Merge branch 'main' into support-templatePatch

2024-02-24 21:33:39 +09:00 · 2024-02-24 21:33:39 +09:00 · d8a9179969
commit d8a9179969
parent f1eed5758b 42b20e0b6b
41 changed files with 529 additions and 255 deletions
--- a/.github/workflows/chart-version-bump.yml
+++ b/.github/workflows/chart-version-bump.yml
@ -23,7 +23,7 @@ jobs:
      - name: Get changed files
        id: changed-files
-        uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2
+        uses: tj-actions/changed-files@3f54ebb830831fc121d3263c1857cfbdc310cdb9 # v42.0.4
        with:
          files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@ -70,7 +70,7 @@ jobs:
          fi
      - name: Create kind cluster
-        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
+        uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0
        if: steps.list-changed.outputs.changed == 'true'
        with:
          config: .github/configs/kind-config.yaml
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -60,7 +60,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
        with:
          name: SARIF file
          path: results.sarif
--- a/charts/argo-cd/Chart.lock
+++ b/charts/argo-cd/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
  repository: https://dandydeveloper.github.io/charts/
-  version: 4.23.0
+  version: 4.26.1
-digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c
+digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41
-generated: "2023-05-15T19:25:26.049618+09:00"
+generated: "2024-02-18T19:42:53.135599+02:00"
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.10.0
+appVersion: v2.10.1
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 6.0.1
+version: 6.3.1
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -18,7 +18,7 @@ maintainers:
    url: https://argoproj.github.io/
 dependencies:
  - name: redis-ha
-    version: 4.23.0
+    version: 4.26.1
    repository: https://dandydeveloper.github.io/charts/
    condition: redis-ha.enabled
 annotations:
@ -27,4 +27,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: fixed
-      description: Fixed rendering of ingress extraHosts sections
+      description: Fix templated values for Dex probes
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -64,7 +64,180 @@ applicationSet:
  replicas: 2
 ```
-### Synchronizing Changes from Original Repository
+## Ingress configuration
 Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples
 below corespond to their respective sections.
 ### SSL-Passthrough
 The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place.
 ```yaml
 global:
  domain: argocd.example.com
 certificate:
  enabled: true
 server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    tls: true
 ```
 ### SSL Termination at Ingress Controller
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    extraTls:
      - hosts:
        - argocd.example.com
        # Based on the ingress controller used secret might be optional
        secretName: wildcard-tls
 ```
 > **Note:**
 > If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section.
 ### Multiple ingress resources for gRPC protocol support
 Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour).
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  ingress:
    enabled: true
    ingressClassName: contour-internal
    extraTls:
      - hosts:
        - argocd.example.com
        secretName: wildcard-tls
   ingressGrpc:
     enabled: true
     ingressClassName: contour-internal
     extraTls:
      - hosts:
        - grpc.argocd.example.com
        secretName: wildcard-tls
 ```
 ### Multiple ingress domains
 ```yaml
 global:
  domain: argocd.example.com
 server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      cert-manager.io/cluster-issuer: "<my-issuer>"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    tls: true
    extraHosts:
      - name: argocd-alias.example.com
        path: /
 ```
 ### AWS Application Load Balancer
 Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode).
 The provided example assumes you are using TLS off-loading via AWS ACM service.
 > **Note:**
 > Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section.
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  ingress:
    enabled: true
    controller: aws
    ingressClassName: alb
    annotations:
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/backend-protocol: HTTP
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/ssl-redirect: '443'
    aws:
      serviceType: ClusterIP # <- Used with target-type: ip
      backendProtocolVersion: GRPC
 ```
 ### GKE Application Load Balancer
 The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations
 automatically if you provide configuration for GKE resources.
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  service:
    annotations:
      cloud.google.com/neg: '{"ingress": true}'
      cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
  ingress:
    enabled: true
    controller: gke
    gke:
      backendConfig:
        healthCheck:
          checkIntervalSec: 30
          timeoutSec: 5
          healthyThreshold: 1
          unhealthyThreshold: 2
          type: HTTP
          requestPath: /healthz
          port: 8080
      frontendConfig:
        redirectToHttps:
          enabled: true 
      managedCertificate:
        enabled: true
 ```
 ## Synchronizing Changes from Original Repository
 In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
@ -105,6 +278,10 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 6.1.0
 Added support for global domain used by all components.
 ### 6.0.0
 This version **removes support for**:
@ -124,53 +301,7 @@ Please review your setup and adjust to new configuration options:
 * additional hostnames and routing can be provided via `extraHosts` configuration section
 * additional TLS secrets can be provided via `extraTls` configuration section
-Specific ingress implementations for cloud providers were decoupled from generic ingress resource.
+Please refer to [ingress configuration](#ingress-configuration) for examples.
