Merge remote-tracking branch 'upstream/main' into 2523

2024-03-05 20:29:42 +00:00 · 2024-03-05 20:29:42 +00:00 · d12184a29f
commit d12184a29f
parent f6706523e6 c4d7988581
68 changed files with 803 additions and 162 deletions
--- a/.github/configs/renovate-config.js
+++ b/.github/configs/renovate-config.js
@ -0,0 +1,7 @@
 module.exports = {
    platform: 'github',
    gitAuthor: 'renovate[bot] <renovate[bot]@users.noreply.github.com>',
    autodiscover: false,
    allowPostUpgradeCommandTemplating: true,
    allowedPostUpgradeCommands: [".*"],
  };
--- a/.github/workflows/chart-version-bump.yml
+++ b/.github/workflows/chart-version-bump.yml
@ -1,57 +0,0 @@
 ## Used on Renovate PRs to bump the chart version and add a changelog entry
 ## Reference: https://github.com/stefanzweifel/git-auto-commit-action
 ## Reference: https://github.com/marketplace/actions/changed-files
 name: 'Chart Version Bump and Changelog'
 on:
  pull_request:
    types:
      - labeled
 permissions:
  contents: write
 jobs:
  helm-bumper:
    if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          token: ${{ secrets.PAT }}
          fetch-depth: 0
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2
        with:
          files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml
      - name: "Bump Version and Changelog"
        run: |
          chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)"
          echo "Changed chart name is: $chartName"
          echo "----------------------------------------"
          parentDir="charts/${chartName}"
          # Bump the chart version by one patch version
          version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}')
          major=$(echo $version | cut -d. -f1)
          minor=$(echo $version | cut -d. -f2)
          patch=$(echo $version | cut -d. -f3)
          patch=$(expr $patch + 1)
          sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml
          # Add a changelog entry
          appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}')
          sed -i -e '/^  artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml
          echo "  artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml
          echo "    - kind: changed" >> ${parentDir}/Chart.yaml
          echo "      description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml
          cat ${parentDir}/Chart.yaml
      - name: "Commit and push changes"
        uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
        with:
          commit_options: '--signoff'
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -12,6 +12,7 @@ permissions:
 jobs:
  publish:
    if: github.repository == 'argoproj/argo-helm'
    permissions:
      contents: write  # for helm/chart-releaser-action to push chart release and create a release
      packages: write  # to push OCI chart package to GitHub Registry
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@ -0,0 +1,37 @@
 name: Renovate
 on:
  # The "*" (#42, asterisk) character has special semantics in YAML, so this
  # string has to be quoted.
  schedule:
    - cron: '0 * * * *'
  # Manual trigger is also possible
  workflow_dispatch: {}
 permissions:
  contents: read
 jobs:
  renovate:
    if: github.repository == 'argoproj/argo-helm'
    runs-on: ubuntu-latest
    steps:
      - name: Get token
        uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
        id: get_token
        with:
          app-id: ${{ vars.RENOVATE_APP_ID }}
          private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
      - name: Checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Self-hosted Renovate
        uses: renovatebot/github-action@78bdcb3bffa5e95e646183ca0a2ac2895abd6a20 # v40.1.3
        with:
          configurationFile: .github/configs/renovate-config.js
          # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
          renovate-version: 37.222.0
          token: '${{ steps.get_token.outputs.token }}'
        env:
          LOG_LEVEL: 'debug'
          RENOVATE_REPOSITORIES: '${{ github.repository }}'
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.10.1
+appVersion: v2.10.2
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 6.2.3
+version: 6.6.0
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -27,4 +27,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: changed
-      description: Updated Redis image tag to 7.2.4
+      description: Support ApplicationSet in any namespace.
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -278,6 +278,15 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 6.4.0
 Added support for application controller dynamic cluster distribution.
 Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
 Added env variables to handle the non-standard names generated by the helm chart.
 Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
 and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
 ### 6.1.0
 Added support for global domain used by all components.
@ -720,12 +729,15 @@ NAME: my-release
 | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
 | controller.containerPorts.metrics | int | `8082` | Metrics container port |
 | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
 | controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment |
 | controller.dnsConfig | object | `{}` | [DNS configuration] |
 | controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods |
 | controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution |
 | controller.env | list | `[]` | Environment variables to pass to application controller |
 | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller |
 | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller |
 | controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod |
 | controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution |
 | controller.hostNetwork | bool | `false` | Host Network for application controller pods |
 | controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller |
 | controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller |
@ -940,7 +952,7 @@ NAME: my-release
 | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server |
 | server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
 | server.ingress.annotations | object | `{}` | Additional ingress annotations |
-| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service |
+| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service |
 | server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service |
 | server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` |
 | server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server |
@ -1077,6 +1089,9 @@ NAME: my-release
 | dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag |
 | dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 |
 | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe |
 | dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe |
 | dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) |
 | dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
 | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
@ -1109,6 +1124,9 @@ NAME: my-release
 | dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods |
 | dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 |
 | dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe |
 | dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe |
 | dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) |
 | dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
 | dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
@ -1284,6 +1302,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
 | applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature |
 | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
 | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate |
 | applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) |
--- a/charts/argo-cd/README.md.gotmpl
+++ b/charts/argo-cd/README.md.gotmpl
@ -278,6 +278,15 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 6.4.0
 Added support for application controller dynamic cluster distribution.
 Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
 Added env variables to handle the non-standard names generated by the helm chart.
 Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
 and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
 ### 6.1.0
 Added support for global domain used by all components.
--- a/charts/argo-cd/ci/dynamic-sharding-values.yaml
+++ b/charts/argo-cd/ci/dynamic-sharding-values.yaml
@ -0,0 +1,6 @@
 # Test application controller dynamic cluster distribution
 crds:
  keep: false
 controller:
  dynamicClusterDistribution: true
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -0,0 +1,357 @@
 {{- if .Values.controller.dynamicClusterDistribution }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.controller.fullname" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 spec:
  replicas: {{ .Values.controller.replicas }}
  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
  template:
    metadata:
      annotations:
        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
        {{- if .Values.configs.cm.create }}
        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
        {{- end }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
        {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.hostAliases }}
      hostAliases:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.securityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      {{- if .Values.controller.terminationGracePeriodSeconds }}
      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
      containers:
      - args:
        - /usr/local/bin/argocd-application-controller
        - --metrics-port={{ .Values.controller.containerPorts.metrics }}
        {{- if .Values.controller.metrics.applicationLabels.enabled }}
        {{- range .Values.controller.metrics.applicationLabels.labels }}
        - --metrics-application-labels
        - {{ . }}
        {{- end }}
        {{- end }}
        {{- with .Values.controller.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
        name: {{ .Values.controller.name }}
        env:
          {{- with (concat .Values.global.env .Values.controller.env) }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION
            value: "true"
          - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME
            value: {{ .Values.controller.heartbeatTime | quote }}
          - name: ARGOCD_APPLICATION_CONTROLLER_NAME
            value: {{ template "argo-cd.controller.fullname" . }}
          - name: ARGOCD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cm
                key: timeout.reconciliation
                optional: true
          - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cm
                key: timeout.hard.reconciliation
                optional: true
          - name: ARGOCD_RECONCILIATION_JITTER
            valueFrom:
              configMapKeyRef:
                key: timeout.reconciliation.jitter
                name: argocd-cm
                optional: true
          - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.repo.error.grace.period.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: repo.server
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.repo.server.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.status.processors
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.operation.processors
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.log.format
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.log.level
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.metrics.cache.expiration
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.repo.server.plaintext
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.repo.server.strict.tls
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.resource.health.persist
                optional: true
          - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.app.state.cache.expiration
                optional: true
          - name: REDIS_SERVER
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: redis.server
                optional: true
          - name: REDIS_COMPRESSION
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: redis.compression
                optional: true
          - name: REDISDB
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: redis.db
                optional: true
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.default.cache.expiration
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.address
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.insecure
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.headers
                optional: true
          - name: ARGOCD_APPLICATION_NAMESPACES
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: application.namespaces
                optional: true
          - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.sharding.algorithm
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.kubectl.parallelism.limit
                optional: true
          - name: ARGOCD_K8SCLIENT_RETRY_MAX
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.k8sclient.retry.max
                optional: true
          - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.k8sclient.retry.base.backoff
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.diff.server.side
                optional: true
        {{- with .Values.controller.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        ports:
        - name: metrics
          containerPort: {{ .Values.controller.containerPorts.metrics }}
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /healthz
            port: metrics
          initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
          timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
          successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
          failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
        resources:
          {{- toYaml .Values.controller.resources | nindent 10 }}
        {{- with .Values.controller.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        workingDir: /home/argocd
        volumeMounts:
        {{- with .Values.controller.volumeMounts }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        - mountPath: /app/config/controller/tls
          name: argocd-repo-server-tls
        - mountPath: /home/argocd
          name: argocd-home
      {{- with .Values.controller.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.controller.initContainers }}
      initContainers:
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
      affinity:
        {{- trim . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.tolerations | default .Values.global.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- range $constraint := . }}
      - {{ toYaml $constraint | nindent 8 | trim }}
          {{- if not $constraint.labelSelector }}
        labelSelector:
          matchLabels:
            {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
          {{- end }}
        {{- end }}
      {{- end }}
      volumes:
      {{- with .Values.controller.volumes }}
        {{- toYaml . | nindent 6 }}
      {{- end }}
      - name: argocd-home
        emptyDir: {}
      - name: argocd-repo-server-tls
        secret:
          secretName: argocd-repo-server-tls
          optional: true
          items:
          - key: tls.crt
            path: tls.crt
          - key: tls.key
            path: tls.key
          - key: ca.crt
            path: ca.crt
      {{- if .Values.controller.hostNetwork }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
      {{- end }}
      {{- with .Values.controller.dnsConfig }}
      dnsConfig:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -1,3 +1,4 @@
 {{- if not .Values.controller.dynamicClusterDistribution | default false }}
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@ -77,6 +78,8 @@ spec:
          {{- end }}
