Merge branch 'master' into feat/labels

2021-09-13 18:39:39 +02:00 · 2021-09-13 18:39:39 +02:00 · dfba3e402c
commit dfba3e402c
parent 5dcc6e696f 44acc3cde7
199 changed files with 8653 additions and 2068 deletions
--- a/.argo/argo-checkout.yaml
+++ b/.argo/argo-checkout.yaml
@ -1,21 +0,0 @@
 ---
 type: container
 version: 1
 name: argo-checkout
 description: Checks out a source repository to /src
 resources:
  mem_mib: 500
  cpu_cores: 0.1
 image: argoproj/argoscm:v2.0
 command: ["axscm"]
 args: ["clone", "%%inputs.parameters.REPO%%", "/src", "--commit", "%%inputs.parameters.COMMIT%%"]
 inputs:
  parameters:
    COMMIT:
      default: "%%session.commit%%"
    REPO:
      default: "%%session.repo%%"
 outputs:
  artifacts:
    CODE:
      path: /src
--- a/.argo/publish.yaml
+++ b/.argo/publish.yaml
@ -1,58 +0,0 @@
 ---
 type: workflow
 version: 1
 name: Publish Charts
 inputs:
  parameters:
    COMMIT:
      default: "%%session.commit%%"
    REPO:
      default: "%%session.repo%%"
 steps:
 - CHECKOUT:
    template: argo-checkout
 - PREPARE:
    image: hypnoglow/kubernetes-helm:v2.6.1
    resources:
      mem_mib: 500
      cpu_cores: 0.1
    command: ["sh", "-c"]
    args: [cd /src && helm init --client-only && ./scripts/publish.sh]
    inputs:
      artifacts:
        CODE:
          from: "%%steps.CHECKOUT.outputs.artifacts.CODE%%"
          path: /src
    outputs:
      artifacts:
        CODE:
          path: /src/output
 - PUBLISH:
    image: argoproj/argoscm:v2.0
    command: ["sh", "-c"]
    args: [
      axscm clone %%inputs.parameters.REPO%% --commit gh-pages /src && cd /src && cp -r /output/* . &&
      git add . && git commit -m "Build on `date`" &&
      axscm clone %%inputs.parameters.REPO%% /src --commit gh-pages --merge=gh-pages --push]
    resources:
      mem_mib: 500
      cpu_cores: 0.1
    inputs:
      artifacts:
        CODE:
          from: "%%steps.PREPARE.outputs.artifacts.CODE%%"
          path: /output
 ---
 type: policy
 version: 1
 name: Publish Charts Policy
 template: Publish Charts
 notifications:
 - when:
  - on_failure
  whom:
  - committer
  - author
 when:
 - event: on_push
--- a/.circleci/chart-testing.yaml
+++ b/.circleci/chart-testing.yaml
@ -1,4 +0,0 @@
 chart-repos:
  - argo=https://argoproj.github.io/argo-helm
  - minio=https://helm.min.io/
  - dandydeveloper=https://dandydeveloper.github.io/charts/
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -1,41 +0,0 @@
 version: 2.1
 jobs:
  lint:
    docker:
      - image: quay.io/helmpack/chart-testing:v3.3.1
    steps:
      - checkout
      - run: helm repo add stable https://charts.helm.sh/stable
      - run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml
  # Technically this only needs to be run on master, but it's good to have it run on every PR
  # so that it is regularly tested.
  publish:
    docker:
      # We just need an image with `helm` on it. Handily we know of one already.
      - image: quay.io/helmpack/chart-testing:v3.3.1
    steps:
      # install the additional keys needed to push to GitHub. Alex Collins owns these keys.
      - add_ssh_keys
      - run: git config --global user.email "nobody@circleci.com"
      - run: git config --global user.name "Circle CI Build"
      - checkout
      - run: helm repo add stable https://charts.helm.sh/stable
      - run: helm repo add minio https://helm.min.io/
      - run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
      # Only actually publish charts on master.
      - run: |
          set -x
          if [ "$CIRCLE_BRANCH" = "master" ]; then
            export GIT_PUSH=true
          else 
            export GIT_PUSH=false
          fi
          sh ./scripts/publish.sh
 workflows:
  version: 2
  workflow:
    jobs:
      - lint
      - publish:
          requires:
            - lint
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -1,27 +0,0 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: ''
 labels: 'bug'
 assignees: ''
 ---
 **Describe the bug**
 A clear and concise description of what the bug is.
 **To Reproduce**
 Steps to reproduce the behavior:
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
 4. See error
 **Expected behavior**
 A clear and concise description of what you expected to happen.
 **Screenshots**
 If applicable, add screenshots to help explain your problem.
 **Additional context**
 Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@ -0,0 +1,45 @@
 ---
 name: Bug report
 description: Create a report to help us improve
 labels:
 - bug
 body:
 - type: textarea
  attributes:
    label: Describe the bug
    description: A clear and concise description of what the bug is.
  validations:
    required: true
 - type: textarea
  attributes:
    label: To Reproduce
    description: Steps to reproduce the behavior
    placeholder: |
      1. Go to '...'
      2. Click on '....'
      3. Scroll down to '....'
      4. See error
  validations:
    required: true
 - type: textarea
  attributes:
    label: Expected behavior
    description: A clear and concise description of what you expected to happen.
  validations:
    required: true
 - type: textarea
  attributes:
    label: Screenshots
    description: If applicable, add screenshots to help explain your problem.
  validations:
    required: false
 - type: textarea
  attributes:
    label: Additional context
    description: Add any other context about the problem here.
  validations:
    required: false
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -1,20 +0,0 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 title: ''
 labels: 'enhancement'
 assignees: ''
 ---
 **Is your feature request related to a problem? Please describe.**
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 **Describe the solution you'd like**
 A clear and concise description of what you want to happen.
 **Describe alternatives you've considered**
 A clear and concise description of any alternative solutions or features you've considered.
 **Additional context**
 Add any other context or screenshots about the feature request here.
--- a/.github/ISSUE_TEMPLATE/feature_request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yaml
@ -0,0 +1,35 @@
 ---
 name: Feature request
 description: Suggest an idea for this project
 labels:
 - enhancement
 body:
 - type: textarea
  attributes:
    label: Is your feature request related to a problem?
    description: A clear and concise description of what the problem is. Please describe.
    placeholder: |
      Ex. I'm always frustrated when [...]
  validations:
    required: false
 - type: textarea
  attributes:
    label: Describe the solution you'd like
    description: A clear and concise description of what you want to happen.
  validations:
    required: true
 - type: textarea
  attributes:
    label: Describe alternatives you've considered
    description: A clear and concise description of any alternative solutions or features you've considered.
  validations:
    required: false
 - type: textarea
  attributes:
    label: Additional context
    description: Add any other context or screenshots about the feature request here.
  validations:
    required: false
--- a/.github/configs/cr.yaml
+++ b/.github/configs/cr.yaml
@ -0,0 +1,2 @@
 ## Reference: https://github.com/helm/chart-releaser
 index-path: "./index.yaml" 
--- a/.github/configs/ct-install.yaml
+++ b/.github/configs/ct-install.yaml
@ -0,0 +1,19 @@
 ## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
 # Don't add the 'debug' attribute, otherwise the workflow won't work anymore
 # Only Used for the CT Install Stage
 remote: origin
 chart-dirs:
  - charts
 chart-repos:
  - argo=https://argoproj.github.io/argo-helm
  - minio=https://helm.min.io/
  - dandydeveloper=https://dandydeveloper.github.io/charts/
  - stable=https://charts.helm.sh/stable
  - incubator=https://charts.helm.sh/incubator
 helm-extra-args: "--timeout 600s"  
 validate-chart-schema: false
 validate-maintainers: true
 validate-yaml: true
 exclude-deprecated: true
 excluded-charts: 
  - "argocd-applicationset"
--- a/.github/configs/ct-lint.yaml
+++ b/.github/configs/ct-lint.yaml
@ -0,0 +1,18 @@
 ## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
 # Don't add the 'debug' attribute, otherwise the workflow won't work anymore
 # Only Used for the CT Lint Stage
 remote: origin
 chart-dirs:
  - charts
 chart-repos:
  - argo=https://argoproj.github.io/argo-helm
  - minio=https://helm.min.io/
  - dandydeveloper=https://dandydeveloper.github.io/charts/
  - stable=https://charts.helm.sh/stable
  - incubator=https://charts.helm.sh/incubator
 helm-extra-args: "--timeout 600s"  
 validate-chart-schema: false
 validate-maintainers: true
 validate-yaml: true
 exclude-deprecated: true
 excluded-charts: []
--- a/.github/configs/lintconf.yaml
+++ b/.github/configs/lintconf.yaml
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -4,9 +4,9 @@ If the DCO action in the integration test fails, one or more of your commits are
 Checklist:
-* [ ] I have updated the chart version in `Chart.yaml` following Semantic Versioning.
+* [ ] I have bumped the chart version according to [versioning](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#versioning)
 * [ ] I have updated the chart changelog with all the changes that come with this pull request according to [changelog](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#changelog).
 * [ ] Any new values are backwards compatible and/or have sensible default.
 * [ ] I have followed the testing instructions in the [contributing guide](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md).
 * [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo).
 * [ ] My build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)).
--- a/.github/semantic.yml
+++ b/.github/semantic.yml
@ -0,0 +1,3 @@
 ## Reference: https://github.com/zeke/semantic-pull-requests
 # Always validate the PR title, and ignore the commits
 titleOnly: true
--- a/.github/stale.yaml
+++ b/.github/stale.yaml
@ -1,17 +0,0 @@
 # Number of days of inactivity before an issue becomes stale
 daysUntilStale: 60
 # Number of days of inactivity before a stale issue is closed
 daysUntilClose: 7
 # Issues with these labels will never be considered stale
 exemptLabels:
  - pinned
  - security
 # Label to use when marking an issue as stale
 staleLabel: wontfix
 # Comment to post when marking an issue as stale. Set to `false` to disable
 markComment: >
  This issue has been automatically marked as stale because it has not had
  recent activity. It will be closed if no further activity occurs. Thank you
  for your contributions.
 # Comment to post when closing a stale issue. Set to `false` to disable
 closeComment: false
--- a/.github/stale.yml
+++ b/.github/stale.yml
@ -1 +0,0 @@
 # See https://github.com/probot/stale
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@ -0,0 +1,45 @@
 ## Reference: https://github.com/helm/chart-testing-action
 ---
 name: Linting and Testing
 on: pull_request
 jobs: 
  chart-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Set up Helm
        uses: azure/setup-helm@v1
      - name: Set up python
        uses: actions/setup-python@v2
        with:
          python-version: 3.7
      - name: Setup Chart Linting
        id: lint
        uses: helm/chart-testing-action@v2.1.0
      - name: List changed charts
        id: list-changed
        run: |
          ## If executed with debug this won't work anymore.
          changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed)
          charts=$(echo "$changed" | tr '\n' ' ' | xargs)
          if [[ -n "$changed" ]]; then
            echo "::set-output name=changed::true"
            echo "::set-output name=changed_charts::$charts"
          fi
      - name: Run chart-testing (lint)
        run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml
      - name: Create kind cluster
        uses: helm/kind-action@v1.2.0
        if: steps.list-changed.outputs.changed == 'true'
      - name: Run chart-testing (install)
        run: ct install --config ./.github/configs/ct-install.yaml
        if: steps.list-changed.outputs.changed == 'true'
--- a/.github/workflows/pr-sizing.yml
+++ b/.github/workflows/pr-sizing.yml
@ -0,0 +1,14 @@
 ## Reference: https://github.com/pascalgn/size-label-action
 ---
 name: 'PR Size'
 on: 
  pull_request_target:
    types: [opened, synchronize, reopened]
 jobs:
  size-label:
    runs-on: ubuntu-latest
    steps:
      - name: size-label
        uses: "pascalgn/size-label-action@v0.4.2"
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -0,0 +1,42 @@
 ---
 name: Chart Publish
 on:
  push:
    branches:
      - master
      - rewrite-build
 jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Install Helm
        uses: azure/setup-helm@v1
      - name: Add dependency chart repos
        run: |
          helm repo add argo https://argoproj.github.io/argo-helm
          helm repo add minio https://helm.min.io/
          helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
          helm repo add stable https://charts.helm.sh/stable
          helm repo add incubator https://charts.helm.sh/incubator
      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"  
      ## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases.
      - name: Fetch current Chart Index 
        run: |
          git checkout origin/gh-pages index.yaml
      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.2.0
        with: 
          config: "./.github/configs/cr.yaml"
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -1,19 +1,31 @@
 ## Reference: https://github.com/actions/stale
 name: Mark stale issues and pull requests
 on:
  schedule:
  - cron: "30 1 * * *"
 jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/stale@v3
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        stale-issue-message: 'Stale issue message'
+        # Number of days of inactivity before an issue becomes stale
-        stale-pr-message: 'Stale pull request message'
+        days-before-stale: 60
        # Number of days of inactivity before a stale issue is closed
        days-before-close: 7
        # Issues with these labels will never be considered stale
        exempt-issue-labels: "on-hold,pinned,security"
        exempt-pr-labels: "on-hold,pinned,security"
        # Comment to post when marking an issue as stale.
        stale-issue-message: >
          This issue has been automatically marked as stale because it has not had
          recent activity. It will be closed if no further activity occurs. Thank you
          for your contributions.
        stale-pr-message: >
          This pull request has been automatically marked as stale because it has not had
          recent activity. It will be closed if no further activity occurs. Thank you
          for your contributions.