 To configure AWS Application Load Balancer:
 ```yaml
 server:
  ingress:
    enabled: true
    controller: aws
    annotations:
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    aws:
      backendProtocolVersion: HTTP2
      serviceType: NodePort
 ```
 To configure GKE Application Load Balancer:
 ```yaml
 configs:
  params:
    "server.insecure": true
 server:
  service:
    annotations:
      cloud.google.com/neg: '{"ingress": true}'
      cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
  ingress:
    enabled: true
    controller: gke
    gke:
      backendConfig:
        healthCheck:
          checkIntervalSec: 30
          timeoutSec: 5
          healthyThreshold: 1
          unhealthyThreshold: 2
          type: HTTP
          requestPath: /healthz
          port: 8080
      frontendConfig:
        redirectToHttps:
          enabled: true 
 ```
 ### 5.53.0
@ -493,6 +624,7 @@ NAME: my-release
 | global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates |
 | global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments |
 | global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments |
 | global.domain | string | `"argocd.example.com"` | Default domain used by all components |
 | global.env | list | `[]` | Environment variables to pass to all deployed Deployments |
 | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
 | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments |
@ -526,7 +658,6 @@ NAME: my-release
 | configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository |
 | configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap |
 | configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] |
 | configs.cm.url | string | `""` | Argo CD's externally facing base URL (optional). Required when configuring SSO |
 | configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap |
 | configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap |
 | configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm |
@ -610,6 +741,7 @@ NAME: my-release
 | controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace |
 | controller.metrics.rules.selector | object | `{}` | PrometheusRule selector |
 | controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller |
 | controller.metrics.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. |
 | controller.metrics.service.annotations | object | `{}` | Metrics service annotations |
 | controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
 | controller.metrics.service.labels | object | `{}` | Metrics service labels |
@ -715,6 +847,7 @@ NAME: my-release
 | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
 | repoServer.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
 | repoServer.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
 | repoServer.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. |
 | repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
 | repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
 | repoServer.name | string | `"repo-server"` | Repo server name |
@ -738,7 +871,7 @@ NAME: my-release
 | repoServer.service.annotations | object | `{}` | Repo server service annotations |
 | repoServer.service.labels | object | `{}` | Repo server service labels |
 | repoServer.service.port | int | `8081` | Repo server service port |
-| repoServer.service.portName | string | `"https-repo-server"` | Repo server service port name |
+| repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name |
 | repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
 | repoServer.serviceAccount.create | bool | `true` | Create repo server service account |
@ -765,7 +898,7 @@ NAME: my-release
 | server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] |
 | server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
 | server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate |
-| server.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
+| server.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) |
 | server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
 | server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
 | server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
@ -819,7 +952,7 @@ NAME: my-release
 | server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller |
 | server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer |
 | server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource |
-| server.ingress.hostname | string | `"argocd.example.com"` | Argo CD server hostname |
+| server.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname |
 | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource |
 | server.ingress.labels | object | `{}` | Additional ingress labels |
 | server.ingress.path | string | `"/"` | The path to Argo CD server |
@ -831,9 +964,8 @@ NAME: my-release
 | server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] |
 | server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules |
 | server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] |
-| server.ingressGrpc.hostname | string | `""` | Argo CD server hostname for dedicated [gRPC-ingress] |
+| server.ingressGrpc.hostname | string | `""` (defaults to grpc.`server.ingress.hostname`) | Argo CD server hostname for dedicated [gRPC-ingress] |
 | server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] |
 | server.ingressGrpc.isAWSALB | bool | `false` | Setup up gRPC ingress to work with an AWS ALB |
 | server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] |
 | server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] |
 | server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` |
@ -860,6 +992,7 @@ NAME: my-release
 | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
 | server.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
 | server.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
 | server.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. |
 | server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
 | server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
 | server.name | string | `"server"` | Argo CD server name |
@ -909,28 +1042,6 @@ NAME: my-release
 | server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container |
 | server.volumes | list | `[]` | Additional volumes to the server pod |
 ### Using AWS ALB Ingress Controller With GRPC
 If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
 Example:
 ```yaml
 server:
  ingress:
    enabled: true
    annotations:
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
  ingressGrpc:
    enabled: true
    isAWSALB: true
    awsALB:
      serviceType: ClusterIP
 ```
 ## Dex
 | Key | Type | Default | Description |
@ -966,6 +1077,8 @@ server:
 | dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag |
 | dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 |
 | dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe |
 | dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe |
 | dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
 | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
@ -998,6 +1111,8 @@ server:
 | dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods |
 | dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 |
 | dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe |
 | dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe |
 | dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
 | dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
@ -1039,7 +1154,7 @@ server:
 | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter |
 | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
 | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
-| redis.exporter.image.tag | string | `"1.57.0"` | Tag to use for the redis-exporter |
+| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
 | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter |
 | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated |
@ -1057,7 +1172,7 @@ server:
 | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
 | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
 | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
-| redis.image.tag | string | `"7.0.15-alpine"` | Redis tag |
+| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag |
 | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
 | redis.initContainers | list | `[]` | Init containers to add to the redis pod |
 | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server |
@ -1128,7 +1243,7 @@ The main options are listed here:
 | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
 | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
 | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
-| redis-ha.exporter.tag | string | `"1.57.0"` | Tag to use for the redis-exporter |
+| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
 | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. |
 | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. |
 | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context |
@ -1138,7 +1253,7 @@ The main options are listed here:
 | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
 | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
 | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
-| redis-ha.image.tag | string | `"7.0.15-alpine"` | Redis tag |
+| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag |
 | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
 | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
 | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""`  is disabled |
@ -1175,7 +1290,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
 | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
 | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate |
-| applicationSet.certificate.domain | string | `"argocd.example.com"` | Certificate primary domain (commonName) |
+| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) |
 | applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. |
 | applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) |
 | applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` |
@ -1186,7 +1301,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
 | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
-| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
+| applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
 | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
 | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
 | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
@ -1212,7 +1327,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths |
 | applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules |
 | applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration |
-| applicationSet.ingress.hostname | string | `"argocd.example.com"` | Argo CD ApplicationSet hostname |
+| applicationSet.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD ApplicationSet hostname |
 | applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource |
 | applicationSet.ingress.labels | object | `{}` | Additional ingress labels |
 | applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths |
@ -1240,6 +1355,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
 | applicationSet.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
 | applicationSet.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
 | applicationSet.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. |
 | applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
 | applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
 | applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string |
@ -1263,7 +1379,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations |
 | applicationSet.service.labels | object | `{}` | ApplicationSet service labels |
 | applicationSet.service.port | int | `7000` | ApplicationSet service port |
-| applicationSet.service.portName | string | `"webhook"` | ApplicationSet service port name |
+| applicationSet.service.portName | string | `"http-webhook"` | ApplicationSet service port name |
 | applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type |
 | applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
@ -1279,7 +1395,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
-| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
+| notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
 | notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource |
 | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
 | notifications.containerPorts.metrics | int | `9001` | Metrics container port |
--- a/charts/argo-cd/README.md.gotmpl
+++ b/charts/argo-cd/README.md.gotmpl
@ -63,7 +63,181 @@ applicationSet:
  replicas: 2
 ```
-### Synchronizing Changes from Original Repository
+## Ingress configuration
 Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples
 below corespond to their respective sections.
 ### SSL-Passthrough
 The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place.
 ```yaml
 global:
  domain: argocd.example.com
 certificate:
  enabled: true
 server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    tls: true
 ```
 ### SSL Termination at Ingress Controller
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    extraTls:
      - hosts:
        - argocd.example.com
        # Based on the ingress controller used secret might be optional
        secretName: wildcard-tls
 ```
 > **Note:**
 > If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section.
 ### Multiple ingress resources for gRPC protocol support
 Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour).
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  ingress:
    enabled: true
    ingressClassName: contour-internal
    extraTls:
      - hosts:
        - argocd.example.com
        secretName: wildcard-tls
   ingressGrpc:
     enabled: true
     ingressClassName: contour-internal
     extraTls:
      - hosts:
        - grpc.argocd.example.com
        secretName: wildcard-tls
 ```
 ### Multiple ingress domains
 ```yaml
 global:
  domain: argocd.example.com
 server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      cert-manager.io/cluster-issuer: "<my-issuer>"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    tls: true
    extraHosts:
      - name: argocd-alias.example.com
        path: /
 ```
 ### AWS Application Load Balancer
 Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode).
 The provided example assumes you are using TLS off-loading via AWS ACM service.
 > **Note:**
 > Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section.
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  ingress:
    enabled: true
    controller: aws
    ingressClassName: alb
    annotations:
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/backend-protocol: HTTP
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/ssl-redirect: '443'
    aws:
      serviceType: ClusterIP # <- Used with target-type: ip
      backendProtocolVersion: GRPC
 ```
 ### GKE Application Load Balancer
 The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations
 automatically if you provide configuration for GKE resources.
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  service:
    annotations:
      cloud.google.com/neg: '{"ingress": true}'
      cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
  ingress:
    enabled: true
    controller: gke
    gke:
      backendConfig:
        healthCheck:
          checkIntervalSec: 30
          timeoutSec: 5
          healthyThreshold: 1
          unhealthyThreshold: 2
          type: HTTP
          requestPath: /healthz
          port: 8080
      frontendConfig:
        redirectToHttps:
          enabled: true  
      managedCertificate:
        enabled: true
 ```
 ## Synchronizing Changes from Original Repository
 In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
@ -104,6 +278,10 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 6.1.0
 Added support for global domain used by all components.
 ### 6.0.0
 This version **removes support for**:
@ -123,53 +301,7 @@ Please review your setup and adjust to new configuration options:
 * additional hostnames and routing can be provided via `extraHosts` configuration section
 * additional TLS secrets can be provided via `extraTls` configuration section
-Specific ingress implementations for cloud providers were decoupled from generic ingress resource.
+Please refer to [ingress configuration](#ingress-configuration) for examples.
