287 changed files with 2888 additions and 21864 deletions
--- a/.clomonitor.yml
+++ b/.clomonitor.yml
@ -7,12 +7,6 @@ exemptions:
    reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI)
  - check: sbom
    reason: "Tracking Helm dependencies is not yet a stable practice."
-  - check: self_assessment
-    reason: "Refer to self assessments supplied by the codebases Argo Helm supports."
-  - check: signed_releases
-    reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only."
-  - check: license_scanning
-    reason: "Temporary exemption: pending response from CNCF Service Desk"

 # TODO:
 # License scanning information
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,6 +0,0 @@
-* @mkilchhofer @jmeridth @yu-croco
-
-/charts/argo-workflows/        @vladlosev @jmeridth @yu-croco @tico24
-/charts/argo-cd/               @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil @tico24
-/charts/argo-events/           @pdrastil @jmeridth @tico24 @yu-croco
-/charts/argo-rollouts/         @jmeridth @yu-croco
--- a/.github/configs/cr.yaml
+++ b/.github/configs/cr.yaml
@ -1,12 +1,2 @@
 ## Reference: https://github.com/helm/chart-releaser
-index-path: "./index.yaml"
-
-# PGP signing
-sign: true
-key: Argo Helm maintainers
-# keyring:          # Set via env variable CR_KEYRING
-# passphrase-file:  # Set via env variable CR_PASSPHRASE_FILE
-
-# Enable automatic generation of release notes using GitHubs release notes generator.
-# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
-generate-release-notes: true
+index-path: "./index.yaml" 
--- a/.github/configs/ct-lint.yaml
+++ b/.github/configs/ct-lint.yaml
@ -7,6 +7,7 @@ chart-dirs:
  - charts
 chart-repos:
  - dandydeveloper=https://dandydeveloper.github.io/charts/
+helm-extra-args: "--timeout 600s"  
 validate-chart-schema: false
 validate-maintainers: true
 validate-yaml: true
--- a/.github/configs/labeler.yaml
+++ b/.github/configs/labeler.yaml
@ -1,23 +1,17 @@
 argo-cd:
-  - changed-files:
-      - any-glob-to-any-file: charts/argo-cd/**
+  - charts/argo-cd/**/*

 argo-events:
-  - changed-files:
-      - any-glob-to-any-file: charts/argo-events/**
+  - charts/argo-events/**/*

 argo-rollouts:
-  - changed-files:
-      - any-glob-to-any-file: charts/argo-rollouts/**
+  - charts/argo-rollouts/**/*

 argo-workflows:
-  - changed-files:
-      - any-glob-to-any-file: charts/argo-workflows/**
+  - charts/argo-workflows/**/*

 argocd-image-updater:
-  - changed-files:
-      - any-glob-to-any-file: charts/argocd-image-updater/**
+  - charts/argocd-image-updater/**/*

 argocd-apps:
-  - changed-files:
-      - any-glob-to-any-file: charts/argocd-apps/**
+  - charts/argocd-apps/**/*
--- a/.github/configs/renovate-config.js
+++ b/.github/configs/renovate-config.js
@ -1,8 +0,0 @@
-module.exports = {
-    platform: 'github',
-    // This ensures that the gitAuthor and gitSignOff fields match
-    gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>',
-    autodiscover: false,
-    allowPostUpgradeCommandTemplating: true,
-    allowedPostUpgradeCommands: [".*"],
-  };
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -6,11 +6,3 @@ updates:
    schedule:
      interval: weekly
      day: "saturday"
-    commit-message:
-      prefix: "chore(deps)"
-    groups:
-      dependencies:
-        applies-to: version-updates
-        update-types:
-          - "minor"
-          - "patch"
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@ -6,42 +6,30 @@ permissions:
  contents: read

 jobs:
-  linter-artifacthub:
-    runs-on: ubuntu-latest
-    container:
-      image: public.ecr.aws/artifacthub/ah:v1.14.0
-      options: --user 1001
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Run ah lint
-        working-directory: ./charts
-        run: ah lint
-
  chart-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@v3
        with:
          version: v3.10.1 # Also update in publish.yaml

      - name: Set up python
-        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+        uses: actions/setup-python@v4
        with:
          python-version: 3.9

      - name: Setup Chart Linting
        id: lint
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
+        uses: helm/chart-testing-action@v2.4.0
        with:
          # Note: Also update in scripts/lint.sh
-          version: v3.11.0
+          version: v3.7.1

      - name: List changed charts
        id: list-changed
@ -70,10 +58,11 @@ jobs:
          fi

      - name: Create kind cluster
-        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        uses: helm/kind-action@v1.5.0
        if: steps.list-changed.outputs.changed == 'true'
        with:
          config: .github/configs/kind-config.yaml
+
      - name: Deploy latest ArgoCD CRDs when testing ArgoCD extensions
        if: |
          contains(steps.list-changed.outputs.changed_charts, 'argocd-image-updater') ||
--- a/.github/workflows/pr-sizing.yml
+++ b/.github/workflows/pr-sizing.yml
@ -1,12 +1,8 @@
 ## Reference: https://github.com/pascalgn/size-label-action
 name: 'PR Labeling'
-
 on: 
  pull_request_target:
-    types:
-      - opened
-      - synchronize
-      - reopened
+    types: [opened, synchronize, reopened]

 permissions:
  contents: read
@ -16,7 +12,7 @@ jobs:
  triage:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+      - uses: actions/labeler@v4
        with:
          configuration-path: ".github/configs/labeler.yaml"
          repo-token: "${{ secrets.GITHUB_TOKEN }}"
@ -25,6 +21,7 @@ jobs:
  size-label:
    runs-on: ubuntu-latest
    steps:
-      - uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5
+      - name: size-label
+        uses: "pascalgn/size-label-action@v0.4.3"
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@ -19,7 +19,7 @@ jobs:
    name: Validate PR title
    runs-on: ubuntu-latest
    steps:
-      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
+      - uses: amannn/action-semantic-pull-request@v5
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
@ -31,7 +31,6 @@ jobs:
            argo-workflows
            argocd-image-updater
            argocd-apps
-            deps
            github
          # Configure that a scope must always be provided.
          requireScope: true
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -4,27 +4,23 @@ on:
  push:
    branches:
      - main
-    paths:
-      - "charts/**"

 permissions:
  contents: read

 jobs:
  publish:
-    if: github.repository == 'argoproj/argo-helm'
    permissions:
      contents: write  # for helm/chart-releaser-action to push chart release and create a release
-      packages: write  # to push OCI chart package to GitHub Registry
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Install Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@v3
        with:
          version: v3.10.1 # Also update in lint-and-test.yaml

@ -42,42 +38,9 @@ jobs:
        run: |
          git checkout origin/gh-pages index.yaml