        # Label to use when marking an issue as stale
        stale-issue-label: 'no-issue-activity'
        stale-pr-label: 'no-pr-activity'
--- a/13
+++ b/13
@ -1,16 +1,19 @@
 # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
 # All charts
 /charts/ @mkilchhofer
 # Argo Workflows
-/charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler
+/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler
 # Argo CD
-/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler
+/charts/argo-cd/ @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler @mbevc1
 # Argo Events
-/charts/argo-events @jbehling @VaibhavPage @oliverbaehler
+/charts/argo-events/ @jbehling @VaibhavPage @oliverbaehler
 # Argo Rollouts
-/charts/argo-rollouts @cabrinha @oliverbaehler
+/charts/argo-rollouts/ @oliverbaehler
 # Argo CD Notifications
-/charts/argocd-notifications @alexmt @andyfeller @oliverbaehler
+/charts/argocd-notifications/ @alexmt @andyfeller @oliverbaehler @mbevc1
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -2,12 +2,60 @@
 Argo Helm is a collection of **community maintained** charts. Therefore we rely on you to test your changes sufficiently.
 # Pull Requests
 All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. See the above stated requirements for PR on this project.
 ## Versioning
 Each chart's version follows the [semver standard](https://semver.org/). New charts should start at version `1.0.0`, if it's considered stable. If it's not considered stable, it must be released as [prerelease](#prerelease).
 Any breaking changes to a chart (backwards incompatible) require:
  * Bump of the current Major version of the chart
  * State possible manual changes for this chart version in the `Upgrading` section of the chart's `README.md.gotmpl` ([See Upgrade](#upgrades))
 ### Immutability
 Each release for each chart must be immutable. Any change to a chart (even just documentation) requires a version bump. Trying to release the same version twice will result in an error.
 ### Artifact Hub Annotations
 Since we release our charts on Artifact Hub we encourage making use of the provided chart annotations for Artifact Hub.
  * [https://artifacthub.io/docs/topics/annotations/helm/](https://artifacthub.io/docs/topics/annotations/helm/)
 #### Changelog
 We want to deliver transparent chart releases for our chart consumers. Therefore we require a changelog per new chart release.
 Changes on a chart must be documented in a chart specific changelog in the `Chart.yaml` [Annotation Section](https://helm.sh/docs/topics/charts/#the-chartyaml-file). For every new release the entire `artifacthub.io/changes` needs to be rewritten. Each change requires a new bullet point following the pattern `- "[{type}]: {description}"`. You can use the following template:
 ```
 name: argo-cd
 version: 3.4.1
 ...
 annotations:
  artifacthub.io/changes: |
    - "[Added]: Something New was added"
    - "[Changed]: Changed Something within this chart"
    - "[Changed]: Changed Something else within this chart"
    - "[Deprecated]: Something deprecated"
    - "[Removed]: Something was removed"
    - "[Fixed]: Something was fixed"
    - "[Security]": Some Security Patch was included"
 ```
 # Testing
 ## Testing Argo Workflows Changes
 Minimally:
 ```
-helm install charts/argo -n argo
+helm install charts/argo-workflows -n argo
 argo version
 ```
@ -22,6 +70,12 @@ helm delete argo-cd --purge
 kubectl delete crd -l app.kubernetes.io/part-of=argocd
 ```
 Pre-requisites:
 ```
 helm repo add redis-ha https://dandydeveloper.github.io/charts/
 helm dependency update
 ```
 Minimally:
 ```
@ -80,7 +134,7 @@ As part of the Continuous Integration system we run Helm's [Chart Testing](https
 The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames.
-Linting configuration can be found in [lintconf.yaml](.circleci/lintconf.yaml)
+Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml)
 The linting can be invoked manually with the following command:
@ -90,11 +144,4 @@ The linting can be invoked manually with the following command:
 ## Publishing Changes
-Changes are automatically publish whenever a commit is merged to master. The CI job (see `.circleci/config.yaml`) runs this:
+Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`).
 ```
 GIT_PUSH=true ./scripts/publish.sh
 ```
 Script generates tar file for each chart in `charts` directory and push changes to `gh-pages` branch.
 Write access to https://github.com/argoproj/argo-helm.git is required to publish changes.
--- a/README.md
+++ b/README.md
@ -1,7 +1,14 @@
 # Argo Helm Charts
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml)
 Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command:
 ```
 helm repo add argo https://argoproj.github.io/argo-helm
 ```
 ## Contributing
 We'd love to have you contribute! Please refer to our [contribution guidelines](CONTRIBUTING.md) for details.
--- a/charts/argo-cd/Chart.lock
+++ b/charts/argo-cd/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
  repository: https://dandydeveloper.github.io/charts/
-  version: 4.12.14
+  version: 4.12.17
-digest: sha256:34275a4f4df92c570d07b0553da5d1fa200b6f057f7091746c853fd7399ee30a
+digest: sha256:ad1833436031e3578165d48646c90323040fa1bc00d9235fe7ba7c67b20094ec
-generated: "2021-05-03T16:02:41.4356045-04:00"
+generated: "2021-07-27T16:35:27.2509236-04:00"
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -34,13 +34,65 @@ Changes in the `CustomResourceDefinition` resources shall be fixed easily by cop
 ## Upgrading
 ### 3.13.0
 This release removes the flag `--staticassets` from argocd server as it has been dropped upstream. If this flag needs to be enabled e.g for older releases of ArgoCD, it can be passed via the `server.extraArgs` field
 ### 3.10.2
 ArgoCD has recently deprecated the flag `--staticassets` and from chart version `3.10.2` has been disabled by default
 It can be re-enabled by setting `server.staticAssets.enabled` to true
 ### 3.8.1
 This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization:
 ```yaml
 # Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name)
 repoServer:
  serviceAccount:
    create: true
 # Case 2)
 controller:
  serviceAccount:
    name: "" # or <nil>
 # Case 3)
 dex:
  serviceAccount:
    name: "" # or <nil>
 # Case 4)
 server:
  serviceAccount:
    name: "" # or <nil>
 ```
 Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE)
 ### 3.2.*
 With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637).
 [Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an ArgoCD instance**,
 especially deploying on clusters running a cluster version prior to `1.19` (which misses  `Ingress` on apiVersion `networking.k8s.io/v1`).
 If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like:
 ```yaml
 kubeVersionOverride: "1.18.0"
 ```
 Then you should no longer encounter this issue.
 ### 3.0.0 and above
 Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3.
 ### 2.14.7 and above
-The `matchLabels` key in the ArgoCD Appliaction Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
+The `matchLabels` key in the ArgoCD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
 ### 2.10.x to 2.11.0
@ -68,6 +120,7 @@ server:
 ## Prerequisites
 - Kubernetes 1.7+
 - Helm v3.0.0+
 ## Installing the Chart
@ -82,25 +135,29 @@ NAME: my-release
 ...
 ```
 ### Helm v3 Compatibility
 Requires chart version 1.5.2 or newer.
 Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
 ## Chart Values
 | Parameter | Description | Default |
 |-----|------|---------|
 | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
 | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
-| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.8.4"` |
+| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v2.1.2"` |
 | global.podAnnotations | Annotations for the all deployed pods |
 | global.podLabels | Labels for the all deployed pods |
 | global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
 | global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
 | global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
 | global.networkPolicy.create | Create NetworkPolicy objects for all components | `false` |
 | global.networkPolicy.defaultDenyIngress | Default deny all ingress traffic | `false` |
 | kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` |
 | nameOverride | Provide a name in place of `argocd` | `"argocd"` |
-| installCRDs | Install CRDs if you are using Helm2. | `true` |
+| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` |
 | apiVersionOverrides.certmanager | String to override apiVersion of certmanager resources rendered by this helm chart | `""` |
 | apiVersionOverrides.ingress | String to override apiVersion of ingresses rendered by this helm chart | `""` |
 | createAggregateRoles | Create clusterroles that extend aggregated roles to use argo-cd crds | `false` |
 | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
 | configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` |
 | configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) |
 | configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` |
 | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
 | configs.secret.annotations | Annotations for argocd-secret | `{}` |
@ -110,9 +167,13 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | configs.secret.createSecret | Create the argocd-secret. | `true` |
 | configs.secret.githubSecret | GitHub incoming webhook secret | `""` |
 | configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` |
 | configs.repositoryCredentials | DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories. | `{}` |
 | configs.credentialTemplates | Repository credentials to be used as Templates for other repos. | `{}` |
 | configs.repositories | Repositories list to be used by applications. | `{}` |
 | configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` |
 | configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) |
 | configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` |
 | configs.styles | Define custom CSS styles for your argo instance ([Read More](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/)). This Settings will automatically mount the provided css and reference it in the argo configuration. | `""` (See [values.yaml](values.yaml)) |
 | openshift.enabled | enables using arbitrary uid for argo repo server | `false` |
 ## ArgoCD Controller
@ -129,6 +190,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` |
 | controller.enableStatefulSet | Enable deploying the controller as a StatefulSet instead of a Deployment. Used for HA installations. | `false` |
 | controller.env | Environment variables for the controller. | `[]` |
 | controller.envFrom | `envFrom` to pass to the controller. | `[]` (See [values.yaml](values.yaml)) |
 | controller.image.repository | Repository to use for the controller | `global.image.repository` |
 | controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` |
 | controller.image.tag | Tag to use for the controller | `global.image.tag` |
@ -144,6 +206,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | controller.metrics.service.servicePort | Metrics service port | `8082` |
 | controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
 | controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
 | controller.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` |
 | controller.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` |
 | controller.name | Controller name string. | `"application-controller"` |
 | controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
 | controller.podAnnotations | Annotations for the controller pods | `{}` |
@ -180,6 +244,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | repoServer.containerPort | Repo server port | `8081` |
 | repoServer.extraArgs | Additional arguments for the repo server. A  list of flags. | `[]` |
 | repoServer.env | Environment variables for the repo server. | `[]` |
 | repoServer.envFrom | `envFrom` to pass to the repo server. | `[]` (See [values.yaml](values.yaml)) |
 | repoServer.image.repository | Repository to use for the repo server | `global.image.repository` |
 | repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` |
 | repoServer.image.tag | Tag to use for the repo server | `global.image.tag` |
@ -195,6 +260,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | repoServer.metrics.service.servicePort | Metrics service port | `8082` |
 | repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
 | repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
 | repoServer.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` |
 | repoServer.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` |
 | repoServer.name | Repo server name | `"repo-server"` |
 | repoServer.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
 | repoServer.podAnnotations | Annotations for the repo server pods | `{}` |
@ -237,9 +304,13 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | server.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
 | server.configAnnotations | ArgoCD configuration configmap annotations | `{}` |
 | server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) |
 | server.config.repositories | [DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories.](https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#legacy-behaviour) | See [values.yaml](values.yaml) |
 | server.containerPort | Server container port. | `8080` |
 | server.extraArgs | Additional arguments for the server. A list of flags. | `[]` |
 | server.extraContainers | Additional containers for the server. A list of containers. | `[]` |
 | server.staticAssets.enabled | Disable deprecated flag --staticassets | `false` |
 | server.env | Environment variables for the server. | `[]` |
 | server.envFrom | `envFrom` to pass to the server. | `[]` (See [values.yaml](values.yaml)) |
 | server.image.repository | Repository to use for the server | `global.image.repository` |
 | server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` |
 | server.image.tag | Tag to use for the server | `global.image.tag` |
@ -256,6 +327,9 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` |
 | server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` |
 | server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` |
 | server.ingressGrpc.isAWSALB | Setup up GRPC ingress to work with an AWS ALB | `false` |
 | server.ingressGrpc.awsALB.serviceType | Service type for the AWS ALB GRPC service | `NodePort` |
 | server.ingressGrpc.awsALB.backendProtocolVersion | Backend protocol version for the AWS ALB GRPC service | `HTTP2` |
 | server.route.enabled | Enable a OpenShift route for the server | `false` |
 | server.route.hostname | Hostname of OpenShift route | `""` |
 | server.lifecycle | PostStart and PreStop hooks configuration | `{}` |
@ -271,6 +345,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | server.metrics.service.servicePort | Metrics service port | `8082` |
 | server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
 | server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
 | server.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` |
 | server.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` |
 | server.name | Argo CD server name | `"server"` |
 | server.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
 | server.podAnnotations | Annotations for the server pods | `{}` |
@ -323,18 +399,35 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
 | dex.metrics.service.labels | Metrics service labels | `{}` |
 | dex.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
 | dex.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
 | dex.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` |
 | dex.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` |
 | dex.name | Dex name | `"dex-server"` |
 | dex.env | Environment variables for the Dex server. | `[]` |
 | dex.envFrom | `envFrom` to pass to the Dex server. | `[]` (See [values.yaml](values.yaml)) |
 | dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
 | dex.podAnnotations | Annotations for the Dex server pods | `{}` |
 | dex.podLabels | Labels for the Dex server pods | `{}` |
 | dex.livenessProbe.enabled | Enable Kubernetes liveness probe for Dex >= 2.28.0 | `false` |
 | dex.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
 | dex.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) |`10` |
 | dex.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
 | dex.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
 | dex.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
