255 changed files with 2513 additions and 14828 deletions
--- a/.github/configs/renovate-config.js
+++ b/.github/configs/renovate-config.js
@ -1,8 +0,0 @@
 module.exports = {
    platform: 'github',
    // This ensures that the gitAuthor and gitSignOff fields match
    gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>',
    autodiscover: false,
    allowPostUpgradeCommandTemplating: true,
    allowedPostUpgradeCommands: [".*"],
  };
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -6,11 +6,3 @@ updates:
    schedule:
      interval: weekly
      day: "saturday"
    commit-message:
      prefix: "chore(deps)"
    groups:
      dependencies:
        applies-to: version-updates
        update-types:
          - "minor"
          - "patch"
--- a/.github/workflows/chart-version-bump.yml
+++ b/.github/workflows/chart-version-bump.yml
@ -0,0 +1,57 @@
 ## Used on Renovate PRs to bump the chart version and add a changelog entry
 ## Reference: https://github.com/stefanzweifel/git-auto-commit-action
 ## Reference: https://github.com/marketplace/actions/changed-files
 name: 'Chart Version Bump and Changelog'
 on:
  pull_request:
    types:
      - labeled
 permissions:
  contents: write
 jobs:
  helm-bumper:
    if: ${{ (contains(github.event.pull_request.labels.*.name, 'renovate')) }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          token: ${{ secrets.PAT }}
          fetch-depth: 0
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@ae82ed4ae04587b665efad2f206578aa6f0e8539 # v42.0.0
        with:
          files: charts/{argo-workflows,argo-cd,argo-events,argo-rollouts,argocd-image-updater}/Chart.yaml
      - name: "Bump Version and Changelog"
        run: |
          chartName="$(echo \"${{ steps.changed-files.outputs.all_changed_files }}\" | cut -d '/' -f2)"
          echo "Changed chart name is: $chartName"
          echo "----------------------------------------"
          parentDir="charts/${chartName}"
          # Bump the chart version by one patch version
          version=$(grep '^version:' ${parentDir}/Chart.yaml | awk '{print $2}')
          major=$(echo $version | cut -d. -f1)
          minor=$(echo $version | cut -d. -f2)
          patch=$(echo $version | cut -d. -f3)
          patch=$(expr $patch + 1)
          sed -i "s/^version:.*/version: ${major}.${minor}.${patch}/g" ${parentDir}/Chart.yaml
          # Add a changelog entry
          appVersion=$(grep '^appVersion:' ${parentDir}/Chart.yaml | awk '{print $2}')
          sed -i -e '/^  artifacthub.io\/changes: |/,$d' ${parentDir}/Chart.yaml
          echo "  artifacthub.io/changes: |" >> ${parentDir}/Chart.yaml
          echo "    - kind: changed" >> ${parentDir}/Chart.yaml
          echo "      description: Bump ${chartName} to ${appVersion}" >> ${parentDir}/Chart.yaml
          cat ${parentDir}/Chart.yaml
      - name: "Commit and push changes"
        uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
        with:
          commit_options: '--signoff'
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@ -13,7 +13,7 @@ jobs:
      options: --user 1001
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Run ah lint
        working-directory: ./charts
        run: ah lint
@ -22,26 +22,26 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          fetch-depth: 0
      - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
        with:
          version: v3.10.1 # Also update in publish.yaml
      - name: Set up python
-        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
        with:
          python-version: 3.9
      - name: Setup Chart Linting
        id: lint
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
        with:
          # Note: Also update in scripts/lint.sh
-          version: v3.11.0
+          version: v3.10.0
      - name: List changed charts
        id: list-changed
@ -70,10 +70,11 @@ jobs:
          fi
      - name: Create kind cluster
-        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
        if: steps.list-changed.outputs.changed == 'true'
        with:
          config: .github/configs/kind-config.yaml
      - name: Deploy latest ArgoCD CRDs when testing ArgoCD extensions
        if: |
          contains(steps.list-changed.outputs.changed_charts, 'argocd-image-updater') ||
--- a/.github/workflows/pr-sizing.yml
+++ b/.github/workflows/pr-sizing.yml
@ -25,6 +25,6 @@ jobs:
  size-label:
    runs-on: ubuntu-latest
    steps:
-      - uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5
+      - uses: pascalgn/size-label-action@37a5ad4ae20ea8032abf169d953bcd661fd82cd3 # v0.5.0
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@ -19,7 +19,7 @@ jobs:
    name: Validate PR title
    runs-on: ubuntu-latest
    steps:
-      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
+      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -12,19 +12,18 @@ permissions:
 jobs:
  publish:
    if: github.repository == 'argoproj/argo-helm'
    permissions:
      contents: write  # for helm/chart-releaser-action to push chart release and create a release
      packages: write  # to push OCI chart package to GitHub Registry
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          fetch-depth: 0
      - name: Install Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
        with:
          version: v3.10.1 # Also update in lint-and-test.yaml
@ -59,14 +58,14 @@ jobs:
          PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
+        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
        with:
          config: "./.github/configs/cr.yaml"
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
      - name: Login to GHCR
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@ -1,38 +0,0 @@
 name: Renovate
 on:
  # The "*" (#42, asterisk) character has special semantics in YAML, so this
  # string has to be quoted.
  schedule:
    - cron: '0 * * * *'
  # Manual trigger is also possible
  workflow_dispatch: {}
 permissions:
  contents: read
 jobs:
  renovate:
    if: github.repository == 'argoproj/argo-helm'
    runs-on: ubuntu-latest
    steps:
      - name: Get token
        uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5
        id: get_token
        with:
          app-id: ${{ vars.RENOVATE_APP_ID }}
          private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Self-hosted Renovate
        uses: renovatebot/github-action@e084b5ac6fd201023db6dd7743aec023babb02c8 # v41.0.13
        with:
          configurationFile: .github/configs/renovate-config.js
          # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
          renovate-version: 39.153.2
          token: '${{ steps.get_token.outputs.token }}'
          mount-docker-socket: true
        env:
          LOG_LEVEL: 'debug'
          RENOVATE_REPOSITORIES: '${{ github.repository }}'
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -33,12 +33,12 @@ jobs:
    steps:
      - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          persist-credentials: false
      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
        with:
          results_file: results.sarif
          results_format: sarif
@ -60,7 +60,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
        with:
          name: SARIF file
          path: results.sarif
@ -68,6 +68,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
        with:
          sarif_file: results.sarif
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -14,7 +14,7 @@ jobs:
      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+    - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        # Number of days of inactivity before an issue becomes stale
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -124,7 +124,7 @@ helm install charts/argo-workflows -n argo
 argo version
 ```
-Follow [these](https://argo-workflows.readthedocs.io/en/stable/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow.
+Follow [these](https://argoproj.github.io/argo-workflows/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow.
 ### Testing Argo CD Changes
--- a/README.md
+++ b/README.md
@ -42,63 +42,3 @@ Please refer to [SECURITY.md](SECURITY.md) for details on how to report security
 ### Changelog
 Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog).
 ## Charts use Helm "Capabilities"
 Our charts make use of the Helm built-in object "Capabilities":
 > This provides information about what capabilities the Kubernetes cluster supports.  
 > *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/*
 Today we use:
 - `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster
 - `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1")
 If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster.
 For this you need to pass the `--api-versions` parameter to the `helm template` command:
 ```bash
 helm template argocd \
  oci://ghcr.io/argoproj/argo-helm/argo-cd \
  --api-versions monitoring.coreos.com/v1 \
  --values my-argocd-values.yaml
 ```
 If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options.
 Example with Kustomize:
 ```yaml
 # kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 helmCharts:
 - name: argo-cd
  repo: oci://ghcr.io/argoproj/argo-helm
  version: x.y.z
  releaseName: argocd
  apiVersions:
  - monitoring.coreos.com/v1
  valuesFile: my-argocd-values.yaml
 ```
 Example with helmfile:
 ```yaml
 # helmfile.yaml
 repositories:
  - name: argo
    url: https://argoproj.github.io/argo-helm
 apiVersions:
  - monitoring.coreos.com/v1
 releases:
  - name: argocd
    namespace: argocd
    chart: argo/argo-cd
    values:
      - my-argocd-values.yaml
 ```
--- a/SECURITY.md
+++ b/SECURITY.md
@ -6,7 +6,7 @@ Each helm chart currently supports the designated application version in the Cha
 * [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md)
 * [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md)
-* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md)
+* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md)
 * [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md)
 * [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md)
--- a/charts/argo-cd/Chart.lock
+++ b/charts/argo-cd/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
  repository: https://dandydeveloper.github.io/charts/
-  version: 4.29.4
+  version: 4.23.0
-digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7
+digest: sha256:589f9972fbdf36194d443c9d3be2a1747f43e03c435fc48004cc0cbe6b3c6e3c
-generated: "2024-11-13T09:07:36.494128+09:00"
+generated: "2023-05-15T19:25:26.049618+09:00"
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.14.2
+appVersion: v2.9.5
-kubeVersion: ">=1.25.0-0"
+kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.8.3
+version: 5.53.7
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -18,7 +18,7 @@ maintainers:
    url: https://argoproj.github.io/
 dependencies:
  - name: redis-ha
-    version: 4.29.4
+    version: 4.23.0
    repository: https://dandydeveloper.github.io/charts/
    condition: redis-ha.enabled
 annotations:
@ -27,4 +27,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: changed
-      description: Bump dex version to v2.42.0
+      description: Change redis repository to public.ecr.aws
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
--- a/charts/argo-cd/README.md.gotmpl
+++ b/charts/argo-cd/README.md.gotmpl
@ -63,181 +63,7 @@ applicationSet:
  replicas: 2
 ```
-## Ingress configuration
+### Synchronizing Changes from Original Repository
 Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples
 below corespond to their respective sections.
 ### SSL-Passthrough
 The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place.