 To configure AWS Application Load Balancer:
 ```yaml
 server:
  ingress:
    enabled: true
    controller: aws
    annotations:
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    aws:
      backendProtocolVersion: HTTP2
      serviceType: NodePort
 ```
 To configure GKE Application Load Balancer:
 ```yaml
 configs:
  params:
    "server.insecure": true
 server:
  service:
    annotations:
      cloud.google.com/neg: '{"ingress": true}'
      cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
  ingress:
    enabled: true
    controller: gke
    gke:
      backendConfig:
        healthCheck:
          checkIntervalSec: 30
          timeoutSec: 5
          healthyThreshold: 1
          unhealthyThreshold: 2
          type: HTTP
          requestPath: /healthz
          port: 8080
      frontendConfig:
        redirectToHttps:
          enabled: true  
 ```
 ### 5.53.0
@ -525,28 +657,6 @@ NAME: my-release
  {{- end }}
 {{- end }}
 ### Using AWS ALB Ingress Controller With GRPC
 If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
 Example:
 ```yaml
 server:
  ingress:
    enabled: true
    annotations:
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
  ingressGrpc:
    enabled: true
    isAWSALB: true
    awsALB:
      serviceType: ClusterIP
 ```
 ## Dex
 | Key | Type | Default | Description |
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@ -163,6 +163,7 @@ Argo Configuration Preset Values (Incluenced by Values configuration)
 */}}
 {{- define "argo-cd.config.cm.presets" -}}
 {{- $presets := dict -}}
 {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}}
 {{- if .Values.configs.styles -}}
 {{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}}
 {{- end -}}
--- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
@ -22,6 +22,9 @@ spec:
      {{- with .Values.controller.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      {{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }}
      scrapeTimeout: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.controller.metrics.serviceMonitor.relabelings }}
      relabelings:
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -22,7 +22,7 @@ spec:
    metadata:
      annotations:
        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
-        {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
+        {{- if .Values.configs.cm.create }}
        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
        {{- end }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
--- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
@ -14,9 +14,9 @@ metadata:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
  secretName: {{ .Values.applicationSet.certificate.secretName }}
-  commonName: {{ .Values.applicationSet.certificate.domain | quote }}
+  commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
  dnsNames:
-    - {{ .Values.applicationSet.certificate.domain | quote }}
+    - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
    {{- range .Values.applicationSet.certificate.additionalHosts }}
    - {{ . | quote }}
    {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml
@ -20,8 +20,7 @@ spec:
  ingressClassName: {{ . }}
  {{- end }}
  rules:
-    {{- if .Values.applicationSet.ingress.hostname }}
+    - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
    - host: {{ .Values.applicationSet.ingress.hostname }}
      http:
        paths:
          {{- with .Values.applicationSet.ingress.extraPaths }}
@ -34,7 +33,6 @@ spec:
                name: {{ include "argo-cd.applicationSet.fullname" . }}
                port:
                  number: {{ .Values.applicationSet.service.port }}
    {{- end }}
    {{- range .Values.applicationSet.ingress.extraHosts }}
    - host: {{ .name | quote }}
      http:
@ -54,8 +52,8 @@ spec:
  tls:
    {{- if .Values.applicationSet.ingress.tls }}
    - hosts:
-      - {{ .Values.applicationSet.ingress.hostname }}
+      - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
-      secretName: argocd-application-controller-tls
+      secretName: argocd-applicationset-controller-tls
    {{- end }}
    {{- with .Values.applicationSet.ingress.extraTls }}
      {{- toYaml . | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }}
+{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@ -8,7 +8,7 @@ metadata:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
  ingress:
-  {{- if .Values.applicationSet.webhook.ingress.enabled }}
+  {{- if .Values.applicationSet.ingress.enabled }}
  - ports:
    - port: webhook
  {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
@ -23,6 +23,9 @@ spec:
      {{- with .Values.applicationSet.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      {{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }}
      scrapeTimeout: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }}
      relabelings:
--- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml
@ -8,7 +8,7 @@ metadata:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 data:
  context: |
-    argocdUrl: {{ .Values.notifications.argocdUrl | quote }}
+    argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }}
    {{- with .Values.notifications.context }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
@ -1,4 +1,4 @@
-{{- if .Values.createClusterRoles }}
+{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@ -6,8 +6,8 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 rules:
-  {{- if .Values.repoServer.clusterRoleRules.enabled }}
+  {{- with .Values.repoServer.clusterRoleRules.rules }}
-    {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }}
+    {{- toYaml . | nindent 2 }}
  {{- else }}
  - apiGroups:
    - '*'
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
@ -1,4 +1,4 @@
-{{- if .Values.createClusterRoles }}
+{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -30,7 +30,7 @@ spec:
        {{- if .Values.repoServer.certificateSecret.enabled }}
        checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }}
        {{- end }}
-        {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
+        {{- if .Values.configs.cm.create }}
        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
        {{- end }}
        {{- if .Values.configs.cmp.create }}
--- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml
@ -13,7 +13,7 @@ metadata:
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
-    {{- range $key, $value := .Values.repoServer.serviceAccount.labels }}
+    {{- with .Values.repoServer.serviceAccount.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
@ -22,6 +22,9 @@ spec:
      {{- with .Values.repoServer.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      {{- with .Values.repoServer.metrics.serviceMonitor.scrapeTimeout }}
      scrapeTimeout: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.repoServer.metrics.serviceMonitor.relabelings }}
      relabelings:
--- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml
@ -22,19 +22,12 @@ spec:
  ingressClassName: {{ . }}
  {{- end }}
  rules:
-    - host: {{ .Values.server.ingress.hostname }}
+    - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      http:
        paths:
          {{- with .Values.server.ingress.extraPaths }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - path: {{ .Values.server.ingress.path }}
            pathType: {{ $.Values.server.ingress.pathType }}
            backend:
              service:
                name: {{ include "argo-cd.server.fullname" . }}
                port:
                  number: {{ $servicePort }}
          - path: {{ .Values.server.ingress.path }}
            pathType: {{ $.Values.server.ingressGrpc.pathType }}
            backend:
@ -42,6 +35,13 @@ spec:
                name: {{ include "argo-cd.server.fullname" $ }}-grpc
                port:
                  number: {{ $servicePort }}
          - path: {{ .Values.server.ingress.path }}
            pathType: {{ $.Values.server.ingress.pathType }}
            backend:
              service:
                name: {{ include "argo-cd.server.fullname" . }}
                port:
                  number: {{ $servicePort }}
    {{- range .Values.server.ingress.extraHosts }}
    - host: {{ .name | quote }}
      http:
@ -61,7 +61,7 @@ spec:
  tls:
    {{- if .Values.server.ingress.tls }}
    - hosts:
-      - {{ .Values.server.ingress.hostname }}
+      - {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      secretName: argocd-server-tls
    {{- end }}
    {{- with .Values.server.ingress.extraTls }}
--- a/charts/argo-cd/templates/argocd-server/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-server/certificate.yaml
@ -14,9 +14,9 @@ metadata:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
  secretName: {{ .Values.server.certificate.secretName }}
-  commonName: {{ .Values.server.certificate.domain | quote }}
+  commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
  dnsNames:
-    - {{ .Values.server.certificate.domain | quote }}
+    - {{ .Values.server.certificate.domain | default .Values.global.domain }}
    {{- range .Values.server.certificate.additionalHosts }}
    - {{ . | quote }}
    {{- end }}
--- a/charts/argo-cd/templates/argocd-server/gke/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/gke/ingress.yaml
@ -27,7 +27,7 @@ spec:
  ingressClassName: {{ . }}
  {{- end }}
  rules:
-    - host: {{ .Values.server.ingress.hostname }}
+    - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      http:
        paths:
          {{- with .Values.server.ingress.extraPaths }}
@ -59,7 +59,7 @@ spec:
  tls:
    {{- if .Values.server.ingress.tls }}
    - hosts:
-      - {{ .Values.server.ingress.hostname }}
+      - {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      secretName: argocd-server-tls
    {{- end }}
    {{- with .Values.server.ingress.extraTls }}
--- a/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml
+++ b/charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml
@ -8,7 +8,7 @@ metadata:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
  domains:
-    - {{ .Values.server.ingress.hostname }}
+    - {{ .Values.server.ingress.hostname | default .Values.global.domain }}
    {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
+++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
@ -1,7 +1,5 @@
-{{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}}
+{{- if .Values.server.ingressGrpc.enabled -}}
-{{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}}
+{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}}
 {{- $insecure := index .Values.configs.params "server.insecure" | toString -}}
 {{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@ -23,7 +21,7 @@ spec:
  ingressClassName: {{ . }}
  {{- end }}
  rules:
-    - host: {{ $hostname }}
+    - host: {{ .Values.server.ingressGrpc.hostname | default $hostname }}
      http:
        paths:
          {{- with .Values.server.ingressGrpc.extraPaths }}
@ -35,7 +33,7 @@ spec:
              service:
                name: {{ include "argo-cd.server.fullname" . }}
                port:
-                  number: {{ $servicePort }}
+                  number: {{ .Values.server.service.servicePortHttps }}
    {{- range .Values.server.ingressGrpc.extraHosts }}
    - host: {{ .name | quote }}
      http:
@ -46,7 +44,7 @@ spec:
              service:
                name: {{ include "argo-cd.server.fullname" $ }}
                port:
-                  number: {{ $servicePort }}
+                  number: {{ $.Values.server.service.servicePortHttps }}
    {{- end }}
    {{- with .Values.server.ingressGrpc.extraRules }}
      {{- toYaml . | nindent 4 }}
@ -56,9 +54,9 @@ spec:
    {{- if .Values.server.ingressGrpc.tls }}
    - hosts:
      - {{ $hostname }}
-      secretName: {{ printf "%s-tls" $hostname }}
+      secretName: argocd-server-grpc-tls
    {{- end }}
-    {{- with .Values.server.ingressGrpc.tls }}
+    {{- with .Values.server.ingressGrpc.extraTls }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- end }}
--- a/charts/argo-cd/templates/argocd-server/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/ingress.yaml
@ -22,7 +22,7 @@ spec:
  ingressClassName: {{ . }}
  {{- end }}
  rules:
-    - host: {{ .Values.server.ingress.hostname }}
+    - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      http:
        paths:
          {{- with .Values.server.ingress.extraPaths }}
@ -54,7 +54,12 @@ spec:
  tls:
    {{- if .Values.server.ingress.tls }}
    - hosts:
-      - {{ .Values.server.ingress.hostname }}
+      - {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      {{- range .Values.server.ingress.extraHosts }}