 | dex.readinessProbe.enabled | Enable Kubernetes readiness probe for Dex >= 2.28.0 | `false` |
 | dex.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
 | dex.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) |`10` |
 | dex.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
 | dex.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
 | dex.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
 | dex.priorityClassName | Priority class for dex | `""` |
 | dex.resources | Resource limits and requests for dex | `{}` |
 | dex.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` |
 | dex.serviceAccount.create | Create dex service account | `true` |
 | dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` |
 | dex.servicePortGrpc | Server GRPC port | `5557` |
 | dex.servicePortGrpcName | Server GRPC port name | `grpc` |
 | dex.servicePortHttp | Server HTTP port | `5556` |
 | dex.servicePortHttpName | Server GRPC port name | `http` |
 | dex.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
 | dex.volumeMounts | Dex volume mounts | `"/shared"` |
 | dex.volumes | Dex volumes | `{}` |
@ -358,6 +451,7 @@ through `xxx.extraArgs`
 | redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` |
 | redis.name | Redis name | `"redis"` |
 | redis.env | Environment variables for the Redis server. | `[]` |
 | redis.envFrom | `envFrom` to pass to the Redis server. | `[]` (See [values.yaml](values.yaml)) |
 | redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
 | redis.podAnnotations | Annotations for the Redis server pods | `{}` |
 | redis.podLabels | Labels for the Redis server pods | `{}` |
@ -378,3 +472,25 @@ through `xxx.extraArgs`
 | redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` |
 [gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/
 ### Using AWS ALB Ingress Controller With GRPC
 If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
 Example:
 ```yaml
 server:
  ingress:
    enabled: true
    annotations:
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
  ingressGrpc:
    enabled: true
    isAWSALB: true
    awsALB:
      serviceType: ClusterIP
 ```
--- a/charts/argo-cd/crds/crd-application.yaml
+++ b/charts/argo-cd/crds/crd-application.yaml
@ -5,8 +5,6 @@ metadata:
    app.kubernetes.io/name: applications.argoproj.io
    app.kubernetes.io/part-of: argocd
  name: applications.argoproj.io
  annotations:
    helm.sh/hook: crd-install
 spec:
  group: argoproj.io
  names:
@ -269,6 +267,12 @@ spec:
                              type: string
                            description: CommonLabels is a list of additional labels to add to rendered manifests
                            type: object
                          forceCommonAnnotations:
                            description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
                            type: boolean
                          forceCommonLabels:
                            description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
                            type: boolean
                          images:
                            description: Images is a list of Kustomize image override specifications
                            items:
@ -367,6 +371,10 @@ spec:
                  properties:
                    group:
                      type: string
                    jqPathExpressions:
                      items:
                        type: string
                      type: array
                    jsonPointers:
                      items:
                        type: string
@ -378,7 +386,6 @@ spec:
                    namespace:
                      type: string
                  required:
                  - jsonPointers
                  - kind
                  type: object
                type: array
@ -545,6 +552,12 @@ spec:
                          type: string
                        description: CommonLabels is a list of additional labels to add to rendered manifests
                        type: object
                      forceCommonAnnotations:
                        description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
                        type: boolean
                      forceCommonLabels:
                        description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
                        type: boolean
                      images:
                        description: Images is a list of Kustomize image override specifications
                        items:
@ -840,6 +853,12 @@ spec:
                                type: string
                              description: CommonLabels is a list of additional labels to add to rendered manifests
                              type: object
                            forceCommonAnnotations:
                              description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
                              type: boolean
                            forceCommonLabels:
                              description: ForceCommonLabels specifies whether toforce applying common labels to resources for Kustomizeapps
                              type: boolean
                            images:
                              description: Images is a list of Kustomize image override specifications
                              items:
@ -1136,6 +1155,12 @@ spec:
                                      type: string
                                    description: CommonLabels is a list of additional labels to add to rendered manifests
                                    type: object
                                  forceCommonAnnotations:
                                    description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
                                    type: boolean
                                  forceCommonLabels:
                                    description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
                                    type: boolean
                                  images:
                                    description: Images is a list of Kustomize image override specifications
                                    items:
@ -1414,6 +1439,12 @@ spec:
                                  type: string
                                description: CommonLabels is a list of additional labels to add to rendered manifests
                                type: object
                              forceCommonAnnotations:
                                description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
                                type: boolean
                              forceCommonLabels:
                                description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
                                type: boolean
                              images:
                                description: Images is a list of Kustomize image override specifications
                                items:
@ -1689,6 +1720,12 @@ spec:
                                  type: string
                                description: CommonLabels is a list of additional labels to add to rendered manifests
                                type: object
                              forceCommonAnnotations:
                                description: ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
                                type: boolean
                              forceCommonLabels:
                                description: ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
                                type: boolean
                              images:
                                description: Images is a list of Kustomize image override specifications
                                items:
--- a/charts/argo-cd/crds/crd-project.yaml
+++ b/charts/argo-cd/crds/crd-project.yaml
@ -5,8 +5,6 @@ metadata:
    app.kubernetes.io/name: appprojects.argoproj.io
    app.kubernetes.io/part-of: argocd
  name: appprojects.argoproj.io
  annotations:
    helm.sh/hook: crd-install
 spec:
  group: argoproj.io
  names:
--- a/charts/argo-cd/templates/NOTES.txt
+++ b/charts/argo-cd/templates/NOTES.txt
@ -1,3 +1,9 @@
 {{- if or .Values.configs.repositoryCredentials .Values.server.config.repositories }}
 WARNING: You are using configs.repositoryCredentials and/or server.config.repositories parameter that are DEPRECATED
 Instead, use configs.repositoryTemplates and/or configs.repositories parameters
 Read More about here: https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#legacy-behaviour
 {{- end}}
 In order to access the server UI you have the following options:
 1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
@ -9,7 +15,8 @@ In order to access the server UI you have the following options:
      - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts
-After reaching the UI the first time you can login with username: admin and the password will be the
+After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
 name of the server pod. You can get the pod name by running:
-kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2
+kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
 (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli)
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@ -42,10 +42,11 @@ Create dex name and version as used by the chart label.
 Create redis name and version as used by the chart label.
 */}}
 {{- define "argo-cd.redis.fullname" -}}
-{{ $redisHa := (index .Values "redis-ha") }}
+{{- $redisHa := (index .Values "redis-ha") -}}
 {{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}}
 {{- if $redisHa.enabled -}}
    {{- if $redisHa.haproxy.enabled -}}
-        {{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}}
+        {{- printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}}
    {{- end -}}
 {{- else -}}
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}}
@ -71,7 +72,7 @@ Create the name of the controller service account to use
 */}}
 {{- define "argo-cd.controllerServiceAccountName" -}}
 {{- if .Values.controller.serviceAccount.create -}}
-    {{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }}
+    {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.controller.serviceAccount.name }}
 {{- end -}}
@ -82,18 +83,29 @@ Create the name of the dex service account to use
 */}}
 {{- define "argo-cd.dexServiceAccountName" -}}
 {{- if .Values.dex.serviceAccount.create -}}
-    {{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }}
+    {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.dex.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the redis service account to use
 */}}
 {{- define "argo-cd.redisServiceAccountName" -}}
 {{- if .Values.redis.serviceAccount.create -}}
    {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.redis.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the ArgoCD server service account to use
 */}}
 {{- define "argo-cd.serverServiceAccountName" -}}
 {{- if .Values.server.serviceAccount.create -}}
-    {{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }}
+    {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.server.serviceAccount.name }}
 {{- end -}}
@ -104,7 +116,7 @@ Create the name of the repo-server service account to use
 */}}
 {{- define "argo-cd.repoServerServiceAccountName" -}}
 {{- if .Values.repoServer.serviceAccount.create -}}
-    {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }}
+    {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.repoServer.serviceAccount.name }}
 {{- end -}}
@ -148,11 +160,38 @@ app.kubernetes.io/component: {{ .component }}
 Return the appropriate apiVersion for ingress
 */}}
 {{- define "argo-cd.ingress.apiVersion" -}}
-{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if .Values.apiVersionOverrides.ingress -}}
 {{- print .Values.apiVersionOverrides.ingress -}}
 {{- else if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}}
 {{- print "extensions/v1beta1" -}}
-{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}}
 {{- print "networking.k8s.io/v1beta1" -}}
 {{- else -}}
 {{- print "networking.k8s.io/v1" -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Return the target Kubernetes version
 */}}
 {{- define "argo-cd.kubeVersion" -}}
  {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
 {{- end -}}
 {{/* 
 Argo Configuration Preset Values (Incluenced by Values configuration)
 */}}
 {{- define "argo-cd.config.presets" -}}
  {{- if .Values.configs.styles }}
 ui.cssurl: "./custom/custom.styles.css"
  {{- end }}
 {{- end -}}
 {{/* 
 Merge Argo Configuration with Preset Configuration
 */}}
 {{- define "argo-cd.config" -}}
  {{- if .Values.server.configEnabled -}}
 {{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }}
  {{- end -}}
 {{- end -}}
--- a/charts/argo-cd/templates/argocd-aggregate-roles.yaml
+++ b/charts/argo-cd/templates/argocd-aggregate-roles.yaml
@ -0,0 +1,67 @@
 {{- if .Values.createAggregateRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "argo-cd.fullname" . }}-aggregate-to-view
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
 rules:
 - apiGroups:
  - argoproj.io
  resources:
  - applications
  - appprojects
  verbs:
  - get
  - list
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit
  labels:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
 rules:
 - apiGroups:
  - argoproj.io
  resources:
  - applications
  - appprojects
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
 rules:
 - apiGroups:
  - argoproj.io
  resources:
  - applications
  - appprojects
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
@ -6,6 +6,9 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
 {{- if .Values.controller.clusterRoleRules.enabled }}
 {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }}
 {{ else }}
 - apiGroups:
  - '*'
  resources:
@ -16,4 +19,5 @@ rules:
  - '*'
  verbs:
  - '*'
-{{- end }}
+{{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -17,17 +17,15 @@ spec:
  replicas: {{ .Values.controller.replicas }}
  template:
    metadata:
-      {{- if .Values.controller.podAnnotations }}
+      {{- with (mergeOverwrite .Values.global.podAnnotations .Values.controller.podAnnotations) }}
      annotations:
-      {{- range $key, $value := .Values.controller.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
        app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
-        {{- if .Values.controller.podLabels }}
+        {{- with (mergeOverwrite .Values.global.podLabels .Values.controller.podLabels) }}
-{{- toYaml .Values.controller.podLabels | nindent 8 }}
+          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.global.imagePullSecrets }}
@ -50,6 +48,8 @@ spec:
        - {{ .Values.controller.args.selfHealTimeout | quote }}
        - --repo-server
        - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
        - --repo-server-timeout-seconds
        - {{ .Values.controller.args.repoServerTimeoutSeconds | quote }}
        - --logformat
        - {{ .Values.controller.logFormat }}
        - --loglevel
@ -70,6 +70,9 @@ spec:
        {{- if .Values.controller.env }}
        env:
 {{- toYaml .Values.controller.env | nindent 8 }}
        {{- end }}
        {{- with .Values.controller.envFrom }}
        envFrom: {{- toYaml . | nindent 8 }}
        {{- end }}
        ports:
        - name: controller
@ -92,12 +95,15 @@ spec:
          timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
          successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
          failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
        workingDir: /home/argocd
        volumeMounts:
        - name: argocd-home
          mountPath: /home/argocd
        - mountPath: /app/config/controller/tls
          name: argocd-repo-server-tls
-{{- if .Values.controller.volumeMounts }}
+        {{- with .Values.controller.volumeMounts }}
-{{- toYaml .Values.controller.volumeMounts | nindent 10}}
+        {{- toYaml . | nindent 8 }}
-{{- end }}
+        {{- end }}
        resources:
 {{- toYaml .Values.controller.resources | nindent 10 }}
    {{- if .Values.controller.nodeSelector }}
@ -118,6 +124,8 @@ spec:
 {{ toYaml . | indent 6 }}
 {{- end }}
      volumes:
      - emptyDir: {}
        name: argocd-home
      - name: argocd-repo-server-tls
        secret:
          items:
@ -129,9 +137,9 @@ spec:
            path: ca.crt
          optional: true
          secretName: argocd-repo-server-tls
-{{- if .Values.controller.volumes }}