          - name: ARGOCD_CONTROLLER_REPLICAS
            value: {{ .Values.controller.replicas | quote }}
          - name: ARGOCD_APPLICATION_CONTROLLER_NAME
            value: {{ template "argo-cd.controller.fullname" . }}
          - name: ARGOCD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
@ -350,3 +353,4 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
@ -0,0 +1,89 @@
 {{- if .Values.applicationSet.allowAnyNamespace }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 rules:
  - apiGroups:
    - argoproj.io
    resources:
    - applications
    - applicationsets
    - applicationsets/finalizers
    verbs:
    - create
    - delete
    - get
    - list
    - patch
    - update
    - watch
  - apiGroups:
    - argoproj.io
    resources:
    - applicationsets/status
    verbs:
    - get
    - patch
    - update
  - apiGroups:
    - argoproj.io
    resources:
    - appprojects
    verbs:
    - get
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - create
    - get
    - list
    - patch
    - watch
  - apiGroups:
    - ""
    resources:
    - configmaps
    verbs:
    - create
    - update
    - delete
    - get
    - list
    - patch
    - watch
  - apiGroups:
    - ""
    resources:
    - secrets
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - apps
    - extensions
    resources:
    - deployments
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - coordination.k8s.io
    resources:
    - leases
    verbs:
    - create
    - delete
    - get
    - list
    - patch
    - update
    - watch
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
@ -0,0 +1,17 @@
 {{- if .Values.applicationSet.allowAnyNamespace }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ template "argo-cd.applicationSet.fullname" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ template "argo-cd.applicationSet.fullname" . }}
 subjects:
  - kind: ServiceAccount
    name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
    namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml
@ -24,7 +24,7 @@ spec:
      http:
        paths:
          {{- with .Values.applicationSet.ingress.extraPaths }}
-            {{- toYaml . | nindent 10 }}
+            {{- tpl (toYaml .) $ | nindent 10 }}
          {{- end }}
          - path: {{ .Values.applicationSet.ingress.path }}
            pathType: {{ .Values.applicationSet.ingress.pathType }}
@ -46,7 +46,7 @@ spec:
                  number: {{ $.Values.applicationSet.service.port }}
    {{- end }}
    {{- with .Values.applicationSet.ingress.extraRules }}
-      {{- toYaml . | nindent 4 }}
+      {{- tpl (toYaml .) $ | nindent 4 }}
    {{- end }}
  {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }}
  tls:
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -85,6 +85,8 @@ spec:
          - name: USER_NAME
            value: argocd
          {{- end }}
          - name: ARGOCD_REPO_SERVER_NAME
            value: {{ template "argo-cd.repoServer.fullname" . }}
          - name: ARGOCD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
--- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml
@ -26,7 +26,7 @@ spec:
      http:
        paths:
          {{- with .Values.server.ingress.extraPaths }}
-            {{- toYaml . | nindent 10 }}
+            {{- tpl (toYaml .) $ | nindent 10 }}
          {{- end }}
          - path: {{ .Values.server.ingress.path }}
            pathType: {{ $.Values.server.ingressGrpc.pathType }}
@ -55,7 +55,7 @@ spec:
                  number: {{ $servicePort }}
    {{- end }}
    {{- with .Values.server.ingress.extraRules }}
-      {{- toYaml . | nindent 4 }}
+      {{- tpl (toYaml .) $ | nindent 4 }}
    {{- end }}
  {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
  tls:
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -75,6 +75,8 @@ spec:
          {{- with (concat .Values.global.env .Values.server.env) }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - name: ARGOCD_SERVER_NAME
            value: {{ template "argo-cd.server.fullname" . }}
          - name: ARGOCD_SERVER_INSECURE
            valueFrom:
              configMapKeyRef:
--- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml
@ -31,7 +31,7 @@ spec:
      http:
        paths:
          {{- with .Values.server.ingress.extraPaths }}
-            {{- toYaml . | nindent 10 }}
+            {{- tpl (toYaml .) $ | nindent 10 }}
          {{- end }}
          - path: {{ .Values.server.ingress.path }}
            pathType: {{ .Values.server.ingress.pathType }}
@ -53,7 +53,7 @@ spec:
                  number: {{ $servicePort }}
    {{- end }}
    {{- with .Values.server.ingress.extraRules }}
-      {{- toYaml . | nindent 4 }}
+      {{- tpl (toYaml .) $ | nindent 4 }}
    {{- end }}
  {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
  tls:
--- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
+++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}}
+{{- if .Values.server.ingressGrpc.enabled -}}
 {{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@ -25,7 +25,7 @@ spec:
      http:
        paths:
          {{- with .Values.server.ingressGrpc.extraPaths }}
-            {{- toYaml . | nindent 10 }}
+            {{- tpl (toYaml .) $ | nindent 10 }}
          {{- end }}
          - path: {{ .Values.server.ingressGrpc.path }}
            pathType: {{ .Values.server.ingressGrpc.pathType }}
@ -47,7 +47,7 @@ spec:
                  number: {{ $.Values.server.service.servicePortHttps }}
    {{- end }}
    {{- with .Values.server.ingressGrpc.extraRules }}
-      {{- toYaml . | nindent 4 }}
+      {{- tpl (toYaml .) $ | nindent 4 }}
    {{- end }}
  {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }}
  tls:
--- a/charts/argo-cd/templates/argocd-server/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/ingress.yaml
@ -26,7 +26,7 @@ spec:
      http:
        paths:
          {{- with .Values.server.ingress.extraPaths }}
-            {{- toYaml . | nindent 10 }}
+            {{- tpl (toYaml .) $ | nindent 10 }}
          {{- end }}
          - path: {{ .Values.server.ingress.path }}
            pathType: {{ $.Values.server.ingress.pathType }}
@ -48,7 +48,7 @@ spec:
                  number: {{ $servicePort }}
    {{- end }}
    {{- with .Values.server.ingress.extraRules }}
-      {{- toYaml . | nindent 4 }}
+      {{- tpl (toYaml .) $ | nindent 4 }}
    {{- end }}
  {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
  tls:
--- a/charts/argo-cd/templates/dex/deployment.yaml
+++ b/charts/argo-cd/templates/dex/deployment.yaml
@ -99,8 +99,9 @@ spec:
        {{- if .Values.dex.livenessProbe.enabled }}
        livenessProbe:
          httpGet:
-            path: /healthz/live
+            path: {{ .Values.dex.livenessProbe.httpPath }}
-            port: metrics
+            port: {{ .Values.dex.livenessProbe.httpPort }}
            scheme: {{ .Values.dex.livenessProbe.httpScheme }}
          initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }}
          timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }}
@ -110,8 +111,9 @@ spec:
        {{- if .Values.dex.readinessProbe.enabled }}
        readinessProbe:
          httpGet:
-            path: /healthz/ready
+            path: {{ .Values.dex.readinessProbe.httpPath }}
-            port: metrics
+            port: {{ .Values.dex.readinessProbe.httpPort }}
            scheme: {{ .Values.dex.readinessProbe.httpScheme }}
          initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }}
          timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }}
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@ -193,7 +193,7 @@ spec:
        - name: health
          configMap:
            name: {{ include "argo-cd.redis.fullname" . }}-health-configmap
-            defaultMode: 0755
+            defaultMode: 493
      {{- with .Values.redis.volumes }}
        {{- toYaml . | nindent 8}}
      {{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -577,8 +577,22 @@ controller:
  # -- The number of application controller pods to run.
  # Additional replicas will cause sharding of managed clusters across number of replicas.
  ## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
  ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
  replicas: 1
  # -- Enable dynamic cluster distribution (alpha)
  # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution
  ## This is done using a deployment instead of a statefulSet
  ## When replicas are added or removed, the sharding algorithm is re-run to ensure that the
  ## clusters are distributed according to the algorithm. If the algorithm is well-balanced,
  ## like round-robin, then the shards will be well-balanced.
  dynamicClusterDistribution: false
  # -- Application controller heartbeat time
  # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
  heartbeatTime: 10
  # -- Maximum number of controller revisions that will be maintained in StatefulSet history
  revisionHistoryLimit: 5
@ -662,6 +676,9 @@ controller:
  # -- Annotations for the application controller StatefulSet
  statefulsetAnnotations: {}
  # -- Annotations for the application controller Deployment
  deploymentAnnotations: {}
  # -- Annotations to be added to application controller pods
  podAnnotations: {}
@ -1039,6 +1056,12 @@ dex:
  livenessProbe:
    # -- Enable Kubernetes liveness probe for Dex >= 2.28.0
    enabled: false
    # -- Http path to use for the liveness probe
    httpPath: /healthz/live
    # -- Http port to use for the liveness probe
    httpPort: metrics
    # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
    httpScheme: HTTP
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
    # -- Number of seconds after the container has started before [probe] is initiated
@ -1053,6 +1076,12 @@ dex:
  readinessProbe:
    # -- Enable Kubernetes readiness probe for Dex >= 2.28.0
    enabled: false
    # -- Http path to use for the readiness probe
    httpPath: /healthz/ready
    # -- Http port to use for the readiness probe
    httpPort: metrics
    # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
    httpScheme: HTTP
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
    # -- Number of seconds after the container has started before [probe] is initiated
@ -2009,6 +2038,7 @@ server:
    # -- Additional ingress paths
    # @default -- `[]` (See [values.yaml])
    ## Note: Supports use of custom Helm templates
    extraPaths: []
      # - path: /*
      #   pathType: Prefix
@ -2020,15 +2050,17 @@ server:
    # -- Additional ingress rules
    # @default -- `[]` (See [values.yaml])
    ## Note: Supports use of custom Helm templates
    extraRules: []
-      # - host: example.example.com
+      # - http:
-      #   http:
+      #     paths:
-      #       path: /
+      #     - path: /
      #       pathType: Prefix
      #       backend:
      #         service:
-      #           name: example-svc
+      #           name: '{{ include "argo-cd.server.fullname" . }}'
      #           port:
-      #             name: http
+      #             name: '{{ .Values.server.service.servicePortHttpsName }}'
    # -- Additional TLS configuration
    # @default -- `[]` (See [values.yaml])
@ -2042,8 +2074,9 @@ server:
    ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
    aws:
      # -- Backend protocol version for the AWS ALB gRPC service
-      ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features
+      ## This tells AWS to send traffic from the ALB using gRPC.