-      # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key
-      # in ASCII-armored format. To export a (new) key, run this command:
-      # `gpg --armor --export-secret-key <my key>`
-      - name: Prepare PGP key
-        run: |
-          IFS=""
-          echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg
-          echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt
-
-          # Tell chart-releaser-action where to find the key and its passphrase
-          echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV"
-          echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV"
-        env:
-          PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}"
-          PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
-
      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
+        uses: helm/chart-releaser-action@v1.5.0
        with:
          config: "./.github/configs/cr.yaml"
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-
-      - name: Login to GHCR
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Push chart to GHCR
-        run: |
-          shopt -s nullglob
-          for pkg in .cr-release-packages/*.tgz; do
-            if [ -z "${pkg:-}" ]; then
-              break
-            fi
-            helm push "${pkg}" oci://ghcr.io/${{ github.repository }}
-          done
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@ -1,38 +0,0 @@
-name: Renovate
-on:
-  # The "*" (#42, asterisk) character has special semantics in YAML, so this
-  # string has to be quoted.
-  schedule:
-    - cron: '0 * * * *'
-  # Manual trigger is also possible
-  workflow_dispatch: {}
-
-permissions:
-  contents: read
-
-jobs:
-  renovate:
-    if: github.repository == 'argoproj/argo-helm'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get token
-        uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5
-        id: get_token
-        with:
-          app-id: ${{ vars.RENOVATE_APP_ID }}
-          private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Self-hosted Renovate
-        uses: renovatebot/github-action@e084b5ac6fd201023db6dd7743aec023babb02c8 # v41.0.13
-        with:
-          configurationFile: .github/configs/renovate-config.js
-          # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
-          renovate-version: 39.153.2
-          token: '${{ steps.get_token.outputs.token }}'
-          mount-docker-socket: true
-        env:
-          LOG_LEVEL: 'debug'
-          RENOVATE_REPOSITORIES: '${{ github.repository }}'
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -1,73 +0,0 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
-name: Scorecard supply-chain security
-on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
-  schedule:
-    - cron: '21 6 * * 6'
-  push:
-    branches: [ "main" ]
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    if: github.repository_owner == 'argoproj'
-    name: Scorecard analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Needed to publish results and get a badge (see publish_results below).
-      id-token: write
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecard on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          repo_token: ${{ secrets.SCORECARD_TOKEN }}
-
-          # Public repositories:
-          #   - Publish results to OpenSSF REST API for easy access by consumers
-          #   - Allows the repository to include the Scorecard badge.
-          #   - See https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories:
-          #   - `publish_results` will always be set to `false`, regardless
-          #     of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
-        with:
-          sarif_file: results.sarif
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -14,7 +14,7 @@ jobs:
      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+    - uses: actions/stale@v8
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        # Number of days of inactivity before an issue becomes stale
--- a/16
+++ b/16
@ -0,0 +1,16 @@
+# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
+
+# Other and new charts
+/charts/ @oliverbaehler
+
+# Argo Workflows
+/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @jmeridth @yu-croco
+
+# Argo CD
+/charts/argo-cd/ @davidkarlsen @mr-sour @yann-soubeyrand @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil
+
+# Argo Events
+/charts/argo-events/ @jbehling @VaibhavPage @pdrastil
+
+# Argo Rollouts
+/charts/argo-rollouts/
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -1,9 +0,0 @@
-# Code of Conduct
-
-We adhere to the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).  Please reference the link for details.
-
-## TL;DR (too long didn't read)
-
-Be kind
-
-Your participation is at the discression of the maintainers of this project.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -47,8 +47,6 @@ Any breaking changes to a chart (backwards incompatible) require:

 ### New Application Versions

-Helm charts are intended to be created for all non-patched releases of Argo CD, Workflows, Rollouts, and Events. Associated dependencies, such as Redis, will use the version recommended by the associated release.
-
 When selecting new application versions ensure you make the following changes:

 * `values.yaml`: Bump all instances of the container image version
@ -66,7 +64,7 @@ Each release for each chart must be immutable. Any change to a chart (even just

 ### Chart Versioning

-Currently we require a chart version bump for every change to a chart, including updating information for older versions.  This may change in the future.
+Currently we require a chart version bump for every change to a chart, including updating information for older verions.  This may change in the future.

