cluster_value.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
    argocd.argoproj.io/secret-type: cluster
-  {{- with .annotations }}
+  {{- with $cluster_value.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
@ -19,17 +19,20 @@ metadata:
  {{- end }}
 type: Opaque
 stringData:
-  name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
-  server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
-  {{- if .namespaces }}
-  namespaces: {{ .namespaces }}
-    {{- if .clusterResources }}
-  clusterResources: {{ .clusterResources | quote }}
+  {{- if $cluster_value.shard }}
+  shard: {{ $cluster_value.shard }}
+  {{- end }}
+  name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }}
+  server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
+  {{- if $cluster_value.namespaces }}
+  namespaces: {{ $cluster_value.namespaces }}
+    {{- if $cluster_value.clusterResources }}
+  clusterResources: {{ $cluster_value.clusterResources | quote }}
    {{- end }}
  {{- end }}
-  {{- if .project }}
-  project: {{ .project | quote }}
+  {{- if $cluster_value.project }}
+  project: {{ $cluster_value.project | quote }}
  {{- end }}
  config: |
-    {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }}
+    {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "argo-cd.redis.fullname" . }}
+  name: argocd-redis
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml
@ -24,6 +24,7 @@ spec:
  {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.notifications.metrics.service.clusterIP }}
  {{- end }}
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
  ports:
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -175,14 +175,30 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                optional: true
+                {{- if .Values.externalRedis.host }}
                key: redis-password
+                {{- else }}
+                key: auth
+                {{- end }}
+          - name: REDIS_SENTINEL_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                key: redis-sentinel-username
+                optional: true
+          - name: REDIS_SENTINEL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
@ -355,10 +371,8 @@ spec:
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
        name: copyutil
-        {{- with .Values.repoServer.resources }}
        resources:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
+          {{- toYaml .Values.repoServer.resources | nindent 10 }}
        {{- with .Values.repoServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
--- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml
@ -24,6 +24,7 @@ spec:
  {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }}
  {{- end }}
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.repoServer.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-repo-server/service.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml
@ -15,6 +15,7 @@ metadata:
  name: {{ template "argo-cd.repoServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
 spec:
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.repoServer.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-server/aws/service.yaml
+++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml
@ -9,6 +9,7 @@ metadata:
  name: {{ template "argo-cd.server.fullname" . }}-grpc
  namespace: {{ include  "argo-cd.namespace" . }}
 spec:
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.server.service.servicePortHttpName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-server/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-server/certificate.yaml
@ -13,7 +13,14 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
-  secretName: {{ .Values.server.certificate.secretName }}
+  secretTemplate:
+    {{- with .Values.server.certificate.secretTemplateAnnotations }}
+    annotations:
+      {{- range $key, $value := . }}
+      {{ $key }}: {{ $value | quote }}
+      {{- end }}
+    {{- end }} 
+  secretName: argocd-server-tls
  commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
  dnsNames:
    - {{ .Values.server.certificate.domain | default .Values.global.domain }}
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -243,14 +243,30 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                optional: true
+                {{- if .Values.externalRedis.host }}
                key: redis-password
+                {{- else }}
+                key: auth
+                {{- end }}
+          - name: REDIS_SENTINEL_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                key: redis-sentinel-username
+                optional: true
+          - name: REDIS_SENTINEL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
--- a/charts/argo-cd/templates/argocd-server/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-server/metrics.yaml
@ -24,6 +24,7 @@ spec:
  {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.server.metrics.service.clusterIP }}
  {{- end }}
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.server.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-server/service.yaml
+++ b/charts/argo-cd/templates/argocd-server/service.yaml
@ -16,6 +16,7 @@ metadata:
  {{- end }}
 spec:
  type: {{ .Values.server.service.type }}
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  {{- with .Values.server.service.externalIPs }}
  externalIPs: {{ . }}
  {{- end }}
@ -23,6 +24,9 @@ spec:
  externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }}
  {{- end }}
  {{- if eq .Values.server.service.type "LoadBalancer" }}
+  {{- with .Values.server.service.loadBalancerClass }}
+  loadBalancerClass: {{ . }}
+  {{- end }}
  {{- with .Values.server.service.loadBalancerIP }}
  loadBalancerIP: {{ . }}
  {{- end }}
--- a/charts/argo-cd/templates/dex/service.yaml
+++ b/charts/argo-cd/templates/dex/service.yaml
@ -16,6 +16,7 @@ metadata:
 {{- toYaml .Values.dex.metrics.service.labels | nindent 4 }}
 {{- end }}
 spec:
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.dex.servicePortHttpName }}
    protocol: TCP
--- a/charts/argo-cd/templates/redis-secret-init/job.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/job.yaml
@ -0,0 +1,65 @@
+{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation
+    {{- range $key, $value := .Values.redisSecretInit.jobAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
+spec:
+  template:
+    metadata:
+      labels:
+        {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 8 }}
+        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redisSecretInit.podLabels) }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redisSecretInit.podAnnotations) }}
+      annotations:
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
+    spec:
+      {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - command:
+          - argocd
+          - admin
+          - redis-initial-password
+        image: {{ default .Values.global.image.repository .Values.redisSecretInit.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.redisSecretInit.image.tag }}
+        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redisSecretInit.image.imagePullPolicy }}
+        name: secret-init
+        resources:
+          {{- toYaml .Values.redisSecretInit.resources | nindent 10 }}
+        {{- with .Values.redisSecretInit.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      {{- with .Values.redisSecretInit.securityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.redisSecretInit.priorityClassName | default .Values.global.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
+      restartPolicy: OnFailure
+      {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.redisSecretInit.tolerations | default .Values.global.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
+{{- end }}
--- a/charts/argo-cd/templates/redis-secret-init/role.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/role.yaml
@ -0,0 +1,27 @@
+{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
+  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - argocd-redis
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+{{- end }}
--- a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
@ -0,0 +1,19 @@
+{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
+  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
+{{- end }}
--- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
@ -0,0 +1,16 @@
+{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }}
+metadata:
+  name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation
+    {{- range $key, $value := .Values.redisSecretInit.serviceAccount.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
+{{- end }}
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@ -65,8 +65,14 @@ spec:
        - ""
        - --appendonly
        - "no"
-        {{- with (concat .Values.global.env .Values.redis.env) }}
+        - --requirepass $(REDIS_PASSWORD)
        env:
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: argocd-redis
+              key: auth
+        {{- with (concat .Values.global.env .Values.redis.env) }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        {{- with .Values.redis.envFrom }}
@ -124,6 +130,11 @@ spec:
          value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }}
        - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
          value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }}
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: argocd-redis
+              key: auth
        {{- with (concat .Values.global.env .Values.redis.exporter.env) }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
--- a/charts/argo-cd/templates/redis/health-configmap.yaml
+++ b/charts/argo-cd/templates/redis/health-configmap.yaml
@ -11,6 +11,7 @@ data:
  redis_liveness.sh: |
    response=$(
      redis-cli \
+        -a "${REDIS_PASSWORD}" --no-auth-warning \
        -h localhost \
        -p {{ .Values.redis.containerPorts.redis }} \
        ping
@ -23,6 +24,7 @@ data:
  redis_readiness.sh: |
    response=$(
      redis-cli \
+        -a "${REDIS_PASSWORD}" --no-auth-warning \
        -h localhost \
        -p {{ .Values.redis.containerPorts.redis }} \
        ping
--- a/charts/argo-cd/templates/redis/service.yaml
+++ b/charts/argo-cd/templates/redis/service.yaml
@ -17,6 +17,7 @@ metadata:
    {{- end }}
  {{- end }}
 spec:
+  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: redis
    port: {{ .Values.redis.servicePort }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -98,6 +98,13 @@ global:
  #   hostnames:
  #   - git.myhostname