 ```yaml
 global:
  domain: argocd.example.com
 certificate:
  enabled: true
 server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    tls: true
 ```
 ### SSL Termination at Ingress Controller
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    extraTls:
      - hosts:
        - argocd.example.com
        # Based on the ingress controller used secret might be optional
        secretName: wildcard-tls
 ```
 > **Note:**
 > If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section.
 ### Multiple ingress resources for gRPC protocol support
 Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour).
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  ingress:
    enabled: true
    ingressClassName: contour-internal
    extraTls:
      - hosts:
        - argocd.example.com
        secretName: wildcard-tls
   ingressGrpc:
     enabled: true
     ingressClassName: contour-internal
     extraTls:
      - hosts:
        - grpc.argocd.example.com
        secretName: wildcard-tls
 ```
 ### Multiple ingress domains
 ```yaml
 global:
  domain: argocd.example.com
 server:
  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      cert-manager.io/cluster-issuer: "<my-issuer>"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    tls: true
    extraHosts:
      - name: argocd-alias.example.com
        path: /
 ```
 ### AWS Application Load Balancer
 Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode).
 The provided example assumes you are using TLS off-loading via AWS ACM service.
 > **Note:**
 > Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section.
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  ingress:
    enabled: true
    controller: aws
    ingressClassName: alb
    annotations:
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/backend-protocol: HTTP
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/ssl-redirect: '443'
    aws:
      serviceType: ClusterIP # <- Used with target-type: ip
      backendProtocolVersion: GRPC
 ```
 ### GKE Application Load Balancer
 The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations
 automatically if you provide configuration for GKE resources.
 ```yaml
 global:
  domain: argocd.example.com
 configs:
  params:
    server.insecure: true
 server:
  service:
    annotations:
      cloud.google.com/neg: '{"ingress": true}'
      cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
  ingress:
    enabled: true
    controller: gke
    gke:
      backendConfig:
        healthCheck:
          checkIntervalSec: 30
          timeoutSec: 5
          healthyThreshold: 1
          unhealthyThreshold: 2
          type: HTTP
          requestPath: /healthz
          port: 8080
      frontendConfig:
        redirectToHttps:
          enabled: true  
      managedCertificate:
        enabled: true
 ```
 ## Synchronizing Changes from Original Repository
 In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
@ -278,112 +104,15 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 7.0.0
 We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
 If you used the value, please migrate like below.
 ```yaml
 # before
 configs:
  clusterCredentials:
    - mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 # after
 configs:
  clusterCredentials:
    mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 ```
 ### 6.10.0
 This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
 #### How to rotate Redis secret?
 Upstream steps in the [FAQ] are not enough, since we chose a different approach.
 (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
 Steps to rotate the secret when using the helm chart (bold step is additional to upstream):
 * Delete `argocd-redis` secret in the namespace where Argo CD is installed. 
  ```bash
  kubectl delete secret argocd-redis -n <argocd namespace>
  ```
 * **Perform a helm upgrade**
  ```bash
  helm upgrade argocd argo/argo-cd --reuse-values --wait
  ```
 * If you are running Redis in HA mode, restart Redis in HA.
  ```bash
  kubectl rollout restart deployment argocd-redis-ha-haproxy
  kubectl rollout restart statefulset argocd-redis-ha-server
  ```
 * If you are running Redis in non-HA mode, restart Redis.
  ```bash
  kubectl rollout restart deployment argocd-redis
  ```
 * Restart other components.
  ```bash
  kubectl rollout restart deployment argocd-server argocd-repo-server
  kubectl rollout restart statefulset argocd-application-controller
  ```
 ### 6.9.0
 ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9).  
 ### 6.4.0
 Added support for application controller dynamic cluster distribution.
 Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
 Added env variables to handle the non-standard names generated by the helm chart.
 Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
 and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
 ### 6.1.0
 Added support for global domain used by all components.
 ### 6.0.0
 This version **removes support for**:
 * deprecated component options `logLevel` and `logFormat`
 * deprecated component arguments `<components>.args.<feature>` that were replaced with `configs.params`
 * deprecated configuration `server.config` that was replaced with `configs.cm`
 * deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac`
 Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations.
 Please review your setup and adjust to new configuration options:
 * catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname
 * ingress rule for `paths` changed to `path` as there is only single Argo CD backend path
 * ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname
 * ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `<hostname>-tls` secret when `tls: true`
 * additional hostnames and routing can be provided via `extraHosts` configuration section
 * additional TLS secrets can be provided via `extraTls` configuration section
 Please refer to [ingress configuration](#ingress-configuration) for examples.
 ### 5.53.0
 Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
 ### 5.52.0
 Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
 If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
 ### 5.35.0
 This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
 Please see more information about EoL: [Amazon EKS EoL][EKS EoL].
@ -672,7 +401,7 @@ NAME: my-release
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
-  {{- if not (or  (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) (hasPrefix "commitServer" .Key) ) }}
+  {{- if not (or  (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) ) }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
@ -727,6 +456,28 @@ NAME: my-release
  {{- end }}
 {{- end }}
 ### Using AWS ALB Ingress Controller With GRPC
 If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
 Example:
 ```yaml
 server:
  ingress:
    enabled: true
    annotations:
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
  ingressGrpc:
    enabled: true
    isAWSALB: true
    awsALB:
      serviceType: ClusterIP
 ```
 ## Dex
 | Key | Type | Default | Description |
@ -780,19 +531,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
  {{- end }}
 {{- end }}
 ### Redis secret-init
 The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed.
 If you use an External Redis (See Option 3 above), this Job is not deployed.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
  {{- if hasPrefix "redisSecretInit" .Key }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
 ## ApplicationSet
 | Key | Type | Default | Description |
@ -813,44 +551,28 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
  {{- end }}
 {{- end }}
 ## Commit server (Manifest Hydrator)
 The Argo CD Commit Server provides push access to git repositories for hydrated manifests.
 To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator].
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
  {{- if hasPrefix "commitServer" .Key }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
 [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
-[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom
+[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
 [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
 [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
 [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
 [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
 [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
-[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
+[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
 [FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
 [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
 [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
 [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
 [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
 [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
-[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
 [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
 [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
-[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 [values.yaml]: values.yaml
 [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
 [tini]: https://github.com/argoproj/argo-cd/pull/12707
@ -859,5 +581,3 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
 [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
 [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer
 [Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/
 [Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md
--- a/charts/argo-cd/ci/dynamic-sharding-values.yaml
+++ b/charts/argo-cd/ci/dynamic-sharding-values.yaml
@ -1,6 +0,0 @@
 # Test application controller dynamic cluster distribution
 crds:
  keep: false
 controller:
  dynamicClusterDistribution: true
--- a/charts/argo-cd/ci/with-commit-server-values.yaml
+++ b/charts/argo-cd/ci/with-commit-server-values.yaml
@ -1,3 +0,0 @@
 # Test Argo CD with optional component "commit-server"
 commitServer:
  enabled: true
--- a/charts/argo-cd/templates/NOTES.txt
+++ b/charts/argo-cd/templates/NOTES.txt
@ -1,6 +1,136 @@
 {{- if .Values.controller.args.statusProcessors }}
 DEPRECATED option controller.args.statusProcessors - Use configs.params.controller.status.processors
 {{- end }}
 {{- if .Values.controller.args.operationProcessors }}
 DEPRECATED option controller.args.operationProcessors - Use configs.params.controller.operation.processors
 {{- end }}
 {{- if .Values.controller.args.appResyncPeriod }}
 DEPRECATED option controller.args.appResyncPeriod - Use server.config.timeout.reconciliation
 {{- end }}
 {{- if .Values.controller.args.appHardResyncPeriod }}
 DEPRECATED option controller.args.appHardResyncPeriod - Use server.config.timeout.hard.reconciliation
 {{- end }}
 {{- if .Values.controller.args.selfHealTimeout }}
 DEPRECATED option controller.args.selfHealTimeout -  Use configs.params.controller.self.heal.timeout.seconds
 {{- end }}
 {{- if .Values.controller.args.repoServerTimeoutSeconds }}
 DEPRECATED option controller.args.repoServerTimeoutSeconds - Use configs.params.controller.repo.server.timeout.seconds
 {{- end }}
 {{- if .Values.controller.logFormat }}
 DEPRECATED option controller.logFormat - Use configs.params.controller.log.format
 {{- end }}
 {{- if .Values.controller.logLevel }}
 DEPRECATED option controller.logLevel - Use configs.params.controller.log.level
 {{- end }}
 {{- if .Values.server.logFormat }}
 DEPRECATED option server.logFormat - Use configs.params.server.log.format
 {{- end }}
 {{- if .Values.server.logLevel }}
 DEPRECATED option server.logLevel - Use configs.params.server.log.level
 {{- end }}
 {{- if has "--insecure" .Values.server.extraArgs }}
 DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure
 {{- end }}
 {{- if .Values.repoServer.logFormat }}
 DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format
 {{- end }}
 {{- if .Values.repoServer.logLevel }}
 DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level
 {{- end }}
 {{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }}
 DEPRECATED option server.config - Use configs.cm
 {{- end }}
 {{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }}
 DEPRECATED option server.rbacConfig - Use configs.rbac
 {{- end }}
 {{- if .Values.configs.secret.argocdServerTlsConfig }}
 DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret
 {{- end }}
 {{- if .Values.configs.gpgKeys }}
 DEPRECATED option configs.gpgKeys - Use config.gpg.keys
 {{- end }}
 {{- if .Values.configs.gpgKeysAnnotations }}
 DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
 {{- end }}
 {{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }}
 DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles
 {{- end }}
 {{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }}
 DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
 {{- end }}
 {{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }}
 DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
 {{- end }}
 {{- if .Values.configs.knownHostsAnnotations }}
 DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations
 {{- end }}
 {{- if hasKey .Values.configs "knownHosts" }}
 DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts
 {{- end }}
 {{- if .Values.configs.tlsCertsAnnotations }}
 DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations
 {{- end }}
 {{- if hasKey .Values.configs "tlsCerts" }}
 DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates
 {{- end }}
 {{- if .Values.applicationSet.replicaCount }}
 DEPRECATED option applicationSet.replicaCount - Use applicationSet.replicas
 {{- end }}
 {{- if .Values.applicationSet.logFormat }}
 DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format
 {{- end }}
 {{- if .Values.applicationSet.logLevel }}
 DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level
 {{- end }}
 {{- if .Values.applicationSet.args.policy }}
 DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy
 {{- end }}
 {{- if .Values.applicationSet.args.dryRun }}
 DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun
 {{- end }}
 {{- if .Values.controller.service }}
 REMOVED option controller.service - Use controller.metrics
 {{- end }}
 {{- if .Values.repoServer.copyutil }}
 REMOVED option repoSever.copyutil.resources - Use repoServer.resources
 {{- end }}
 {{- if .Values.applicationSet.args.debug }}
 REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug
 {{- end }}
 {{- if .Values.applicationSet.args.enableLeaderElection }}
 REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas
 {{- end }}
 {{- if .Values.controller.containerPort }}
 REMOVED option controller.containerPort - Use controller.containerPorts
 {{- end }}
 {{- if .Values.server.containerPort }}
 REMOVED option server.containerPort - Use server.containerPorts
 {{- end }}
 {{- if .Values.repoServer.containerPort }}
 REMOVED option repoServer.containerPort - Use repoServer.containerPorts
 {{- end }}
 {{- if .Values.applicationSet.args.metricsAddr }}
 REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts
 {{- end }}
 {{- if .Values.applicationSet.args.probeBindAddr }}
 REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts
 {{- end }}
 {{- if .Values.redis.containerPort }}
 REMOVED option redis.containerPort - Use redis.containerPorts
 {{- end }}
 {{- if .Values.redis.metrics.containerPort }}
 REMOVED option redis.metrics.containerPort - Use redis.containerPorts
 {{- end }}
 {{- if .Values.apiVersionOverrides.autoscaling }}
 REMOVED option apiVersionOverrides.autoscaling - API autoscaling/v2 is GA from 1.23
 {{- end }}
 {{- if .Values.apiVersionOverrides.certmanager }}
 REMOVED option apiVersionOverrides.certmanager - API v1 is only possible option after K8s 1.22
 {{- end }}
 In order to access the server UI you have the following options:
-1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include  "argo-cd.namespace" . }} 8080:443
+1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
    and then open the browser on http://localhost:8080 and accept the certificate
@ -9,10 +139,10 @@ In order to access the server UI you have the following options:
      - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
-{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}}
+{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}}
 After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
-kubectl -n {{ include  "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
+kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
 (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
 {{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@ -86,25 +86,6 @@ Create the name of the redis service account to use
 {{- end -}}
 {{- end -}}
 {{/*
 Create Redis secret-init name
 */}}
 {{- define "argo-cd.redisSecretInit.fullname" -}}
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create the name of the Redis secret-init service account to use
 */}}
 {{- define "argo-cd.redisSecretInit.serviceAccountName" -}}
 {{- if .Values.redisSecretInit.serviceAccount.create -}}
    {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.redisSecretInit.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Create argocd server name and version as used by the chart label.
 */}}
@ -178,32 +159,10 @@ Create the name of the notifications service account to use
 {{- end -}}
 {{/*
-Create argocd commit-server name and version as used by the chart label.
+Argo Configuration Preset Values (Incluenced by Values configuration)
 */}}
 {{- define "argo-cd.commitServer.fullname" -}}
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create the name of the commit-server service account to use
 */}}
 {{- define "argo-cd.commitServer.serviceAccountName" -}}
 {{- if .Values.commitServer.serviceAccount.create -}}
    {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.commitServer.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Argo Configuration Preset Values (Influenced by Values configuration)
 */}}
 {{- define "argo-cd.config.cm.presets" -}}
 {{- $presets := dict -}}
 {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}}
 {{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}}
 {{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}}
 {{- end -}}
 {{- if .Values.configs.styles -}}
 {{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}}
 {{- end -}}
@ -214,7 +173,7 @@ Argo Configuration Preset Values (Influenced by Values configuration)
 Merge Argo Configuration with Preset Configuration
 */}}
 {{- define "argo-cd.config.cm" -}}
-{{- $config := omit .Values.configs.cm "create" "annotations" -}}
+{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict))  -}}
 {{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
 {{- range $key, $value := mergeOverwrite $preset $config }}
 {{- $fmted := $value | toString }}
@ -233,7 +192,6 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ
 {{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}}
 {{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}}
 {{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}}
 {{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}}
 {{- if .Values.dex.enabled -}}
 {{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}}
 {{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}}
@ -242,6 +200,9 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ
 {{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}}
 {{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}}
 {{- end -}}
 {{- if .Values.applicationSet.enabled -}}
 {{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}}
 {{- end -}}
 {{- toYaml $presets }}
 {{- end -}}
@ -255,23 +216,3 @@ Merge Argo Params Configuration with Preset Configuration
 {{ $key }}: {{ toString $value | toYaml }}
 {{- end }}
 {{- end -}}
 {{/*
 Expand the namespace of the release.
 Allows overriding it for multi-namespace deployments in combined charts.
 */}}
 {{- define "argo-cd.namespace" -}}
 {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
 {{- end }}
 {{/*
 Dual stack definition
 */}}
 {{- define "argo-cd.dualStack" -}}
 {{- with .Values.global.dualStack.ipFamilyPolicy }}
 ipFamilyPolicy: {{ . }}
 {{- end }}
 {{- with .Values.global.dualStack.ipFamilies }}
 ipFamilies: {{ toYaml . | nindent 4 }}
 {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/_versions.tpl
+++ b/charts/argo-cd/templates/_versions.tpl
@ -5,3 +5,16 @@ Return the target Kubernetes version
 {{- define "argo-cd.kubeVersion" -}}
 {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
 {{- end }}
 {{/*
 Return the appropriate apiVersion for GKE resources
 */}}
 {{- define "argo-cd.apiVersions.cloudgoogle" -}}
 {{- if .Values.apiVersionOverrides.cloudgoogle -}}
 {{- print .Values.apiVersionOverrides.cloudgoogle -}}
 {{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
 {{- print "cloud.google.com/v1" -}}
 {{- else -}}
 {{- print "cloud.google.com/v1beta1" -}}
 {{- end -}}
 {{- end -}}
--- a/charts/argo-cd/templates/aggregate-roles.yaml
+++ b/charts/argo-cd/templates/aggregate-roles.yaml
@ -11,7 +11,9 @@ rules:
  - argoproj.io
  resources:
  - applications
  {{- if .Values.applicationSet.enabled }}
  - applicationsets
  {{- end }}
  - appprojects
  verbs:
  - get
@ -31,7 +33,9 @@ rules:
  - argoproj.io
  resources:
  - applications
  {{- if .Values.applicationSet.enabled }}
  - applicationsets
  {{- end }}
  - appprojects
  verbs:
  - create
@ -56,7 +60,9 @@ rules:
  - argoproj.io
  resources:
  - applications
  {{- if .Values.applicationSet.enabled }}
  - applicationsets
  {{- end }}
  - appprojects
  verbs:
  - create
--- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
@ -1,4 +1,5 @@
-{{- if .Values.createClusterRoles }}
+{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
@ -1,4 +1,5 @@
-{{- if .Values.createClusterRoles }}
+{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -12,5 +13,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "argo-cd.controller.serviceAccountName" . }}
-  namespace: {{ include "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -1,440 +0,0 @@
 {{- if .Values.controller.dynamicClusterDistribution }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.controller.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 spec:
  replicas: {{ .Values.controller.replicas }}
  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
  template:
    metadata:
      annotations:
        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
        {{- if .Values.configs.cm.create }}
        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
        {{- end }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
        {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.hostAliases }}
      hostAliases:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.securityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      {{- if .Values.controller.terminationGracePeriodSeconds }}
      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }}
      containers:
      - args:
        - /usr/local/bin/argocd-application-controller
        - --metrics-port={{ .Values.controller.containerPorts.metrics }}
        {{- if .Values.controller.metrics.applicationLabels.enabled }}
        {{- range .Values.controller.metrics.applicationLabels.labels }}
        - --metrics-application-labels
        - {{ . }}
        {{- end }}
        {{- end }}
        {{- with .Values.controller.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
        name: {{ .Values.controller.name }}
        env:
          {{- with (concat .Values.global.env .Values.controller.env) }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION
            value: "true"
          - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME
            value: {{ .Values.controller.heartbeatTime | quote }}
          - name: ARGOCD_APPLICATION_CONTROLLER_NAME
            value: {{ template "argo-cd.controller.fullname" . }}
          - name: ARGOCD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cm
                key: timeout.reconciliation
                optional: true
          - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cm
                key: timeout.hard.reconciliation
                optional: true
          - name: ARGOCD_RECONCILIATION_JITTER
            valueFrom:
              configMapKeyRef:
                key: timeout.reconciliation.jitter
                name: argocd-cm
                optional: true
          - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.repo.error.grace.period.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: repo.server
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.repo.server.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.status.processors
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.operation.processors
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.log.format
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.log.level
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.metrics.cache.expiration
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.factor
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.cap.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.sync.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.repo.server.plaintext
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.repo.server.strict.tls
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.resource.health.persist
                optional: true
          - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.app.state.cache.expiration
                optional: true
          - name: REDIS_SERVER
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: redis.server
                optional: true
          - name: REDIS_COMPRESSION
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: redis.compression
                optional: true
          - name: REDISDB
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: redis.db
                optional: true
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.default.cache.expiration
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.address
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.insecure
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.headers
                optional: true
          - name: ARGOCD_APPLICATION_NAMESPACES
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: application.namespaces
                optional: true
          - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.sharding.algorithm
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.kubectl.parallelism.limit
                optional: true
          - name: ARGOCD_K8SCLIENT_RETRY_MAX
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.k8sclient.retry.max
                optional: true
          - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.k8sclient.retry.base.backoff
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.diff.server.side
                optional: true
          - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.ignore.normalizer.jq.timeout
                optional: true
          - name: ARGOCD_HYDRATOR_ENABLED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: hydrator.enabled
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.batch.events.processing
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.events.processing.interval
                optional: true
        {{- with .Values.controller.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        ports:
        - name: metrics
          containerPort: {{ .Values.controller.containerPorts.metrics }}
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /healthz
            port: metrics
          initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
          timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
          successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
          failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
        resources:
          {{- toYaml .Values.controller.resources | nindent 10 }}
        {{- with .Values.controller.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        workingDir: /home/argocd
        volumeMounts:
        {{- with .Values.controller.volumeMounts }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        - mountPath: /app/config/controller/tls
          name: argocd-repo-server-tls
        - mountPath: /home/argocd
          name: argocd-home
        - name: argocd-cmd-params-cm
          mountPath: /home/argocd/params
      {{- with .Values.controller.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with .Values.controller.initContainers }}
      initContainers:
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
      affinity:
        {{- trim . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.tolerations | default .Values.global.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- range $constraint := . }}
      - {{ toYaml $constraint | nindent 8 | trim }}
          {{- if not $constraint.labelSelector }}
        labelSelector:
          matchLabels:
            {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
          {{- end }}
        {{- end }}
      {{- end }}
      volumes:
      {{- with .Values.controller.volumes }}
        {{- toYaml . | nindent 6 }}
      {{- end }}
      - name: argocd-home
        {{- if .Values.controller.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }}
        {{- else }}
        emptyDir: {}
        {{- end }}
      - name: argocd-repo-server-tls
        secret:
          secretName: argocd-repo-server-tls
          optional: true
          items:
          - key: tls.crt
            path: tls.crt
          - key: tls.key
            path: tls.key
          - key: ca.crt
            path: ca.crt
      - name: argocd-cmd-params-cm
        configMap:
          optional: true
          name: argocd-cmd-params-cm
          items:
          - key: controller.profile.enabled
            path: profiler.enabled
      {{- if .Values.controller.hostNetwork }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
      {{- end }}
      {{- with .Values.controller.dnsConfig }}
      dnsConfig:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.controller.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }}
    {{- with .Values.controller.metrics.service.labels }}
@ -24,7 +24,6 @@ spec:
  {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
  {{- end }}
  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.controller.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
 spec:
  ingress:
  - from:
--- a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml
@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ include "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- with .Values.controller.pdb.labels }}
--- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
@ -1,9 +1,9 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- if .Values.controller.metrics.rules.selector }}
--- a/charts/argo-cd/templates/argocd-application-controller/role.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
@ -43,17 +43,3 @@ rules:
  - get
  - list
  - watch
 {{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }}
 - apiGroups:
  - ""
  resources:
  - configmaps
  resourceNames:
  - argocd-app-controller-shard-cm
  verbs:
  - get
  - list
  - watch
  - create
  - update
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
@ -10,6 +10,6 @@ roleRef:
  kind: Role
  name: {{ include "argo-cd.controller.fullname" . }}
 subjects:
-  - kind: ServiceAccount
+- kind: ServiceAccount
-    name: {{ include "argo-cd.controller.serviceAccountName" . }}
+  name: {{ include "argo-cd.controller.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace }}
--- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
@ -4,7 +4,7 @@ kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ include "argo-cd.controller.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- with .Values.controller.serviceAccount.annotations }}
  annotations:
    {{- range $key, $value := . }}
--- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- with .Values.controller.metrics.serviceMonitor.selector }}
@ -22,9 +22,6 @@ spec:
      {{- with .Values.controller.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      {{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }}
      scrapeTimeout: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.controller.metrics.serviceMonitor.relabelings }}
      relabelings:
@ -34,7 +31,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.controller.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
@ -44,7 +40,7 @@ spec:
      {{- end }}
  namespaceSelector:
    matchNames:
-      - {{ include "argo-cd.namespace" . }}
+      - {{ .Release.Namespace }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }}
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -1,4 +1,3 @@
 {{- if not .Values.controller.dynamicClusterDistribution | default false }}
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@ -9,12 +8,13 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 spec:
  replicas: {{ .Values.controller.replicas }}
-  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
+  # TODO: Remove for breaking release as history limit cannot be patched
  revisionHistoryLimit: 5
  serviceName: {{ include "argo-cd.controller.fullname" . }}
  selector:
    matchLabels:
@ -23,7 +23,7 @@ spec:
    metadata:
      annotations:
        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
-        {{- if .Values.configs.cm.create }}
+        {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
        {{- end }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
@ -37,9 +37,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -59,7 +56,6 @@ spec:
      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }}
      containers:
      - args:
        - /usr/local/bin/argocd-application-controller
@ -70,6 +66,38 @@ spec:
        - {{ . }}
        {{- end }}
        {{- end }}
        {{- with .Values.controller.args.statusProcessors }}
        - --status-processors
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.controller.args.operationProcessors }}
        - --operation-processors
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.controller.args.appResyncPeriod }}
        - --app-resync
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.controller.args.appHardResyncPeriod }}
        - --app-hard-resync
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.controller.args.selfHealTimeout }}
        - --self-heal-timeout-seconds
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.controller.args.repoServerTimeoutSeconds }}
        - --repo-server-timeout-seconds
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.controller.logFormat }}
        - --logformat
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.controller.logLevel }}
        - --loglevel
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.controller.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
@ -82,8 +110,6 @@ spec:
          {{- end }}
          - name: ARGOCD_CONTROLLER_REPLICAS
            value: {{ .Values.controller.replicas | quote }}
          - name: ARGOCD_APPLICATION_CONTROLLER_NAME
            value: {{ template "argo-cd.controller.fullname" . }}
          - name: ARGOCD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
@ -96,18 +122,6 @@ spec:
                name: argocd-cm
                key: timeout.hard.reconciliation
                optional: true
          - name: ARGOCD_RECONCILIATION_JITTER
            valueFrom:
              configMapKeyRef:
                key: timeout.reconciliation.jitter
                name: argocd-cm
                optional: true
          - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.repo.error.grace.period.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
            valueFrom:
              configMapKeyRef:
@ -156,30 +170,6 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.self.heal.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.factor
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.cap.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.sync.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
            valueFrom:
              configMapKeyRef:
@ -225,30 +215,14 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
@ -262,18 +236,6 @@ spec:
                name: argocd-cmd-params-cm
                key: otlp.address
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.insecure
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.headers
                optional: true
          - name: ARGOCD_APPLICATION_NAMESPACES
            valueFrom:
              configMapKeyRef:
@ -292,50 +254,6 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.kubectl.parallelism.limit
                optional: true
          - name: ARGOCD_K8SCLIENT_RETRY_MAX
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.k8sclient.retry.max
                optional: true
          - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.k8sclient.retry.base.backoff
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.diff.server.side
                optional: true
          - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.ignore.normalizer.jq.timeout
                optional: true
          - name: ARGOCD_HYDRATOR_ENABLED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: hydrator.enabled
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.batch.events.processing
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.events.processing.interval
                optional: true
          - name: KUBECACHEDIR
            value: /tmp/kubecache
        {{- with .Values.controller.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
@ -368,10 +286,6 @@ spec:
          name: argocd-repo-server-tls
        - mountPath: /home/argocd
          name: argocd-home
        - name: argocd-cmd-params-cm
          mountPath: /home/argocd/params
        - name: argocd-application-controller-tmp
          mountPath: /tmp
      {{- with .Values.controller.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
@ -407,14 +321,7 @@ spec:
        {{- toYaml . | nindent 6 }}
      {{- end }}
      - name: argocd-home
        {{- if .Values.controller.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }}
        {{- else }}
        emptyDir: {}
        {{- end }}
      - emptyDir: {}
        name: argocd-application-controller-tmp
      - name: argocd-repo-server-tls
        secret:
          secretName: argocd-repo-server-tls
@ -426,13 +333,6 @@ spec:
            path: tls.key
          - key: ca.crt
            path: ca.crt
      - name: argocd-cmd-params-cm
        configMap:
          optional: true
          name: argocd-cmd-params-cm
          items:
          - key: controller.profile.enabled
            path: profiler.enabled
      {{- if .Values.controller.hostNetwork }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
      {{- end }}
@ -441,4 +341,3 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
@ -9,14 +9,14 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
-  secretName: argocd-applicationset-controller-tls
+  secretName: {{ .Values.applicationSet.certificate.secretName }}
-  commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
+  commonName: {{ .Values.applicationSet.certificate.domain | quote }}
  dnsNames:
-    - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
+    - {{ .Values.applicationSet.certificate.domain | quote }}
    {{- range .Values.applicationSet.certificate.additionalHosts }}
    - {{ . | quote }}
    {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
@ -1,90 +0,0 @@
 {{- if .Values.applicationSet.allowAnyNamespace }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 rules:
  - apiGroups:
    - argoproj.io
    resources:
    - applications
    - applicationsets
    - applicationsets/finalizers
    verbs:
    - create
    - delete
    - get
    - list
    - patch
    - update
    - watch
  - apiGroups:
    - argoproj.io
    resources:
    - applicationsets/status
    verbs:
    - get
    - patch
    - update
  - apiGroups:
    - argoproj.io
    resources:
    - appprojects
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - create
    - get
    - list
    - patch
    - watch
  - apiGroups:
    - ""
    resources:
    - configmaps
    verbs:
    - create
    - update
    - delete
    - get
    - list
    - patch
    - watch
  - apiGroups:
    - ""
    resources:
    - secrets
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - apps
    - extensions
    resources:
    - deployments
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - coordination.k8s.io
    resources:
    - leases
    verbs:
    - create
    - delete
    - get
    - list
    - patch
    - update
    - watch
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
@ -1,16 +0,0 @@
 {{- if .Values.applicationSet.allowAnyNamespace }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ template "argo-cd.applicationSet.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ template "argo-cd.applicationSet.fullname" . }}
 subjects:
  - kind: ServiceAccount
    name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
    namespace: {{ include "argo-cd.namespace" . }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
@ -1,3 +1,4 @@
 {{- if .Values.applicationSet.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -8,7 +9,7 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
@ -16,7 +17,7 @@ spec:
  strategy:
    {{- trim . | nindent 4 }}
  {{- end }}
-  replicas: {{ .Values.applicationSet.replicas }}