+      {{- with .Values.controller.volumes }}
-{{- toYaml .Values.controller.volumes | nindent 8 }}
+      {{- toYaml . | nindent 6 }}
-{{- end }}
+      {{- end }}
 {{- if .Values.controller.priorityClassName }}
      priorityClassName: {{ .Values.controller.priorityClassName }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml
@ -0,0 +1,19 @@
 {{- if .Values.global.networkPolicy.create }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
  name: {{ template "argo-cd.controller.fullname" . }}
 spec:
  ingress:
  - from:
    - namespaceSelector: {}
    ports:
    - port: controller
  podSelector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
  policyTypes:
  - Ingress
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
@ -3,22 +3,32 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  {{- if .Values.controller.metrics.serviceMonitor.namespace }}
+  {{- with .Values.controller.metrics.serviceMonitor.namespace }}
-  namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
+  namespace: {{ . }}
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    {{- if .Values.controller.metrics.serviceMonitor.selector }}
+    {{- with .Values.controller.metrics.serviceMonitor.selector }}
-{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
-    {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
+    {{- with .Values.controller.metrics.serviceMonitor.additionalLabels }}
-{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  endpoints:
    - port: metrics
-      interval: 30s
+      {{- with .Values.controller.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.controller.metrics.serviceMonitor.relabelings }}
      relabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }}
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
  namespaceSelector:
    matchNames:
      - {{ .Release.Namespace }}
@ -26,4 +36,3 @@ spec:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
@ -11,6 +11,5 @@ metadata:
    {{ $key }}: {{ $value | quote }}
  {{- end }}
  {{- end }}
-data:
+data: {{- include "argo-cd.config" $ | nindent 4 }}
 {{- toYaml .Values.server.config | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml
@ -0,0 +1,16 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  {{- if .Values.configs.gpgKeysAnnotations }}
  annotations:
    {{- range $key, $value := .Values.configs.gpgKeysAnnotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
  name: argocd-gpg-keys-cm
 {{- with .Values.configs.gpgKeys }}
 data:
  {{- toYaml . | nindent 2 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
@ -36,7 +36,7 @@ data:
  {{- end }}
  {{- if .Values.configs.secret.argocdServerAdminPassword }}
  admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }}
-  admin.passwordMtime: {{ default (date "2006-01-02T15:04:05Z" now) .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }}
+  admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }}
  {{- end }}
  {{- range $key, $value := .Values.configs.secret.extra }}
  {{ $key }}: {{ $value | b64enc }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml
@ -0,0 +1,11 @@
 {{- if .Values.configs.styles }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-custom-styles
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 data:
  custom.styles.css: |
    {{- .Values.configs.styles | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret-legacy.yaml
@ -10,4 +10,4 @@ data:
 {{- range $key, $value := .Values.configs.repositoryCredentials }}
  {{ $key }}: {{ $value | b64enc }}
 {{- end }}
-{{- end }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
@ -0,0 +1,14 @@
 {{- range $repo_cred_key, $repo_cred_value := .Values.configs.credentialTemplates }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-creds-{{ $repo_cred_key }}
  labels:
    argocd.argoproj.io/secret-type: repo-creds
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
 data:
  {{- range $key, $value := $repo_cred_value }}
  {{ $key }}: {{ $value | toString | b64enc }}
  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
@ -0,0 +1,14 @@
 {{- range $repo_key, $repo_value := .Values.configs.repositories }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-{{ $repo_key }}
  labels:
    argocd.argoproj.io/secret-type: repository
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
 data:
  {{- range $key, $value := $repo_value }}
  {{ $key }}: {{ $value | b64enc }}
  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -16,17 +16,15 @@ spec:
  {{- end }}
  template:
    metadata:
-      {{- if .Values.repoServer.podAnnotations }}
+      {{- with (mergeOverwrite .Values.global.podAnnotations .Values.repoServer.podAnnotations) }}
      annotations:
-      {{- range $key, $value := .Values.repoServer.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }}
        app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
-        {{- if .Values.repoServer.podLabels }}
+        {{- with (mergeOverwrite .Values.global.podLabels .Values.repoServer.podLabels) }}
-{{- toYaml .Values.repoServer.podLabels | nindent 8 }}
+          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.global.imagePullSecrets }}
@ -40,8 +38,7 @@ spec:
      - name: {{ .Values.repoServer.name }}
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
-        command:
+        args:
        - uid_entrypoint.sh
        - argocd-repo-server
        {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
        - --redis
@ -67,10 +64,15 @@ spec:
          value: argocd
 {{- end }}
 {{- end }}
        {{- with .Values.repoServer.envFrom }}
        envFrom: {{- toYaml . | nindent 8 }}
        {{- end }}
        volumeMounts:
        {{- if .Values.repoServer.volumeMounts }}
-{{- toYaml .Values.repoServer.volumeMounts | nindent 8}}
+          {{- toYaml .Values.repoServer.volumeMounts | nindent 8 }}
        {{- end }}
        - mountPath: /app/config/gpg/source
          name: gpg-keys
        - mountPath: /app/config/gpg/keys
          name: gpg-keyring
        {{- if .Values.configs.knownHosts }}
@ -131,8 +133,11 @@ spec:
 {{- end }}
      volumes:
      {{- if .Values.repoServer.volumes }}
-{{- toYaml .Values.repoServer.volumes | nindent 6}}
+        {{- toYaml .Values.repoServer.volumes | nindent 6 }}
      {{- end }}
      - name: gpg-keys
        configMap:
          name: argocd-gpg-keys-cm
      - emptyDir: {}
        name: gpg-keyring
      {{- if .Values.configs.knownHosts }}
--- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml
@ -0,0 +1,31 @@
 {{- if .Values.global.networkPolicy.create }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
  name: {{ template "argo-cd.repoServer.fullname" . }}
 spec:
  ingress:
  - from:
    - podSelector:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
    - podSelector:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
    ports:
    - port: repo-server
      protocol: TCP
  {{- if .Values.repoServer.metrics.enabled }}
  - from:
    - namespaceSelector: {}
    ports:
    - port: metrics
  {{- end }}
  podSelector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
  policyTypes:
  - Ingress
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
@ -3,22 +3,32 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  {{- if .Values.repoServer.metrics.serviceMonitor.namespace }}
+  {{- with .Values.repoServer.metrics.serviceMonitor.namespace }}
-  namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }}
+  namespace: {{ . }}
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
-    {{- if .Values.repoServer.metrics.serviceMonitor.selector }}
+    {{- with .Values.repoServer.metrics.serviceMonitor.selector }}
-{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
-    {{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }}
+    {{- with .Values.repoServer.metrics.serviceMonitor.additionalLabels }}
-{{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  endpoints:
    - port: metrics
-      interval: 30s
+      {{- with .Values.repoServer.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.repoServer.metrics.serviceMonitor.relabelings }}
      relabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.repoServer.metrics.serviceMonitor.metricRelabelings }}
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
  namespaceSelector:
    matchNames:
      - {{ .Release.Namespace }}
@ -26,4 +36,3 @@ spec:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml
+++ b/charts/argo-cd/templates/argocd-server/alb-grpc-service.yaml
@ -0,0 +1,24 @@
 {{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}}
 apiVersion: v1
 kind: Service
 metadata:
  annotations:
    alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }}
  name: {{ template "argo-cd.server.fullname" . }}-grpc
 spec:
  ports:
  - name: {{ .Values.server.service.servicePortHttpName }}
    protocol: TCP
    port: {{ .Values.server.service.servicePortHttp }}
    targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
  - name: {{ .Values.server.service.servicePortHttpsName }}
    protocol: TCP
    port: {{ .Values.server.service.servicePortHttps }}
    targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
  sessionAffinity: None
  type: {{ .Values.server.ingressGrpc.awsALB.serviceType }}
 {{- end -}}
--- a/charts/argo-cd/templates/argocd-server/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-server/certificate.yaml
@ -1,5 +1,7 @@
 {{- if .Values.server.certificate.enabled -}}
-{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
+{{- if .Values.apiVersionOverrides.certmanager -}}
 apiVersion: {{ .Values.apiVersionOverrides.certmanager }}
 {{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
 apiVersion: cert-manager.io/v1
 {{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
 apiVersion: cert-manager.io/v1alpha3
@ -23,5 +25,5 @@ spec:
  issuerRef:
    kind: {{ .Values.server.certificate.issuer.kind | quote }}
    name: {{ .Values.server.certificate.issuer.name | quote }}
-  secretName: argocd-secret
+  secretName: {{ .Values.server.certificate.secretName | quote }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -16,17 +16,15 @@ spec:
  {{- end }}
  template:
    metadata:
-      {{- if .Values.server.podAnnotations }}
+      {{- with (mergeOverwrite .Values.global.podAnnotations .Values.server.podAnnotations) }}
      annotations:
-      {{- range $key, $value := .Values.server.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
        app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }}
-        {{- if .Values.server.podLabels }}
+        {{- with (mergeOverwrite .Values.global.podLabels .Values.server.podLabels) }}
-{{- toYaml .Values.server.podLabels | nindent 8 }}
+          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.global.imagePullSecrets }}
@ -42,8 +40,10 @@ spec:
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }}
        command:
        - argocd-server
        {{ if .Values.server.staticAssets.enabled }}
        - --staticassets
        - /shared/app
        {{ end }}
        - --repo-server
        - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
        {{- if .Values.dex.enabled }}
@ -67,6 +67,9 @@ spec:
        {{- if .Values.server.env }}
        env:
 {{- toYaml .Values.server.env | nindent 8 }}
        {{- end }}
        {{- with .Values.server.envFrom }}
        envFrom: {{- toYaml . | nindent 8 }}
        {{- end }}
        volumeMounts:
        {{- if .Values.server.volumeMounts }}
@ -82,6 +85,13 @@ spec:
        {{- end }}
        - mountPath: /app/config/server/tls
          name: argocd-repo-server-tls
        {{- if .Values.configs.styles }}
        - mountPath: "/shared/app/custom/custom.styles.css"
          subPath: "custom.styles.css"
          name: custom-styles
        {{- end }}
        - mountPath: /tmp
          name: tmp-dir
        ports:
        - name: {{ .Values.server.name }}
          containerPort: {{ .Values.server.containerPort }}
@ -141,6 +151,13 @@ spec:
      {{- end }}
      - emptyDir: {}
        name: static-files
      - emptyDir: {}
        name: tmp-dir
      {{- if .Values.configs.styles }}
      - configMap:
          name: argocd-custom-styles
        name: custom-styles
      {{- end }}
      {{- if .Values.configs.knownHosts }}
      - configMap:
          name: argocd-ssh-known-hosts-cm
--- a/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
+++ b/charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
@ -1,8 +1,9 @@
-{{- if .Values.server.ingressGrpc.enabled -}}
+{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}}
 {{- $serviceName := include "argo-cd.server.fullname" . -}}
 {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
 {{- $paths := .Values.server.ingressGrpc.paths -}}
 {{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
 {{- $pathType := .Values.server.ingressGrpc.pathType -}}
 apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
@ -36,7 +37,7 @@ spec:
          {{- range $p := $paths }}
          - path: {{ $p }}
            {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
-            pathType: Prefix
+            pathType: {{ $pathType }}
            {{- end }}
            backend:
              {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
@ -63,7 +64,7 @@ spec:
          {{- range $p := $paths }}
          - path: {{ $p }}
            {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
-            pathType: Prefix
+            pathType: {{ $pathType }}
            {{- end }}
            backend:
              {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
--- a/charts/argo-cd/templates/argocd-server/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/ingress.yaml
@ -3,6 +3,7 @@
 {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
 {{- $paths := .Values.server.ingress.paths -}}
 {{- $extraPaths := .Values.server.ingress.extraPaths -}}
 {{- $pathType := .Values.server.ingress.pathType -}}
 apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
@ -11,6 +12,10 @@ metadata:
  {{- range $key, $value := .Values.server.ingress.annotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
  {{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }}
    alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: |
      [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
  {{- end }}
 {{- end }}
  name: {{ template "argo-cd.server.fullname" . }}
  labels:
@ -34,10 +39,30 @@ spec:
          {{- toYaml $extraPaths | nindent 10 }}
          {{- end }}
          {{- range $p := $paths }}
          {{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }}
          - path: {{ $p }}
            {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
            pathType: Prefix
            {{- end }}
            backend:
              {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
              service:
                name: {{ template "argo-cd.server.fullname" $ }}-grpc
                port:
                  {{- if kindIs "float64" $servicePort }}
                  number: {{ $servicePort }}
                  {{- else }}
                  name: {{ $servicePort }}
                  {{- end }}
              {{- else }}
              serviceName: {{ template "argo-cd.server.fullname" $ }}-grpc
              servicePort: {{ $servicePort }}
              {{- end }}
            {{- end }}
          - path: {{ $p }}
            {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
            pathType: {{ $pathType }}
            {{- end }}
            backend:
              {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
              service:
@ -63,7 +88,7 @@ spec:
          {{- range $p := $paths }}
          - path: {{ $p }}
            {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
-            pathType: Prefix
+            pathType: {{ $pathType }}
            {{- end }}
            backend:
              {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
--- a/charts/argo-cd/templates/argocd-server/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-server/networkpolicy.yaml
@ -0,0 +1,16 @@
 {{- if .Values.global.networkPolicy.create }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
  name: {{ template "argo-cd.server.fullname" . }}
 spec:
  ingress:
  - {}
  podSelector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
  policyTypes:
  - Ingress
 {{- end }}
--- a/charts/argo-cd/templates/argocd-server/service.yaml
+++ b/charts/argo-cd/templates/argocd-server/service.yaml
@ -44,3 +44,9 @@ spec:
 {{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
 {{- end -}}
 {{- with .Values.server.service.externalTrafficPolicy }}
  externalTrafficPolicy: {{ . }}
 {{- end }}
