Merge commit '3fb3397d961451a149c2fe7cf1ee4a51355ac9d0' into CR-24929-sync-0.41.12

2024-07-31 16:55:11 +03:00 · 2024-07-31 16:55:11 +03:00 · e277de3f10
commit e277de3f10
parent 14cab5f941 3fb3397d96
51 changed files with 351 additions and 96 deletions
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@ -32,7 +32,7 @@ jobs:
          version: v3.10.1 # Also update in publish.yaml
      - name: Set up python
-        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
        with:
          python-version: 3.9
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@ -19,7 +19,7 @@ jobs:
    name: Validate PR title
    runs-on: ubuntu-latest
    steps:
-      - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Get token
-        uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
        id: get_token
        with:
          app-id: ${{ vars.RENOVATE_APP_ID }}
@ -26,11 +26,11 @@ jobs:
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Self-hosted Renovate
-        uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12
+        uses: renovatebot/github-action@76d49712364696a06b60e8647df46b288fff0ddc # v40.2.4
        with:
          configurationFile: .github/configs/renovate-config.js
          # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
-          renovate-version: 37.384.0
+          renovate-version: 37.421.4
          token: '${{ steps.get_token.outputs.token }}'
        env:
          LOG_LEVEL: 'debug'
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -38,7 +38,7 @@ jobs:
          persist-credentials: false
      - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
        with:
          results_file: results.sarif
          results_format: sarif
@ -60,7 +60,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: SARIF file
          path: results.sarif
@ -68,6 +68,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
        with:
          sarif_file: results.sarif
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.11.3
+appVersion: v2.11.7
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.1.4
+version: 7.3.11
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -27,4 +27,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: changed
-      description: add loadBalancerClass field for Service resources
+      description: Bump argo-cd to v2.11.7
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 7.0.0
 We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
 If you used the value, please migrate like below.
 ```yaml
 # before
 configs:
  clusterCredentials:
    - mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 # after
 configs:
  clusterCredentials:
    mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 ```
 ### 6.10.0
 This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
@ -967,7 +992,7 @@ NAME: my-release
 | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
 | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
-| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
+| server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources |
 | server.certificate.usages | list | `[]` | Usages for the certificate |
 | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret |
 | server.certificateSecret.crt | string | `""` | Certificate data |
@ -1347,7 +1372,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis credentials (must contain key `redis-password`). When it's set, the `externalRedis.password` parameter is ignored |
+| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored |
 | externalRedis.host | string | `""` | External Redis server host |
 | externalRedis.password | string | `""` | External Redis password |
 | externalRedis.port | int | `6379` | External Redis server port |
@ -1401,7 +1426,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
 | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
 | applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
 | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
 | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
 | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
--- a/charts/argo-cd/README.md.gotmpl
+++ b/charts/argo-cd/README.md.gotmpl
@ -278,6 +278,31 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 7.0.0
 We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
 If you used the value, please migrate like below.
 ```yaml
 # before
 configs:
  clusterCredentials:
    - mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 # after
 configs:
  clusterCredentials:
    mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 ```
 ### 6.10.0
 This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
--- a/charts/argo-cd/templates/NOTES.txt
+++ b/charts/argo-cd/templates/NOTES.txt
@ -1,6 +1,6 @@
 In order to access the server UI you have the following options:
-1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
+1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include  "argo-cd.namespace" . }} 8080:443
    and then open the browser on http://localhost:8080 and accept the certificate
@ -12,7 +12,7 @@ In order to access the server UI you have the following options:
 {{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}}
 After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
-kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
+kubectl -n {{ include  "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
 (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
 {{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@ -99,7 +99,7 @@ Create the name of the Redis secret-init service account to use
 */}}
 {{- define "argo-cd.redisSecretInit.serviceAccountName" -}}
 {{- if .Values.redisSecretInit.serviceAccount.create -}}
-    {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }}
+    {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.redisSecretInit.serviceAccount.name }}
 {{- end -}}
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -208,10 +208,22 @@ spec:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                optional: true
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
--- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
@ -1,9 +1,9 @@
-{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
+{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }}
+  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- if .Values.controller.metrics.rules.selector }}
--- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- with .Values.controller.metrics.serviceMonitor.selector }}
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -207,10 +207,22 @@ spec:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                optional: true
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
--- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
@ -13,7 +13,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
-  secretName: {{ .Values.applicationSet.certificate.secretName }}
+  secretName: argocd-applicationset-controller-tls
  commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
  dnsNames:
    - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
--- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default (include  "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
    {{- with .Values.applicationSet.metrics.serviceMonitor.selector }}
--- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
+++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }}
-  namespace: {{ $.Release.Namespace | quote }}
+  namespace: {{ include  "argo-cd.namespace" $ | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
    {{- with $cluster_value.labels }}
@ -19,6 +19,9 @@ metadata:
  {{- end }}
 type: Opaque
 stringData:
  {{- if $cluster_value.shard }}
  shard: {{ $cluster_value.shard }}
  {{- end }}
  name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }}
  server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
  {{- if $cluster_value.namespaces }}
--- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-creds-{{ $repo_cred_key }}
-  namespace: {{ $.Release.Namespace | quote }}
+  namespace: {{ include  "argo-cd.namespace" $ | quote }}
  labels:
    argocd.argoproj.io/secret-type: repo-creds
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-{{ $repo_key }}
-  namespace: {{ $.Release.Namespace | quote }}
+  namespace: {{ include  "argo-cd.namespace" $ | quote }}
  labels:
    argocd.argoproj.io/secret-type: repository
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.notifications.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default (include  "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
    {{- with .Values.notifications.metrics.serviceMonitor.selector }}
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -182,12 +182,24 @@ spec:
            valueFrom:
              secretKeyRef:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                optional: true
                {{- if .Values.externalRedis.host }}
                key: redis-password
                optional: true
                {{- else }}
                key: auth
                {{- end }}
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
@ -359,10 +371,8 @@ spec:
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
        name: copyutil
        {{- with .Values.repoServer.resources }}
        resources:
-          {{- toYaml . | nindent 10 }}
+          {{- toYaml .Values.repoServer.resources | nindent 10 }}
        {{- end }}
        {{- with .Values.repoServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
--- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.repoServer.metrics.serviceMonitor.namespace | default }}
+  namespace: {{ default (include  "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
    {{- with .Values.repoServer.metrics.serviceMonitor.selector }}
--- a/charts/argo-cd/templates/argocd-server/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-server/certificate.yaml
@ -13,7 +13,14 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
-  secretName: {{ .Values.server.certificate.secretName }}
+  secretTemplate:
    {{- with .Values.server.certificate.secretTemplateAnnotations }}
    annotations:
      {{- range $key, $value := . }}
      {{ $key }}: {{ $value | quote }}
      {{- end }}
    {{- end }} 
  secretName: argocd-server-tls
  commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
  dnsNames:
    - {{ .Values.server.certificate.domain | default .Values.global.domain }}
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -250,12 +250,24 @@ spec:
            valueFrom:
              secretKeyRef:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                optional: true
                {{- if .Values.externalRedis.host }}
                key: redis-password
                optional: true
                {{- else }}
                key: auth
                {{- end }}
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
--- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.server.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.server.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default (include  "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
    {{- with .Values.server.metrics.serviceMonitor.selector }}
--- a/charts/argo-cd/templates/dex/servicemonitor.yaml
+++ b/charts/argo-cd/templates/dex/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.dex.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.dex.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default (include  "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
    {{- with .Values.dex.metrics.serviceMonitor.selector }}
--- a/charts/argo-cd/templates/redis-secret-init/job.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/job.yaml
@ -3,7 +3,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include  "argo-cd.namespace" . | quote }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation
--- a/charts/argo-cd/templates/redis-secret-init/role.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/role.yaml
@ -8,7 +8,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include  "argo-cd.namespace" . | quote }}
 rules:
  - apiGroups:
      - ""
--- a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
@ -8,7 +8,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include  "argo-cd.namespace" . | quote }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
--- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
@ -1,10 +1,10 @@
-{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
+{{- if and .Values.redisSecretInit.enabled .Values.redisSecretInit.serviceAccount.create (not .Values.externalRedis.host) }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include  "argo-cd.namespace" . | quote }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation
--- a/charts/argo-cd/templates/redis/servicemonitor.yaml
+++ b/charts/argo-cd/templates/redis/servicemonitor.yaml
@ -4,7 +4,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.redis.fullname" . }}
-  namespace: {{ default .Release.Namespace .Values.redis.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default (include  "argo-cd.namespace" .) .Values.redis.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
    {{- with .Values.redis.metrics.serviceMonitor.selector }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -461,6 +461,16 @@ configs:
    #     tlsClientConfig:
    #       insecure: false
    #       caData: "<base64 encoded certificate>"
    # mycluster4-sharded:
    #   shard: 1
    #   server: https://mycluster4.example.com
    #   labels: {}
    #   annotations: {}
    #   config:
    #     bearerToken: "<authentication token>"
    #     tlsClientConfig:
    #       insecure: false
    #       caData: "<base64 encoded certificate>"
  # -- Repository credentials to be used as Templates for other repos
  ## Creates a secret for each key/value specified below to create repository credentials
@ -1601,7 +1611,7 @@ externalRedis:
  password: ""
  # -- External Redis server port
  port: 6379
-  # -- The name of an existing secret with Redis credentials (must contain key `redis-password`).