 ### Artifact Hub Annotations

@ -124,7 +122,7 @@ helm install charts/argo-workflows -n argo
 argo version
 ```

-Follow [these](https://argo-workflows.readthedocs.io/en/stable/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow.
+Follow [these](https://argoproj.github.io/argo-workflows/quick-start/#submitting-an-example-workflow) instructions for running a hello world workflow.

 ### Testing Argo CD Changes

--- a/EMERITUS.md
+++ b/EMERITUS.md
@ -1,14 +0,0 @@
-# Emeritus Approvers
-
-These are the people who have been approvers in the past, and have since retired from the role.
-
-We thank them for their service to the project.
-
-| Emeritus | GitHub ID |
-| -------- | --------- |
-| Oliver Bähler | [oliverbaehler](https://github.com/oliverbaehler) |
-| Stefan Sedich | [stefansedich](https://github.com/stefansedich) |
-| Pablo Osinaga | [paguos](https://github.com/paguos) |
-| Yann Soubeyrand | [yann-soubeyrand](https://github.com/yann-soubeyrand) |
-| David J. M. Karlsen | [davidkarlsen](https://github.com/davidkarlsen) |
-| John Behling | [jbehling](https://github.com/jbehling) |
--- a/9
+++ b/9
@ -0,0 +1,9 @@
+owners:
+- alexec
+- alexmt
+- jessesuen
+
+approvers:
+- alexec
+- alexmt
+- jessesuen
--- a/README.md
+++ b/README.md
@ -5,8 +5,6 @@
 [![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo)](https://artifacthub.io/packages/search?repo=argo)
 [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/argo/badge)](https://clomonitor.io/projects/cncf/argo)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-helm)
-[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7942/badge)](https://www.bestpractices.dev/projects/7942)

 Argo Helm is a collection of **community maintained** charts for [https://argoproj.github.io](https://argoproj.github.io) projects. The charts can be added using following command:

@ -24,7 +22,7 @@ Some users would prefer to install the CRDs _outside_ of the chart. You can disa

 Helm cannot upgrade custom resource definitions in the `<chart>/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Our CRDs have been moved to `<chart>/templates` to address this design decision.

-If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo:
+If you are using versions of a chart that have the CRDs in the root of the chart or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo:

 Example:

@ -37,68 +35,8 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9"

 ### Security Policy

-Please refer to [SECURITY.md](SECURITY.md) for details on how to report security issues.
+If you have a security concern relating to either this project repo or an individual helm chart, please [open an issue](https://github.com/argoproj/argo-helm/issues/new/choose) or [start a discussion](https://github.com/argoproj/argo-helm/discussions/new).

 ### Changelog

 Releases are managed independently for each helm chart, and changelogs are tracked on each release. Read more about this process [here](https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md#changelog).
-
-## Charts use Helm "Capabilities"
-
-Our charts make use of the Helm built-in object "Capabilities":
-> This provides information about what capabilities the Kubernetes cluster supports.  
-> *Source: https://helm.sh/docs/chart_template_guide/builtin_objects/*
-
-Today we use:
-
- `.Capabilities.APIVersions.Has` mostly to determine whether the CRDs for ServiceMonitors (from prometheus-operator) exists inside the cluster
- `.Capabilities.KubeVersion.Version` to handle correct apiVersion of a specific resource kind (eg. "policy/v1" vs. "policy/v1beta1")
-
-If you use the charts only to template the manifests, without installing (`helm install ..`), you need to make sure that Helm (or the Helm SDK) receives the available APIs from your Kubernetes cluster.
-
-For this you need to pass the `--api-versions` parameter to the `helm template` command:
-
-```bash
-helm template argocd \
-  oci://ghcr.io/argoproj/argo-helm/argo-cd \
-  --api-versions monitoring.coreos.com/v1 \
-  --values my-argocd-values.yaml
-```
-
-If you use other tools like [Kustomize](https://kubectl.docs.kubernetes.io/references/kustomize/builtins/) or [helmfile](https://helmfile.readthedocs.io/en/latest/#configuration) to render it, there are equivalent options.
-
-Example with Kustomize:
-
-```yaml
-# kustomization.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-helmCharts:
- name: argo-cd
-  repo: oci://ghcr.io/argoproj/argo-helm
-  version: x.y.z
-  releaseName: argocd
-  apiVersions:
-  - monitoring.coreos.com/v1
-  valuesFile: my-argocd-values.yaml
-```
-
-Example with helmfile:
-
-```yaml
-# helmfile.yaml
-repositories:
-  - name: argo
-    url: https://argoproj.github.io/argo-helm
-
-apiVersions:
-  - monitoring.coreos.com/v1
-
-releases:
-  - name: argocd
-    namespace: argocd
-    chart: argo/argo-cd
-    values:
-      - my-argocd-values.yaml
-```
--- a/SECURITY-INSIGHTS.yml
+++ b/SECURITY-INSIGHTS.yml
@ -1,38 +0,0 @@
-header:
-  schema-version: '1.0.0'
-  expiration-date: '2024-11-04T10:00:00.000Z'
-  project-url: https://github.com/argoproj/argo-helm
-project-lifecycle:
-  status: active
-  bug-fixes-only: false
-  core-maintainers:
-  - https://github.com/mkilchhofer
-  - https://github.com/jmeridth
-contribution-policy:
-  accepts-pull-requests: true
-  accepts-automated-pull-requests: true
-  automated-tools-list:
-    - automated-tool: dependabot
-      action: allowed
-      path:
-        - /
-  contributing-policy: https://github.com/argoproj/argo-helm/blob/main/CONTRIBUTING.md
-  code-of-conduct: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
-distribution-points:
-  - https://argoproj.github.io/argo-helm
-  - https://artifacthub.io/packages/search?org=argoproj&repo=argo
-security-contacts:
-  - type: website
-    value: https://github.com/argoproj/argo-helm/security/advisories/new
-    primary: true
-vulnerability-reporting:
-  accepts-vulnerability-reports: true
-  email-contact: cncf-argo-maintainers@lists.cncf.io
-  security-policy: https://github.com/argoproj/argo-helm/blob/main/SECURITY.md
-  comment: |
-    Our preferred contact method related to vulnerabilities is the Security tab on GitHub.
-    Click the button "Report a vulnerability" to open the advisory form.
-    Please refer to the security policy for reporting information prior to using the email contact.
-dependencies:
-  env-dependencies-policy:
-    policy-url: https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md#new-application-versions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,21 +0,0 @@
-# Security Policy
-
-## Supported Versions and Upstream Reporting
-
-Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy document to find out how to report the security issue.
-
-* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md)
-* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md)
-* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md)
-* [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md)
-* [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md)
-
-## Reporting a Vulnerability for Argo Helm Charts
-
-We have enabled the ability to privately report security issues through the  Security tab above.
-
-[Here are the details on how to file](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) on how to do that
-
-A repository owner/maintainer will respond as fast as possible to coordinate confirmation of issue and remediation.
-
-Thank you for helping to ensure this code stays secure.
--- a/charts/argo-cd/Chart.lock
+++ b/charts/argo-cd/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
  repository: https://dandydeveloper.github.io/charts/
-  version: 4.29.4
-digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7
-generated: "2024-11-13T09:07:36.494128+09:00"
+  version: 4.22.5
+digest: sha256:d2e927511e515fb862f23dd413ee3a356c855d808f6f9ad1d345ee62b8c7ea16
+generated: "2023-03-30T08:25:32.738257836+02:00"
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.14.2
-kubeVersion: ">=1.25.0-0"
+appVersion: v2.7.1
+kubeVersion: ">=1.22.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.8.3
+version: 5.31.1
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -18,13 +18,10 @@ maintainers:
    url: https://argoproj.github.io/
 dependencies:
  - name: redis-ha
-    version: 4.29.4
+    version: 4.22.5
    repository: https://dandydeveloper.github.io/charts/
    condition: redis-ha.enabled
 annotations:
-  artifacthub.io/signKey: |
-    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
-    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: changed
-      description: Bump dex version to v2.42.0
+      description: Update Argo CD v2.7.1
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
--- a/charts/argo-cd/README.md.gotmpl
+++ b/charts/argo-cd/README.md.gotmpl
@ -41,7 +41,7 @@ repoServer:
    minReplicas: 2

 applicationSet:
-  replicas: 2
+  replicaCount: 2
 ```