-      backendProtocolVersion: HTTP2
+      ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
      backendProtocolVersion: GRPC
      # -- Service type for the AWS ALB gRPC service
      ## Can be of type NodePort or ClusterIP depending on which mode you are running.
      ## Instance mode needs type NodePort, IP mode needs type ClusterIP
@ -2114,6 +2147,7 @@ server:
    # -- Additional ingress paths for dedicated [gRPC-ingress]
    # @default -- `[]` (See [values.yaml])
    ## Note: Supports use of custom Helm templates
    extraPaths: []
      # - path: /*
      #   pathType: Prefix
@ -2125,15 +2159,17 @@ server:
    # -- Additional ingress rules
    # @default -- `[]` (See [values.yaml])
    ## Note: Supports use of custom Helm templates
    extraRules: []
-      # - host: example.example.com
+      # - http:
-      #   http:
+      #     paths:
-      #       path: /
+      #     - path: /
      #       pathType: Prefix
      #       backend:
      #         service:
-      #           name: example-svc
+      #           name: '{{ include "argo-cd.server.fullname" . }}'
      #           port:
-      #             name: http
+      #             name: '{{ .Values.server.service.servicePortHttpName }}'
    # -- Additional TLS configuration for dedicated [gRPC-ingress]
    # @default -- `[]` (See [values.yaml])
@ -2874,15 +2910,17 @@ applicationSet:
    # -- Additional ingress rules
    # @default -- `[]` (See [values.yaml])
    ## Note: Supports use of custom Helm templates
    extraRules: []
-      # - host: example.example.com
+      # - http:
-      #   http:
+      #    paths:
-      #       path: /
+      #    - path: /api/webhook
-      #       backend:
+      #      pathType: Prefix
-      #         service:
+      #      backend:
-      #           name: example-svc
+      #        service:
-      #           port:
+      #          name: '{{ include "argo-cd.applicationSet.fullname" . }}'
-      #             name: http
+      #          port:
      #            name: '{{ .Values.applicationSet.service.portName }}'
    # -- Additional ingress TLS configuration
    # @default -- `[]` (See [values.yaml])
@ -2890,7 +2928,8 @@ applicationSet:
      # - secretName: argocd-applicationset-tls
      #   hosts:
      #     - argocd-applicationset.example.com
-
+  # -- Enable ApplicationSet in any namespace feature
  allowAnyNamespace: false
 ## Notifications controller
 notifications:
  # -- Enable notifications controller
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v3.5.4
+appVersion: v3.5.5
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.40.11
+version: 0.40.14
 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -16,5 +16,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: fixed
+    - kind: added
-      description: Add caSecret in the artifactory.s3 configuration values.
+      description: Support namespaceOverride
--- a/charts/argo-workflows/README.md
+++ b/charts/argo-workflows/README.md
@ -124,6 +124,7 @@ Fields to note:
 | images.tag | string | `""` | Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. |
 | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
 | nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template |
 | namespaceOverride | string | `.Release.Namespace` | Override the namespace |
 | singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. |
 ### Workflow
--- a/charts/argo-workflows/templates/_helpers.tpl
+++ b/charts/argo-workflows/templates/_helpers.tpl
@ -189,3 +189,11 @@ Return the appropriate apiVersion for GKE resources
 {{- print "cloud.google.com/v1beta1" -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Expand the namespace of the release.
 Allows overriding it for multi-namespace deployments in combined charts.
 */}}
 {{- define "argo-workflows.namespace" -}}
 {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
 {{- end }}
--- a/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml
+++ b/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ $cm_name }}
-  namespace: {{ $.Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" $ | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }}
  {{- with $cm_val.annotations }}
--- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
@ -8,7 +8,7 @@ kind: ClusterRole
 metadata:
  name: {{ template "argo-workflows.controller.fullname" . }}
  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  {{- end }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
--- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "argo-workflows.controller.config-map.name" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
 data:
--- a/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml
@ -8,7 +8,7 @@ kind: ClusterRoleBinding
 metadata:
  name: {{ template "argo-workflows.controller.fullname" . }}
  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  {{- end }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
@ -23,7 +23,7 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ include "argo-workflows.namespace" . | quote }}
 {{- if .Values.controller.clusterWorkflowTemplates.enabled }}
 ---
@ -40,6 +40,6 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
+    namespace: {{ include "argo-workflows.namespace" . | quote }}
 {{- end }}
 {{- end }}
--- a/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml
@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ template "argo-workflows.controller.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 spec:
--- a/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "argo-workflows.controller.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
@ -89,6 +89,10 @@ spec:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.name
          {{- if eq (int .Values.controller.replicas) 1 }}
            - name: LEADER_ELECTION_DISABLE
              value: "true"
          {{- end }}
          {{- with .Values.controller.extraEnv }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
--- a/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "argo-workflows.controllerServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
  {{- with .Values.controller.serviceAccount.labels  }}
--- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "argo-workflows.controller.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
--- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-workflows.controller.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.controller.serviceMonitor.namespace | quote }}