+  replicas: {{ .Values.applicationSet.replicas | default .Values.applicationSet.replicaCount }}
  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
  selector:
    matchLabels:
@ -36,9 +37,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -58,7 +56,6 @@ spec:
      terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }}
      containers:
        - name: {{ .Values.applicationSet.name }}
          image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}
@ -68,6 +65,20 @@ spec:
            - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }}
            - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }}
            - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }}
            {{- with .Values.applicationSet.args.policy }}
            - --policy={{ . }}
            {{- end }}
            {{- with .Values.applicationSet.args.dryRun }}
            - --dry-run={{ . }}
            {{- end }}
            {{- with .Values.applicationSet.logFormat }}
            - --logformat
            - {{ . }}
            {{- end }}
            {{- with .Values.applicationSet.logLevel }}
            - --loglevel
            - {{ . }}
            {{- end }}
            {{- with .Values.applicationSet.extraArgs }}
              {{- toYaml . | nindent 12 }}
            {{- end }}
@ -151,12 +162,6 @@ spec:
                  key: applicationsetcontroller.enable.progressive.syncs
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.tokenref.strict.mode
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
              valueFrom:
                configMapKeyRef:
@ -205,24 +210,6 @@ spec:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.allowed.scm.providers
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.enable.scm.providers
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.webhook.parallelism.limit
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.requeue.after
                  name: argocd-cmd-params-cm
                  optional: true
          {{- with .Values.applicationSet.extraEnvFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
@ -323,19 +310,9 @@ spec:
          configMap:
            name: argocd-gpg-keys-cm
        - name: gpg-keyring
          {{- if .Values.applicationSet.emptyDir.sizeLimit }}
          emptyDir:
            sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }}
          {{- else }}
          emptyDir: {}
          {{- end }}
        - name: tmp
          {{- if .Values.applicationSet.emptyDir.sizeLimit }}
          emptyDir:
            sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }}
          {{- else }}
          emptyDir: {}
          {{- end }}
        - name: argocd-repo-server-tls
          secret:
            secretName: argocd-repo-server-tls
@ -352,3 +329,4 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.applicationSet.dnsPolicy }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml
@ -1,62 +0,0 @@
 {{- if .Values.applicationSet.ingress.enabled -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
    {{- with .Values.applicationSet.ingress.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.applicationSet.ingress.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
  {{- with .Values.applicationSet.ingress.ingressClassName }}
  ingressClassName: {{ . }}
  {{- end }}
  rules:
    - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
      http:
        paths:
          {{- with .Values.applicationSet.ingress.extraPaths }}
            {{- tpl (toYaml .) $ | nindent 10 }}
          {{- end }}
          - path: {{ .Values.applicationSet.ingress.path }}
            pathType: {{ .Values.applicationSet.ingress.pathType }}
            backend:
              service:
                name: {{ include "argo-cd.applicationSet.fullname" . }}
                port:
                  number: {{ .Values.applicationSet.service.port }}
    {{- range .Values.applicationSet.ingress.extraHosts }}
    - host: {{ .name | quote }}
      http:
        paths:
          - path: {{ default $.Values.applicationSet.ingress.path .path }}
            pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }}
            backend:
              service:
                name: {{ include "argo-cd.applicationSet.fullname" $ }}
                port:
                  number: {{ $.Values.applicationSet.service.port }}
    {{- end }}
    {{- with .Values.applicationSet.ingress.extraRules }}
      {{- tpl (toYaml .) $ | nindent 4 }}
    {{- end }}
  {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }}
  tls:
    {{- if .Values.applicationSet.ingress.tls }}
    - hosts:
      - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
      secretName: argocd-applicationset-controller-tls
    {{- end }}
    {{- with .Values.applicationSet.ingress.extraTls }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml
@ -1,9 +1,9 @@
-{{- if .Values.applicationSet.metrics.enabled }}
+{{- if and .Values.applicationSet.enabled .Values.applicationSet.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }}
    {{- with .Values.applicationSet.metrics.service.labels }}
@ -24,7 +24,6 @@ spec:
  {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }}
  {{- end }}
  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name:  {{ .Values.applicationSet.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml
@ -1,14 +1,14 @@
-{{- if and .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }}
+{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
  ingress:
-  {{- if .Values.applicationSet.ingress.enabled }}
+  {{- if .Values.applicationSet.webhook.ingress.enabled }}
  - ports:
    - port: webhook
  {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml
@ -1,9 +1,9 @@
-{{- if .Values.applicationSet.pdb.enabled }}
+{{- if and .Values.applicationSet.enabled .Values.applicationSet.pdb.enabled }}
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
    {{- with .Values.applicationSet.pdb.labels }}
--- a/charts/argo-cd/templates/argocd-applicationset/role.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml
@ -1,8 +1,9 @@
 {{- if .Values.applicationSet.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 rules:
@ -34,8 +35,6 @@ rules:
    - appprojects
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
@ -87,3 +86,4 @@ rules:
    - patch
    - update
    - watch
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml
@ -1,8 +1,9 @@
 {{- if .Values.applicationSet.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 roleRef:
@ -12,4 +13,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}
+    namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/service.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml
@ -1,3 +1,4 @@
 {{- if .Values.applicationSet.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@ -8,7 +9,7 @@ metadata:
  {{- end }}
 {{- end }}
  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 {{- with .Values.applicationSet.service.labels }}
@ -16,10 +17,10 @@ metadata:
 {{- end }}
 spec:
  type: {{ .Values.applicationSet.service.type }}
  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.applicationSet.service.portName }}
    port: {{ .Values.applicationSet.service.port }}
    targetPort: webhook
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml
@ -1,10 +1,10 @@
-{{- if .Values.applicationSet.serviceAccount.create }}
+{{- if and .Values.applicationSet.enabled .Values.applicationSet.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- with .Values.applicationSet.serviceAccount.annotations }}
  annotations:
    {{- range $key, $value := . }}
--- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
@ -1,9 +1,10 @@
 {{- if .Values.applicationSet.enabled }}
 {{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
    {{- with .Values.applicationSet.metrics.serviceMonitor.selector }}
@ -22,9 +23,6 @@ spec:
      {{- with .Values.applicationSet.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      {{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }}
      scrapeTimeout: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }}
      relabelings:
@ -34,7 +32,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
@ -44,8 +41,9 @@ spec:
      {{- end }}
  namespaceSelector:
    matchNames:
-      - {{ include "argo-cd.namespace" . }}
+      - {{ .Release.Namespace }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }}
 {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml
@ -0,0 +1,73 @@
 {{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}}
 {{- $servicePort := .Values.applicationSet.service.portName -}}
 {{- $paths := .Values.applicationSet.webhook.ingress.paths -}}
 {{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}}
 {{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
    {{- with .Values.applicationSet.webhook.ingress.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.applicationSet.webhook.ingress.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
  {{- with .Values.applicationSet.webhook.ingress.ingressClassName }}
  ingressClassName: {{ . }}
  {{- end }}
  rules:
  {{- if .Values.applicationSet.webhook.ingress.hosts }}
    {{- range $host := .Values.applicationSet.webhook.ingress.hosts }}
    - host: {{ $host }}
      http:
        paths:
          {{- with $extraPaths }}
          {{- toYaml . | nindent 10 }}
          {{- end }}
          {{- range $p := $paths }}
          - path: {{ $p }}
            pathType: {{ $pathType }}
            backend:
              service:
                name: {{ include "argo-cd.applicationSet.fullname" $ }}
                port:
                  {{- if kindIs "float64" $servicePort }}
                  number: {{ $servicePort }}
                  {{- else }}
                  name: {{ $servicePort }}
                  {{- end }}
          {{- end -}}
    {{- end -}}
  {{- else }}
    - http:
        paths:
          {{- with $extraPaths }}
          {{- toYaml . | nindent 10 }}
          {{- end }}
          {{- range $p := $paths }}
          - path: {{ $p }}
            pathType: {{ $pathType }}
            backend:
              service:
                name: {{ include "argo-cd.applicationSet.fullname" $ }}
                port:
                  {{- if kindIs "float64" $servicePort }}
                  number: {{ $servicePort }}
                  {{- else }}
                  name: {{ $servicePort }}
                  {{- end }}
          {{- end -}}
  {{- end -}}
  {{- with .Values.applicationSet.webhook.ingress.tls }}
  tls:
    {{- toYaml . | nindent 4 }}
  {{- end -}}
 {{- end -}}
--- a/charts/argo-cd/templates/argocd-commit-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml
@ -1,238 +0,0 @@
 {{- if .Values.commitServer.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.commitServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
 spec:
  {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }}
  strategy:
    {{- trim . | nindent 4 }}
  {{- end }}
  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
  template:
    metadata:
      annotations:
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
        {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.hostAliases }}
      hostAliases:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.securityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      {{- with .Values.commitServer.terminationGracePeriodSeconds }}
      terminationGracePeriodSeconds: {{ . }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }}
      containers:
      - name: {{ .Values.commitServer.name }}
        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }}
        args:
        - /usr/local/bin/argocd-commit-server
        {{- with .Values.commitServer.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        env:
          {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.listen.address
                optional: true
          - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.metrics.listen.address
                optional: true
          - name: ARGOCD_COMMIT_SERVER_LOGFORMAT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.log.format
                optional: true
          - name: ARGOCD_COMMIT_SERVER_LOGLEVEL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.log.level
                optional: true
          - name: ARGOCD_LOG_FORMAT_TIMESTAMP
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: log.format.timestamp
                optional: true
        {{- with .Values.commitServer.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        ports:
        - containerPort: 8086
          name: server
          protocol: TCP
        - containerPort: 8087
          name: metrics
          protocol: TCP
        {{- if .Values.commitServer.livenessProbe.enabled }}
        livenessProbe:
          httpGet:
            path: /healthz?full=true
            port: 8087
          initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }}
          failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }}
          timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }}
        {{- end }}
        {{- if .Values.commitServer.readinessProbe.enabled }}
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8087
          initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }}
          failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }}
          timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }}
        {{- end }}
        resources:
          {{- toYaml .Values.commitServer.resources | nindent 10 }}
        {{- with .Values.commitServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- with .Values.commitServer.lifecycle }}
        lifecycle:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        volumeMounts:
        {{- with .Values.commitServer.extraVolumeMounts }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        - name: ssh-known-hosts