 ### HA mode without autoscaling
@ -60,184 +60,10 @@ repoServer:
  replicas: 2

 applicationSet:
-  replicas: 2
+  replicaCount: 2
 ```

-## Ingress configuration
-
-Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples
-below corespond to their respective sections.
-
-### SSL-Passthrough
-
-The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place.
-
-```yaml
-global:
-  domain: argocd.example.com
-
-certificate:
-  enabled: true
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-    tls: true
-```
-
-### SSL Termination at Ingress Controller
-
-```yaml
-global:
-  domain: argocd.example.com
-
-configs:
-  params:
-    server.insecure: true
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
-    extraTls:
-      - hosts:
-        - argocd.example.com
-        # Based on the ingress controller used secret might be optional
-        secretName: wildcard-tls
-```
-
-> **Note:**
-> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section.
-
-### Multiple ingress resources for gRPC protocol support
-
-Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour).
-
-```yaml
-global:
-  domain: argocd.example.com
-
-configs:
-  params:
-    server.insecure: true
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: contour-internal
-    extraTls:
-      - hosts:
-        - argocd.example.com
-        secretName: wildcard-tls
-
-   ingressGrpc:
-     enabled: true
-     ingressClassName: contour-internal
-     extraTls:
-      - hosts:
-        - grpc.argocd.example.com
-        secretName: wildcard-tls
-```
-
-### Multiple ingress domains
-
-```yaml
-global:
-  domain: argocd.example.com
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-      cert-manager.io/cluster-issuer: "<my-issuer>"
-      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-    tls: true
-    extraHosts:
-      - name: argocd-alias.example.com
-        path: /
-```
-
-### AWS Application Load Balancer
-
-Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode).
-The provided example assumes you are using TLS off-loading via AWS ACM service.
-
-> **Note:**
-> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section.
-
-```yaml
-global:
-  domain: argocd.example.com
-
-configs:
-  params:
-    server.insecure: true
-
-server:
-  ingress:
-    enabled: true
-    controller: aws
-    ingressClassName: alb
-    annotations:
-      alb.ingress.kubernetes.io/scheme: internal
-      alb.ingress.kubernetes.io/target-type: ip
-      alb.ingress.kubernetes.io/backend-protocol: HTTP
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
-      alb.ingress.kubernetes.io/ssl-redirect: '443'
-    aws:
-      serviceType: ClusterIP # <- Used with target-type: ip
-      backendProtocolVersion: GRPC
-```
-
-### GKE Application Load Balancer
-
-The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations
-automatically if you provide configuration for GKE resources.
-
-```yaml
-global:
-  domain: argocd.example.com
-
-configs:
-  params:
-    server.insecure: true
-
-server:
-  service:
-    annotations:
-      cloud.google.com/neg: '{"ingress": true}'
-      cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
-
-  ingress:
-    enabled: true
-    controller: gke
-    gke:
-      backendConfig:
-        healthCheck:
-          checkIntervalSec: 30
-          timeoutSec: 5
-          healthyThreshold: 1
-          unhealthyThreshold: 2
-          type: HTTP
-          requestPath: /healthz
-          port: 8080
-      frontendConfig:
-        redirectToHttps:
-          enabled: true  
-      managedCertificate:
-        enabled: true
-```
-
-
-## Synchronizing Changes from Original Repository
+### Synchronizing Changes from Original Repository

 In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).

@ -278,142 +104,23 @@ For full list of changes please check ArtifactHub [changelog].

 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.

-### 7.0.0
-
-We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
-If you used the value, please migrate like below.
-
-```yaml
-# before
-configs:
-  clusterCredentials:
-    - mycluster:
-      server: https://mycluster.example.com
-      labels: {}
-      annotations: {}
-      # ...
-
-# after
-configs:
-  clusterCredentials:
-    mycluster:
-      server: https://mycluster.example.com
-      labels: {}
-      annotations: {}
-      # ...
-```
-
-### 6.10.0
-
-This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
-
-#### How to rotate Redis secret?
-
-Upstream steps in the [FAQ] are not enough, since we chose a different approach.
-(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
-
-Steps to rotate the secret when using the helm chart (bold step is additional to upstream):
-* Delete `argocd-redis` secret in the namespace where Argo CD is installed. 
-  ```bash
-  kubectl delete secret argocd-redis -n <argocd namespace>
-  ```
-* **Perform a helm upgrade**
-  ```bash
-  helm upgrade argocd argo/argo-cd --reuse-values --wait
-  ```
-* If you are running Redis in HA mode, restart Redis in HA.
-  ```bash
-  kubectl rollout restart deployment argocd-redis-ha-haproxy
-  kubectl rollout restart statefulset argocd-redis-ha-server
-  ```
-* If you are running Redis in non-HA mode, restart Redis.
-  ```bash
-  kubectl rollout restart deployment argocd-redis
-  ```
-* Restart other components.
-  ```bash
-  kubectl rollout restart deployment argocd-server argocd-repo-server
-  kubectl rollout restart statefulset argocd-application-controller
-  ```
-
-### 6.9.0
-ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9).  
-
-### 6.4.0
-
-Added support for application controller dynamic cluster distribution.
-Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information.
-
-Added env variables to handle the non-standard names generated by the helm chart.
-Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/)
-and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252)
-
-### 6.1.0
-
-Added support for global domain used by all components.
-
-### 6.0.0
-
-This version **removes support for**:
-
-* deprecated component options `logLevel` and `logFormat`
-* deprecated component arguments `<components>.args.<feature>` that were replaced with `configs.params`
-* deprecated configuration `server.config` that was replaced with `configs.cm`
-* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac`
-
-Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations.
-Please review your setup and adjust to new configuration options:
-
-* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname
-* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path
-* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname
-* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `<hostname>-tls` secret when `tls: true`
-* additional hostnames and routing can be provided via `extraHosts` configuration section
-* additional TLS secrets can be provided via `extraTls` configuration section
-
-Please refer to [ingress configuration](#ingress-configuration) for examples.
-
-### 5.53.0
-
-Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
-
-### 5.52.0
-
-Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server.
-If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml.
-
-### 5.35.0
-
-This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach.
-
-Please see more information about EoL: [Amazon EKS EoL][EKS EoL].
-
-
 ### 5.31.0
 The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility.
 This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later.
 In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start.

-### 5.26.0
-
-This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. 
-Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics.
-
-To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`.
-You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also.
-
 ### 5.24.0

-This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
+This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
 Default `global.affinity` rules can be disabled when `none` value is used for the preset.

 ### 5.22.0

-This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
+This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.

 ### 5.19.0

-This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections.
+This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections.
 You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories.

 ### 5.13.0
@ -650,8 +357,6 @@ server:
 ## Prerequisites

 - {{ template "chart.kubeVersionLine" . }}
-  - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach.