 {{- with .Values.server.service.sessionAffinity }}
  sessionAffinity: {{ . }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml
@ -8,17 +8,27 @@ metadata:
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    {{- if .Values.server.metrics.serviceMonitor.selector }}
+    {{- with .Values.server.metrics.serviceMonitor.selector }}
-{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
-    {{- if .Values.server.metrics.serviceMonitor.additionalLabels }}
+    {{- with .Values.server.metrics.serviceMonitor.additionalLabels }}
-{{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  endpoints:
    - port: metrics
-      interval: 30s
+      {{- with .Values.server.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.server.metrics.serviceMonitor.relabelings }}
      relabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.server.metrics.serviceMonitor.metricRelabelings }}
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
  namespaceSelector:
    matchNames:
      - {{ .Release.Namespace }}
@ -26,4 +36,3 @@ spec:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }}
 {{- end }}
--- a/charts/argo-cd/templates/crds.yaml
+++ b/charts/argo-cd/templates/crds.yaml
@ -1,6 +0,0 @@
 {{- if .Values.installCRDs }}
 {{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
 {{ $.Files.Get $path }}
 ---
 {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/dex/deployment.yaml
+++ b/charts/argo-cd/templates/dex/deployment.yaml
@ -12,17 +12,15 @@ spec:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }}
  template:
    metadata:
-      {{- if .Values.dex.podAnnotations }}
+      {{- with (mergeOverwrite .Values.global.podAnnotations .Values.dex.podAnnotations) }}
      annotations:
-      {{- range $key, $value := .Values.dex.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }}
        app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }}
-        {{- if .Values.dex.podLabels }}
+        {{- with (mergeOverwrite .Values.global.podLabels .Values.dex.podLabels) }}
-{{- toYaml .Values.dex.podLabels | nindent 8 }}
+          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.global.imagePullSecrets }}
@ -62,6 +60,9 @@ spec:
        {{- if .Values.dex.env }}
        env:
 {{- toYaml .Values.dex.env | nindent 8 }}
        {{- end }}
        {{- with .Values.dex.envFrom }}
        envFrom: {{- toYaml . | nindent 8 }}
        {{- end }}
        ports:
        - name: http
@ -70,10 +71,26 @@ spec:
        - name: grpc
          containerPort: {{ .Values.dex.containerPortGrpc }}
          protocol: TCP
        {{- if .Values.dex.metrics.enabled }}
        - name: metrics
          containerPort: {{ .Values.dex.containerPortMetrics }}
          protocol: TCP
        {{- if .Values.dex.livenessProbe.enabled }}
        livenessProbe:
          httpGet:
            path: /healthz/live
            port: metrics
          {{- with .Values.dex.livenessProbe }}
            {{- omit . "enabled" | toYaml | nindent 10 }}
          {{- end }}
        {{- end }}
        {{- if .Values.dex.readinessProbe.enabled }}
        readinessProbe:
          httpGet:
            path: /healthz/ready
            port: metrics
          {{- with .Values.dex.readinessProbe }}
            {{- omit . "enabled" | toYaml | nindent 10 }}
          {{- end }}
        {{- end }}
        volumeMounts:
        - mountPath: /tmp
--- a/charts/argo-cd/templates/dex/networkpolicy.yaml
+++ b/charts/argo-cd/templates/dex/networkpolicy.yaml
@ -0,0 +1,31 @@
 {{- if and .Values.global.networkPolicy.create .Values.dex.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
  name: {{ template "argo-cd.dex.fullname" . }}
 spec:
  ingress:
  - from:
    - podSelector:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
    ports:
    - port: http
      protocol: TCP
    - port: grpc
      protocol: TCP
  {{- if .Values.dex.metrics.enabled }}
  - from:
    - namespaceSelector: {}
    ports:
    - port: metrics
      protocol: TCP
  {{- end }}
  podSelector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }}
  policyTypes:
  - Ingress
 {{- end }}
--- a/charts/argo-cd/templates/dex/service.yaml
+++ b/charts/argo-cd/templates/dex/service.yaml
@ -16,11 +16,11 @@ metadata:
 {{- end }}
 spec:
  ports:
-  - name: http
+  - name: {{ .Values.dex.servicePortHttpName }}
    protocol: TCP
    port: {{ .Values.dex.servicePortHttp }}
    targetPort: http
-  - name: grpc
+  - name: {{ .Values.dex.servicePortGrpcName }}
    protocol: TCP
    port: {{ .Values.dex.servicePortGrpc }}
    targetPort: grpc
--- a/charts/argo-cd/templates/dex/servicemonitor.yaml
+++ b/charts/argo-cd/templates/dex/servicemonitor.yaml
@ -3,26 +3,36 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.dex.fullname" . }}
-  {{- if .Values.dex.metrics.serviceMonitor.namespace }}
+  {{- with .Values.dex.metrics.serviceMonitor.namespace }}
-  namespace: {{ .Values.dex.metrics.serviceMonitor.namespace }}
+  namespace: {{ . }}
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
-    {{- if .Values.dex.metrics.serviceMonitor.selector }}
+    {{- with .Values.dex.metrics.serviceMonitor.selector }}
-{{- toYaml .Values.dex.metrics.serviceMonitor.selector | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
-    {{- if .Values.dex.metrics.serviceMonitor.additionalLabels }}
+    {{- with .Values.dex.metrics.serviceMonitor.additionalLabels }}
-{{- toYaml .Values.dex.metrics.serviceMonitor.additionalLabels | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  endpoints:
    - port: metrics
-      interval: 30s
+      {{- with .Values.dex.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.dex.metrics.serviceMonitor.relabelings }}
      relabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.dex.metrics.serviceMonitor.metricRelabelings }}
      metricRelabelings:
        {{- toYaml . |nindent 8 }}
      {{- end }}
  namespaceSelector:
    matchNames:
      - {{ .Release.Namespace }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }}
-{{- end }}
+{{- end }}
--- a/charts/argo-cd/templates/networkpolicy-default-deny.yaml
+++ b/charts/argo-cd/templates/networkpolicy-default-deny.yaml
@ -0,0 +1,12 @@
 {{- if and .Values.global.networkPolicy.create .Values.global.networkPolicy.defaultDenyIngress }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
  name: {{ template "argo-cd.fullname" . }}-default-deny
 spec:
  podSelector: {}
  policyTypes:
  - Ingress
 {{- end }}
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@ -12,23 +12,22 @@ spec:
      app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
  template:
    metadata:
-      {{- if .Values.redis.podAnnotations }}
+      {{- with (mergeOverwrite .Values.global.podAnnotations .Values.redis.podAnnotations) }}
      annotations:
-      {{- range $key, $value := .Values.redis.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }}
-        {{- if .Values.redis.podLabels }}
+        {{- with (mergeOverwrite .Values.global.podLabels .Values.redis.podLabels) }}
-{{- toYaml .Values.redis.podLabels | nindent 8 }}
+          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
-      automountServiceAccountToken: false
+      automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
      serviceAccountName: {{ template "argo-cd.redisServiceAccountName" . }}
      {{- if .Values.redis.securityContext }}
      securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }}
      {{- end }}
@ -50,11 +49,14 @@ spec:
        {{- if .Values.redis.env }}
        env:
 {{- toYaml .Values.redis.env | nindent 8 }}
        {{- end }}
        {{- with .Values.redis.envFrom }}
        envFrom: {{- toYaml . | nindent 8 }}
        {{- end }}
        ports:
        - containerPort: {{ .Values.redis.containerPort }}
          name: redis
 {{- if .Values.redis.volumeMounts }}
        volumeMounts:
 {{- toYaml .Values.redis.volumeMounts | nindent 10 }}
 {{- end }}
--- a/charts/argo-cd/templates/redis/networkpolicy.yaml
+++ b/charts/argo-cd/templates/redis/networkpolicy.yaml
@ -0,0 +1,29 @@
 {{- $redisHa := (index .Values "redis-ha") -}}
 {{- if and .Values.global.networkPolicy.create .Values.redis.enabled (not $redisHa.enabled) }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
  name: {{ template "argo-cd.redis.fullname" . }}
 spec:
  ingress:
  - from:
    - podSelector:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
    - podSelector:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }}
    - podSelector:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
    ports:
    - port: redis
      protocol: TCP
  podSelector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 6 }}
  policyTypes:
  - Ingress
 {{- end }}
--- a/charts/argo-cd/templates/redis/serviceaccount.yaml
+++ b/charts/argo-cd/templates/redis/serviceaccount.yaml
@ -0,0 +1,15 @@
 {{- if and .Values.redis.enabled .Values.redis.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ template "argo-cd.redisServiceAccountName" . }}
 {{- if .Values.redis.serviceAccount.annotations }}
  annotations:
  {{- range $key, $value := .Values.redis.serviceAccount.annotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
 {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -3,15 +3,17 @@
 ##
 nameOverride: argocd
 fullnameOverride: ""
-
+kubeVersionOverride: ""
 # Optional CRD installation for those without Helm hooks
 installCRDs: true
 global:
  image:
    repository: quay.io/argoproj/argocd
-    tag: v2.0.0
+    tag: v2.1.2
    imagePullPolicy: IfNotPresent
  ## Annotations applied to all pods
  podAnnotations: {}
  ## Labels applied to all pods
  podLabels: {}
  securityContext: {}
  #  runAsUser: 999
  #  runAsGroup: 999
@ -25,6 +27,21 @@ global:
  additionalLabels: {}
    # app: argo-cd
  networkPolicy:
    create: false
    defaultDenyIngress: false
 # Override APIVersions
 # If you want to template helm charts but cannot access k8s API server
 # you can set api versions here
 apiVersionOverrides:
  certmanager: "" # cert-manager.io/v1
  ingress: "" # networking.k8s.io/v1beta1
 ## Create clusterroles that extend existing clusterroles to interact with argo-cd crds
 ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
 createAggregateRoles: false
 ## Controller
 controller:
  name: application-controller
@ -47,6 +64,7 @@ controller:
    operationProcessors: "10"
    appResyncPeriod: "180"
    selfHealTimeout: "5"
    repoServerTimeoutSeconds: "60"
  ## Argo controller log format: text|json
  logFormat: text
@ -64,6 +82,14 @@ controller:
    # - name: "ARGOCD_CONTROLLER_REPLICAS"
    #   value: ""
  ## envFrom to pass to argocd-controller
  ##
  envFrom: []
  # - configMapRef:
  #     name: config-map-name
  # - secretRef:
  #     name: secret-name
  ## Annotations to be added to controller pods
  ##
  podAnnotations: {}
@ -79,6 +105,7 @@ controller:
    #   drop:
    #     - all
    # readOnlyRootFilesystem: true
    # runAsNonRoot: true
  ## Configures the controller port
  containerPort: 8082
@ -146,6 +173,9 @@ controller:
      servicePort: 8082
    serviceMonitor:
      enabled: false
      interval: 30s
      relabelings: []
      metricRelabelings: []
    #   selector:
    #     prometheus: kube-prometheus
    #   namespace: monitoring
@ -186,6 +216,13 @@ controller:
  ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
  clusterAdminAccess:
    enabled: true
  ## Enable Custom Rules for the Application Controller's Cluster Role resource
  ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
  ## Defaults to off
  clusterRoleRules:
    enabled: false
    rules: []
 ## Dex
 dex:
@ -199,10 +236,17 @@ dex:
      labels: {}
    serviceMonitor:
      enabled: false
      interval: 30s
      relabelings: []
      metricRelabelings: []
      # selector:
      #   prometheus: kube-prometheus
      # namespace: monitoring
      # additionalLabels: {}
  image:
-    repository: quay.io/dexidp/dex
+    repository: ghcr.io/dexidp/dex
-    tag: v2.26.0
+    tag: v2.30.0
    imagePullPolicy: IfNotPresent
  initImage:
    repository:
@ -213,6 +257,13 @@ dex:
  ##
  env: []
  ## envFrom to pass to the Dex server
  envFrom: []
  # - configMapRef:
  #     name: config-map-name
  # - secretRef:
  #     name: secret-name
  ## Annotations to be added to the Dex server pods
  ##
  podAnnotations: {}
@ -221,6 +272,23 @@ dex:
  ##
  podLabels: {}
  ## Probes for Dex server
  ## Supported from Dex >= 2.28.0
  livenessProbe:
    enabled: false
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  readinessProbe:
    enabled: false
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  serviceAccount:
    create: true
    name: argocd-dex-server
@ -242,8 +310,10 @@ dex:
  ## Dex deployment container ports
  containerPortHttp: 5556
  servicePortHttp: 5556
  servicePortHttpName: http
  containerPortGrpc: 5557
  servicePortGrpc: 5557
  servicePortGrpcName: grpc
  containerPortMetrics: 5558
  servicePortMetrics: 5558
@ -279,7 +349,7 @@ redis:
  image:
    repository: redis
-    tag: 6.2.1-alpine
+    tag: 6.2.4-alpine
    imagePullPolicy: IfNotPresent
  ## Additional command line arguments to pass to redis-server
@ -295,6 +365,14 @@ redis:
  ##
  env: []
  ## envFrom to pass to the Redis server
  ##
  envFrom: []
  # - configMapRef:
  #     name: config-map-name
  # - secretRef:
  #     name: secret-name
  ## Annotations to be added to the Redis server pods
  ##
  podAnnotations: {}
@ -322,10 +400,16 @@ redis:
  ## Redis Pod specific security context
  securityContext:
    runAsUser: 1000
    runAsGroup: 1000
    fsGroup: 1000
    runAsNonRoot: true
    runAsUser: 999
  serviceAccount:
    create: false
    name: ""
    ## Annotations applied to created service account
    annotations: {}
    ## Automount API credentials for the Service Account
    automountServiceAccountToken: false
  resources: {}
  #  limits:
@ -356,7 +440,7 @@ redis-ha:
    metrics:
      enabled: true
  image:
-    tag: 6.2.1-alpine
+    tag: 6.2.4-alpine
 ## Server
 server:
@ -381,10 +465,22 @@ server:
  extraArgs: []
  #  - --insecure
  # This flag is used to either remove or pass the CLI flag --staticassets /shared/app to the argocd-server app
  staticAssets:
    enabled: true
  ## Environment variables to pass to argocd-server
  ##
  env: []
  ## envFrom to pass to argocd-server
  ##
  envFrom: []
  # - configMapRef:
  #     name: config-map-name
  # - secretRef:
  #     name: secret-name
  ## Specify postStart and preStop lifecycle hooks for your argo-cd-server container
  ##
  lifecycle: {}
@ -456,8 +552,11 @@ server:
  certificate:
    enabled: false
    domain: argocd.example.com
-    issuer: {}
+    issuer:
      kind: # ClusterIssuer
      name: # letsencrypt
    additionalHosts: []
    secretName: argocd-server-tls
  ## Server service configuration
  service:
@ -475,6 +574,8 @@ server:
    loadBalancerIP: ""
    loadBalancerSourceRanges: []
    externalIPs: []
    externalTrafficPolicy: ""
    sessionAffinity: ""
  ## Server metrics service configuration
  metrics:
@ -485,6 +586,9 @@ server:
      servicePort: 8083
    serviceMonitor:
      enabled: false
      interval: 30s
      relabelings: []
      metricRelabelings: []
    #   selector:
    #     prometheus: kube-prometheus
    #   namespace: monitoring
@ -513,26 +617,46 @@ server:
      # - argocd.example.com
    paths:
      - /
    pathType: Prefix
    extraPaths:
      []
      # - path: /*
      #   backend:
      #     serviceName: ssl-redirect
      #     servicePort: use-annotation
      ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used)
      # - path: /*
      #   pathType: Prefix
      #   backend:
      #     service:
      #       name: ssl-redirect
      #       port:
      #         name: use-annotation
    tls:
      []
-      # - secretName: argocd-example-tls
+      # - secretName: argocd-tls-certificate
      #   hosts:
      #     - argocd.example.com
    https: false
-  # dedicated ingess for gRPC as documented at
+  # dedicated ingress for gRPC as documented at
  # https://argoproj.github.io/argo-cd/operator-manual/ingress/
  ingressGrpc:
    enabled: false
    isAWSALB: false
    annotations: {}
    labels: {}
    ingressClassName: ""
    awsALB:
      ## Service Type if isAWSALB is set to true
      ## Can be of type NodePort or ClusterIP depending on which mode you are
      ## are running. Instance mode needs type NodePort, IP mode needs type
      ## ClusterIP
      ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
      serviceType: NodePort
      # This tells AWS to send traffic from the ALB using HTTP2. Can use GRPC as well if you want to leverage GRPC specific features