+  # Configure dual-stack used by all component services
+  dualStack:
+    # -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)
+    ipFamilyPolicy: ""
+    # -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6.
+    ipFamilies: []
+
  # Default network policy rules used by all components
  networkPolicy:
    # -- Create NetworkPolicy objects for all components
@ -418,13 +425,13 @@ configs:
      #       command: [sh, -c, find . -name env.yaml]

  # -- Provide one or multiple [external cluster credentials]
-  # @default -- `[]` (See [values.yaml])
+  # @default -- `{}` (See [values.yaml])
  ## Ref:
  ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
  ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
  ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
-  clusterCredentials: []
-    # - name: mycluster
+  clusterCredentials: {}
+    # mycluster:
    #   server: https://mycluster.example.com
    #   labels: {}
    #   annotations: {}
@ -433,7 +440,7 @@ configs:
    #     tlsClientConfig:
    #       insecure: false
    #       caData: "<base64 encoded certificate>"
-    # - name: mycluster2
+    # mycluster2:
    #   server: https://mycluster2.example.com
    #   labels: {}
    #   annotations: {}
@ -444,7 +451,7 @@ configs:
    #     tlsClientConfig:
    #       insecure: false
    #       caData: "<base64 encoded certificate>"
-    # - name: mycluster3-project-scoped
+    # mycluster3-project-scoped:
    #   server: https://mycluster3.example.com
    #   labels: {}
    #   annotations: {}
@ -454,6 +461,16 @@ configs:
    #     tlsClientConfig:
    #       insecure: false
    #       caData: "<base64 encoded certificate>"
+    # mycluster4-sharded:
+    #   shard: 1
+    #   server: https://mycluster4.example.com
+    #   labels: {}
+    #   annotations: {}
+    #   config:
+    #     bearerToken: "<authentication token>"
+    #     tlsClientConfig:
+    #       insecure: false
+    #       caData: "<base64 encoded certificate>"

  # -- Repository credentials to be used as Templates for other repos
  ## Creates a secret for each key/value specified below to create repository credentials
@ -1547,6 +1564,12 @@ redis-ha:
    containerSecurityContext:
      readOnlyRootFilesystem: true

+  # -- Configures redis-ha with AUTH
+  auth: true
+  # -- Existing Secret to use for redis-ha authentication.
+  # By default the redis-secret-init Job is generating this Secret.
+  existingSecret: argocd-redis
+
  # -- Whether the Redis server pods should be forced to run on separate nodes.
  hardAntiAffinity: true

@ -1588,12 +1611,88 @@ externalRedis:
  password: ""
  # -- External Redis server port
  port: 6379
-  # -- The name of an existing secret with Redis credentials (must contain key `redis-password`).
+  # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials.
  # When it's set, the `externalRedis.password` parameter is ignored
  existingSecret: ""
  # -- External Redis Secret annotations
  secretAnnotations: {}

+redisSecretInit:
+  # -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods
+  enabled: true
+  # -- Redis secret-init name
+  name: redis-secret-init
+
+  image:
+    # -- Repository to use for the Redis secret-init Job
+    # @default -- `""` (defaults to global.image.repository)
+    repository: "" # defaults to global.image.repository
+    # -- Tag to use for the Redis secret-init Job
+    # @default -- `""` (defaults to global.image.tag)
+    tag: "" # defaults to global.image.tag
+    # -- Image pull policy for the Redis secret-init Job
+    # @default -- `""` (defaults to global.image.imagePullPolicy)
+    imagePullPolicy: "" # IfNotPresent
+
+  # -- Secrets with credentials to pull images from a private registry
+  # @default -- `[]` (defaults to global.imagePullSecrets)
+  imagePullSecrets: []
+
+  # -- Annotations to be added to the Redis secret-init Job
+  jobAnnotations: {}
+
+  # -- Annotations to be added to the Redis secret-init Job
+  podAnnotations: {}
+
+  # -- Labels to be added to the Redis secret-init Job
+  podLabels: {}
+
+  # -- Resource limits and requests for Redis secret-init Job
+  resources: {}
+  #  limits:
+  #    cpu: 200m
+  #    memory: 128Mi
+  #  requests:
+  #    cpu: 100m
+  #    memory: 64Mi
+
+  # -- Application controller container-level security context
+  # @default -- See [values.yaml]
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+
+  # -- Redis secret-init Job pod-level security context
+  securityContext: {}
+
+  serviceAccount:
+    # -- Create a service account for the redis pod
+    create: true
+    # -- Service account name for redis pod
+    name: ""
+    # -- Annotations applied to created service account
+    annotations: {}
+    # -- Automount API credentials for the Service Account
+    automountServiceAccountToken: true
+
+  # -- Priority class for Redis secret-init Job
+  # @default -- `""` (defaults to global.priorityClassName)
+  priorityClassName: ""
+
+  # -- Node selector to be added to the Redis secret-init Job
+  # @default -- `{}` (defaults to global.nodeSelector)
+  nodeSelector: {}
+
+  # -- Tolerations to be added to the Redis secret-init Job
+  # @default -- `[]` (defaults to global.tolerations)
+  tolerations: []
+
 ## Server
 server:
  # -- Argo CD server name
@ -1901,8 +2000,6 @@ server:
  certificate:
    # -- Deploy a Certificate resource (requires cert-manager)
    enabled: false
-    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
-    secretName: argocd-server-tls
    # -- Certificate primary domain (commonName)
    # @default -- `""` (defaults to global.domain)
    domain: ""
@ -1940,6 +2037,8 @@ server:
    # -- Usages for the certificate
    ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
    usages: []
+    # -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
+    secretTemplateAnnotations: {}