-  - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info.
 - Helm v3.0.0+

 ## Installing the Chart
@ -672,7 +377,7 @@ NAME: my-release
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
-  {{- if not (or  (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) (hasPrefix "commitServer" .Key) ) }}
+  {{- if not (or  (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) ) }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
@ -727,6 +432,28 @@ NAME: my-release
  {{- end }}
 {{- end }}

+### Using AWS ALB Ingress Controller With GRPC
+
+If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
+
+Example:
+
+```yaml
+server:
+  ingress:
+    enabled: true
+    annotations:
+      alb.ingress.kubernetes.io/backend-protocol: HTTPS
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+      alb.ingress.kubernetes.io/scheme: internal
+      alb.ingress.kubernetes.io/target-type: ip
+  ingressGrpc:
+    enabled: true
+    isAWSALB: true
+    awsALB:
+      serviceType: ClusterIP
+```
+
 ## Dex

 | Key | Type | Default | Description |
@ -780,19 +507,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
  {{- end }}
 {{- end }}

-### Redis secret-init
-
-The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed.
-If you use an External Redis (See Option 3 above), this Job is not deployed.
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "redisSecretInit" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
 ## ApplicationSet

 | Key | Type | Default | Description |
@ -813,51 +527,28 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
  {{- end }}
 {{- end }}

-## Commit server (Manifest Hydrator)
-
-The Argo CD Commit Server provides push access to git repositories for hydrated manifests.
-
-To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator].
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-{{- range .Values }}
-  {{- if hasPrefix "commitServer" .Key }}
-| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
-  {{- end }}
-{{- end }}
-
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

 [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
-[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
-[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom
+[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
 [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
 [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
-[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
 [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
 [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
-[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
-[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
+[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
 [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
 [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
 [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
 [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
 [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
-[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
 [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
 [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
-[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
-[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 [values.yaml]: values.yaml
 [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
 [tini]: https://github.com/argoproj/argo-cd/pull/12707
-[EKS EoL]: https://endoflife.date/amazon-eks
-[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions
-[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
-[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
-[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer
-[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/
-[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md
--- a/charts/argo-cd/ci/dynamic-sharding-values.yaml
+++ b/charts/argo-cd/ci/dynamic-sharding-values.yaml
@ -1,6 +0,0 @@
-# Test application controller dynamic cluster distribution
-crds:
-  keep: false
-
-controller:
-  dynamicClusterDistribution: true
--- a/charts/argo-cd/ci/extension-values.yaml
+++ b/charts/argo-cd/ci/extension-values.yaml
@ -1,14 +0,0 @@
-# Test Argo CD extension
-crds:
-  keep: false
-# Ref: https://github.com/argoproj-labs/argocd-extension-metrics?tab=readme-ov-file#install-ui-extension
-server:
-  extensions:
-    enabled: true
-    extensionList:
-      - name: extension-metrics
-        env:
-          - name: EXTENSION_URL
-            value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
-          - name: EXTENSION_CHECKSUM_URL
-            value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt
--- a/charts/argo-cd/ci/with-commit-server-values.yaml
+++ b/charts/argo-cd/ci/with-commit-server-values.yaml
@ -1,3 +0,0 @@
-# Test Argo CD with optional component "commit-server"
-commitServer:
-  enabled: true
--- a/charts/argo-cd/templates/NOTES.txt
+++ b/charts/argo-cd/templates/NOTES.txt
@ -1,6 +1,127 @@
+{{- if .Values.controller.args.statusProcessors }}
+DEPRECATED option controller.args.statusProcessors - Use configs.params.controller.status.processors
+{{- end }}
+{{- if .Values.controller.args.operationProcessors }}
+DEPRECATED option controller.args.operationProcessors - Use configs.params.controller.operation.processors
+{{- end }}
+{{- if .Values.controller.args.appResyncPeriod }}
+DEPRECATED option controller.args.appResyncPeriod - Use server.config.timeout.reconciliation
+{{- end }}
+{{- if .Values.controller.args.appHardResyncPeriod }}
+DEPRECATED option controller.args.appHardResyncPeriod - Use server.config.timeout.hard.reconciliation
+{{- end }}
+{{- if .Values.controller.args.selfHealTimeout }}
+DEPRECATED option controller.args.selfHealTimeout -  Use configs.params.controller.self.heal.timeout.seconds
+{{- end }}
+{{- if .Values.controller.args.repoServerTimeoutSeconds }}
+DEPRECATED option controller.args.repoServerTimeoutSeconds - Use configs.params.controller.repo.server.timeout.seconds
+{{- end }}
+{{- if .Values.controller.logFormat }}
+DEPRECATED option controller.logFormat - Use configs.params.controller.log.format
+{{- end }}
+{{- if .Values.controller.logLevel }}
+DEPRECATED option controller.logLevel - Use configs.params.controller.log.level
+{{- end }}
+{{- if .Values.server.logFormat }}
+DEPRECATED option server.logFormat - Use configs.params.server.log.format
+{{- end }}
+{{- if .Values.server.logLevel }}
+DEPRECATED option server.logLevel - Use configs.params.server.log.level
+{{- end }}
+{{- if has "--insecure" .Values.server.extraArgs }}
+DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure
+{{- end }}
+{{- if .Values.repoServer.logFormat }}
+DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format
+{{- end }}
+{{- if .Values.repoServer.logLevel }}
+DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level
+{{- end }}
+{{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }}
+DEPRECATED option server.config - Use configs.cm
+{{- end }}
+{{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }}
+DEPRECATED option server.rbacConfig - Use configs.rbac
+{{- end }}
+{{- if .Values.configs.secret.argocdServerTlsConfig }}
+DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret
+{{- end }}
+{{- if .Values.configs.gpgKeys }}
+DEPRECATED option configs.gpgKeys - Use config.gpg.keys
+{{- end }}
+{{- if .Values.configs.gpgKeysAnnotations }}
+DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
+{{- end }}
+{{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }}
+DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles
+{{- end }}
+{{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }}
+DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
+{{- end }}
+{{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }}
+DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
+{{- end }}
+{{- if .Values.configs.knownHostsAnnotations }}
+DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations
+{{- end }}
+{{- if hasKey .Values.configs "knownHosts" }}
+DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts
+{{- end }}
+{{- if .Values.configs.tlsCertsAnnotations }}
+DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations
+{{- end }}
+{{- if hasKey .Values.configs "tlsCerts" }}
+DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates
+{{- end }}
+{{- if .Values.applicationSet.logFormat }}
+DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format
+{{- end }}
+{{- if .Values.applicationSet.logLevel }}
+DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level