        {{- if .name }}
      -  {{ .name }}
        {{- end }}
      {{- end }}
      secretName: argocd-server-tls
    {{- end }}
    {{- with .Values.server.ingress.extraTls }}
--- a/charts/argo-cd/templates/argocd-server/openshift/route.yaml
+++ b/charts/argo-cd/templates/argocd-server/openshift/route.yaml
@ -13,7 +13,7 @@ metadata:
    {{- end }}
 {{- end }}
 spec:
-  host: {{ .Values.server.route.hostname | quote }}
+  host: {{ .Values.server.route.hostname | default .Values.global.domain | quote }}
  to:
    kind: Service
    name: {{ template "argo-cd.server.fullname" . }}
--- a/charts/argo-cd/templates/argocd-server/role.yaml
+++ b/charts/argo-cd/templates/argocd-server/role.yaml
@ -42,7 +42,7 @@ rules:
  verbs:
  - create
  - list
-{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
+{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }}
 - apiGroups:
  - ""
  resources:
--- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml
@ -22,6 +22,9 @@ spec:
      {{- with .Values.server.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      {{- with .Values.server.metrics.serviceMonitor.scrapeTimeout }}
      scrapeTimeout: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.server.metrics.serviceMonitor.relabelings }}
      relabelings:
--- a/charts/argo-cd/templates/dex/deployment.yaml
+++ b/charts/argo-cd/templates/dex/deployment.yaml
@ -99,8 +99,8 @@ spec:
        {{- if .Values.dex.livenessProbe.enabled }}
        livenessProbe:
          httpGet:
-            path: /healthz/live
+            path: {{ .Values.dex.livenessProbe.httpPath }}
-            port: metrics
+            port: {{ .Values.dex.livenessProbe.httpPort }}
          initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }}
          timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }}
@ -110,8 +110,8 @@ spec:
        {{- if .Values.dex.readinessProbe.enabled }}
        readinessProbe:
          httpGet:
-            path: /healthz/ready
+            path: {{ .Values.dex.readinessProbe.httpPath }}
-            port: metrics
+            port: {{ .Values.dex.readinessProbe.httpPort }}
          initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }}
          timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }}
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@ -193,7 +193,7 @@ spec:
        - name: health
          configMap:
            name: {{ include "argo-cd.redis.fullname" . }}-health-configmap
-            defaultMode: 0755
+            defaultMode: 493
      {{- with .Values.redis.volumes }}
        {{- toYaml . | nindent 8}}
      {{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -37,6 +37,10 @@ crds:
 ## Globally shared configuration
 global:
  # -- Default domain used by all components
  ## Used for ingresses, certificates, SSO, notifications, etc.
  domain: argocd.example.com
  # -- Common labels for the all resources
  additionalLabels: {}
    # app: argo-cd
@ -155,9 +159,6 @@ configs:
    # -- Annotations to be added to argocd-cm configmap
    annotations: {}
    # -- Argo CD's externally facing base URL (optional). Required when configuring SSO
    url: ""
    # -- The name of tracking label used by Argo CD for resource pruning
    application.instanceLabelKey: argocd.argoproj.io/instance
@ -236,6 +237,7 @@ configs:
    ## Server properties
    # -- Run server without TLS
    ## NOTE: This value should be set when you generate params by other means as it changes ports used by ingress template.
    server.insecure: false
    # -- Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from /
    server.basehref: /
@ -758,6 +760,8 @@ controller:
  metrics:
    # -- Deploy metrics service
    enabled: false
    # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
    scrapeTimeout: ""
    applicationLabels:
      # -- Enables additional labels in argocd_app_labels metric
      enabled: false
@ -1035,6 +1039,10 @@ dex:
  livenessProbe:
    # -- Enable Kubernetes liveness probe for Dex >= 2.28.0
    enabled: false
    # -- Http path to use for the liveness probe
    httpPath: /healthz/live
    # -- Http port to use for the liveness probe
    httpPort: metrics
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
    # -- Number of seconds after the container has started before [probe] is initiated
@ -1049,6 +1057,10 @@ dex:
  readinessProbe:
    # -- Enable Kubernetes readiness probe for Dex >= 2.28.0
    enabled: false
    # -- Http path to use for the readiness probe
    httpPath: /healthz/ready
    # -- Http port to use for the readiness probe
    httpPort: metrics
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
    # -- Number of seconds after the container has started before [probe] is initiated
@ -1151,7 +1163,7 @@ redis:
    # -- Redis repository
    repository: public.ecr.aws/docker/library/redis
    # -- Redis tag
-    tag: 7.0.15-alpine
+    tag: 7.2.4-alpine
    # -- Redis image pull policy
    # @default -- `""` (defaults to global.image.imagePullPolicy)
    imagePullPolicy: ""
@ -1167,7 +1179,7 @@ redis:
      # -- Repository to use for the redis-exporter
      repository: public.ecr.aws/bitnami/redis-exporter
      # -- Tag to use for the redis-exporter
-      tag: 1.57.0
+      tag: 1.58.0
      # -- Image pull policy for the redis-exporter
      # @default -- `""` (defaults to global.image.imagePullPolicy)
      imagePullPolicy: ""
@ -1432,7 +1444,7 @@ redis-ha:
    # -- Redis repository
    repository: public.ecr.aws/docker/library/redis
    # -- Redis tag
-    tag: 7.0.15-alpine
+    tag: 7.2.4-alpine
  ## Prometheus redis-exporter sidecar
  exporter:
    # -- Enable Prometheus redis-exporter sidecar
@ -1440,7 +1452,7 @@ redis-ha:
    # -- Repository to use for the redis-exporter
    image: public.ecr.aws/bitnami/redis-exporter
    # -- Tag to use for the redis-exporter
-    tag: 1.57.0
+    tag: 1.58.0
  persistentVolume:
    # -- Configures persistence on Redis nodes
    enabled: false
@ -1825,7 +1837,8 @@ server:
    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
    secretName: argocd-server-tls
    # -- Certificate primary domain (commonName)
-    domain: argocd.example.com
+    # @default -- `""` (defaults to global.domain)
    domain: ""
    # -- Certificate Subject Alternate Names (SANs)
    additionalHosts: []