+  namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- with .Values.controller.serviceMonitor.additionalLabels }}
@ -43,7 +43,7 @@ spec:
  {{- end }}
  namespaceSelector:
    matchNames:
-      - {{ .Release.Namespace | quote }}
+      - {{ include "argo-workflows.namespace" . | quote }}
  selector:
    matchLabels:
      {{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
--- a/charts/argo-workflows/templates/controller/workflow-rb.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml
@ -1,5 +1,5 @@
 {{- if .Values.workflow.rbac.create -}}
-  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq)  }}
+  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
--- a/charts/argo-workflows/templates/controller/workflow-role.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-role.yaml
@ -1,5 +1,5 @@
 {{- if .Values.workflow.rbac.create -}}
-  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq)  }}
+  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
--- a/charts/argo-workflows/templates/controller/workflow-sa.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-sa.yaml
@ -1,5 +1,5 @@
 {{- if .Values.workflow.serviceAccount.create -}}
-  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace .Release.Namespace) | uniq)  }}
+  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
 ---
 apiVersion: v1
 kind: ServiceAccount
--- a/charts/argo-workflows/templates/server/gke/backendconfig.yaml
+++ b/charts/argo-workflows/templates/server/gke/backendconfig.yaml
@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }}
 kind: BackendConfig
 metadata:
  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
--- a/charts/argo-workflows/templates/server/gke/frontendconfig.yaml
+++ b/charts/argo-workflows/templates/server/gke/frontendconfig.yaml
@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1beta1
 kind: FrontendConfig
 metadata:
  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
--- a/charts/argo-workflows/templates/server/gke/managedcertificate.yaml
+++ b/charts/argo-workflows/templates/server/gke/managedcertificate.yaml
@ -3,7 +3,7 @@ apiVersion: networking.gke.io/v1
 kind: ManagedCertificate
 metadata:
  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
 spec:
  domains:
    {{- with .Values.server.GKEmanagedCertificate.domains }}
--- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml
+++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml
@ -8,7 +8,7 @@ kind: ClusterRole
 metadata:
  name: {{ template "argo-workflows.server.fullname" . }}
  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  {{- end }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
--- a/charts/argo-workflows/templates/server/server-crb.yaml
+++ b/charts/argo-workflows/templates/server/server-crb.yaml
@ -8,7 +8,7 @@ kind: ClusterRoleBinding
 metadata:
  name: {{ template "argo-workflows.server.fullname" . }}
  {{- if .Values.singleNamespace }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  {{- end }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
@ -23,7 +23,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
 {{- if .Values.server.clusterWorkflowTemplates.enabled }}
 ---
@ -40,6 +40,6 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
 {{- end -}}
 {{- end -}}
--- a/charts/argo-workflows/templates/server/server-deployment-hpa.yaml
+++ b/charts/argo-workflows/templates/server/server-deployment-hpa.yaml
@ -3,7 +3,7 @@ apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }}
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
--- a/charts/argo-workflows/templates/server/server-deployment-pdb.yaml
+++ b/charts/argo-workflows/templates/server/server-deployment-pdb.yaml
@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
--- a/charts/argo-workflows/templates/server/server-deployment.yaml
+++ b/charts/argo-workflows/templates/server/server-deployment.yaml
@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
    app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
--- a/charts/argo-workflows/templates/server/server-ingress.yaml
+++ b/charts/argo-workflows/templates/server/server-ingress.yaml
@ -14,7 +14,7 @@ metadata:
  {{- end }}
 {{- end }}
  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
    {{- if .Values.server.ingress.labels }}
--- a/charts/argo-workflows/templates/server/server-sa.yaml
+++ b/charts/argo-workflows/templates/server/server-sa.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "argo-workflows.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
  {{- with .Values.server.serviceAccount.labels  }}
--- a/charts/argo-workflows/templates/server/server-service.yaml
+++ b/charts/argo-workflows/templates/server/server-service.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "argo-workflows.server.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
    app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@ -26,6 +26,10 @@ nameOverride:
 # -- String to fully override "argo-workflows.fullname" template
 fullnameOverride:
 # -- Override the namespace
 # @default -- `.Release.Namespace`
 namespaceOverride: ""
 # -- Labels to set on all resources
 commonLabels: {}
--- a/charts/argocd-apps/Chart.yaml
+++ b/charts/argocd-apps/Chart.yaml
@ -19,4 +19,5 @@ annotations:
  artifacthub.io/changes: |
    - kind: added
      description: make the chart use maps instead of lists
-   
+    - kind: added
      description: Support Template Patch to ApplicationSet
--- a/charts/argocd-apps/ci/applicationsets-values.yaml
+++ b/charts/argocd-apps/ci/applicationsets-values.yaml
@ -46,6 +46,19 @@ applicationsets:
    syncPolicy:
      # Set Application finalizer
      preserveResourcesOnDeletion: false
    templatePatch: |
      spec:
        source:
          helm:
            valueFiles:
            {{- range $valueFile := .valueFiles }}
              - {{ $valueFile }}
            {{- end }}
      {{- if .autoSync }}
        syncPolicy:
          automated:
            prune: {{ .prune }}
      {{- end }}
  applicationset-list-generator:
    generators:
    - list:
--- a/charts/argocd-apps/templates/applicationsets.yaml
+++ b/charts/argocd-apps/templates/applicationsets.yaml
@ -84,4 +84,8 @@ spec:
      {{- end }}
    {{- end -}}
  {{- end }}
  {{- with .templatePatch }}
  templatePatch: |
    {{- . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/charts/argocd-apps/values.yaml
+++ b/charts/argocd-apps/values.yaml
@ -157,6 +157,20 @@ applicationsets: {}