+  # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials.
  # When it's set, the `externalRedis.password` parameter is ignored
  existingSecret: ""
  # -- External Redis Secret annotations
@ -1990,8 +2000,6 @@ server:
  certificate:
    # -- Deploy a Certificate resource (requires cert-manager)
    enabled: false
    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
    secretName: argocd-server-tls
    # -- Certificate primary domain (commonName)
    # @default -- `""` (defaults to global.domain)
    domain: ""
@ -2029,6 +2037,8 @@ server:
    # -- Usages for the certificate
    ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
    usages: []
    # -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
    secretTemplateAnnotations: {}
  # TLS certificate configuration via Secret
  ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
@ -2996,8 +3006,6 @@ applicationSet:
  certificate:
    # -- Deploy a Certificate resource (requires cert-manager)
    enabled: false
    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
    secretName: argocd-applicationset-controller-tls
    # -- Certificate primary domain (commonName)
    # @default -- `""` (defaults to global.domain)
    domain: ""
--- a/charts/argo-events/Chart.yaml
+++ b/charts/argo-events/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v1.9.2
 description: A Helm chart for Argo Events, the event-driven workflow automation framework
 name: argo-events
-version: 2.4.6
+version: 2.4.7
 home: https://github.com/argoproj/argo-helm
 icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
 keywords:
@ -18,5 +18,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: changed
+    - kind: fixed
-      description: Bump argo-events to v1.9.2
+      description: Update Jetstream versions as following upstream
--- a/charts/argo-events/README.md
+++ b/charts/argo-events/README.md
@ -65,11 +65,51 @@ done
 | configs.jetstream.streamConfig.maxBytes | string | `"1GB"` |  |
 | configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message |
 | configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 |
-| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:latest"` |  |
+| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` |  |
-| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:latest"` |  |
+| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` |  |
-| configs.jetstream.versions[0].natsImage | string | `"nats:latest"` |  |
+| configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` |  |
 | configs.jetstream.versions[0].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[0].version | string | `"latest"` |  |
 | configs.jetstream.versions[1].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[1].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[1].natsImage | string | `"nats:2.8.1"` |  |
 | configs.jetstream.versions[1].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[1].version | string | `"2.8.1"` |  |
 | configs.jetstream.versions[2].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[2].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[2].natsImage | string | `"nats:2.8.1-alpine"` |  |
 | configs.jetstream.versions[2].startCommand | string | `"nats-server"` |  |
 | configs.jetstream.versions[2].version | string | `"2.8.1-alpine"` |  |
 | configs.jetstream.versions[3].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[3].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[3].natsImage | string | `"nats:2.8.2"` |  |
 | configs.jetstream.versions[3].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[3].version | string | `"2.8.2"` |  |
 | configs.jetstream.versions[4].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[4].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[4].natsImage | string | `"nats:2.8.2-alpine"` |  |
 | configs.jetstream.versions[4].startCommand | string | `"nats-server"` |  |
 | configs.jetstream.versions[4].version | string | `"2.8.2-alpine"` |  |
 | configs.jetstream.versions[5].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[5].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[5].natsImage | string | `"nats:2.9.1"` |  |
 | configs.jetstream.versions[5].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[5].version | string | `"2.9.1"` |  |
 | configs.jetstream.versions[6].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[6].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[6].natsImage | string | `"nats:2.9.12"` |  |
 | configs.jetstream.versions[6].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[6].version | string | `"2.9.12"` |  |
 | configs.jetstream.versions[7].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[7].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[7].natsImage | string | `"nats:2.9.16"` |  |
 | configs.jetstream.versions[7].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[7].version | string | `"2.9.16"` |  |