          mountPath: /app/config/ssh
        - name: tls-certs
          mountPath: /app/config/tls
        - name: gpg-keys
          mountPath: /app/config/gpg/source
        - name: gpg-keyring
          mountPath: /app/config/gpg/keys
        # We need a writeable temp directory for the askpass socket file.
        - name: tmp
          mountPath: /tmp
      initContainers:
      - command:
        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
        name: copyutil
        resources:
          {{- toYaml .Values.commitServer.resources | nindent 10 }}
        {{- with .Values.commitServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
      volumes:
        {{- with .Values.commitServer.extraVolumes }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        - name: ssh-known-hosts
          configMap:
            name: argocd-ssh-known-hosts-cm
        - name: tls-certs
          configMap:
            name: argocd-tls-certs-cm
        - name: gpg-keys
          configMap:
            name: argocd-gpg-keys-cm
        - name: gpg-keyring
          emptyDir: {}
        - name: tmp
          emptyDir: {}
        - name: argocd-commit-server-tls
          secret:
            secretName: argocd-commit-server-tls
            optional: true
            items:
            - key: tls.crt
              path: tls.crt
            - key: tls.key
              path: tls.key
            - key: ca.crt
              path: ca.crt
        - emptyDir: {}
          name: var-files
      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }}
      affinity:
        {{- trim . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- range $constraint := . }}
      - {{ toYaml $constraint | nindent 8 | trim }}
        {{- if not $constraint.labelSelector }}
        labelSelector:
          matchLabels:
            {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 12 }}
        {{- end }}
        {{- end }}
      {{- end }}
      {{- if .Values.commitServer.hostNetwork }}
      hostNetwork: {{ .Values.commitServer.hostNetwork }}
      {{- end }}
      {{- with .Values.commitServer.dnsConfig }}
      dnsConfig:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.commitServer.dnsPolicy }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml
@ -1,35 +0,0 @@
 {{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.commitServer.fullname" . }}-metrics
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }}
    {{- with .Values.commitServer.metrics.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
  annotations:
    {{- if .Values.global.addPrometheusAnnotations }}
    prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }}
    prometheus.io/scrape: "true"
    {{- end }}
    {{- range $key, $value := .Values.commitServer.metrics.service.annotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
  type: {{ .Values.commitServer.metrics.service.type }}
  {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }}
  {{- end }}
  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name:  {{ .Values.commitServer.metrics.service.portName }}
    protocol: TCP
    port: {{ .Values.commitServer.metrics.service.servicePort }}
    targetPort: 8087
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml
@ -1,25 +0,0 @@
 {{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ template "argo-cd.commitServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
 spec:
  podSelector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }}
      ports:
        - protocol: TCP
          port: 8086
    - from:
        - namespaceSelector: { }
      ports:
        - port: 8087
 {{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/service.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/service.yaml
@ -1,26 +0,0 @@
 {{- if .Values.commitServer.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "argo-cd.commitServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
    {{- with .Values.commitServer.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.commitServer.service.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
  ports:
  - name: server
    protocol: TCP
    port: 8086
    targetPort: 8086
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml
@ -1,19 +0,0 @@
 {{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ include "argo-cd.commitServer.serviceAccountName" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  {{- with .Values.commitServer.serviceAccount.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
    {{- with .Values.commitServer.serviceAccount.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
@ -1,12 +1,12 @@
-{{- if .Values.configs.cm.create }}
+{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }}
-  {{- with .Values.configs.cm.annotations }}
+  {{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-cmd-params-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }}
  {{- if .Values.configs.params.annotations }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-cmp-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }}
  {{- with .Values.configs.cmp.annotations }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-dex-server-tls
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }}
    {{- with .Values.dex.certificateSecret.labels }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml
@ -2,16 +2,16 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-gpg-keys-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
-  {{- with .Values.configs.gpg.annotations }}
+  {{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
-{{- with .Values.configs.gpg.keys }}
+{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}}
 data:
  {{- toYaml . | nindent 2 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml
@ -3,12 +3,12 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-notifications-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 data:
  context: |
-    argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }}
+    argocdUrl: {{ .Values.notifications.argocdUrl | quote }}
    {{- with .Values.notifications.context }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml
@ -2,8 +2,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Values.notifications.secret.name }}
+  name: argocd-notifications-secret
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
    {{- with .Values.notifications.secret.labels }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
@ -1,18 +1,18 @@
-{{- if .Values.configs.rbac.create }}
+{{- if (hasKey .Values.server "rbacConfigCreate") | ternary .Values.server.rbacConfigCreate .Values.configs.rbac.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-rbac-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }}
-  {{- with .Values.configs.rbac.annotations }}
+  {{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
-{{- with (omit .Values.configs.rbac "create" "annotations") }}
+{{- with (mergeOverwrite (deepCopy (omit .Values.configs.rbac "create" "annotations")) (.Values.server.rbacConfig | default dict)) }}
 data:
  {{- toYaml . | nindent 2 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-server-tls
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }}
    {{- with .Values.repoServer.certificateSecret.labels }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-secret
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }}
    {{- with .Values.configs.secret.labels }}
@ -16,7 +16,7 @@ metadata:
    {{- end }}
  {{- end }}
 type: Opaque
-{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }}
+{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
 # Setting a blank data again will wipe admin password/key/cert
 data:
  {{- with .Values.configs.secret.githubSecret }}
@ -38,6 +38,10 @@ data:
  webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }}
  webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }}
  {{- end }}
  {{- with .Values.configs.secret.argocdServerTlsConfig }}
  tls.key: {{ .key | b64enc }}
  tls.crt: {{ .crt | b64enc }}
  {{- end }}
  {{- if .Values.configs.secret.argocdServerAdminPassword }}
  admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }}
  admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-server-tls
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }}
    {{- with .Values.server.certificateSecret.labels }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
@ -1,12 +1,11 @@
 {{- if .Values.configs.ssh.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-ssh-known-hosts-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }}
-  {{- with .Values.configs.ssh.annotations }}
+  {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
@ -14,8 +13,11 @@ metadata:
  {{- end }}
 data:
  ssh_known_hosts: |
-    {{- .Values.configs.ssh.knownHosts | nindent 4 }}
+    {{- if hasKey .Values.configs "knownHosts" }}
      {{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }}
    {{- else }}
      {{- .Values.configs.ssh.knownHosts | nindent 4 }}
    {{- end }}
    {{- with .Values.configs.ssh.extraHosts }}
      {{- . | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-styles-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 data:
--- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
@ -1,17 +1,21 @@
 {{- if .Values.configs.tls.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-tls-certs-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }}
-  {{- with .Values.configs.tls.annotations }}
+  {{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 {{- if hasKey .Values.configs "tlsCerts" }}
  {{- with .Values.configs.tlsCerts }}
    {{- toYaml . | nindent 0 }}
  {{- end }}
 {{- else }}
 {{- with .Values.configs.tls.certificates }}
 data:
  {{- toYaml . | nindent 2 }}
--- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
+++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
@ -1,17 +1,17 @@
-{{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }}
+{{- range .Values.configs.clusterCredentials }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }}
+  name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
-  namespace: {{ include  "argo-cd.namespace" $ | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
-    {{- with $cluster_value.labels }}
+    {{- with .labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
    argocd.argoproj.io/secret-type: cluster
-  {{- with $cluster_value.annotations }}
+  {{- with .annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
@ -19,20 +19,17 @@ metadata:
  {{- end }}
 type: Opaque
 stringData:
-  {{- if $cluster_value.shard }}
+  name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
-  shard: {{ $cluster_value.shard | quote }}
+  server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
-  {{- end }}
+  {{- if .namespaces }}
-  name: {{ $cluster_key }}
+  namespaces: {{ .namespaces }}
-  server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
+    {{- if .clusterResources }}
-  {{- if $cluster_value.namespaces }}
+  clusterResources: {{ .clusterResources | quote }}
  namespaces: {{ $cluster_value.namespaces }}
    {{- if $cluster_value.clusterResources }}
  clusterResources: {{ $cluster_value.clusterResources | quote }}
    {{- end }}
  {{- end }}
-  {{- if $cluster_value.project }}
+  {{- if .project }}
-  project: {{ $cluster_value.project | quote }}
+  project: {{ .project | quote }}
  {{- end }}
  config: |
-    {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }}
+    {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml
@ -2,8 +2,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: argocd-redis
+  name: {{ include "argo-cd.redis.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
  {{- with .Values.externalRedis.secretAnnotations }}
--- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-creds-{{ $repo_cred_key }}
-  namespace: {{ include  "argo-cd.namespace" $ | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
  labels:
    argocd.argoproj.io/secret-type: repo-creds
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-{{ $repo_key }}
-  namespace: {{ include  "argo-cd.namespace" $ | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
  labels:
    argocd.argoproj.io/secret-type: repository
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml
@ -10,43 +10,13 @@ rules:
    {{- toYaml . | nindent 2 }}
  {{- end }}
  - apiGroups:
-    - argoproj.io
+    - "argoproj.io"
    resources:
-    - applications
+    - "applications"
    - appprojects
    verbs:
    - get
    - list
    - watch
    - update
    - patch
  - apiGroups:
    - ""
    resources:
    - configmaps
    - secrets
    verbs:
    - list
    - watch
    {{- if (index .Values.configs.params "application.namespaces") }}
    - create
    {{- end }}
  {{- if .Values.notifications.cm.create }}
  - apiGroups:
    - ""
    resourceNames:
    - argocd-notifications-cm
    resources:
    - configmaps
    verbs:
    - get
  {{- end }}
  - apiGroups:
    - ""
    resourceNames:
    - {{ .Values.notifications.secret.name }}
    resources:
    - secrets
    verbs:
    - get
 {{- end }}
--- a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml
@ -12,5 +12,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "argo-cd.notifications.serviceAccountName" . }}