      backendProtocolVersion: HTTP2
    ## Argo Ingress.
    ## Hostnames must be provided if Ingress is enabled.
    ## Secrets must be manually created in the namespace
@ -542,15 +666,24 @@ server:
      # - argocd.example.com
    paths:
      - /
    pathType: Prefix
    extraPaths:
      []
      # - path: /*
      #   backend:
      #     serviceName: ssl-redirect
      #     servicePort: use-annotation
      ## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used)
      # - path: /*
      #   pathType: Prefix
      #   backend:
      #     service:
      #       name: ssl-redirect
      #       port:
      #         name: use-annotation
    tls:
      []
-      # - secretName: argocd-example-tls
+      # - secretName: argocd-tls-certificate
      #   hosts:
      #     - argocd.example.com
    https: false
@ -571,6 +704,8 @@ server:
    url: https://argocd.example.com
    # Argo CD instance label key
    application.instanceLabelKey: argocd.argoproj.io/instance
    # DEPRECATED: Please instead use configs.credentialTemplates and configs.repositories
    # repositories: |
    #   - url: git@github.com:group/repo.git
    #     sshPrivateKeySecret:
@ -582,6 +717,7 @@ server:
    #   - type: helm
    #     url: https://argoproj.github.io/argo-helm
    #     name: argo
    # oidc.config: |
    #   name: AzureAD
    #   issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
@ -624,7 +760,7 @@ server:
  ## Annotations to be added to ArgoCD rbac ConfigMap
  rbacConfigAnnotations: {}
-  # Boolean determining whether or not to create the configmap. If false, it is expected tthe configmap will be created
+  # Boolean determining whether or not to create the configmap. If false, it is expected the configmap will be created
  # by something else. ArgoCD will not work if there is no configMap created with the name above.
  rbacConfigCreate: true
@ -754,6 +890,14 @@ repoServer:
  ##
  env: []
  ## envFrom to pass to argocd-repo-server
  ##
  envFrom: []
  # - configMapRef:
  #     name: config-map-name
  # - secretRef:
  #     name: secret-name
  ## Argo repoServer log format: text|json
  logFormat: text
  ## Argo repoServer log level
@ -833,6 +977,9 @@ repoServer:
      servicePort: 8084
    serviceMonitor:
      enabled: false
      interval: 30s
      relabelings: []
      metricRelabelings: []
    #   selector:
    #     prometheus: kube-prometheus
    #   namespace: monitoring
@ -908,6 +1055,27 @@ configs:
    #       insecure: false
    #       caData: "<base64 encoded certificate>"
  gpgKeysAnnotations: {}
  gpgKeys: {}
    # 4AEE18F83AFDEB23: |
    #     -----BEGIN PGP PUBLIC KEY BLOCK-----
    #
    #     mQENBFmUaEEBCACzXTDt6ZnyaVtueZASBzgnAmK13q9Urgch+sKYeIhdymjuMQta
    #     x15OklctmrZtqre5kwPUosG3/B2/ikuPYElcHgGPL4uL5Em6S5C/oozfkYzhwRrT
    #     SQzvYjsE4I34To4UdE9KA97wrQjGoz2Bx72WDLyWwctD3DKQtYeHXswXXtXwKfjQ
    #     7Fy4+Bf5IPh76dA8NJ6UtjjLIDlKqdxLW4atHe6xWFaJ+XdLUtsAroZcXBeWDCPa
    #     buXCDscJcLJRKZVc62gOZXXtPfoHqvUPp3nuLA4YjH9bphbrMWMf810Wxz9JTd3v
    #     yWgGqNY0zbBqeZoGv+TuExlRHT8ASGFS9SVDABEBAAG0NUdpdEh1YiAod2ViLWZs
    #     b3cgY29tbWl0IHNpZ25pbmcpIDxub3JlcGx5QGdpdGh1Yi5jb20+iQEiBBMBCAAW
    #     BQJZlGhBCRBK7hj4Ov3rIwIbAwIZAQAAmQEH/iATWFmi2oxlBh3wAsySNCNV4IPf
    #     DDMeh6j80WT7cgoX7V7xqJOxrfrqPEthQ3hgHIm7b5MPQlUr2q+UPL22t/I+ESF6
    #     9b0QWLFSMJbMSk+BXkvSjH9q8jAO0986/pShPV5DU2sMxnx4LfLfHNhTzjXKokws
    #     +8ptJ8uhMNIDXfXuzkZHIxoXk3rNcjDN5c5X+sK8UBRH092BIJWCOfaQt7v7wig5
    #     4Ra28pM9GbHKXVNxmdLpCFyzvyMuCmINYYADsC848QQFFwnd4EQnupo6QvhEVx1O
    #     j7wDwvuH5dCrLuLwtwXaQh0onG4583p0LGms2Mf5F+Ick6o/4peOlBoZz48=
    #     =Bvzs
    #     -----END PGP PUBLIC KEY BLOCK-----
  knownHostsAnnotations: {}
  knownHosts:
    data:
@ -958,25 +1126,48 @@ configs:
    #     +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK
    #     XWyb96wrUlv+E8I=
    #     -----END CERTIFICATE-----
-  # Creates a secret with optional repository credentials
+## # Creates a secret with optional repository credentials
-  repositoryCredentials:
+## DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories
-    {}
+  repositoryCredentials: {}
-    # sample-ssh-key: |
+
-    # -----BEGIN RSA PRIVATE KEY-----
+## Creates a secret for each key/value specified below to create repository credentials
-    # MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N
+  credentialTemplates: {}
-    # z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4
+    # github-enterprise-creds-1:
-    # nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB
+    #   url: https://github.com/argoproj
-    # AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x
+    #   githubAppID: 1
-    # O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe
+    #   githubAppInstallationID: 2
-    # tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6
+    #   githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3
-    # cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8
+    #   githubAppPrivateKey: |
-    # 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM
+    #     -----BEGIN OPENSSH PRIVATE KEY-----
-    # hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK
+    #     ...
-    # xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ
+    #     -----END OPENSSH PRIVATE KEY-----
-    # FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc
+    # https-creds:
-    # NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le
+    #   url: https://github.com/argoproj
-    # XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo=
+    #   password: my-password
-    # -----END RSA PRIVATE KEY-----
+    #   username: my-username
    # ssh-creds:
    #  url: git@github.com:argoproj-labs
    #  sshPrivateKey: |
    #    -----BEGIN OPENSSH PRIVATE KEY-----
    #    ...
    #    -----END OPENSSH PRIVATE KEY-----
 ## Creates a secret for each key/value specified below to create repositories
 ## Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredentials".
  repositories: {}
    # istio-helm-repo:
    #   url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
    #   name: istio.io
    #   type: helm
    # private-helm-repo:
    #   url: https://my-private-chart-repo.internal
    #   name: private-repo
    #   type: helm
    #   password: my-password
    #   username: my-username
    # private-repo:
    #   url: https://github.com/argoproj/private-repo
  secret:
    createSecret: true
    ## Annotations to be added to argocd-secret
@ -1011,9 +1202,16 @@ configs:
    # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
    # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
-    # argocdServerAdminPassword:
+    # argocdServerAdminPassword: ""
    # Password modification time defaults to current time if not set
    # argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z"
  ## Custom CSS Styles
  ## Reference: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
  # styles: |
  #  .nav-bar {
  #    background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
  #  }
 openshift:
  enabled: false
--- a/charts/argo-ci/Chart.yaml
+++ b/charts/argo-ci/Chart.yaml
@ -1,12 +0,0 @@
 apiVersion: v2
 description: A Helm chart for Argo-CI
 name: argo-ci
 version: 1.0.0
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 appVersion: v1.0.0-alpha2
 home: https://github.com/argoproj/argo-helm
 deprecated: true
 dependencies:
  - name: argo
    version: "^0.16.0"
    repository: https://argoproj.github.io/argo-helm
--- a/charts/argo-ci/README.md
+++ b/charts/argo-ci/README.md
@ -1,5 +0,0 @@
 # Argo CI Chart
 **Deprecated** - Use [Argo-Events](./argo-events) instead.
 This is a **community maintained** chart.
--- a/charts/argo-ci/templates/NOTES.txt
+++ b/charts/argo-ci/templates/NOTES.txt
--- a/charts/argo-ci/templates/_helpers.tpl
+++ b/charts/argo-ci/templates/_helpers.tpl
@ -1,16 +0,0 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "fullname" -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
--- a/charts/argo-ci/templates/ci-deployment.yaml
+++ b/charts/argo-ci/templates/ci-deployment.yaml
@ -1,39 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Release.Name }}-ci
  labels:
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  selector:
    matchLabels:
      app: {{ .Release.Name }}-ci
      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}-ci
        release: {{ .Release.Name }}
    spec:
      containers:
        - name: ci
          image: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}"
          imagePullPolicy: {{ .Values.imagePullPolicy }}
          env:
          - name: IN_CLUSTER
            value: "true"
          - name: NAMESPACE
            value: {{ .Values.workflowNamespace }}
          - name: ARGO_CI_IMAGE
            value: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}"
          - name: CONTROLLER_INSTANCE_ID
            value: {{ .Release.Name }}
          ports:
          - containerPort: 8001
          - containerPort: 8002
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
--- a/charts/argo-ci/templates/ci-service.yaml
+++ b/charts/argo-ci/templates/ci-service.yaml
@ -1,17 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Release.Name }}-ci
  labels:
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8001
  selector:
    app: {{ .Release.Name }}-ci
  sessionAffinity: None
  type: LoadBalancer
--- a/charts/argo-ci/values.yaml
+++ b/charts/argo-ci/values.yaml
@ -1,14 +0,0 @@
 imageNamespace: argoproj
 ciImage: argoci
 imageTag: v1.0.0-alpha2
 imagePullPolicy: Always
 # Secrets with credentials to pull images from a private registry
 imagePullSecrets: []
 # - name: argo-pull-secret
 workflowNamespace: default
 argo:
  imagesNamespace: argoproj
  installMinio: true
  minioBucketName: argo-artifacts
  useReleaseAsInstanceID: true
--- a/charts/argo-events/.helmignore
+++ b/charts/argo-events/.helmignore
@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
 ci/
--- a/charts/argo-events/Chart.yaml
+++ b/charts/argo-events/Chart.yaml
@ -1,7 +1,7 @@
 apiVersion: v2
 description: A Helm chart to install Argo-Events in k8s Cluster
 name: argo-events
-version: 1.4.0
+version: 1.7.0
 keywords:
  - argo-events
  - sensor-controller
@ -13,5 +13,9 @@ maintainers:
  - name: VaibhavPage
  - name: whynowy
 appVersion: 1.3.1
-icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
+icon: https://argoproj.github.io/argo-events/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 annotations:
  artifacthub.io/changes: |
    - "[Added]: Ability to specify additional/custom environment variables"
    - "[Fixed]: Charts icon url"
--- a/charts/argo-events/README.md
+++ b/charts/argo-events/README.md
@ -15,6 +15,6 @@ This is a **community maintained** chart. It installs the [argo-events](https://
 ## Notes on CRD Installation
-Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart.
+Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart.
 You can install the CRDs manually from `crds` folder.