+{{- end }}
+{{- if .Values.applicationSet.args.policy }}
+DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy
+{{- end }}
+{{- if .Values.applicationSet.args.dryRun }}
+DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun
+{{- end }}
+{{- if .Values.controller.service }}
+REMOVED option controller.service - Use controller.metrics
+{{- end }}
+{{- if .Values.repoServer.copyutil }}
+REMOVED option repoSever.copyutil.resources - Use repoServer.resources
+{{- end }}
+{{- if .Values.applicationSet.args.debug }}
+REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug
+{{- end }}
+{{- if .Values.applicationSet.args.enableLeaderElection }}
+REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas
+{{- end }}
+{{- if .Values.controller.containerPort }}
+REMOVED option controller.containerPort - Use controller.containerPorts
+{{- end }}
+{{- if .Values.server.containerPort }}
+REMOVED option server.containerPort - Use server.containerPorts
+{{- end }}
+{{- if .Values.repoServer.containerPort }}
+REMOVED option repoServer.containerPort - Use repoServer.containerPorts
+{{- end }}
+{{- if .Values.applicationSet.args.metricsAddr }}
+REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts
+{{- end }}
+{{- if .Values.applicationSet.args.probeBindAddr }}
+REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts
+{{- end }}
+{{- if .Values.redis.containerPort }}
+REMOVED option redis.containerPort - Use redis.containerPorts
+{{- end }}
+{{- if .Values.redis.metrics.containerPort }}
+REMOVED option redis.metrics.containerPort - Use redis.containerPorts
+{{- end }}
+
 In order to access the server UI you have the following options:

-1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include  "argo-cd.namespace" . }} 8080:443
+1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443

    and then open the browser on http://localhost:8080 and accept the certificate

@ -9,10 +130,10 @@ In order to access the server UI you have the following options:
      - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts


-{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}}
+{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}}
 After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:

-kubectl -n {{ include  "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
+kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

 (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
 {{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}
--- a/charts/argo-cd/templates/_common.tpl
+++ b/charts/argo-cd/templates/_common.tpl
@ -38,13 +38,6 @@ Create Argo CD app version
 {{- default .Chart.AppVersion .Values.global.image.tag }}
 {{- end -}}

-{{/*
-Return valid version label
-*/}}
-{{- define "argo-cd.versionLabelValue" -}}
-{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "argo-cd.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }}
-{{- end -}}
-
 {{/*
 Common labels
 */}}
@ -53,7 +46,6 @@ helm.sh/chart: {{ include "argo-cd.chart" .context }}
 {{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
 app.kubernetes.io/managed-by: {{ .context.Release.Service }}
 app.kubernetes.io/part-of: argocd
-app.kubernetes.io/version: {{ include "argo-cd.versionLabelValue" .context }}
 {{- with .context.Values.global.additionalLabels }}
 {{ toYaml . }}
 {{- end }}
@ -131,13 +123,13 @@ nodeAffinity:

 {{/*
 Common deployment strategy definition
- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite
+- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite 
 */}}
 {{- define "argo-cd.strategy" -}}
 {{- $preset := . -}}
-{{- if (eq (toString $preset.type) "Recreate") }}
+{{- if (eq $preset.type "Recreate") }}
 type: Recreate
-{{- else if (eq (toString $preset.type) "RollingUpdate") }}
+{{- else if (eq $preset.type "RollingUpdate") }}
 type: RollingUpdate
 {{- with $preset.rollingUpdate }}
 rollingUpdate:
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@ -11,7 +11,7 @@ to 63 chars and it includes 10 chars of hash and a separating '-'.
 {{/*
 Create the name of the controller service account to use
 */}}
-{{- define "argo-cd.controller.serviceAccountName" -}}
+{{- define "argo-cd.controllerServiceAccountName" -}}
 {{- if .Values.controller.serviceAccount.create -}}
    {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }}
 {{- else -}}
@ -40,7 +40,7 @@ Create Dex server endpoint
 {{/*
 Create the name of the dex service account to use
 */}}
-{{- define "argo-cd.dex.serviceAccountName" -}}
+{{- define "argo-cd.dexServiceAccountName" -}}
 {{- if .Values.dex.serviceAccount.create -}}
    {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }}
 {{- else -}}
@ -78,7 +78,7 @@ Return Redis server endpoint
 {{/*
 Create the name of the redis service account to use
 */}}
-{{- define "argo-cd.redis.serviceAccountName" -}}
+{{- define "argo-cd.redisServiceAccountName" -}}
 {{- if .Values.redis.serviceAccount.create -}}
    {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }}
 {{- else -}}
@ -86,25 +86,6 @@ Create the name of the redis service account to use
 {{- end -}}
 {{- end -}}

-
-{{/*
-Create Redis secret-init name
-*/}}
-{{- define "argo-cd.redisSecretInit.fullname" -}}
-{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the name of the Redis secret-init service account to use
-*/}}
-{{- define "argo-cd.redisSecretInit.serviceAccountName" -}}
-{{- if .Values.redisSecretInit.serviceAccount.create -}}
-    {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.redisSecretInit.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Create argocd server name and version as used by the chart label.
 */}}
@ -115,7 +96,7 @@ Create argocd server name and version as used by the chart label.
 {{/*
 Create the name of the Argo CD server service account to use
 */}}
-{{- define "argo-cd.server.serviceAccountName" -}}
+{{- define "argo-cd.serverServiceAccountName" -}}
 {{- if .Values.server.serviceAccount.create -}}
    {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }}
 {{- else -}}
@ -133,7 +114,7 @@ Create argocd repo-server name and version as used by the chart label.
 {{/*
 Create the name of the repo-server service account to use
 */}}
-{{- define "argo-cd.repoServer.serviceAccountName" -}}
+{{- define "argo-cd.repoServerServiceAccountName" -}}
 {{- if .Values.repoServer.serviceAccount.create -}}
    {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }}
 {{- else -}}
@ -151,7 +132,7 @@ Create argocd application set name and version as used by the chart label.
 {{/*
 Create the name of the application set service account to use
 */}}
-{{- define "argo-cd.applicationSet.serviceAccountName" -}}
+{{- define "argo-cd.applicationSetServiceAccountName" -}}
 {{- if .Values.applicationSet.serviceAccount.create -}}
    {{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }}
 {{- else -}}
@ -169,7 +150,7 @@ Create argocd notifications name and version as used by the chart label.
 {{/*
 Create the name of the notifications service account to use
 */}}
-{{- define "argo-cd.notifications.serviceAccountName" -}}
+{{- define "argo-cd.notificationsServiceAccountName" -}}
 {{- if .Values.notifications.serviceAccount.create -}}
    {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }}
 {{- else -}}
@ -178,43 +159,19 @@ Create the name of the notifications service account to use
 {{- end -}}

 {{/*
-Create argocd commit-server name and version as used by the chart label.
-*/}}
-{{- define "argo-cd.commitServer.fullname" -}}
-{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the name of the commit-server service account to use
-*/}}
-{{- define "argo-cd.commitServer.serviceAccountName" -}}
-{{- if .Values.commitServer.serviceAccount.create -}}
-    {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.commitServer.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Argo Configuration Preset Values (Influenced by Values configuration)
+Argo Configuration Preset Values (Incluenced by Values configuration)
 */}}
 {{- define "argo-cd.config.cm.presets" -}}
-{{- $presets := dict -}}
-{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}}
-{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}}
-{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}}
-{{- end -}}
 {{- if .Values.configs.styles -}}
-{{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}}
+ui.cssurl: "./custom/custom.styles.css"
 {{- end -}}
-{{- toYaml $presets }}
 {{- end -}}

 {{/*
 Merge Argo Configuration with Preset Configuration
 */}}
 {{- define "argo-cd.config.cm" -}}