-  namespace: {{ include "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml
@ -9,7 +9,7 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ include "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 spec:
@ -36,9 +36,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -58,7 +55,6 @@ spec:
      terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.notifications.automountServiceAccountToken }}
      containers:
        - name: {{ .Values.notifications.name }}
          image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}
@ -68,9 +64,8 @@ spec:
            - --metrics-port={{ .Values.notifications.containerPorts.metrics }}
            - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
            - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
-            - --namespace={{ include "argo-cd.namespace" . }}
+            - --namespace={{ .Release.Namespace }}
            - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
            - --secret-name={{ .Values.notifications.secret.name }}
            {{- range .Values.notifications.extraArgs }}
            - {{ . | squote }}
            {{- end }}
@ -96,18 +91,6 @@ spec:
                  key: application.namespaces
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
              valueFrom:
                configMapKeyRef:
                  key: notificationscontroller.selfservice.enabled
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
              valueFrom:
                configMapKeyRef:
                  key: notificationscontroller.repo.server.plaintext
                  name: argocd-cmd-params-cm
                  optional: true
          {{- with .Values.notifications.extraEnvFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
@ -116,26 +99,6 @@ spec:
          - name: metrics
            containerPort: {{ .Values.notifications.containerPorts.metrics }}
            protocol: TCP
          {{- if .Values.notifications.livenessProbe.enabled }}
          livenessProbe:
            tcpSocket:
              port: metrics
            initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.notifications.readinessProbe.enabled }}
          readinessProbe:
            tcpSocket:
              port: metrics
            initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }}
          {{- end }}
          resources:
            {{- toYaml .Values.notifications.resources | nindent 12 }}
          {{- with .Values.notifications.containerSecurityContext }}
--- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.notifications.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }}
    {{- with .Values.notifications.metrics.service.labels }}
@ -24,7 +24,6 @@ spec:
  {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.notifications.metrics.service.clusterIP }}
  {{- end }}
  {{- include "argo-cd.dualStack" . | indent 2 }}
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
  ports:
--- a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml
@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ template "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 spec:
--- a/charts/argo-cd/templates/argocd-notifications/pdb.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/pdb.yaml
@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ include "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
    {{- with .Values.notifications.pdb.labels }}
--- a/charts/argo-cd/templates/argocd-notifications/role.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/role.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ template "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 rules:
@ -37,7 +37,7 @@ rules:
 - apiGroups:
  - ""
  resourceNames:
-  - {{ .Values.notifications.secret.name }}
+  - argocd-notifications-secret
  resources:
  - secrets
  verbs:
--- a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 roleRef:
@ -13,5 +13,5 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ include "argo-cd.notifications.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}
+    namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml
@ -4,7 +4,7 @@ kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ include "argo-cd.notifications.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- with .Values.notifications.serviceAccount.annotations }}
  annotations:
    {{- range $key, $value := . }}
--- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.notifications.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
    {{- with .Values.notifications.metrics.serviceMonitor.selector }}
@ -41,10 +41,9 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }}
  namespaceSelector:
    matchNames:
-      - {{ include "argo-cd.namespace" . }}
+      - {{ .Release.Namespace }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 6 }}
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
@ -1,4 +1,5 @@
-{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
+{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@ -6,8 +7,8 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 rules:
-  {{- with .Values.repoServer.clusterRoleRules.rules }}
+  {{- if .Values.repoServer.clusterRoleRules.enabled }}
-    {{- toYaml . | nindent 2 }}
+    {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }}
  {{- else }}
  - apiGroups:
    - '*'
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
@ -1,4 +1,5 @@
-{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
+{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -12,5 +13,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
-  namespace: {{ include "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -8,7 +8,7 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 spec:
@ -30,7 +30,7 @@ spec:
        {{- if .Values.repoServer.certificateSecret.enabled }}
        checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }}
        {{- end }}
-        {{- if .Values.configs.cm.create }}
+        {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
        {{- end }}
        {{- if .Values.configs.cmp.create }}
@ -47,9 +47,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -69,7 +66,6 @@ spec:
      terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.repoServer.automountServiceAccountToken }}
      containers:
      - name: {{ .Values.repoServer.name }}
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
@ -78,6 +74,14 @@ spec:
        - /usr/local/bin/argocd-repo-server
        - --port={{ .Values.repoServer.containerPorts.server }}
        - --metrics-port={{ .Values.repoServer.containerPorts.metrics }}
        {{- with .Values.repoServer.logFormat }}
        - --logformat
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.repoServer.logLevel }}
        - --loglevel
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.repoServer.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
@ -89,8 +93,6 @@ spec:
          - name: USER_NAME
            value: argocd
          {{- end }}
          - name: ARGOCD_REPO_SERVER_NAME
            value: {{ template "argo-cd.repoServer.fullname" . }}
          - name: ARGOCD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
@ -178,30 +180,14 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
@ -215,18 +201,6 @@ spec:
                name: argocd-cmd-params-cm
                key: otlp.address
                optional: true
          - name: ARGOCD_REPO_SERVER_OTLP_INSECURE
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.insecure
                optional: true
          - name: ARGOCD_REPO_SERVER_OTLP_HEADERS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.headers
                optional: true
          - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
            valueFrom:
              configMapKeyRef:
@ -239,12 +213,6 @@ spec:
                name: argocd-cmd-params-cm
                key: reposerver.plugin.tar.exclusions
                optional: true
          - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS
            valueFrom:
              configMapKeyRef:
                key: reposerver.plugin.use.manifest.generate.paths
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
            valueFrom:
              configMapKeyRef:
@ -281,30 +249,6 @@ spec:
                key: reposerver.enable.git.submodule
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT
            valueFrom:
              configMapKeyRef:
                key: reposerver.git.lsremote.parallelism.limit
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_GIT_REQUEST_TIMEOUT
            valueFrom:
              configMapKeyRef:
                key: reposerver.git.request.timeout
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
            valueFrom:
              configMapKeyRef:
                key: reposerver.revision.cache.lock.timeout
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES
            valueFrom:
              configMapKeyRef:
                key: reposerver.include.hidden.directories
                name: argocd-cmd-params-cm
                optional: true
          {{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
          - name: HELM_CACHE_HOME
            value: /helm-working-dir
@ -386,8 +330,10 @@ spec:
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
        name: copyutil
        {{- with .Values.repoServer.resources }}
        resources:
-          {{- toYaml .Values.repoServer.resources | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- with .Values.repoServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
@ -430,46 +376,26 @@ spec:
        {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}}
        {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8  }}
        {{- else }}
          {{- if .Values.repoServer.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
          {{- else }}
        emptyDir: {}
          {{- end }}
        {{- end }}
      {{- end }}
      - name: plugins
        {{- if .Values.repoServer.existingVolumes.plugins -}}
        {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8  }}
        {{- else }}
          {{- if .Values.repoServer.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
          {{- else }}
        emptyDir: {}
          {{- end }}
        {{- end }}
      - name: var-files
        {{- if .Values.repoServer.existingVolumes.varFiles -}}
        {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8  }}
        {{- else }}
          {{- if .Values.repoServer.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
          {{- else }}
        emptyDir: {}
          {{- end }}
        {{- end }}
      - name: tmp
        {{- if .Values.repoServer.existingVolumes.tmp -}}
        {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8  }}
        {{- else }}
          {{- if .Values.repoServer.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
          {{- else }}
        emptyDir: {}
          {{- end }}
        {{- end }}
      - name: ssh-known-hosts
        configMap:
@ -484,12 +410,7 @@ spec:
        {{- if .Values.repoServer.existingVolumes.gpgKeyring -}}
        {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8  }}
        {{- else }}
          {{- if .Values.repoServer.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
          {{- else }}
        emptyDir: {}
          {{- end }}
        {{- end }}
      - name: argocd-repo-server-tls
        secret:
--- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml
@ -3,7 +3,7 @@ apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ include "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 spec:
--- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.repoServer.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }}
    {{- with .Values.repoServer.metrics.service.labels }}
@ -24,7 +24,6 @@ spec:
  {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }}
  {{- end }}
  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.repoServer.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
 spec:
  ingress:
  - from:
@ -20,9 +20,11 @@ spec:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }}
    {{- end }}
    {{- if .Values.applicationSet.enabled }}
    - podSelector:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }}
    {{- end }}
    ports:
    - port: repo-server
      protocol: TCP
--- a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml
@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ include "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
    {{- with .Values.repoServer.pdb.labels }}
--- a/charts/argo-cd/templates/argocd-repo-server/role.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 rules:
--- a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 roleRef:
@ -13,5 +13,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
-  namespace: {{ include "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/service.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml
@ -13,13 +13,12 @@ metadata:
 {{- toYaml . | nindent 4 }}
 {{- end }}
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
 spec:
  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.repoServer.service.portName }}