--- a/charts/argo-events/ci/test-values.yaml
+++ b/charts/argo-events/ci/test-values.yaml
@ -1,6 +1,3 @@
 serviceAccount: argo-events-sa-test
 additionalSaNamespaces:
  - nsone
  - nstwo
 instanceID: test-argo-events
 singleNamespace: false
--- a/charts/argo-events/templates/argo-events-cluster-roles.yaml
+++ b/charts/argo-events/templates/argo-events-cluster-roles.yaml
@ -1,5 +1,4 @@
 {{- if not .Values.singleNamespace }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -26,9 +25,9 @@ kind: ClusterRole
 metadata:
  name: argo-events-role
 rules:
-{{- if .Values.additionalServiceAccountRules }}
+  {{- with .Values.additionalServiceAccountRules }}
-{{ .Values.additionalServiceAccountRules | toYaml | nindent 2}}
+    {{- toYaml . | nindent 2 }}
-{{- end }}
+  {{- end }}
  - apiGroups:
      - argoproj.io
    verbs:
--- a/charts/argo-events/templates/argo-events-roles.yaml
+++ b/charts/argo-events/templates/argo-events-roles.yaml
@ -1,5 +1,4 @@
 {{- if .Values.singleNamespace }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@ -28,8 +27,8 @@ metadata:
  name: argo-events-role
  namespace: {{ .Release.Namespace }}
 rules:
-  {{- if .Values.additionalServiceAccountRules }}
+  {{- with .Values.additionalServiceAccountRules }}
-  {{ .Values.additionalServiceAccountRules | toYaml | nindent 2}}
+    {{- toYaml . | nindent 2 }}
  {{- end }}
  - apiGroups:
      - argoproj.io
--- a/charts/argo-events/templates/argo-events-sa.yaml
+++ b/charts/argo-events/templates/argo-events-sa.yaml
@ -5,7 +5,11 @@ kind: ServiceAccount
 metadata:
  name: {{ .Values.serviceAccount }}
  namespace: {{ .Release.Namespace }}
  {{- with .Values.serviceAccountAnnotations }}
  annotations: {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- if .Values.additionalSaNamespaces }}
 {{ $annotations := .Values.serviceAccountAnnotations }}
 {{ $sa := .Values.serviceAccount }}
 {{- range $namespace := .Values.additionalSaNamespaces }}
 ---
@ -14,5 +18,8 @@ kind: ServiceAccount
 metadata:
  name: {{ $sa }}
  namespace: {{ $namespace }}
  {{- with $annotations }}
  annotations: {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/argo-events/templates/eventbus-controller-deployment.yaml
+++ b/charts/argo-events/templates/eventbus-controller-deployment.yaml
@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Release.Name }}-{{ .Values.eventbusController.name }}
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ .Release.Name }}-{{ .Values.eventbusController.name }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@ -35,6 +36,9 @@ spec:
            - --namespaced
          {{- end }}
          env:
          {{- with .Values.eventbusController.extraEnv }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: NAMESPACE
              valueFrom:
                fieldRef:
@ -55,6 +59,7 @@ spec:
              port: 8081
            initialDelaySeconds: 3
            periodSeconds: 3
          resources: {{- toYaml .Values.eventbusController.resources | nindent 12 }}
      {{- with .Values.eventbusController.priorityClassName }}
      priorityClassName: {{ . | quote }}
      {{- end }}
--- a/charts/argo-events/templates/eventbus-crd.yaml
+++ b/charts/argo-events/templates/eventbus-crd.yaml
@ -1,44 +0,0 @@
 {{- if .Values.installCRD }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: eventbus.argoproj.io
  annotations:
    helm.sh/hook: crd-install
    helm.sh/hook-delete-policy: before-hook-creation
 spec:
  group: argoproj.io
  names:
    kind: EventBus
    listKind: EventBusList
    plural: eventbus
    shortNames:
      - eb
    singular: eventbus
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-preserve-unknown-fields: true
          required:
          - metadata
          - spec
          type: object
      subresources:
        status: {}
 {{- end }}
--- a/charts/argo-events/templates/eventsource-controller-deployment.yaml
+++ b/charts/argo-events/templates/eventsource-controller-deployment.yaml
@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Release.Name }}-{{ .Values.eventsourceController.name }}
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@ -35,6 +36,9 @@ spec:
            - --namespaced
          {{- end }}
          env:
          {{- with .Values.eventsourceController.extraEnv }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: NAMESPACE
              valueFrom:
                fieldRef:
@ -53,6 +57,7 @@ spec:
              port: 8081
            initialDelaySeconds: 3
            periodSeconds: 3
          resources: {{- toYaml .Values.eventsourceController.resources | nindent 12 }}
      {{- with .Values.eventsourceController.priorityClassName }}
      priorityClassName: {{ . | quote }}
      {{- end }}
--- a/charts/argo-events/templates/eventsource-crd.yaml
+++ b/charts/argo-events/templates/eventsource-crd.yaml
@ -1,44 +0,0 @@
 {{- if .Values.installCRD }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: eventsources.argoproj.io
  annotations:
    helm.sh/hook: crd-install
    helm.sh/hook-delete-policy: before-hook-creation
 spec:
  group: argoproj.io
  scope: Namespaced
  names:
    kind: EventSource
    plural: eventsources
    singular: eventsource
    listKind: EventSourceList
    shortNames:
      - es
  versions:
    - name: v1alpha1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-preserve-unknown-fields: true
          required:
          - metadata
          - spec
          type: object
      subresources:
        status: {}
 {{- end }}
--- a/charts/argo-events/templates/sensor-controller-deployment.yaml
+++ b/charts/argo-events/templates/sensor-controller-deployment.yaml
@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Release.Name }}-{{ .Values.sensorController.name }}
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ .Release.Name }}-{{ .Values.sensorController.name }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@ -35,6 +36,9 @@ spec:
            - --namespaced
          {{- end }}
          env:
          {{- with .Values.sensorController.extraEnv }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: NAMESPACE
              valueFrom:
                fieldRef:
@ -53,6 +57,7 @@ spec:
              port: 8081
            initialDelaySeconds: 3
            periodSeconds: 3
          resources: {{- toYaml .Values.sensorController.resources | nindent 12 }}
      {{- with .Values.sensorController.priorityClassName }}
      priorityClassName: {{ . | quote }}
      {{- end }}
--- a/charts/argo-events/templates/sensor-crd.yaml
+++ b/charts/argo-events/templates/sensor-crd.yaml
@ -1,45 +0,0 @@
 {{- if .Values.installCRD }}
 # Define a "sensor" custom resource definition
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  name: sensors.argoproj.io
  annotations:
    helm.sh/hook: crd-install
    helm.sh/hook-delete-policy: before-hook-creation
 spec:
  group: argoproj.io
  names:
    kind: Sensor
    listKind: SensorList
    plural: sensors
    singular: sensor
    shortNames:
      - sn
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              type: string
            kind:
              type: string
            metadata:
              type: object
            spec:
              type: object
              x-kubernetes-preserve-unknown-fields: true
            status:
              type: object
              x-kubernetes-preserve-unknown-fields: true
          required:
          - metadata
          - spec
          type: object
      subresources:
        status: {}
 {{- end }}
--- a/charts/argo-events/values.yaml
+++ b/charts/argo-events/values.yaml
@ -1,5 +1,5 @@
 # docker registry
-registry: argoproj
+registry: quay.io
 # The image pull policy
 imagePullPolicy: Always
@ -8,12 +8,12 @@ imagePullPolicy: Always
 imagePullSecrets: []
 # - name: argo-pull-secret
 # If set to false, skip installing the CRDs. Requires user to have them installed prior to helm chart installation.
 installCRD: true
 # ServiceAccount to use for running controller.
 serviceAccount: argo-events-sa
 # serviceAccountAnnotations can be used to enable GKE workload identity, or other use-cases
 serviceAccountAnnotations: {}
 # Create service accounts in additional namespaces specified
 # The SA will always be created in the release namespaces
 additionalSaNamespaces: []
@ -44,41 +44,53 @@ singleNamespace: true
 # sensor controller
 sensorController:
  name: sensor-controller
-  image: sensor-controller
+  image: argoproj/sensor-controller
  tag: v1.3.1
  replicaCount: 1
-  sensorImage: sensor
+  extraEnv: []
    # - name: DEBUG_LOG
    #   value: "true"
  sensorImage: argoproj/sensor
  podAnnotations: {}
  nodeSelector: {}
  podLabels: {}
  priorityClassName: ""
  tolerations: []
  affinity: {}
  resources: {}
 eventsourceController:
  name: eventsource-controller
-  image: eventsource-controller
+  image: argoproj/eventsource-controller
  tag: v1.3.1
  replicaCount: 1
-  eventsourceImage: eventsource
+  extraEnv: []
    # - name: DEBUG_LOG
    #   value: "true"
  eventsourceImage: argoproj/eventsource
  podAnnotations: {}
  nodeSelector: {}
  podLabels: {}
  priorityClassName: ""
  tolerations: []
  affinity: {}
  resources: {}
 eventbusController:
  name: eventbus-controller
-  image: eventbus-controller
+  image: argoproj/eventbus-controller
  tag: v1.3.1
  replicaCount: 1
  extraEnv: []
    # - name: DEBUG_LOG
    #   value: "true"
  podAnnotations: {}
  nodeSelector: {}
  podLabels: {}
  priorityClassName: ""
  tolerations: []
  affinity: {}
  resources: {}
  natsStreamingImage: nats-streaming:0.17.0
  natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2
--- a/charts/argo-rollouts/.helmignore
+++ b/charts/argo-rollouts/.helmignore
@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
 ci/
--- a/charts/argo-rollouts/Chart.yaml
+++ b/charts/argo-rollouts/Chart.yaml
@ -1,11 +1,14 @@
-apiVersion: v1
+apiVersion: v2
-appVersion: "0.10.2"
+appVersion: "v1.0.2"
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 0.5.2
+version: 2.0.1
-icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
+icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:
  - name: alexmt
  - name: dthomson25
  - name: jessesuen
 annotations:
  artifacthub.io/changes: |
    - "[Fixed]: ServiceMonitor selector labels match metrics Service"
--- a/charts/argo-rollouts/README.md
+++ b/charts/argo-rollouts/README.md
@ -1,12 +1,11 @@
-Argo Rollouts Chart
+# Argo Rollouts Chart
 =============
 A Helm chart for Argo Rollouts, progressive delivery for Kubernetes.
-Current chart version is `0.5.0`
+A Helm chart for Argo Rollouts, progressive delivery for Kubernetes.
 Source code can be found [here](https://github.com/argoproj/argo-rollouts)
 ## Additional Information
 This is a **community maintained** chart. This chart installs [argo-rollouts](https://argoproj.github.io/argo-rollouts/), progressive delivery for Kubernetes.
 The default installation is intended to be similar to the provided Argo Rollouts [releases](https://github.com/argoproj/argo-rollouts/releases).
@ -14,6 +13,7 @@ The default installation is intended to be similar to the provided Argo Rollouts
 ## Prerequisites
 - Kubernetes 1.7+
 - Helm v3.0.0+
 ## Installing the Chart
@ -22,27 +22,73 @@ To install the chart with the release name `my-release`:
 ```console
 $ helm repo add argo https://argoproj.github.io/argo-helm
-$ helm install --name my-release argo/argo-rollouts
+$ helm install my-release argo/argo-rollouts
 ```
 If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-rollouts dashboard by
 `kubectl port-forward service/argo-rollouts-dashboard 31000:3100` and pointing the browser to `localhost:31000`
 ## Chart Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| clusterInstall | bool | `true` |  |
+| clusterInstall | bool | `true` | `false` runs controller in namespaced mode (does not require cluster RBAC) |
-| controller.component | string | `"rollouts-controller"` |  |
+| controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` |
-| controller.image.pullPolicy | string | `"IfNotPresent"` |  |
+| controller.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
-| controller.image.repository | string | `"argoproj/argo-rollouts"` |  |
+| controller.image.registry | string | `quay.io` | Registry to use |
-| controller.image.tag | string | `"v0.10.2"` |  |
+| controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use |
-| controller.name | string | `"argo-rollouts"` |  |
+| controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) |
-| controller.resources | Resource limits and requests for the controller pods. | `{}` |
+| controller.resources | object | `{}` | Resource limits and requests for the controller pods. |
-| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
+| controller.tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |
-| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
+| controller.affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) |
-| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
+| controller.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) |
-| controller.metrics.serviceMonitor.enabled | bool | `false` |  |
+| controller.metrics.enabled | bool | `false` | Deploy metrics service |
-| imagePullSecrets | list | `[]` |  |
+| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
-| installCRDs | bool | `true` |  |
+| controller.metrics.serviceMonitor.additionalAnnotations | object | `{}` | Annotations to be added to the ServiceMonitor |
-| crdAnnotations | object | `{}` |  |
+| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Labels to be added to the ServiceMonitor |
-| podAnnotations | object | `{}` |  |
+| imagePullSecrets | list | `[]` | Registry secret names as an array |
-| podLabels | object | `{}` |  |
+| installCRDs | bool | `true` | Install and upgrade CRDs |
-| serviceAccount.name | string | `"argo-rollouts"` |  |
+| crdAnnotations | object | `{}` | Annotations to be added to all CRDs |
 | podAnnotations | object | `{}` | Annotations to be added to the Rollout pods |
 | podLabels | object | `{}` | Labels to be added to the Rollout pods |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level |
 | containerSecurityContext | object | `{}` | Security Context to set on container level |
 | dashboard.enabled | bool | `false` | Deploy dashboard server |
 | dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` |
 | dashboard.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
 | dashboard.image.registry | string | `quay.io` | Registry to use |
 | dashboard.image.repository | string | `"argoproj/kubectl-argo-rollouts"` | Repository to use |
 | dashboard.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) |
 | dashboard.resources | object | `{}` | Resource limits and requests for the dashboard pods. |
 | dashboard.tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |
 | dashboard.affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) |
 | dashboard.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) |
 | dashboard.podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level |
 | dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level |
 | dashboard.serviceAccount.create | bool | `true` | Specifies whether a dashboard service account should be created |
 | dashboard.serviceAccount.annotations | object | `{}` | Annotations to add to the dashboard service account |
 | dashboard.serviceAccount.name | string | `""` | The name of the dashboard service account to use. If not set and create is true, a name is generated using the fullname template |
 ## Upgrading
 ### To 2.0.0
 * The argo-rollouts dashboard is added to the template and can be enabled by setting `dashboard.enabled=true`.
 * There is a breaking change where the selector label `app.kubernetes.io/component: {{ .Values.controller.component }}` is added to rollout's deployment and service in order to distinguish between the controller and the dashboard component.
  To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment and Service resource** before you upgrade. This is necessary because Deployment's label selector is immutable.
 ### To 1.0.0
 * This is a breaking change which only supports Helm v3.0.0+ now. If you still use Helm v2, please consider upgrading because v2 is EOL since November 2020.  
  To migrate to Helm v3 please have a look at the [Helm 2to3 Plugin](https://github.com/helm/helm-2to3). This tool will convert the existing ConfigMap used for Tiller to a Secret of type `helm.sh/release.v1`.
 * `quay.io` is the default registry now
 * We introduce a template function for the labels here to reduce code duplication. This also affects the Deployment `matchLabels` selector.  
  To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment resource** before you upgrade. This is necessary because Deployment's label selector is immutable.
 * All resources are now prefixed with the template `"argo-rollouts.fullname"`.