 | configs.jetstream.versions[8].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` |  |
 | configs.jetstream.versions[8].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` |  |
 | configs.jetstream.versions[8].natsImage | string | `"nats:2.10.10"` |  |
 | configs.jetstream.versions[8].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[8].version | string | `"2.10.10"` |  |
 | configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus |
 | crds.annotations | object | `{}` | Annotations to be added to all CRDs |
 | crds.install | bool | `true` | Install and upgrade CRDs |
--- a/charts/argo-events/values.yaml
+++ b/charts/argo-events/values.yaml
@ -96,10 +96,50 @@ configs:
      duplicates: 300s
    # Supported versions of JetStream eventbus
    versions:
-      - version: "latest"
+      - version: latest
-        natsImage: nats:latest
+        natsImage: nats:2.10.10
-        metricsExporterImage: natsio/prometheus-nats-exporter:latest
+        metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
-        configReloaderImage: natsio/nats-server-config-reloader:latest
+        configReloaderImage: natsio/nats-server-config-reloader:0.14.0
        startCommand: /nats-server
      - version: 2.8.1
        natsImage: nats:2.8.1
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.8.1-alpine
        natsImage: nats:2.8.1-alpine
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: nats-server
      - version: 2.8.2
        natsImage: nats:2.8.2
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.8.2-alpine
        natsImage: nats:2.8.2-alpine
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: nats-server
      - version: 2.9.1
        natsImage: nats:2.9.1
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.9.12
        natsImage: nats:2.9.12
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.9.16
        natsImage: nats:2.9.16
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.10.10
        natsImage: nats:2.10.10
        metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
        configReloaderImage: natsio/nats-server-config-reloader:0.14.0
        startCommand: /nats-server
 # -- Array of extra K8s manifests to deploy
--- a/charts/argo-rollouts/Chart.yaml
+++ b/charts/argo-rollouts/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v1.7.0
+appVersion: v1.7.1
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 2.36.0
+version: 2.37.3
 home: https://github.com/argoproj/argo-helm
 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
 keywords:
@ -18,5 +18,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: changed
+    - kind: added
-      description: Bump argo-rollouts to v1.7.0
+      description: Added setting to disable creation of the notifications ConfigMap
--- a/charts/argo-rollouts/README.md
+++ b/charts/argo-rollouts/README.md
@ -57,9 +57,12 @@ For full list of changes please check ArtifactHub [changelog].
 | keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
 | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
 | nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template |
 | notifications.configmap.create | bool | `true` | Whether to create notifications configmap |
 | notifications.notifiers | object | `{}` | Configures notification services |
 | notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret |
 | notifications.secret.create | bool | `false` | Whether to create notifications secret |
 | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret |
 | notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts |
 | notifications.templates | object | `{}` | Notification templates |
 | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
 | providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers |
--- a/charts/argo-rollouts/templates/controller/clusterrole.yaml
+++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml
@ -248,6 +248,7 @@ rules:
 # Traefik access needed when using the Traefik provider
 - apiGroups:
  - traefik.containo.us
  - traefik.io
  resources:
  - traefikservices
  verbs:
--- a/charts/argo-rollouts/templates/controller/deployment.yaml
+++ b/charts/argo-rollouts/templates/controller/deployment.yaml
@ -80,8 +80,12 @@ spec:
          {{- toYaml .Values.containerSecurityContext | nindent 10 }}
        resources:
          {{- toYaml .Values.controller.resources | nindent 10 }}
        {{- with .Values.controller.volumeMounts }}
        volumeMounts:
        - name: plugin-bin
          mountPath: /home/argo-rollouts/plugin-bin
        - name: tmp
          mountPath: /tmp
        {{- with .Values.controller.volumeMounts }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- with .Values.controller.extraContainers }}
@ -120,7 +124,11 @@ spec:
      {{- with .Values.controller.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      {{- with .Values.controller.volumes }}
      volumes:
      - name: plugin-bin
        emptyDir: {}