  # TLS certificate configuration via Secret
  ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
@ -1978,6 +2077,8 @@ server:
    # -- Server service https port appProtocol
    ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
    servicePortHttpsAppProtocol: ""
+    # -- The class of the load balancer implementation
+    loadBalancerClass: ""
    # -- LoadBalancer will get created with the IP specified in this field
    loadBalancerIP: ""
    # -- Source IP ranges to allow access to service from
@ -2905,8 +3006,6 @@ applicationSet:
  certificate:
    # -- Deploy a Certificate resource (requires cert-manager)
    enabled: false
-    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
-    secretName: argocd-applicationset-controller-tls
    # -- Certificate primary domain (commonName)
    # @default -- `""` (defaults to global.domain)
    domain: ""
--- a/charts/argo-events/Chart.yaml
+++ b/charts/argo-events/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v1.9.1
+appVersion: v1.9.2
 description: A Helm chart for Argo Events, the event-driven workflow automation framework
 name: argo-events
-version: 2.4.4
+version: 2.4.7
 home: https://github.com/argoproj/argo-helm
 icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
 keywords:
@ -18,5 +18,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: added
-      description: Support ability to set .Values.namespaceOverride
+    - kind: fixed
+      description: Update Jetstream versions as following upstream
--- a/charts/argo-events/README.md
+++ b/charts/argo-events/README.md
@ -65,11 +65,51 @@ done
 | configs.jetstream.streamConfig.maxBytes | string | `"1GB"` |  |
 | configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message |
 | configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 |
-| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:latest"` |  |
-| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:latest"` |  |
-| configs.jetstream.versions[0].natsImage | string | `"nats:latest"` |  |
+| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` |  |
+| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` |  |
+| configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` |  |
 | configs.jetstream.versions[0].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[0].version | string | `"latest"` |  |
+| configs.jetstream.versions[1].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
+| configs.jetstream.versions[1].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
+| configs.jetstream.versions[1].natsImage | string | `"nats:2.8.1"` |  |
+| configs.jetstream.versions[1].startCommand | string | `"/nats-server"` |  |
+| configs.jetstream.versions[1].version | string | `"2.8.1"` |  |
+| configs.jetstream.versions[2].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
+| configs.jetstream.versions[2].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
+| configs.jetstream.versions[2].natsImage | string | `"nats:2.8.1-alpine"` |  |
+| configs.jetstream.versions[2].startCommand | string | `"nats-server"` |  |
+| configs.jetstream.versions[2].version | string | `"2.8.1-alpine"` |  |
+| configs.jetstream.versions[3].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
+| configs.jetstream.versions[3].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
+| configs.jetstream.versions[3].natsImage | string | `"nats:2.8.2"` |  |
+| configs.jetstream.versions[3].startCommand | string | `"/nats-server"` |  |
+| configs.jetstream.versions[3].version | string | `"2.8.2"` |  |
+| configs.jetstream.versions[4].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
+| configs.jetstream.versions[4].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
+| configs.jetstream.versions[4].natsImage | string | `"nats:2.8.2-alpine"` |  |
+| configs.jetstream.versions[4].startCommand | string | `"nats-server"` |  |
+| configs.jetstream.versions[4].version | string | `"2.8.2-alpine"` |  |
+| configs.jetstream.versions[5].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
+| configs.jetstream.versions[5].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
+| configs.jetstream.versions[5].natsImage | string | `"nats:2.9.1"` |  |
+| configs.jetstream.versions[5].startCommand | string | `"/nats-server"` |  |
+| configs.jetstream.versions[5].version | string | `"2.9.1"` |  |
+| configs.jetstream.versions[6].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
+| configs.jetstream.versions[6].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
+| configs.jetstream.versions[6].natsImage | string | `"nats:2.9.12"` |  |
+| configs.jetstream.versions[6].startCommand | string | `"/nats-server"` |  |
+| configs.jetstream.versions[6].version | string | `"2.9.12"` |  |
+| configs.jetstream.versions[7].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
+| configs.jetstream.versions[7].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
+| configs.jetstream.versions[7].natsImage | string | `"nats:2.9.16"` |  |
+| configs.jetstream.versions[7].startCommand | string | `"/nats-server"` |  |
+| configs.jetstream.versions[7].version | string | `"2.9.16"` |  |
+| configs.jetstream.versions[8].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` |  |
+| configs.jetstream.versions[8].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` |  |
+| configs.jetstream.versions[8].natsImage | string | `"nats:2.10.10"` |  |
+| configs.jetstream.versions[8].startCommand | string | `"/nats-server"` |  |
+| configs.jetstream.versions[8].version | string | `"2.10.10"` |  |
 | configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus |
 | crds.annotations | object | `{}` | Annotations to be added to all CRDs |
 | crds.install | bool | `true` | Install and upgrade CRDs |
--- a/charts/argo-events/templates/_helpers.tpl
+++ b/charts/argo-events/templates/_helpers.tpl
@ -104,6 +104,9 @@ helm.sh/chart: {{ include "argo-events.chart" .context }}
 {{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
 app.kubernetes.io/managed-by: {{ .context.Release.Service }}
 app.kubernetes.io/part-of: argo-events
+{{- with .context.Values.global.additionalLabels }}
+{{ toYaml . }}
+{{- end }}
 {{- end }}

 {{/*
--- a/charts/argo-events/values.yaml
+++ b/charts/argo-events/values.yaml
@ -96,10 +96,50 @@ configs:
      duplicates: 300s
    # Supported versions of JetStream eventbus
    versions:
-      - version: "latest"
-        natsImage: nats:latest
-        metricsExporterImage: natsio/prometheus-nats-exporter:latest
-        configReloaderImage: natsio/nats-server-config-reloader:latest
+      - version: latest
+        natsImage: nats:2.10.10
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
+        configReloaderImage: natsio/nats-server-config-reloader:0.14.0
+        startCommand: /nats-server
+      - version: 2.8.1
+        natsImage: nats:2.8.1
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
+        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
+        startCommand: /nats-server
+      - version: 2.8.1-alpine
+        natsImage: nats:2.8.1-alpine
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
+        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
+        startCommand: nats-server
+      - version: 2.8.2
+        natsImage: nats:2.8.2
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
+        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
+        startCommand: /nats-server
+      - version: 2.8.2-alpine
+        natsImage: nats:2.8.2-alpine
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
+        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
+        startCommand: nats-server
+      - version: 2.9.1
+        natsImage: nats:2.9.1
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
+        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
+        startCommand: /nats-server
+      - version: 2.9.12
+        natsImage: nats:2.9.12
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
+        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
+        startCommand: /nats-server
+      - version: 2.9.16
+        natsImage: nats:2.9.16
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
+        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
+        startCommand: /nats-server
+      - version: 2.10.10
+        natsImage: nats:2.10.10
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
+        configReloaderImage: natsio/nats-server-config-reloader:0.14.0
        startCommand: /nats-server

 # -- Array of extra K8s manifests to deploy
--- a/charts/argo-rollouts/Chart.yaml
+++ b/charts/argo-rollouts/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v1.7.0
+appVersion: v1.7.1
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 2.35.3
+version: 2.37.2
 home: https://github.com/argoproj/argo-helm
 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
 keywords:
--- a/charts/argo-rollouts/README.md
+++ b/charts/argo-rollouts/README.md
@ -51,14 +51,17 @@ For full list of changes please check ArtifactHub [changelog].
 | fullnameOverride | string | `nil` | String to fully override "argo-rollouts.fullname" template |
 | global.deploymentAnnotations | object | `{}` | Annotations for all deployed Deployments |
 | global.deploymentLabels | object | `{}` | Labels for all deployed Deployments |
+| global.revisionHistoryLimit | int | `10` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. |
 | imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Registry secret names as an array. |
 | installCRDs | bool | `true` | Install and upgrade CRDs |
 | keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
 | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
 | nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template |
 | notifications.notifiers | object | `{}` | Configures notification services |
+| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret |
 | notifications.secret.create | bool | `false` | Whether to create notifications secret |
 | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret |
+| notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts |
 | notifications.templates | object | `{}` | Notification templates |
 | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
 | providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers |
@ -78,7 +81,7 @@ For full list of changes please check ArtifactHub [changelog].