 #    syncPolicy:
 #      # Set Application finalizer
 #      preserveResourcesOnDeletion: false
 #    # Templating is only available on string type
 #    templatePatch: |
 #      spec:
 #        source:
 #          helm:
 #            valueFiles:
 #            {{- range $valueFile := .valueFiles }}
 #              - {{ $valueFile }}
 #            {{- end }}
 #      {{- if .autoSync }}
 #        syncPolicy:
 #          automated:
 #            prune: {{ .prune }}
 #      {{- end }}
 # --  Deploy Argo CD Applications/ApplicationSets/Projects within this helm release
 # @default -- `[]` (See [values.yaml])
--- a/charts/argocd-image-updater/Chart.yaml
+++ b/charts/argocd-image-updater/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: argocd-image-updater
 description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
 type: application
-version: 0.9.4
+version: 0.9.5
 appVersion: v0.12.2
 home: https://github.com/argoproj-labs/argocd-image-updater
 icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@ -19,4 +19,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: added
-      description: Allow defining additional labels to Service Account
+      description: Allow overriding of .Release.Namespace with .Values.namespaceOverride
--- a/charts/argocd-image-updater/README.md
+++ b/charts/argocd-image-updater/README.md
@ -105,6 +105,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
 | metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
 | nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override |
 | namespaceOverride | string | `""` | Global namespace (argocd-image-updater.namespace in _helpers.tpl) override |
 | nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment |
 | podAnnotations | object | `{}` | Pod Annotations for the deployment |
 | podLabels | object | `{}` | Pod Labels for the deployment |
--- a/charts/argocd-image-updater/templates/_helpers.tpl
+++ b/charts/argocd-image-updater/templates/_helpers.tpl
@ -24,6 +24,13 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 {{- end }}
 {{/*
 Override .Release.Namespace 
 */}}
 {{- define "argocd-image-updater.namespace" -}}
 {{- default .Release.Namespace .Values.namespaceOverride }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
--- a/charts/argocd-image-updater/templates/configmap-authscripts.yaml
+++ b/charts/argocd-image-updater/templates/configmap-authscripts.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    {{- include "argocd-image-updater.labels" . | nindent 4 }}
  name: argocd-image-updater-authscripts
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 data:
  {{- toYaml .Values.authScripts.scripts | nindent 2}}
 {{- end }}
--- a/charts/argocd-image-updater/templates/configmap-sshconfig.yaml
+++ b/charts/argocd-image-updater/templates/configmap-sshconfig.yaml
@ -4,7 +4,7 @@ metadata:
  labels:
    {{- include "argocd-image-updater.labels" . | nindent 4 }}
  name: argocd-image-updater-ssh-config
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 data:
  {{- with .Values.config.sshConfig }}
  {{- toYaml . | nindent 2 }}
--- a/charts/argocd-image-updater/templates/configmap.yaml
+++ b/charts/argocd-image-updater/templates/configmap.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    {{- include "argocd-image-updater.labels" . | nindent 4 }}
  name: argocd-image-updater-config
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 data:
  {{- with .Values.config.applicationsAPIKind }}
  applications_api: {{ . }}
--- a/charts/argocd-image-updater/templates/deployment.yaml
+++ b/charts/argocd-image-updater/templates/deployment.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "argocd-image-updater.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
  labels:
    {{- include "argocd-image-updater.labels" . | nindent 4 }}
 spec:
--- a/charts/argocd-image-updater/templates/metrics-service.yaml
+++ b/charts/argocd-image-updater/templates/metrics-service.yaml
@ -14,7 +14,7 @@ metadata:
      {{- toYaml . | nindent 4 }}
    {{- end }}
  name: {{ include "argocd-image-updater.fullname" . }}-metrics
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 spec:
  ports:
    - name: metrics
--- a/charts/argocd-image-updater/templates/rbac.yaml
+++ b/charts/argocd-image-updater/templates/rbac.yaml
@ -6,7 +6,7 @@ metadata:
  labels:
    {{ include "argocd-image-updater.labels" . | nindent 4 }}
  name: {{ include "argocd-image-updater.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 rules:
  - apiGroups:
      - ''
@ -39,6 +39,7 @@ metadata:
  labels:
    {{ include "argocd-image-updater.labels" . | nindent 4 }}
  name: {{ include "argocd-image-updater.fullname" . }}
  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@ -46,5 +47,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "argocd-image-updater.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 {{- end }}
--- a/charts/argocd-image-updater/templates/secret.yaml
+++ b/charts/argocd-image-updater/templates/secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-image-updater-secret
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
  labels:
    {{- include "argocd-image-updater.labels" . | nindent 4 }}
 type: Opaque
--- a/charts/argocd-image-updater/templates/serviceaccount.yaml
+++ b/charts/argocd-image-updater/templates/serviceaccount.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "argocd-image-updater.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
  labels:
    {{- include "argocd-image-updater.labels" . | nindent 4 }}
    {{- with .Values.serviceAccount.labels }}
--- a/charts/argocd-image-updater/templates/servicemonitor.yaml
+++ b/charts/argocd-image-updater/templates/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ include "argocd-image-updater.fullname" . }}-metrics
-  namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default (include "argocd-image-updater.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argocd-image-updater.labels" . | nindent 4 }}
    {{- with .Values.metrics.serviceMonitor.selector }}
@ -29,7 +29,7 @@ spec:
      {{- end }}
  namespaceSelector:
    matchNames:
-      - {{ .Release.Namespace }}
+      - {{ include "argocd-image-updater.namespace" . | quote }}
  selector:
    matchLabels:
      {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }}
--- a/charts/argocd-image-updater/values.yaml
+++ b/charts/argocd-image-updater/values.yaml
@ -17,6 +17,8 @@ imagePullSecrets: []
 nameOverride: ""
 # -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override
 fullnameOverride: ""
 # -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override
 namespaceOverride: ""