      - name: tmp
        emptyDir: {}
      {{- with .Values.controller.volumes }}
        {{- toYaml . | nindent 6 }}
      {{- end }}
--- a/charts/argo-rollouts/templates/controller/notifications-configmap.yaml
+++ b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml
@ -1,3 +1,4 @@
 {{ if .Values.notifications.configmap.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@ -16,3 +17,8 @@ data:
  {{- with .Values.notifications.triggers }}
    {{- toYaml . | nindent 2 }}
  {{- end }}
  {{- with .Values.notifications.subscriptions }}
  subscriptions: |
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/charts/argo-rollouts/templates/controller/notifications-secret.yaml
+++ b/charts/argo-rollouts/templates/controller/notifications-secret.yaml
@ -4,6 +4,12 @@ kind: Secret
 metadata:
  name: argo-rollouts-notification-secret
  namespace: {{ .Release.Namespace | quote }}
  {{- with .Values.notifications.secret.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  labels:
    app.kubernetes.io/component: {{ .Values.controller.component }}
    {{- include "argo-rollouts.labels" . | nindent 4 }}
--- a/charts/argo-rollouts/templates/controller/role.yaml
+++ b/charts/argo-rollouts/templates/controller/role.yaml
@ -249,6 +249,7 @@ rules:
 # Traefik access needed when using the Traefik provider
 - apiGroups:
  - traefik.containo.us
  - traefik.io
  resources:
  - traefikservices
  verbs:
--- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
@ -189,7 +189,6 @@ spec:
                        datadog:
                          properties:
                            aggregator:
                              default: last
                              enum:
                              - avg
                              - min
--- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
@ -185,7 +185,6 @@ spec:
                        datadog:
                          properties:
                            aggregator:
                              default: last
                              enum:
                              - avg
                              - min
--- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
@ -185,7 +185,6 @@ spec:
                        datadog:
                          properties:
                            aggregator:
                              default: last
                              enum:
                              - avg
                              - min
--- a/charts/argo-rollouts/values.yaml
+++ b/charts/argo-rollouts/values.yaml
@ -120,6 +120,7 @@ controller:
  #  limits:
  #    cpu: 100m
  #    memory: 128Mi
  #    ephemeral-storage: 1Gi
  #  requests:
  #    cpu: 50m
  #    memory: 64Mi
@ -448,12 +449,18 @@ dashboard:
  volumeMounts: []
 notifications:
  configmap:
    # -- Whether to create notifications configmap
    create: true
  secret:
    # -- Whether to create notifications secret
    create: false
    # -- Generic key:value pairs to be inserted into the notifications secret
    items: {}
      # slack-token:
    # -- Annotations to be added to the notifications secret
    annotations: {}
  # -- Configures notification services
  notifiers: {}
@ -477,3 +484,11 @@ notifications:
    # trigger.on-purple: |
    #   - send: [my-purple-template]
    #     when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple'
  # -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts
  subscriptions: []
    # - recipients:
    #   - slack:<channel>
    #   triggers:
    #   - on-rollout-completed
    #   - on-rollout-aborted
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v3.5.8-cap-CR-22608
+appVersion: v3.5.9-cap-CR-24929
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.41.11-v3.5.8-cap-CR-22608
+version: 0.41.12-v3.5.9-cap-CR-24929
 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -16,27 +16,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: fixed
      description: Add `app:` label to components to match upstream
    - kind: changed
-      description: Bump argo-workflows to v3.5.8-cap-CR-22608
+      description: Bump argo-workflows to v3.5.9
    - kind: fixed
      description: Add missing serviceLabels to server service
    - kind: fixed
      description: Correct sample of secondsAfterCompletion
    - kind: added
      description: Added option to add service accounts to RoleBindings
    - kind: changed
      description: Fix hyphen typo in values.yaml comments
    - kind: added
      description: Add the ability to use a headless service for the workflow controller
    - kind: added
      description: Check Prometheus CRDs are available before creating Service Monitor resource(s)
    - kind: added
      description: Support namespaceOverride
    - kind: added
      description: Disable leader election if only 1 repl of the Workflow Controller
    - kind: fixed
      description: Add caSecret in the artifactory.s3 configuration values.