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| containerSecurityContext | object | `{}` | Security Context to set on container level |
+| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context to set on container level |
 | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
 | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` |
 | controller.containerPorts.healthz | int | `8080` | Healthz container port |
--- a/charts/argo-rollouts/templates/controller/deployment.yaml
+++ b/charts/argo-rollouts/templates/controller/deployment.yaml
@ -21,8 +21,9 @@ spec:
      app.kubernetes.io/component: {{ .Values.controller.component }}
      {{- include "argo-rollouts.selectorLabels" . | nindent 6 }}
  strategy:
-    type: Recreate
+    type: RollingUpdate
  replicas: {{ .Values.controller.replicas }}
+  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
  template:
    metadata:
      {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.controller.podAnnotations) }}
@ -79,8 +80,12 @@ spec:
          {{- toYaml .Values.containerSecurityContext | nindent 10 }}
        resources:
          {{- toYaml .Values.controller.resources | nindent 10 }}
-        {{- with .Values.controller.volumeMounts }}
        volumeMounts:
+        - name: plugin-bin
+          mountPath: /home/argo-rollouts/plugin-bin
+        - name: tmp
+          mountPath: /tmp
+        {{- with .Values.controller.volumeMounts }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- with .Values.controller.extraContainers }}
@ -119,7 +124,11 @@ spec:
      {{- with .Values.controller.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
-      {{- with .Values.controller.volumes }}
      volumes:
+      - name: plugin-bin
+        emptyDir: {}
+      - name: tmp
+        emptyDir: {}
+      {{- with .Values.controller.volumes }}
        {{- toYaml . | nindent 6 }}
      {{- end }}
--- a/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml
+++ b/charts/argo-rollouts/templates/controller/notifcations-configmap.yaml
@ -16,3 +16,7 @@ data:
  {{- with .Values.notifications.triggers }}
    {{- toYaml . | nindent 2 }}
  {{- end }}
+  {{- with .Values.notifications.subscriptions }}
+  subscriptions: |
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
--- a/charts/argo-rollouts/templates/controller/notifications-secret.yaml
+++ b/charts/argo-rollouts/templates/controller/notifications-secret.yaml
@ -4,6 +4,12 @@ kind: Secret
 metadata:
  name: argo-rollouts-notification-secret
  namespace: {{ .Release.Namespace | quote }}
+  {{- with .Values.notifications.secret.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
  labels:
    app.kubernetes.io/component: {{ .Values.controller.component }}
    {{- include "argo-rollouts.labels" . | nindent 4 }}
--- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
@ -188,6 +188,18 @@ spec:
                          type: object
                        datadog:
                          properties:
+                            aggregator:
+                              enum:
+                              - avg
+                              - min
+                              - max
+                              - sum
+                              - last
+                              - percentile
+                              - mean
+                              - l2norm
+                              - area
+                              type: string
                            apiVersion:
                              default: v1
                              enum:
@ -241,6 +253,9 @@ spec:
                                backoffLimit:
                                  format: int32
                                  type: integer
+                                backoffLimitPerIndex:
+                                  format: int32
+                                  type: integer
                                completionMode:
                                  type: string
                                completions:
@ -248,6 +263,9 @@ spec:
                                  type: integer
                                manualSelector:
                                  type: boolean
+                                maxFailedIndexes:
+                                  format: int32
+                                  type: integer
                                parallelism:
                                  format: int32
                                  type: integer
@ -289,13 +307,14 @@ spec:
                                            x-kubernetes-list-type: atomic
                                        required:
                                        - action
-                                        - onPodConditions
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  required:
                                  - rules
                                  type: object
+                                podReplacementPolicy:
+                                  type: string
                                selector:
                                  properties:
                                    matchExpressions:
@ -467,6 +486,16 @@ spec:
                                                                type: object
                                                            type: object
                                                            x-kubernetes-map-type: atomic
+                                                          matchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
+                                                          mismatchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
                                                          namespaceSelector:
                                                            properties:
                                                              matchExpressions:
@ -535,6 +564,16 @@ spec:
                                                            type: object
                                                        type: object
                                                        x-kubernetes-map-type: atomic
+                                                      matchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      mismatchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
                                                      namespaceSelector:
                                                        properties:
                                                          matchExpressions:
@ -601,6 +640,16 @@ spec:
                                                                type: object
                                                            type: object
                                                            x-kubernetes-map-type: atomic
+                                                          matchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
+                                                          mismatchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
                                                          namespaceSelector:
                                                            properties:
                                                              matchExpressions:
@ -669,6 +718,16 @@ spec:
                                                            type: object
                                                        type: object
                                                        x-kubernetes-map-type: atomic
+                                                      matchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      mismatchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
                                                      namespaceSelector:
                                                        properties:
                                                          matchExpressions:
@ -848,6 +907,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -898,6 +965,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -1094,13 +1169,40 @@ spec:
                                                    format: int32
                                                    type: integer
                                                type: object
+                                              resizePolicy:
+                                                items:
+                                                  properties:
+                                                    resourceName:
+                                                      type: string
+                                                    restartPolicy:
+                                                      type: string
+                                                  required:
+                                                  - resourceName
+                                                  - restartPolicy
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              resources:
                                                properties:
+                                                  claims:
+                                                    items:
+                                                      properties:
+                                                        name:
+                                                          type: string
+                                                      required:
+                                                      - name
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-map-keys:
+                                                    - name
+                                                    x-kubernetes-list-type: map
                                                  limits:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                  requests:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                type: object
+                                              restartPolicy:
+                                                type: string
                                              securityContext:
                                                properties:
                                                  allowPrivilegeEscalation:
@ -1453,6 +1555,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -1503,6 +1613,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -1699,13 +1817,40 @@ spec:
                                                    format: int32
                                                    type: integer
                                                type: object
+                                              resizePolicy:
+                                                items:
+                                                  properties:
+                                                    resourceName:
+                                                      type: string
+                                                    restartPolicy:
+                                                      type: string
+                                                  required:
+                                                  - resourceName
+                                                  - restartPolicy
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              resources:
                                                properties:
+                                                  claims:
+                                                    items:
+                                                      properties:
+                                                        name:
+                                                          type: string
+                                                      required:
+                                                      - name
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-map-keys:
+                                                    - name
+                                                    x-kubernetes-list-type: map
                                                  limits:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                  requests:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                type: object
+                                              restartPolicy:
+                                                type: string
                                              securityContext:
                                                properties:
                                                  allowPrivilegeEscalation:
@ -2065,6 +2210,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -2115,6 +2268,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -2311,13 +2472,40 @@ spec:
                                                    format: int32
                                                    type: integer
                                                type: object
+                                              resizePolicy:
+                                                items:
+                                                  properties:
+                                                    resourceName:
+                                                      type: string
+                                                    restartPolicy:
+                                                      type: string
+                                                  required:
+                                                  - resourceName
+                                                  - restartPolicy
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              resources:
                                                properties:
+                                                  claims:
+                                                    items:
+                                                      properties:
+                                                        name:
+                                                          type: string
+                                                      required:
+                                                      - name
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-map-keys:
+                                                    - name
+                                                    x-kubernetes-list-type: map
                                                  limits:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                  requests:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                type: object
+                                              restartPolicy:
+                                                type: string
                                              securityContext:
                                                properties:
                                                  allowPrivilegeEscalation:
@ -2543,12 +2731,43 @@ spec:
                                            - conditionType
                                            type: object
                                          type: array
+                                        resourceClaims:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              source:
+                                                properties:
+                                                  resourceClaimName:
+                                                    type: string
+                                                  resourceClaimTemplateName:
+                                                    type: string
+                                                type: object
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
                                        restartPolicy:
                                          type: string
                                        runtimeClassName:
                                          type: string
                                        schedulerName:
                                          type: string
+                                        schedulingGates:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
                                        securityContext:
                                          properties:
                                            fsGroup:
@ -2945,11 +3164,26 @@ spec:
                type: array
              terminate:
                type: boolean
+              ttlStrategy:
+                properties:
+                  secondsAfterCompletion:
+                    format: int32
+                    type: integer
+                  secondsAfterFailure:
+                    format: int32
+                    type: integer
+                  secondsAfterSuccess:
+                    format: int32
+                    type: integer
+                type: object
            required:
            - metrics
            type: object
          status:
            properties:
+              completedAt:
+                format: date-time
+                type: string
              dryRunSummary:
                properties:
                  count:
--- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