    protocol: TCP
    port: {{ .Values.repoServer.service.port }}
    targetPort: repo-server
  selector:
-    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }}
+    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml
@ -4,7 +4,7 @@ kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  {{- with .Values.repoServer.serviceAccount.annotations }}
  annotations:
    {{- range $key, $value := . }}
@ -13,7 +13,7 @@ metadata:
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
-    {{- with .Values.repoServer.serviceAccount.labels }}
+    {{- range $key, $value := .Values.repoServer.serviceAccount.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.repoServer.metrics.serviceMonitor.namespace | default }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
    {{- with .Values.repoServer.metrics.serviceMonitor.selector }}
@ -22,9 +22,6 @@ spec:
      {{- with .Values.repoServer.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
      {{- with .Values.repoServer.metrics.serviceMonitor.scrapeTimeout }}
      scrapeTimeout: {{ . }}
      {{- end }}
      path: /metrics
      {{- with .Values.repoServer.metrics.serviceMonitor.relabelings }}
      relabelings:
@ -34,7 +31,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.repoServer.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
@ -44,7 +40,7 @@ spec:
      {{- end }}
  namespaceSelector:
    matchNames:
-      - {{ include "argo-cd.namespace" . }}
+      - {{ .Release.Namespace }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }}
--- a/charts/argo-cd/templates/argocd-server/aws/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/aws/ingress.yaml
@ -1,71 +0,0 @@
 {{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }}
 {{- $insecure := index .Values.configs.params "server.insecure" | toString -}}
 {{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ include "argo-cd.server.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
    {{- with .Values.server.ingress.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  annotations:
    alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: |
      [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
    {{- range $key, $value := .Values.server.ingress.annotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
 spec:
  {{- with .Values.server.ingress.ingressClassName }}
  ingressClassName: {{ . }}
  {{- end }}
  rules:
    - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      http:
        paths:
          {{- with .Values.server.ingress.extraPaths }}
            {{- tpl (toYaml .) $ | nindent 10 }}
          {{- end }}
          - path: {{ .Values.server.ingress.path }}
            pathType: {{ $.Values.server.ingressGrpc.pathType }}
            backend:
              service:
                name: {{ include "argo-cd.server.fullname" $ }}-grpc
                port:
                  number: {{ $servicePort }}
          - path: {{ .Values.server.ingress.path }}
            pathType: {{ $.Values.server.ingress.pathType }}
            backend:
              service:
                name: {{ include "argo-cd.server.fullname" . }}
                port:
                  number: {{ $servicePort }}
    {{- range .Values.server.ingress.extraHosts }}
    - host: {{ .name | quote }}
      http:
        paths:
          - path: {{ default $.Values.server.ingress.path .path }}
            pathType: {{ default $.Values.server.ingress.pathType .pathType }}
            backend:
              service:
                name: {{ include "argo-cd.server.fullname" $ }}
                port:
                  number: {{ $servicePort }}
    {{- end }}
    {{- with .Values.server.ingress.extraRules }}
      {{- tpl (toYaml .) $ | nindent 4 }}
    {{- end }}
  {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
  tls:
    {{- if .Values.server.ingress.tls }}
    - hosts:
      - {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      secretName: argocd-server-tls
    {{- end }}
    {{- with .Values.server.ingress.extraTls }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-server/aws/service.yaml
+++ b/charts/argo-cd/templates/argocd-server/aws/service.yaml
@ -1,15 +1,14 @@
-{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }}
+{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}}
 apiVersion: v1
 kind: Service
 metadata:
  annotations:
-    alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }}
+    alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }}
  name: {{ template "argo-cd.server.fullname" . }}-grpc
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
 spec:
  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.server.service.servicePortHttpName }}
    protocol: TCP
@ -22,5 +21,5 @@ spec:
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
  sessionAffinity: None
-  type: {{ .Values.server.ingress.aws.serviceType }}
+  type: {{ .Values.server.ingressGrpc.awsALB.serviceType }}
 {{- end -}}
--- a/charts/argo-cd/templates/argocd-server/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-server/certificate.yaml
@ -9,21 +9,14 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ include "argo-cd.server.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
-  {{- with .Values.server.certificate.secretTemplateAnnotations }}
+  secretName: {{ .Values.server.certificate.secretName }}
-  secretTemplate:
+  commonName: {{ .Values.server.certificate.domain | quote }}
    annotations:
      {{- range $key, $value := . }}
      {{ $key }}: {{ $value | quote }}
      {{- end }}
  {{- end }} 
  secretName: argocd-server-tls
  commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
  dnsNames:
-    - {{ .Values.server.certificate.domain | default .Values.global.domain }}
+    - {{ .Values.server.certificate.domain | quote }}
    {{- range .Values.server.certificate.additionalHosts }}
    - {{ . | quote }}
    {{- end }}
--- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml
@ -1,4 +1,5 @@
-{{- if .Values.createClusterRoles }}
+{{- $config := .Values.server.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@ -6,32 +7,31 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 rules:
  {{- if .Values.server.clusterRoleRules.enabled }}
    {{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }}
  {{- else }}
  - apiGroups:
      - '*'
    resources:
      - '*'
    verbs:
-      - delete  # supports deletion a live object in UI
+      - delete
-      - get     # supports viewing live object manifest in UI
+      - get
-      - patch   # supports `argocd app patch`
+      - patch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
-      - list    # supports listing events in UI
+      - list
      {{- if (index .Values.configs.params "application.namespaces") }}
      - create
      {{- end }}
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/log
    verbs:
-      - get     # supports viewing pod logs from UI
+      - get
-  {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }}
+  {{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
  - apiGroups:
      - ""
    resources:
@ -49,17 +49,6 @@ rules:
      - list
      - update
      - watch
  {{- if (index .Values.configs.params "application.namespaces") }}
  - apiGroups:
      - "argoproj.io"
    resources:
      - "applications"
    verbs:
      - create
      - delete
      - update
      - patch
  {{- end }}
  - apiGroups:
      - batch
    resources:
@ -74,5 +63,4 @@ rules:
    verbs:
      {{/* supports triggering workflows from UI */}}
      - create
  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
@ -1,4 +1,5 @@
-{{- if .Values.createClusterRoles }}
+{{- $config := .Values.server.clusterAdminAccess | default dict -}}
 {{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -12,5 +13,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ include "argo-cd.server.serviceAccountName" . }}
-  namespace: {{ include "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -8,7 +8,7 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.server.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
@ -27,9 +27,6 @@ spec:
    metadata:
      annotations:
        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
        {{- if .Values.configs.cm.create }}
        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
        {{- end }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
@ -41,9 +38,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -63,7 +57,6 @@ spec:
      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.server.automountServiceAccountToken }}
      containers:
      - name: {{ .Values.server.name }}
        image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }}
@ -72,6 +65,14 @@ spec:
        - /usr/local/bin/argocd-server
        - --port={{ .Values.server.containerPorts.server }}
        - --metrics-port={{ .Values.server.containerPorts.metrics }}
        {{- with .Values.server.logFormat }}
        - --logformat
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.server.logLevel }}
        - --loglevel
        - {{ . | quote }}
        {{- end }}
        {{- with .Values.server.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
@ -79,8 +80,6 @@ spec:
          {{- with (concat .Values.global.env .Values.server.env) }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - name: ARGOCD_SERVER_NAME
            value: {{ template "argo-cd.server.fullname" . }}
          - name: ARGOCD_SERVER_INSECURE
            valueFrom:
              configMapKeyRef:
@ -246,30 +245,14 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
@ -301,18 +284,6 @@ spec:
                name: argocd-cmd-params-cm
                key: otlp.address
                optional: true
          - name: ARGOCD_SERVER_OTLP_INSECURE
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.insecure
                optional: true
          - name: ARGOCD_SERVER_OTLP_HEADERS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.headers
                optional: true
          - name: ARGOCD_APPLICATION_NAMESPACES
            valueFrom:
              configMapKeyRef:
@ -325,60 +296,6 @@ spec:
                name: argocd-cmd-params-cm
                key: server.enable.proxy.extension
                optional: true
          - name: ARGOCD_K8SCLIENT_RETRY_MAX
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: server.k8sclient.retry.max
                optional: true
          - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: server.k8sclient.retry.base.backoff
                optional: true
          - name: ARGOCD_API_CONTENT_TYPES
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: server.api.content.types
                optional: true
          - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: server.webhook.parallelism.limit
                optional: true
          - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
            valueFrom:
              configMapKeyRef:
                key: applicationsetcontroller.enable.new.git.file.globbing
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
            valueFrom:
              configMapKeyRef:
                key: applicationsetcontroller.scm.root.ca.path
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: applicationsetcontroller.allowed.scm.providers
                optional: true
          - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: applicationsetcontroller.enable.scm.providers
                optional: true
          - name: ARGOCD_HYDRATOR_ENABLED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: hydrator.enabled
                optional: true
        {{- with .Values.server.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
@ -401,8 +318,6 @@ spec:
          name: styles
        - mountPath: /tmp
          name: tmp
        - name: argocd-cmd-params-cm
          mountPath: /home/argocd/params
        {{- if .Values.server.extensions.enabled }}
        - mountPath: /tmp/extensions
          name: extensions
@ -500,27 +415,12 @@ spec:
      {{- end }}
      {{- if .Values.server.extensions.enabled }}
      - name: extensions
        {{- if .Values.server.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
        {{- else }}
        emptyDir: {}
        {{- end }}
      {{- end }}
      - name: plugins-home
        {{- if .Values.server.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
        {{- else }}
        emptyDir: {}
        {{- end }}
      - name: tmp
        {{- if .Values.server.emptyDir.sizeLimit }}
        emptyDir:
          sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
        {{- else }}
        emptyDir: {}
        {{- end }}
      - name: ssh-known-hosts
        configMap:
          name: argocd-ssh-known-hosts-cm
@ -551,13 +451,6 @@ spec:
            path: tls.crt
          - key: ca.crt
            path: ca.crt
      - name: argocd-cmd-params-cm
        configMap:
          optional: true
          name: argocd-cmd-params-cm
          items:
          - key: server.profile.enabled
            path: profiler.enabled
      {{- if .Values.server.hostNetwork }}
      hostNetwork: {{ .Values.server.hostNetwork }}
      {{- end }}
--- a/Show more
+++ b/Show more