    - kind: fixed
      description: Update argo-workflows documentation links to readthedocs
--- a/charts/argocd-image-updater/Chart.yaml
+++ b/charts/argocd-image-updater/Chart.yaml
@ -2,8 +2,8 @@ apiVersion: v2
 name: argocd-image-updater
 description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
 type: application
-version: 0.10.2
+version: 0.11.0
-appVersion: v0.13.1
+appVersion: v0.14.0
 home: https://github.com/argoproj-labs/argocd-image-updater
 icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
 keywords:
@ -18,5 +18,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: fixed
+    - kind: changed
-      description: Fixed a URL in values.yaml comments
+      description: Bump argocd-image-updater to v0.14.0
--- a/charts/argocd-image-updater/README.md
+++ b/charts/argocd-image-updater/README.md
@ -79,6 +79,9 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | config.argocd.token | string | `""` | If specified, the secret with Argo CD API key will be created. |
 | config.disableKubeEvents | bool | `false` | Disable kubernetes events |
 | config.gitCommitMail | string | `""` | E-Mail address to use for Git commits |
 | config.gitCommitSignOff | bool | `false` | Enables sign off on commits |
 | config.gitCommitSigningKey | string | `""` | Path to public SSH key mounted in container, or GPG key ID used to sign commits |
 | config.gitCommitSigningMethod | string | `""` | Method used to sign Git commits. `openpgp` or `ssh` |
 | config.gitCommitTemplate | string | `""` | Changing the Git commit message |
 | config.gitCommitUser | string | `""` | Username to use for Git commits |
 | config.logLevel | string | `"info"` | Argo CD Image Update log level |
--- a/charts/argocd-image-updater/templates/configmap.yaml
+++ b/charts/argocd-image-updater/templates/configmap.yaml
@ -31,6 +31,15 @@ data:
  git.commit-message-template: |
    {{- nindent 4 . }}
  {{- end }}
  {{- with .Values.config.gitCommitSigningKey }}
  git.commit-signing-key: {{ . | quote }}
  {{- end }}
  {{- with .Values.config.gitCommitSignOff }}
  git.commit-sign-off: {{ . | quote }}
  {{- end }}
  {{- with .Values.config.gitCommitSigningMethod }}
  git.commit-signing-method: {{ . | quote }}
  {{- end }}
  kube.events: {{ .Values.config.disableKubeEvents | quote }}
  {{- with .Values.config.registries }}
  registries.conf: |
--- a/charts/argocd-image-updater/templates/deployment.yaml
+++ b/charts/argocd-image-updater/templates/deployment.yaml
@ -100,6 +100,24 @@ spec:
                key: kube.events
                name: argocd-image-updater-config
                optional: true
          - name: GIT_COMMIT_SIGNING_KEY
            valueFrom:
              configMapKeyRef:
                key: git.commit-signing-key
                name: argocd-image-updater-config
                optional: true
          - name: GIT_COMMIT_SIGNING_METHOD
            valueFrom:
              configMapKeyRef:
                key: git.commit-signing-method
                name: argocd-image-updater-config
                optional: true
          - name: GIT_COMMIT_SIGN_OFF
            valueFrom:
              configMapKeyRef:
                key: git.commit-sign-off
                name: argocd-image-updater-config
                optional: true
          {{- with .Values.extraEnv }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
@ -141,6 +159,10 @@ spec:
            name: ssh-config
          - mountPath: /tmp
            name: tmp
          - name: ssh-signing-key
            mountPath: /app/ssh-keys/id_rsa
            readOnly: true
            subPath: sshPrivateKey
          {{- if .Values.authScripts.enabled }}
          - mountPath: /scripts
            name: authscripts
@ -172,6 +194,10 @@ spec:
          name: argocd-image-updater-ssh-config
          optional: true
        name: ssh-config
      - name: ssh-signing-key
        secret:
          secretName: ssh-git-creds
          optional: true
      - emptyDir: {}
        name: tmp
      {{- with .Values.volumes }}
--- a/charts/argocd-image-updater/values.yaml
+++ b/charts/argocd-image-updater/values.yaml
@ -133,6 +133,15 @@ config:
  # -- Changing the Git commit message
  gitCommitTemplate: ""
  # -- Path to public SSH key mounted in container, or GPG key ID used to sign commits
  gitCommitSigningKey: ""
  # -- Enables sign off on commits
  gitCommitSignOff: false
  # -- Method used to sign Git commits. `openpgp` or `ssh`
  gitCommitSigningMethod: ""
  # -- Argo CD Image Update log level
  logLevel: "info"