 # -- Extra arguments for argocd-image-updater not defined in `config.argocd`.
 # If a flag contains both key and value, they need to be split to a new entry
--- a/renovate.json
+++ b/renovate.json
@ -4,7 +4,7 @@
    "fileMatch": ["\\.yaml$", "\\.yml$"]
  },
  "extends": [
-    "config:base",
+    "config:recommended",
    "docker:enableMajor"
  ],
  "labels": ["renovate"],
@ -13,10 +13,12 @@
    "**/charts/argo-cd/Chart.yaml",
    "**/charts/argo-events/Chart.yaml",
    "**/charts/argo-rollouts/Chart.yaml",
-    "**/charts/argocd-image-updater/Chart.yaml"
+    "**/charts/argocd-image-updater/Chart.yaml",
    "**/.github/workflows/renovate.yaml"
  ],
-  "regexManagers": [
+  "customManagers": [
    {
      "customType": "regex",
      "fileMatch": ["charts/argo-workflows/Chart.yaml$"],
      "matchStrings": [
        "\\sappVersion: (?<currentValue>.*)\\s"
@ -26,6 +28,7 @@
      "datasourceTemplate": "github-releases"
    },
    {
      "customType": "regex",
      "fileMatch": ["charts/argo-cd/Chart.yaml$"],
      "matchStrings": [
        "\\sappVersion: (?<currentValue>.*)\\s"
@ -35,6 +38,7 @@
      "datasourceTemplate": "github-releases"
    },
    {
      "customType": "regex",
      "fileMatch": ["charts/argo-events/Chart.yaml$"],
      "matchStrings": [
        "\\sappVersion: (?<currentValue>.*)\\s"
@ -44,6 +48,7 @@
      "datasourceTemplate": "github-releases"
    },
    {
      "customType": "regex",
      "fileMatch": ["charts/argo-rollouts/Chart.yaml$"],
      "matchStrings": [
        "\\sappVersion: (?<currentValue>.*)\\s"
@ -53,6 +58,7 @@
      "datasourceTemplate": "github-releases"
    },
    {
      "customType": "regex",
      "fileMatch": ["charts/argocd-image-updater/Chart.yaml$"],
      "matchStrings": [
        "\\sappVersion: (?<currentValue>.*)\\s"
@ -60,32 +66,42 @@
      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}",
      "depNameTemplate": "argoproj-labs/argocd-image-updater",
      "datasourceTemplate": "github-releases"
    },
    {
      "customType": "regex",
      "fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"],
      "matchStrings": [
        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+.+version: (?<currentValue>.*)"
      ]
    }
  ],
  "packageRules": [
    {
-      "matchPackagePatterns": ["argoproj/argo-workflows"],
+      "matchPackagePatterns": [
-      "commitMessagePrefix": "chore(argo-workflows):"
+        "argoproj/argo-workflows",
-    },
+        "argoproj/argo-cd",
-    {
+        "argoproj/argo-events",
-      "matchPackagePatterns": ["argoproj/argo-cd"],
+        "argoproj/argo-rollouts"
-      "commitMessagePrefix": "chore(argo-cd):"
+      ],
-    },
+      "commitMessagePrefix": "chore({{{replace 'argoproj/' '' depName}}}):",
-    {
+      "postUpgradeTasks": {
-      "matchPackagePatterns": ["argoproj/argo-events"],
+        "commands": ["./scripts/renovate-bump-version.sh {{depName}}"]
-      "commitMessagePrefix": "chore(argo-events):"
+      }
    },
    {
      "matchPackagePatterns": ["argoproj/argo-rollouts"],
      "commitMessagePrefix": "chore(argo-rollouts):"
    },
    {
      "matchPackagePatterns": ["argoproj-labs/argocd-image-updater"],
-      "commitMessagePrefix": "chore(argocd-image-updater):"
+      "commitMessagePrefix": "chore({{{replace 'argoproj-labs/' '' depName}}}):",
      "postUpgradeTasks": {
        "commands": ["./scripts/renovate-bump-version.sh {{depName}}"]
      }
    },
    {
      "matchPackagePatterns": ["redis-ha"],
      "enabled": false
    },
    {
      "matchPackageNames": ["ghcr.io/renovatebot/renovate"],
      "extends": ["schedule:monthly"]
    }
  ]
 }
--- a/scripts/renovate-bump-version.sh
+++ b/scripts/renovate-bump-version.sh
@ -0,0 +1,31 @@
 #!/bin/bash
 depName="${1}"
 if [ -z "${depName}" ]; then
  echo "Missing argument 'depName'" >&2
  echo "Example usage: $0 argoproj/argo-cd" >&2
  exit 1
 fi
 chartName=$(echo "$depName" | sed -e "s+^argoproj/++" -e "s+^argoproj-labs/++")
 echo "Changed chart name is: $chartName"
 echo "----------------------------------------"
 parentDir="charts/${chartName}"
 # Bump the chart version by one patch version
 version=$(grep '^version:' "${parentDir}/Chart.yaml" | awk '{print $2}')
 major=$(echo "${version}" | cut -d. -f1)
 minor=$(echo "${version}" | cut -d. -f2)
 patch=$(echo "${version}" | cut -d. -f3)
 patch=$((patch + 1))
 sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" "${parentDir}/Chart.yaml"
 # Add a changelog entry
 appVersion=$(grep '^appVersion:' "${parentDir}/Chart.yaml" | awk '{print $2}')
 sed -i -e '/^  artifacthub.io\/changes: |/,$ d' "${parentDir}/Chart.yaml"
 {
  echo "  artifacthub.io/changes: |"
  echo "    - kind: changed"
  echo "      description: Bump ${chartName} to ${appVersion}"
 } >> "${parentDir}/Chart.yaml"
 cat "${parentDir}/Chart.yaml"