@ -184,6 +184,18 @@ spec:
                          type: object
                        datadog:
                          properties:
+                            aggregator:
+                              enum:
+                              - avg
+                              - min
+                              - max
+                              - sum
+                              - last
+                              - percentile
+                              - mean
+                              - l2norm
+                              - area
+                              type: string
                            apiVersion:
                              default: v1
                              enum:
@ -237,6 +249,9 @@ spec:
                                backoffLimit:
                                  format: int32
                                  type: integer
+                                backoffLimitPerIndex:
+                                  format: int32
+                                  type: integer
                                completionMode:
                                  type: string
                                completions:
@ -244,6 +259,9 @@ spec:
                                  type: integer
                                manualSelector:
                                  type: boolean
+                                maxFailedIndexes:
+                                  format: int32
+                                  type: integer
                                parallelism:
                                  format: int32
                                  type: integer
@ -285,13 +303,14 @@ spec:
                                            x-kubernetes-list-type: atomic
                                        required:
                                        - action
-                                        - onPodConditions
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  required:
                                  - rules
                                  type: object
+                                podReplacementPolicy:
+                                  type: string
                                selector:
                                  properties:
                                    matchExpressions:
@ -463,6 +482,16 @@ spec:
                                                                type: object
                                                            type: object
                                                            x-kubernetes-map-type: atomic
+                                                          matchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
+                                                          mismatchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
                                                          namespaceSelector:
                                                            properties:
                                                              matchExpressions:
@ -531,6 +560,16 @@ spec:
                                                            type: object
                                                        type: object
                                                        x-kubernetes-map-type: atomic
+                                                      matchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      mismatchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
                                                      namespaceSelector:
                                                        properties:
                                                          matchExpressions:
@ -597,6 +636,16 @@ spec:
                                                                type: object
                                                            type: object
                                                            x-kubernetes-map-type: atomic
+                                                          matchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
+                                                          mismatchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
                                                          namespaceSelector:
                                                            properties:
                                                              matchExpressions:
@ -665,6 +714,16 @@ spec:
                                                            type: object
                                                        type: object
                                                        x-kubernetes-map-type: atomic
+                                                      matchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      mismatchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
                                                      namespaceSelector:
                                                        properties:
                                                          matchExpressions:
@ -844,6 +903,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -894,6 +961,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -1090,13 +1165,40 @@ spec:
                                                    format: int32
                                                    type: integer
                                                type: object
+                                              resizePolicy:
+                                                items:
+                                                  properties:
+                                                    resourceName:
+                                                      type: string
+                                                    restartPolicy:
+                                                      type: string
+                                                  required:
+                                                  - resourceName
+                                                  - restartPolicy
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              resources:
                                                properties:
+                                                  claims:
+                                                    items:
+                                                      properties:
+                                                        name:
+                                                          type: string
+                                                      required:
+                                                      - name
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-map-keys:
+                                                    - name
+                                                    x-kubernetes-list-type: map
                                                  limits:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                  requests:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                type: object
+                                              restartPolicy:
+                                                type: string
                                              securityContext:
                                                properties:
                                                  allowPrivilegeEscalation:
@ -1449,6 +1551,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -1499,6 +1609,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -1695,13 +1813,40 @@ spec:
                                                    format: int32
                                                    type: integer
                                                type: object
+                                              resizePolicy:
+                                                items:
+                                                  properties:
+                                                    resourceName:
+                                                      type: string
+                                                    restartPolicy:
+                                                      type: string
+                                                  required:
+                                                  - resourceName
+                                                  - restartPolicy
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              resources:
                                                properties:
+                                                  claims:
+                                                    items:
+                                                      properties:
+                                                        name:
+                                                          type: string
+                                                      required:
+                                                      - name
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-map-keys:
+                                                    - name
+                                                    x-kubernetes-list-type: map
                                                  limits:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                  requests:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                type: object
+                                              restartPolicy:
+                                                type: string
                                              securityContext:
                                                properties:
                                                  allowPrivilegeEscalation:
@ -2061,6 +2206,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -2111,6 +2264,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -2307,13 +2468,40 @@ spec:
                                                    format: int32
                                                    type: integer
                                                type: object
+                                              resizePolicy:
+                                                items:
+                                                  properties:
+                                                    resourceName:
+                                                      type: string
+                                                    restartPolicy:
+                                                      type: string
+                                                  required:
+                                                  - resourceName
+                                                  - restartPolicy
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              resources:
                                                properties:
+                                                  claims:
+                                                    items:
+                                                      properties:
+                                                        name:
+                                                          type: string
+                                                      required:
+                                                      - name
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-map-keys:
+                                                    - name
+                                                    x-kubernetes-list-type: map
                                                  limits:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                  requests:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                type: object
+                                              restartPolicy:
+                                                type: string
                                              securityContext:
                                                properties:
                                                  allowPrivilegeEscalation:
@ -2539,12 +2727,43 @@ spec:
                                            - conditionType
                                            type: object
                                          type: array
+                                        resourceClaims:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              source:
+                                                properties:
+                                                  resourceClaimName:
+                                                    type: string
+                                                  resourceClaimTemplateName:
+                                                    type: string
+                                                type: object
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
                                        restartPolicy:
                                          type: string
                                        runtimeClassName:
                                          type: string
                                        schedulerName:
                                          type: string
+                                        schedulingGates:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
                                        securityContext:
                                          properties:
                                            fsGroup:
@ -2939,8 +3158,15 @@ spec:
                  - provider
                  type: object
                type: array
-            required:
-            - metrics
+              templates:
+                items:
+                  properties:
+                    clusterScope:
+                      type: boolean
+                    templateName:
+                      type: string
+                  type: object
+                type: array
            type: object
        required:
        - spec
--- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
@ -184,6 +184,18 @@ spec:
                          type: object
                        datadog:
                          properties:
+                            aggregator:
+                              enum:
+                              - avg
+                              - min
+                              - max
+                              - sum
+                              - last
+                              - percentile
+                              - mean
+                              - l2norm
+                              - area
+                              type: string
                            apiVersion:
                              default: v1
                              enum:
@ -237,6 +249,9 @@ spec:
                                backoffLimit:
                                  format: int32
                                  type: integer
+                                backoffLimitPerIndex:
+                                  format: int32
+                                  type: integer
                                completionMode:
                                  type: string
                                completions:
@ -244,6 +259,9 @@ spec:
                                  type: integer
                                manualSelector:
                                  type: boolean
+                                maxFailedIndexes:
+                                  format: int32
+                                  type: integer
                                parallelism:
                                  format: int32
                                  type: integer
@ -285,13 +303,14 @@ spec:
                                            x-kubernetes-list-type: atomic
                                        required:
                                        - action
-                                        - onPodConditions
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  required:
                                  - rules
                                  type: object
+                                podReplacementPolicy:
+                                  type: string
                                selector:
                                  properties:
                                    matchExpressions:
@ -463,6 +482,16 @@ spec:
                                                                type: object
                                                            type: object
                                                            x-kubernetes-map-type: atomic
+                                                          matchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
+                                                          mismatchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
                                                          namespaceSelector:
                                                            properties:
                                                              matchExpressions:
@ -531,6 +560,16 @@ spec:
                                                            type: object