    # -- The requested 'duration' (i.e. lifetime) of the certificate.
@ -1930,6 +1943,8 @@ server:
      enabled: false
      # -- Prometheus ServiceMonitor interval
      interval: 30s
      # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
      scrapeTimeout: ""
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -1980,8 +1995,8 @@ server:
    ingressClassName: ""
    # -- Argo CD server hostname
-    ## NOTE: Hostname must be provided if Ingress is enabled
+    # @default -- `""` (defaults to global.domain)
-    hostname: argocd.example.com
+    hostname: ""
    # -- The path to Argo CD server
    path: /
@ -2078,8 +2093,6 @@ server:
  ingressGrpc:
    # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress]
    enabled: false
    # -- Setup up gRPC ingress to work with an AWS ALB
    isAWSALB: false
    # -- Additional ingress annotations for dedicated [gRPC-ingress]
    annotations: {}
    # -- Additional ingress labels for dedicated [gRPC-ingress]
@ -2088,6 +2101,7 @@ server:
    ingressClassName: ""
    # -- Argo CD server hostname for dedicated [gRPC-ingress]
    # @default -- `""` (defaults to grpc.`server.ingress.hostname`)
    hostname: ""
    # -- Argo CD server ingress path for dedicated [gRPC-ingress]
@ -2097,7 +2111,7 @@ server:
    pathType: Prefix
    # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname`
-    ## TLS certificate will be retrieved from a TLS secret with name: `<hostname>-tls`
+    ## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls`
    tls: false
    # -- The list of additional hostnames to be covered by ingress record
@ -2451,7 +2465,7 @@ repoServer:
    # -- Repo server service port
    port: 8081
    # -- Repo server service port name
-    portName: https-repo-server
+    portName: tcp-repo-server
  ## Repo server metrics service configuration
  metrics:
@ -2475,6 +2489,8 @@ repoServer:
      enabled: false
      # -- Prometheus ServiceMonitor interval
      interval: 30s
      # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
      scrapeTimeout: ""
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -2623,6 +2639,8 @@ applicationSet:
      enabled: false
      # -- Prometheus ServiceMonitor interval
      interval: 30s
      # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
      scrapeTimeout: ""
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -2653,7 +2671,7 @@ applicationSet:
    # -- ApplicationSet service port
    port: 7000
    # -- ApplicationSet service port name
-    portName: webhook
+    portName: http-webhook
  serviceAccount:
    # -- Create ApplicationSet controller service account
@ -2782,9 +2800,10 @@ applicationSet:
    # -- Deploy a Certificate resource (requires cert-manager)
    enabled: false
    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
-    secretName: argocd-application-controller-tls
+    secretName: argocd-applicationset-controller-tls
    # -- Certificate primary domain (commonName)
-    domain: argocd.example.com
+    # @default -- `""` (defaults to global.domain)
    domain: ""
    # -- Certificate Subject Alternate Names (SANs)
    additionalHosts: []
    # -- The requested 'duration' (i.e. lifetime) of the certificate.
@ -2831,8 +2850,8 @@ applicationSet:
    ingressClassName: ""
    # -- Argo CD ApplicationSet hostname
-    ## NOTE: Hostname must be provided if Ingress is enabled
+    # @default -- `""` (defaults to global.domain)
-    hostname: argocd.example.com
+    hostname: ""
    # -- List of ingress paths
    path: /api/webhook
@ -2841,7 +2860,7 @@ applicationSet:
    pathType: Prefix
    # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname`
-    ## TLS certificate will be retrieved from a TLS secret with name:`argocd-application-controller-tls`
+    ## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls`
    tls: false
    # -- The list of additional hostnames to be covered by ingress record
@ -2889,7 +2908,8 @@ notifications:
  name: notifications-controller
  # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates
-  argocdUrl:
+  # @default -- `""` (defaults to https://`global.domain`)
  argocdUrl: ""
  ## Notifications controller Pod Disruption Budget
  ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
@ -2959,7 +2979,7 @@ notifications:
  extraVolumes: []
  # -- Define user-defined context
-  ## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/#defining-user-defined-context
+  ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context
  context: {}
    # region: east
    # environmentName: staging
@ -2976,19 +2996,19 @@ notifications:
    # -- Generic key:value pairs to be inserted into the secret
    ## Can be used for templates, notification services etc. Some examples given below.
-    ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/
+    ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
    items: {}
      # slack-token:
-      #   # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/slack/
+      #   # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/
      # grafana-apiKey:
-      #   # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/grafana/
+      #   # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/
      # webhooks-github-token:
      # email-username:
      # email-password:
-        # For more information: https://argocd-notifications.readthedocs.io/en/stable/services/email/
+        # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/
  metrics:
    # -- Enables prometheus metrics server
@ -3030,7 +3050,7 @@ notifications:
  # -- Configures notification services such as slack, email or custom webhook
  # @default -- See [values.yaml]
-  ## For more information: https://argocd-notifications.readthedocs.io/en/stable/services/overview/
+  ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
  notifiers: {}
    # service.slack: |
    #   token: $slack-token
@ -3130,7 +3150,7 @@ notifications:
    rules: []
  # -- Contains centrally managed global application subscriptions
-  ## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/
+  ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/
  subscriptions: []
    # # subscription for on-sync-status-unknown trigger notifications
    # - recipients:
@ -3146,7 +3166,7 @@ notifications:
    #   - on-sync-status-unknown
  # -- The notification template is used to generate the notification content
-  ## For more information: https://argocd-notifications.readthedocs.io/en/stable/templates/
+  ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
  templates: {}
    # template.app-deployed: |
    #   email:
@ -3363,7 +3383,7 @@ notifications:
    #       }]
  # -- The trigger defines the condition when the notification should be sent
-  ## For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/
+  ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/
  triggers: {}
    # trigger.on-deployed: |
    #   - description: Application is synced and healthy. Triggered once per commit.
@ -3397,6 +3417,6 @@ notifications:
    #     - app-sync-succeeded
    #     when: app.status.operationState.phase in ['Succeeded']
    #
-    # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers
+    # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
    # defaultTriggers: |
    #   - on-sync-status-unknown
--- a/charts/argo-events/Chart.yaml
+++ b/charts/argo-events/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v1.9.0
+appVersion: v1.9.1
 description: A Helm chart for Argo Events, the event-driven workflow automation framework
 name: argo-events
-version: 2.4.2
+version: 2.4.3
 home: https://github.com/argoproj/argo-helm
 icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
 keywords:
@ -19,4 +19,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: changed
-      description: Bump argo-events to v1.9.0
+      description: Bump argo-events to v1.9.1
--- a/charts/argo-rollouts/Chart.yaml
+++ b/charts/argo-rollouts/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v1.6.5
+appVersion: v1.6.6
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 2.34.2
+version: 2.34.3
 home: https://github.com/argoproj/argo-helm
 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
 keywords:
@ -19,4 +19,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: changed
-      description: Bump argo-rollouts to v1.6.5
+      description: Bump argo-rollouts to v1.6.6
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v3.5.4
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.40.10
+version: 0.40.11
 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -17,4 +17,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: fixed
-      description: Update argo-workflows documentation links to readthedocs
+      description: Add caSecret in the artifactory.s3 configuration values.
--- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
@ -83,6 +83,11 @@ data:
        bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
        endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }}
        insecure: {{ .Values.artifactRepository.s3.insecure }}
        {{- if .Values.artifactRepository.s3.caSecret }}
        caSecret:
          name: {{ tpl .Values.artifactRepository.s3.caSecret.name . }}
          key: {{ tpl .Values.artifactRepository.s3.caSecret.key . }}
        {{- end }}
        {{- if .Values.artifactRepository.s3.keyFormat }}
        keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}
        {{- end }}
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@ -775,6 +775,9 @@ artifactRepository:
    #   key: secretkey
    # # insecure will disable TLS. Primarily used for minio installs not configured with TLS
    # insecure: false
    # caSecret:
    #   name: ca-root
    #   key: cert.pem
    # bucket:
    # endpoint:
    # region:
--- a/charts/argocd-image-updater/Chart.yaml
+++ b/charts/argocd-image-updater/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: argocd-image-updater
 description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
 type: application
-version: 0.9.3
+version: 0.9.4
 appVersion: v0.12.2
 home: https://github.com/argoproj-labs/argocd-image-updater
 icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
@ -19,4 +19,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: added
-      description: Support extra K8s manifests
+      description: Allow defining additional labels to Service Account
--- a/charts/argocd-image-updater/README.md
+++ b/charts/argocd-image-updater/README.md
@ -115,6 +115,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | securityContext | object | `{}` | Security context settings for the deployment |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.labels | object | `{}` | Labels to add to the service account |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` | Kubernetes toleration settings for the deployment |
 | updateStrategy | object | `{"type":"Recreate"}` | The deployment strategy to use to replace existing pods with new ones |
--- a/charts/argocd-image-updater/templates/serviceaccount.yaml
+++ b/charts/argocd-image-updater/templates/serviceaccount.yaml
@ -6,6 +6,9 @@ metadata:
  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argocd-image-updater.labels" . | nindent 4 }}
    {{- with .Values.serviceAccount.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
--- a/charts/argocd-image-updater/values.yaml
+++ b/charts/argocd-image-updater/values.yaml
@ -178,6 +178,8 @@ serviceAccount:
  create: true
  # -- Annotations to add to the service account
  annotations: {}
  # -- Labels to add to the service account
  labels: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""