  This enables the users to override resource names via the `nameOverride` and `fullnameOverride` parameters.
 * Breaking parameters update
  * `securityContext` was renamed to `containerSecurityContext`
  * Added `controller.image.registry`. Prior to this chart version you had to override the registry via `controller.image.repository`
--- a/charts/argo-rollouts/ci/test-values.yaml
+++ b/charts/argo-rollouts/ci/test-values.yaml
@ -0,0 +1,2 @@
 dashboard:
  enabled: true
--- a/charts/argo-rollouts/templates/_helpers.tpl
+++ b/charts/argo-rollouts/templates/_helpers.tpl
@ -30,3 +30,35 @@ Create chart name and version as used by the chart label.
 {{- define "argo-rollouts.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "argo-rollouts.labels" -}}
 helm.sh/chart: {{ include "argo-rollouts.chart" . }}
 {{ include "argo-rollouts.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/part-of: argo-rollouts
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "argo-rollouts.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "argo-rollouts.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "argo-rollouts.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "argo-rollouts.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml
+++ b/charts/argo-rollouts/templates/argo-rollouts-aggregate-roles.yaml
@ -2,12 +2,11 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ .Release.Name }}-aggregate-to-view
+  name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-view
  labels:
    rbac.authorization.k8s.io/aggregate-to-view: "true"
-    app.kubernetes.io/component: aggregate-cluster-role
+    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name:  {{ .Release.Name }}-aggregate-to-view
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 rules:
 - apiGroups:
  - argoproj.io
@ -27,12 +26,11 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ .Release.Name }}-aggregate-to-edit
+  name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-edit
  labels:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-    app.kubernetes.io/component: aggregate-cluster-role
+    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name:  {{ .Release.Name }}-aggregate-to-edit
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 rules:
 - apiGroups:
  - argoproj.io
@ -58,12 +56,11 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ .Release.Name }}-aggregate-to-admin
+  name: {{ include "argo-rollouts.fullname" . }}-aggregate-to-admin
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    app.kubernetes.io/component: aggregate-cluster-role
+    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name:  {{ .Release.Name }}-aggregate-to-admin
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 rules:
 - apiGroups:
  - argoproj.io
--- a/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml
+++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml
@ -2,11 +2,10 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ .Release.Name }}-clusterrole
+  name: {{ include "argo-rollouts.fullname" . }}
  labels:
    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name: {{ .Release.Name }}-clusterrole
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 rules:
 - apiGroups:
  - argoproj.io
@ -57,6 +56,16 @@ rules:
  - update
  - patch
  - delete
 - apiGroups:
  - ""
  - apps
  resources:
  - deployments
  - podtemplates
  verbs:
  - get
  - list
  - watch
 # services patch needed to update selector of canary/stable/active/preview services
 - apiGroups:
  - ""
@ -68,10 +77,12 @@ rules:
  - watch
  - patch
 # secret read access to run analysis templates which reference secrets
 # configmap access to read notification-engine configuration
 - apiGroups:
  - ""
  resources:
  - secrets
  - configmaps
  verbs:
  - get
  - list
@ -135,6 +146,7 @@ rules:
  - watch
  - get
  - update
  - patch
  - list
 # trafficsplit access needed for using the SMI provider
 - apiGroups:
@ -147,4 +159,15 @@ rules:
  - get
  - update
  - patch
 - apiGroups:
  - getambassador.io
  resources:
  - mappings
  verbs:
  - create
  - watch
  - get
  - update
  - list
  - delete
 {{- end }}
--- a/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml
+++ b/charts/argo-rollouts/templates/argo-rollouts-clusterrolebinding.yaml
@ -2,17 +2,16 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ .Release.Name }}-clusterrolebinding
+  name: {{ include "argo-rollouts.fullname" . }}
  labels:
    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name: {{ .Release.Name }}-clusterrolebinding
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: {{ .Release.Name }}-clusterrole
+  name: {{ include "argo-rollouts.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ .Values.serviceAccount.name }}
+  name: {{ include "argo-rollouts.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml
+++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml
@ -1,52 +1,60 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ .Release.Name }}
+  name: {{ include "argo-rollouts.fullname" . }}
  labels:
    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name: {{ .Release.Name }}
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
    {{- if .Values.podLabels }}
 {{- toYaml .Values.podLabels | nindent 4 }}
    {{- end }}
 spec:
  selector:
    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
+      app.kubernetes.io/component: {{ .Values.controller.component }}
      {{- include "argo-rollouts.selectorLabels" . | nindent 6 }}
  strategy:
    type: Recreate
  template:
    metadata:
-      {{- if .Values.podAnnotations }}
+      {{- with .Values.podAnnotations }}
      annotations:
-      {{- range $key, $value := .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- end }}
      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
+        {{- include "argo-rollouts.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: {{ .Values.controller.component }}
        {{- range $key, $value := .Values.podLabels }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
-      serviceAccountName: {{ .Values.serviceAccount.name }}
+      serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }}
      containers:
-      - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
+      - image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ default .Chart.AppVersion .Values.controller.image.tag }}"
        {{- if not .Values.clusterInstall }}
        args:
        - --namespaced
        {{- end }}
        imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
-        name: {{ .Values.controller.name }}
+        name: argo-rollouts
-        resources:
+        ports:
-{{- toYaml .Values.controller.resources | nindent 10 }}
+        - containerPort: 8090
          name: metrics
        livenessProbe:
          {{- toYaml .Values.controller.livenessProbe | nindent 10 }}
        readinessProbe:
          {{- toYaml .Values.controller.readinessProbe | nindent 10 }}
        securityContext:
-          {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- toYaml .Values.containerSecurityContext | nindent 10 }}
        resources:
          {{- toYaml .Values.controller.resources | nindent 10 }}
      {{- if .Values.controller.nodeSelector }}
      nodeSelector:
        {{- toYaml .Values.controller.nodeSelector | nindent 8 }}
      {{- end }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      {{- if .Values.controller.tolerations }}
      tolerations:
        {{- toYaml .Values.controller.tolerations | nindent 8 }}
@ -55,5 +63,3 @@ spec:
      affinity:
        {{- toYaml .Values.controller.affinity | nindent 8 }}
      {{- end }}
  strategy:
    type: Recreate
--- a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml
+++ b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml
@ -1,14 +1,14 @@
 {{- if .Values.controller.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Release.Name }}-metrics
+  name: {{ include "argo-rollouts.fullname" . }}-metrics
  labels:
-    app.kubernetes.io/component: server
+    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name: {{ .Release.Name }}-metrics
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+  {{- with .Values.serviceAnnotations }}
  annotations:
-  {{- range $key, $value := .Values.serviceAnnotations }}
+    {{- toYaml . | nindent 4 }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
 spec:
  ports:
@ -17,4 +17,6 @@ spec:
    port: 8090
    targetPort: 8090
  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/component: {{ .Values.controller.component }}
    {{- include "argo-rollouts.selectorLabels" . | nindent 4 }}
 {{- end }}
--- a/charts/argo-rollouts/templates/argo-rollouts-role.yaml
+++ b/charts/argo-rollouts/templates/argo-rollouts-role.yaml
@ -1,11 +1,11 @@
 {{- if not .Values.clusterInstall }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ .Release.Name }}-role
+  name: {{ include "argo-rollouts.fullname" . }}
  labels:
    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name: {{ .Release.Name }}-role
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 rules:
 - apiGroups:
  - argoproj.io
@ -67,10 +67,12 @@ rules:
  - watch
  - patch
 # secret read access to run analysis templates which reference secrets
 # configmap access to read notification-engine configuration
 - apiGroups:
  - ""
  resources:
  - secrets
  - configmaps
  verbs:
  - get
  - list
@ -145,3 +147,4 @@ rules:
  - get
  - update
  - patch
 {{- end }}
--- a/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml
+++ b/charts/argo-rollouts/templates/argo-rollouts-rolebinding.yaml
@ -1,15 +1,16 @@
 {{- if not .Values.clusterInstall }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ .Release.Name }}-role-binding
+  name: {{ include "argo-rollouts.fullname" . }}
  labels:
    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name: {{ .Release.Name }}-role-binding
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
-  name: {{ .Release.Name }}-role
+  name: {{ include "argo-rollouts.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ .Values.serviceAccount.name }}
+  name: {{ include "argo-rollouts.serviceAccountName" . }}
 {{- end }}
--- a/charts/argo-rollouts/templates/argo-rollouts-sa.yaml
+++ b/charts/argo-rollouts/templates/argo-rollouts-sa.yaml
@ -1,8 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.serviceAccount.name }}
+  name: {{ include "argo-rollouts.serviceAccountName" . }}
  labels:
    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name: {{ .Release.Name }}
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml
+++ b/charts/argo-rollouts/templates/argo-rollouts-service-monitor.yaml
@ -1,18 +1,17 @@
-{{- if .Values.controller.metrics.serviceMonitor.enabled }}
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ .Release.Name }}
+  name: {{ include "argo-rollouts.fullname" . }}
  labels:
-    app.kubernetes.io/component: server
+    app.kubernetes.io/component: {{ .Values.controller.component }}
-    app.kubernetes.io/name: {{ .Release.Name }}-metrics
+    {{- include "argo-rollouts.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+    {{- range $key, $value := .Values.controller.metrics.serviceMonitor.additionalLabels }}
-    {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
+    {{ $key }}: {{ $value | quote }}
 {{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }}
    {{- end }}
-  {{- if .Values.controller.metrics.serviceMonitor.additionalAnnotations }}
+  {{- with .Values.controller.metrics.serviceMonitor.additionalAnnotations }}
  annotations:
-{{ toYaml .Values.controller.metrics.serviceMonitor.additionalAnnotations | indent 4 }}
+    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  endpoints:
@ -22,7 +21,6 @@ spec:
    - {{ .Release.Namespace }}
  selector:
    matchLabels:
-      app.kubernetes.io/component: server
+      app.kubernetes.io/component: {{ .Values.controller.component }}
-      app.kubernetes.io/name: {{ .Release.Name }}-metrics
+      {{- include "argo-rollouts.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
--- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.5.0
    {{- if .Values.crdAnnotations }}
-{{- toYaml .Values.crdAnnotations | nindent 4 }}
+    {{- toYaml .Values.crdAnnotations | nindent 4 }}
    {{- end }}
  labels:
    app.kubernetes.io/name: argo-rollouts
    app.kubernetes.io/part-of: argo-rollouts
  name: analysisruns.argoproj.io
 spec:
  group: argoproj.io
@ -2305,6 +2308,7 @@ spec:
                                      start:
                                        type: string
                                      step:
                                        format: int64
                                        type: integer
                                    required:
                                    - end
@ -2324,6 +2328,7 @@ spec:
                                      start:
                                        type: string
                                      step:
                                        format: int64
                                        type: integer
                                    required:
                                    - end
@ -2345,8 +2350,10 @@ spec:
                            threshold:
                              properties:
                                marginal:
                                  format: int64
                                  type: integer
                                pass:
                                  format: int64
                                  type: integer
                              required:
                              - marginal
@ -2404,6 +2411,7 @@ spec:
                            jsonPath:
                              type: string
                            timeoutSeconds:
                              format: int64
                              type: integer
                            url:
                              type: string
--- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.5.0
    {{- if .Values.crdAnnotations }}
-{{- toYaml .Values.crdAnnotations | nindent 4 }}
+    {{- toYaml .Values.crdAnnotations | nindent 4 }}
    {{- end }}
  labels:
    app.kubernetes.io/name: argo-rollouts
    app.kubernetes.io/part-of: argo-rollouts
  name: analysistemplates.argoproj.io
 spec:
  group: argoproj.io
@ -2300,6 +2303,7 @@ spec:
                                      start:
                                        type: string
                                      step:
                                        format: int64
                                        type: integer
                                    required:
                                    - end
@ -2319,6 +2323,7 @@ spec:
                                      start:
                                        type: string
                                      step:
                                        format: int64
                                        type: integer
                                    required:
                                    - end
@ -2340,8 +2345,10 @@ spec:
                            threshold:
                              properties:
                                marginal:
                                  format: int64
                                  type: integer
                                pass:
                                  format: int64
                                  type: integer
                              required:
                              - marginal
@ -2399,6 +2406,7 @@ spec:
                            jsonPath:
                              type: string
                            timeoutSeconds:
                              format: int64
                              type: integer
                            url:
                              type: string
--- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
@ -3,10 +3,13 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.5.0
    {{- if .Values.crdAnnotations }}
-{{- toYaml .Values.crdAnnotations | nindent 4 }}
+    {{- toYaml .Values.crdAnnotations | nindent 4 }}
    {{- end }}
  labels:
    app.kubernetes.io/name: argo-rollouts
    app.kubernetes.io/part-of: argo-rollouts
  name: clusteranalysistemplates.argoproj.io
 spec:
  group: argoproj.io
@ -2300,6 +2303,7 @@ spec:
                                      start:
                                        type: string
                                      step:
                                        format: int64
                                        type: integer
                                    required:
                                    - end
@ -2319,6 +2323,7 @@ spec:
                                      start:
                                        type: string
                                      step:
                                        format: int64
                                        type: integer
                                    required:
                                    - end
@ -2340,8 +2345,10 @@ spec:
                            threshold:
                              properties:
                                marginal:
                                  format: int64
                                  type: integer
                                pass:
                                  format: int64
                                  type: integer
                              required:
                              - marginal
@ -2399,6 +2406,7 @@ spec:
                            jsonPath:
                              type: string
                            timeoutSeconds:
                              format: int64
                              type: integer
                            url:
                              type: string
--- a/Show more
+++ b/Show more
		`@ -0,0 +1,2 @@`
							`## Reference: https://github.com/helm/chart-releaser`
							`index-path: "./index.yaml"`