                                                        type: object
                                                        x-kubernetes-map-type: atomic
+                                                      matchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      mismatchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
                                                      namespaceSelector:
                                                        properties:
                                                          matchExpressions:
@ -597,6 +636,16 @@ spec:
                                                                type: object
                                                            type: object
                                                            x-kubernetes-map-type: atomic
+                                                          matchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
+                                                          mismatchLabelKeys:
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                            x-kubernetes-list-type: atomic
                                                          namespaceSelector:
                                                            properties:
                                                              matchExpressions:
@ -665,6 +714,16 @@ spec:
                                                            type: object
                                                        type: object
                                                        x-kubernetes-map-type: atomic
+                                                      matchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      mismatchLabelKeys:
+                                                        items:
+                                                          type: string
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
                                                      namespaceSelector:
                                                        properties:
                                                          matchExpressions:
@ -844,6 +903,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -894,6 +961,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -1090,13 +1165,40 @@ spec:
                                                    format: int32
                                                    type: integer
                                                type: object
+                                              resizePolicy:
+                                                items:
+                                                  properties:
+                                                    resourceName:
+                                                      type: string
+                                                    restartPolicy:
+                                                      type: string
+                                                  required:
+                                                  - resourceName
+                                                  - restartPolicy
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              resources:
                                                properties:
+                                                  claims:
+                                                    items:
+                                                      properties:
+                                                        name:
+                                                          type: string
+                                                      required:
+                                                      - name
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-map-keys:
+                                                    - name
+                                                    x-kubernetes-list-type: map
                                                  limits:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                  requests:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                type: object
+                                              restartPolicy:
+                                                type: string
                                              securityContext:
                                                properties:
                                                  allowPrivilegeEscalation:
@ -1449,6 +1551,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -1499,6 +1609,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -1695,13 +1813,40 @@ spec:
                                                    format: int32
                                                    type: integer
                                                type: object
+                                              resizePolicy:
+                                                items:
+                                                  properties:
+                                                    resourceName:
+                                                      type: string
+                                                    restartPolicy:
+                                                      type: string
+                                                  required:
+                                                  - resourceName
+                                                  - restartPolicy
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              resources:
                                                properties:
+                                                  claims:
+                                                    items:
+                                                      properties:
+                                                        name:
+                                                          type: string
+                                                      required:
+                                                      - name
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-map-keys:
+                                                    - name
+                                                    x-kubernetes-list-type: map
                                                  limits:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                  requests:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                type: object
+                                              restartPolicy:
+                                                type: string
                                              securityContext:
                                                properties:
                                                  allowPrivilegeEscalation:
@ -2061,6 +2206,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -2111,6 +2264,14 @@ spec:
                                                        required:
                                                        - port
                                                        type: object
+                                                      sleep:
+                                                        properties:
+                                                          seconds:
+                                                            format: int64
+                                                            type: integer
+                                                        required:
+                                                        - seconds
+                                                        type: object
                                                      tcpSocket:
                                                        properties:
                                                          host:
@ -2307,13 +2468,40 @@ spec:
                                                    format: int32
                                                    type: integer
                                                type: object
+                                              resizePolicy:
+                                                items:
+                                                  properties:
+                                                    resourceName:
+                                                      type: string
+                                                    restartPolicy:
+                                                      type: string
+                                                  required:
+                                                  - resourceName
+                                                  - restartPolicy
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              resources:
                                                properties:
+                                                  claims:
+                                                    items:
+                                                      properties:
+                                                        name:
+                                                          type: string
+                                                      required:
+                                                      - name
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-map-keys:
+                                                    - name
+                                                    x-kubernetes-list-type: map
                                                  limits:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                  requests:
                                                    x-kubernetes-preserve-unknown-fields: true
                                                type: object
+                                              restartPolicy:
+                                                type: string
                                              securityContext:
                                                properties:
                                                  allowPrivilegeEscalation:
@ -2539,12 +2727,43 @@ spec:
                                            - conditionType
                                            type: object
                                          type: array
+                                        resourceClaims:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              source:
+                                                properties:
+                                                  resourceClaimName:
+                                                    type: string
+                                                  resourceClaimTemplateName:
+                                                    type: string
+                                                type: object
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
                                        restartPolicy:
                                          type: string
                                        runtimeClassName:
                                          type: string
                                        schedulerName:
                                          type: string
+                                        schedulingGates:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
                                        securityContext:
                                          properties:
                                            fsGroup:
@ -2939,8 +3158,15 @@ spec:
                  - provider
                  type: object
                type: array
-            required:
-            - metrics
+              templates:
+                items:
+                  properties:
+                    clusterScope:
+                      type: boolean
+                    templateName:
+                      type: string
+                  type: object
+                type: array
            type: object
        required:
        - spec
--- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
@ -94,6 +94,17 @@ spec:
                  - templateName
                  type: object
                type: array
+              analysisRunMetadata:
+                properties:
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  labels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                type: object
              dryRun:
                items:
                  properties:
@ -309,6 +320,16 @@ spec:
                                                    type: object
                                                type: object
                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              namespaceSelector:
                                                properties:
                                                  matchExpressions:
@ -377,6 +398,16 @@ spec:
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
                                          namespaceSelector:
                                            properties:
                                              matchExpressions:
@ -443,6 +474,16 @@ spec:
                                                    type: object
                                                type: object
                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
                                              namespaceSelector:
                                                properties:
                                                  matchExpressions:
@ -511,6 +552,16 @@ spec:
                                                type: object
                                            type: object
                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
                                          namespaceSelector:
                                            properties:
                                              matchExpressions:
@ -690,6 +741,14 @@ spec:
                                            required:
                                            - port
                                            type: object
+                                          sleep:
+                                            properties:
+                                              seconds:
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
                                          tcpSocket:
                                            properties:
                                              host:
@ -740,6 +799,14 @@ spec:
                                            required:
                                            - port
                                            type: object
+                                          sleep:
+                                            properties:
+                                              seconds:
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
                                          tcpSocket:
                                            properties:
                                              host:
@ -936,13 +1003,40 @@ spec:
                                        format: int32
                                        type: integer
                                    type: object
+                                  resizePolicy:
+                                    items:
+                                      properties:
+                                        resourceName:
+                                          type: string
+                                        restartPolicy:
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
                                  resources:
                                    properties:
+                                      claims:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
                                      limits:
                                        x-kubernetes-preserve-unknown-fields: true
                                      requests:
                                        x-kubernetes-preserve-unknown-fields: true
                                    type: object
+                                  restartPolicy:
+                                    type: string
                                  securityContext:
                                    properties:
                                      allowPrivilegeEscalation:
@ -1295,6 +1389,14 @@ spec:
                                            required:
                                            - port
                                            type: object
+                                          sleep:
+                                            properties:
+                                              seconds:
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
                                          tcpSocket:
                                            properties:
                                              host:
@ -1345,6 +1447,14 @@ spec:
                                            required:
                                            - port
                                            type: object
+                                          sleep:
+                                            properties:
+                                              seconds:
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
                                          tcpSocket:
                                            properties:
                                              host:
@ -1541,13 +1651,40 @@ spec:
                                        format: int32
                                        type: integer
                                    type: object
+                                  resizePolicy:
+                                    items:
+                                      properties:
+                                        resourceName:
+                                          type: string
+                                        restartPolicy:
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
                                  resources:
                                    properties:
+                                      claims:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
                                      limits:
                                        x-kubernetes-preserve-unknown-fields: true
                                      requests:
                                        x-kubernetes-preserve-unknown-fields: true
                                    type: object
+                                  restartPolicy:
+                                    type: string
                                  securityContext:
                                    properties:
                                      allowPrivilegeEscalation:
@ -1907,6 +2044,14 @@ spec:
                                            required:
                                            - port
                                            type: object
+                                          sleep:
+                                            properties:
+                                              seconds:
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
                                          tcpSocket:
                                            properties:
                                              host:
@ -1957,6 +2102,14 @@ spec:
                                            required:
                                            - port
                                            type: object
+                                          sleep:
+                                            properties:
+                                              seconds:
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
                                          tcpSocket:
                                            properties:
                                              host:
@ -2153,13 +2306,40 @@ spec:
                                        format: int32
                                        type: integer
                                    type: object
+                                  resizePolicy:
+                                    items:
+                                      properties:
+                                        resourceName:
+                                          type: string
+                                        restartPolicy:
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
                                  resources:
                                    properties:
+                                      claims:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
                                      limits:
                                        x-kubernetes-preserve-unknown-fields: true
                                      requests:
                                        x-kubernetes-preserve-unknown-fields: true
                                    type: object
+                                  restartPolicy:
+                                    type: string
                                  securityContext:
                                    properties:
                                      allowPrivilegeEscalation:
@ -2385,12 +2565,43 @@ spec:
                                - conditionType
                                type: object
                              type: array
+                            resourceClaims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  source:
+                                    properties:
+                                      resourceClaimName:
+                                        type: string
+                                      resourceClaimTemplateName:
+                                        type: string
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
                            restartPolicy:
                              type: string
                            runtimeClassName:
                              type: string
                            schedulerName:
                              type: string
+                            schedulingGates:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
                            securityContext:
                              properties:
                                fsGroup:
--- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
@ -581,6 +581,26 @@ spec:
                                    - templateName
                                    type: object
                                  type: array
+                                analysisRunMetadata:
+                                  properties:
+                                    annotations:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                    labels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                dryRun:
+                                  items:
+                                    properties:
+                                      metricName:
+                                        type: string
+                                    required:
+                                    - metricName
+                                    type: object
+                                  type: array
                                duration:
                                  type: string
                                templates:
@ -913,6 +933,9 @@ spec:
                              - name
                              type: object
                            type: array
+                          maxTrafficWeight:
+                            format: int32
+                            type: integer
                          nginx:
                            properties:
                              additionalIngressAnnotations:
@ -1093,6 +1116,16 @@ spec:
                                              type: object
                                          type: object
                                          x-kubernetes-map-type: atomic
+                                        matchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        mismatchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
                                        namespaceSelector:
                                          properties:
                                            matchExpressions:
@ -1161,6 +1194,16 @@ spec:
                                          type: object
                                      type: object
                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    mismatchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
                                    namespaceSelector:
                                      properties:
                                        matchExpressions:
@ -1227,6 +1270,16 @@ spec:
                                              type: object
                                          type: object
                                          x-kubernetes-map-type: atomic
+                                        matchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        mismatchLabelKeys:
+                                          items:
+                                            type: string
+                                          type: array
+                                          x-kubernetes-list-type: atomic
                                        namespaceSelector:
                                          properties:
                                            matchExpressions:
@ -1295,6 +1348,16 @@ spec:
                                          type: object
                                      type: object
                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    mismatchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
                                    namespaceSelector:
                                      properties:
                                        matchExpressions:
@ -1474,6 +1537,14 @@ spec:
                                      required:
                                      - port
                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
                                    tcpSocket:
                                      properties:
                                        host:
@ -1524,6 +1595,14 @@ spec:
                                      required:
                                      - port
                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
                                    tcpSocket:
                                      properties:
                                        host:
@ -1720,13 +1799,40 @@ spec:
                                  format: int32
                                  type: integer
                              type: object
+                            resizePolicy:
+                              items:
+                                properties:
+                                  resourceName:
+                                    type: string
+                                  restartPolicy:
+                                    type: string
+                                required:
+                                - resourceName
+                                - restartPolicy
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
                            resources:
                              properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
                                limits:
                                  x-kubernetes-preserve-unknown-fields: true
                                requests:
                                  x-kubernetes-preserve-unknown-fields: true
                              type: object
+                            restartPolicy:
+                              type: string
                            securityContext:
                              properties:
                                allowPrivilegeEscalation:
@ -2079,6 +2185,14 @@ spec:
                                      required:
                                      - port
                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
                                    tcpSocket:
                                      properties:
                                        host:
@ -2129,6 +2243,14 @@ spec:
                                      required:
                                      - port
                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
                                    tcpSocket:
                                      properties:
                                        host:
@ -2325,13 +2447,40 @@ spec:
                                  format: int32
                                  type: integer
                              type: object
+                            resizePolicy:
+                              items:
+                                properties:
+                                  resourceName:
+                                    type: string
+                                  restartPolicy:
+                                    type: string
+                                required:
+                                - resourceName
+                                - restartPolicy
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
                            resources:
                              properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
                                limits:
                                  x-kubernetes-preserve-unknown-fields: true
                                requests:
                                  x-kubernetes-preserve-unknown-fields: true
                              type: object
+                            restartPolicy:
+                              type: string
                            securityContext:
                              properties:
                                allowPrivilegeEscalation:
@ -2691,6 +2840,14 @@ spec:
                                      required:
                                      - port
                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
                                    tcpSocket:
                                      properties:
                                        host:
@ -2741,6 +2898,14 @@ spec:
                                      required:
                                      - port
                                      type: object
+                                    sleep:
+                                      properties:
+                                        seconds:
+                                          format: int64
+                                          type: integer
+                                      required:
+                                      - seconds
+                                      type: object
                                    tcpSocket:
                                      properties:
                                        host:
@ -2937,13 +3102,40 @@ spec:
                                  format: int32
                                  type: integer
                              type: object
+                            resizePolicy:
+                              items:
+                                properties:
+                                  resourceName:
+                                    type: string
+                                  restartPolicy:
+                                    type: string
+                                required:
+                                - resourceName
+                                - restartPolicy
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
                            resources:
                              properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
                                limits:
                                  x-kubernetes-preserve-unknown-fields: true
                                requests:
                                  x-kubernetes-preserve-unknown-fields: true
                              type: object
+                            restartPolicy:
+                              type: string
                            securityContext:
                              properties:
                                allowPrivilegeEscalation:
@ -3169,12 +3361,43 @@ spec:
                          - conditionType
                          type: object
                        type: array
+                      resourceClaims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            source:
+                              properties:
+                                resourceClaimName:
+                                  type: string
+                                resourceClaimTemplateName:
+                                  type: string
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                      restartPolicy:
                        type: string
                      runtimeClassName:
                        type: string
                      schedulerName:
                        type: string
+                      schedulingGates:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                      securityContext:
                        properties:
                          fsGroup:
@ -3340,6 +3563,8 @@ spec:
                    type: string
                  name:
                    type: string
+                  scaleDown:
+                    type: string
                type: object
            type: object
          status:
--- a/charts/argo-rollouts/templates/dashboard/deployment.yaml
+++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml
@ -24,6 +24,7 @@ spec:
  strategy:
    type: Recreate
  replicas: {{ .Values.dashboard.replicas }}
+  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
  template:
    metadata:
      {{- with (mergeOverwrite (deepCopy .Values.podAnnotations) .Values.dashboard.podAnnotations) }}
--- a/charts/argo-rollouts/values.yaml
+++ b/charts/argo-rollouts/values.yaml
@ -43,6 +43,8 @@ global:
  deploymentAnnotations: {}
  # -- Labels for all deployed Deployments
  deploymentLabels: {}
+  # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
+  revisionHistoryLimit: 10

 controller:
  # -- Value of label `app.kubernetes.io/component`
@ -118,6 +120,7 @@ controller:
  #  limits:
  #    cpu: 100m
  #    memory: 128Mi
+  #    ephemeral-storage: 1Gi
  #  requests:
  #    cpu: 50m
  #    memory: 64Mi
@ -238,13 +241,14 @@ podSecurityContext:
  runAsNonRoot: true

 # -- Security Context to set on container level
-containerSecurityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  seccompProfile:
+    type: RuntimeDefault

 # -- Annotations to be added to the Rollout service
 serviceAnnotations: {}
@ -451,6 +455,8 @@ notifications:
    # -- Generic key:value pairs to be inserted into the notifications secret
    items: {}
      # slack-token:
+    # -- Annotations to be added to the notifications secret
+    annotations: {}

  # -- Configures notification services
  notifiers: {}
@ -474,3 +480,11 @@ notifications:
    # trigger.on-purple: |
    #   - send: [my-purple-template]
    #     when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple'
+
+  # -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts
+  subscriptions: []
+    # - recipients:
+    #   - slack:<channel>
+    #   triggers:
+    #   - on-rollout-completed
+    #   - on-rollout-aborted
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v3.5.6
+appVersion: v3.5.8
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.41.6
+version: 0.41.11
 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -17,4 +17,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: fixed
-      description: Add missing serviceLabels to server service
+      description: Add `app:` label to components to match upstream
--- a/charts/argo-workflows/templates/_helpers.tpl
+++ b/charts/argo-workflows/templates/_helpers.tpl
@ -94,6 +94,7 @@ app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
 app.kubernetes.io/instance: {{ .context.Release.Name }}
 {{- if .component }}
 app.kubernetes.io/component: {{ .component }}
+app: {{ .component }}
 {{- end }}
 {{- end }}

--- a/charts/argocd-image-updater/Chart.yaml
+++ b/charts/argocd-image-updater/Chart.yaml
@ -2,8 +2,8 @@ apiVersion: v2
 name: argocd-image-updater
 description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
 type: application
-version: 0.10.0
-appVersion: v0.13.0
+version: 0.10.2
+appVersion: v0.13.1
 home: https://github.com/argoproj-labs/argocd-image-updater
 icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
 keywords:
@ -18,5 +18,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: changed
-      description: Bump argocd-image-updater to v0.13.0
+    - kind: fixed
+      description: Fixed a URL in values.yaml comments
--- a/charts/argocd-image-updater/values.yaml
+++ b/charts/argocd-image-updater/values.yaml
@ -107,7 +107,7 @@ config:
  # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`)
  applicationsAPIKind: ""

-  # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags
+  # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/reference/#flags
  # Note: this is only relevant if config.applicationsAPIKind == 'argocd'
  argocd:
    # -- Use the gRPC-web protocol to connect to the Argo CD API