-{{- $config := omit .Values.configs.cm "create" "annotations" -}}
+{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict))  -}}
 {{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
 {{- range $key, $value := mergeOverwrite $preset $config }}
 {{- $fmted := $value | toString }}
@ -226,52 +183,33 @@ Merge Argo Configuration with Preset Configuration

 {{/*
 Argo Params Default Configuration Presets
-NOTE: Configuration keys must be stored as dict because YAML treats dot as separator
 */}}
 {{- define "argo-cd.config.params.presets" -}}
-{{- $presets := dict -}}
-{{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}}
-{{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}}
-{{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}}
-{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}}
-{{- if .Values.dex.enabled -}}
-{{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}}
-{{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}}
-{{- end -}}
-{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}}
-{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}}
-{{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}}
-{{- end -}}
-{{- toYaml $presets }}
+repo.server: "{{ include "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}"
+server.repo.server.strict.tls: {{ .Values.repoServer.certificateSecret.enabled | toString }}
+{{- with include "argo-cd.redis.server" . }}
+redis.server: {{ . | quote }}
+{{- end }}
+{{- if .Values.dex.enabled }}
+server.dex.server: {{ include "argo-cd.dex.server" . | quote }}
+server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }}
+{{- end }}
+{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" }}
+{{ $component }}.log.format: {{ $.Values.global.logging.format | quote }}
+{{ $component }}.log.level: {{ $.Values.global.logging.level | quote }}
+{{- end }}
+{{- if .Values.applicationSet.enabled }}
+applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.replicaCount | int64) 1 }}
+{{- end }}
 {{- end -}}

 {{/*
 Merge Argo Params Configuration with Preset Configuration
 */}}
 {{- define "argo-cd.config.params" -}}
-{{- $config := omit .Values.configs.params "create" "annotations" }}
+{{- $config := omit .Values.configs.params "annotations" }}
 {{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}}
 {{- range $key, $value := mergeOverwrite $preset $config }}
 {{ $key }}: {{ toString $value | toYaml }}
 {{- end }}
 {{- end -}}
-
-{{/*
-Expand the namespace of the release.
-Allows overriding it for multi-namespace deployments in combined charts.
-*/}}
-{{- define "argo-cd.namespace" -}}
-{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
-{{- end }}
-
-{{/*
-Dual stack definition
-*/}}
-{{- define "argo-cd.dualStack" -}}
-{{- with .Values.global.dualStack.ipFamilyPolicy }}
-ipFamilyPolicy: {{ . }}
-{{- end }}
-{{- with .Values.global.dualStack.ipFamilies }}
-ipFamilies: {{ toYaml . | nindent 4 }}
-{{- end }}
-{{- end }}
--- a/charts/argo-cd/templates/_versions.tpl
+++ b/charts/argo-cd/templates/_versions.tpl
@ -5,3 +5,48 @@ Return the target Kubernetes version
 {{- define "argo-cd.kubeVersion" -}}
 {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
 {{- end }}
+
+{{/*
+Return the appropriate apiVersion for autoscaling
+*/}}
+{{- define "argo-cd.apiVersion.autoscaling" -}}
+{{- if .Values.apiVersionOverrides.autoscaling -}}
+{{- print .Values.apiVersionOverrides.autoscaling -}}
+{{- else if semverCompare "<1.23-0" (include "argo-cd.kubeVersion" .) -}}
+{{- print "autoscaling/v2beta1" -}}
+{{- else -}}
+{{- print "autoscaling/v2" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for cert-manager
+*/}}
+{{- define "argo-cd.apiVersion.cert-manager" -}}
+{{- if .Values.apiVersionOverrides.certmanager -}}
+{{- print .Values.apiVersionOverrides.certmanager -}}
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" -}}
+{{- print "cert-manager.io/v1" -}}
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" -}}
+{{- print "cert-manager.io/v1beta1" -}}
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" -}}
+{{- print "cert-manager.io/v1alpha3" -}}
+{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" -}}
+{{- print "cert-manager.io/v1alpha2" -}}
+{{- else -}}
+{{- print "certmanager.k8s.io/v1alpha1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for GKE resources
+*/}}
+{{- define "argo-cd.apiVersions.cloudgoogle" -}}
+{{- if .Values.apiVersionOverrides.cloudgoogle -}}
+{{- print .Values.apiVersionOverrides.cloudgoogle -}}
+{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
+{{- print "cloud.google.com/v1" -}}
+{{- else -}}
+{{- print "cloud.google.com/v1beta1" -}}
+{{- end -}}
+{{- end -}}
--- a/charts/argo-cd/templates/aggregate-roles.yaml
+++ b/charts/argo-cd/templates/aggregate-roles.yaml
@ -11,7 +11,12 @@ rules:
  - argoproj.io
  resources:
  - applications
+  {{- if .Values.applicationSet.enabled }}
  - applicationsets
+  {{- end }}
+  {{- if .Values.server.extensions.enabled }}
+  - argocdextensions
+  {{- end }}
  - appprojects
  verbs:
  - get
@ -31,7 +36,12 @@ rules:
  - argoproj.io
  resources:
  - applications
+  {{- if .Values.applicationSet.enabled }}
  - applicationsets
+  {{- end }}
+  {{- if .Values.server.extensions.enabled }}
+  - argocdextensions
+  {{- end }}
  - appprojects
  verbs:
  - create
@ -56,7 +66,12 @@ rules:
  - argoproj.io
  resources:
  - applications
+  {{- if .Values.applicationSet.enabled }}
  - applicationsets
+  {{- end }}
+  {{- if .Values.server.extensions.enabled }}
+  - argocdextensions
+  {{- end }}
  - appprojects
  verbs:
  - create
--- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
@ -1,4 +1,5 @@
-{{- if .Values.createClusterRoles }}
+{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
+{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
--- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
@ -1,4 +1,5 @@
-{{- if .Values.createClusterRoles }}
+{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
+{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -11,6 +12,6 @@ roleRef:
  name: {{ include "argo-cd.controller.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ include "argo-cd.controller.serviceAccountName" . }}
-  namespace: {{ include "argo-cd.namespace" . }}
+  name: {{ include "argo-cd.controllerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -1,440 +0,0 @@
-{{- if .Values.controller.dynamicClusterDistribution }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-spec:
-  replicas: {{ .Values.controller.replicas }}
-  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
-        {{- if .Values.configs.cm.create }}
-        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
-        {{- end }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
-        {{- range $key, $value := . }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-        {{- end }}
-      labels:
-        {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
-      {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
-      {{- if .Values.controller.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }}
-      containers:
-      - args:
-        - /usr/local/bin/argocd-application-controller
-        - --metrics-port={{ .Values.controller.containerPorts.metrics }}
-        {{- if .Values.controller.metrics.applicationLabels.enabled }}
-        {{- range .Values.controller.metrics.applicationLabels.labels }}
-        - --metrics-application-labels
-        - {{ . }}
-        {{- end }}
-        {{- end }}
-        {{- with .Values.controller.extraArgs }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
-        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
-        name: {{ .Values.controller.name }}
-        env:
-          {{- with (concat .Values.global.env .Values.controller.env) }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION
-            value: "true"
-          - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME
-            value: {{ .Values.controller.heartbeatTime | quote }}
-          - name: ARGOCD_APPLICATION_CONTROLLER_NAME
-            value: {{ template "argo-cd.controller.fullname" . }}
-          - name: ARGOCD_RECONCILIATION_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cm
-                key: timeout.reconciliation
-                optional: true
-          - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cm
-                key: timeout.hard.reconciliation
-                optional: true
-          - name: ARGOCD_RECONCILIATION_JITTER
-            valueFrom:
-              configMapKeyRef:
-                key: timeout.reconciliation.jitter
-                name: argocd-cm
-                optional: true
-          - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.error.grace.period.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: repo.server
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.server.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.status.processors
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.operation.processors
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.log.format
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.log.level
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.metrics.cache.expiration
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.factor
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.cap.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.sync.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.server.plaintext
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.server.strict.tls
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.resource.health.persist
-                optional: true
-          - name: ARGOCD_APP_STATE_CACHE_EXPIRATION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.app.state.cache.expiration
-                optional: true
-          - name: REDIS_SERVER
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: redis.server
-                optional: true
-          - name: REDIS_COMPRESSION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: redis.compression
-                optional: true
-          - name: REDISDB
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: redis.db
-                optional: true
-          - name: REDIS_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                key: redis-username
-                optional: true
-          - name: REDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                {{- if .Values.externalRedis.host }}
-                key: redis-password
-                {{- else }}
-                key: auth
-                {{- end }}
-                optional: true
-          - name: REDIS_SENTINEL_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-username
-                optional: true
-          - name: REDIS_SENTINEL_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-password
-                optional: true
-          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.default.cache.expiration
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.address
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.insecure
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.headers
-                optional: true
-          - name: ARGOCD_APPLICATION_NAMESPACES
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: application.namespaces
-                optional: true
-          - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.sharding.algorithm
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.kubectl.parallelism.limit
-                optional: true
-          - name: ARGOCD_K8SCLIENT_RETRY_MAX
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.k8sclient.retry.max
-                optional: true
-          - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.k8sclient.retry.base.backoff
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.diff.server.side
-                optional: true
-          - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.ignore.normalizer.jq.timeout
-                optional: true
-          - name: ARGOCD_HYDRATOR_ENABLED
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: hydrator.enabled
-                optional: true
-          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.cluster.cache.batch.events.processing
-                optional: true
-          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.cluster.cache.events.processing.interval
-                optional: true
-        {{- with .Values.controller.envFrom }}
-        envFrom:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        ports:
-        - name: metrics
-          containerPort: {{ .Values.controller.containerPorts.metrics }}
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: metrics
-          initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
-          failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
-        resources:
-          {{- toYaml .Values.controller.resources | nindent 10 }}
-        {{- with .Values.controller.containerSecurityContext }}
-        securityContext:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        workingDir: /home/argocd
-        volumeMounts:
-        {{- with .Values.controller.volumeMounts }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        - mountPath: /app/config/controller/tls
-          name: argocd-repo-server-tls
-        - mountPath: /home/argocd
-          name: argocd-home
-        - name: argocd-cmd-params-cm
-          mountPath: /home/argocd/params
-      {{- with .Values.controller.extraContainers }}
-        {{- tpl (toYaml .) $ | nindent 6 }}
-      {{- end }}
-      {{- with .Values.controller.initContainers }}
-      initContainers:
-        {{- tpl (toYaml .) $ | nindent 6 }}
-      {{- end }}
-      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
-      affinity:
-        {{- trim . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.tolerations | default .Values.global.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-      - {{ toYaml $constraint | nindent 8 | trim }}
-          {{- if not $constraint.labelSelector }}
-        labelSelector:
-          matchLabels:
-            {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
-          {{- end }}
-        {{- end }}
-      {{- end }}
-      volumes:
-      {{- with .Values.controller.volumes }}
-        {{- toYaml . | nindent 6 }}
-      {{- end }}
-      - name: argocd-home
-        {{- if .Values.controller.emptyDir.sizeLimit }}
-        emptyDir:
-          sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }}
-        {{- else }}
-        emptyDir: {}
-        {{- end }}
-
-      - name: argocd-repo-server-tls
-        secret:
-          secretName: argocd-repo-server-tls
-          optional: true
-          items:
-          - key: tls.crt
-            path: tls.crt
-          - key: tls.key
-            path: tls.key
-          - key: ca.crt
-            path: ca.crt
-      - name: argocd-cmd-params-cm
-        configMap:
-          optional: true
-          name: argocd-cmd-params-cm
-          items:
-          - key: controller.profile.enabled
-            path: profiler.enabled
-      {{- if .Values.controller.hostNetwork }}
-      hostNetwork: {{ .Values.controller.hostNetwork }}
-      {{- end }}
-      {{- with .Values.controller.dnsConfig }}
-      dnsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      dnsPolicy: {{ .Values.controller.dnsPolicy }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/metrics.yaml
@ -3,28 +3,19 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.controller.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }}
    {{- with .Values.controller.metrics.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
-  {{- if or .Values.controller.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
+  {{- with .Values.controller.metrics.service.annotations }}
  annotations:
-    {{- if .Values.global.addPrometheusAnnotations }}
-    prometheus.io/port: {{ .Values.controller.metrics.service.servicePort | quote }}
-    prometheus.io/scrape: "true"
-    {{- end }}
-    {{- range $key, $value := .Values.controller.metrics.service.annotations }}
+    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
-  type: {{ .Values.controller.metrics.service.type }}
-  {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }}
-  clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
-  {{- end }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.controller.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
 spec:
  ingress:
  - from:
--- a/charts/argo-cd/templates/argocd-application-controller/pdb.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/pdb.yaml
@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ include "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- with .Values.controller.pdb.labels }}
--- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
@ -1,9 +1,9 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- if .Values.controller.metrics.rules.selector }}
--- a/charts/argo-cd/templates/argocd-application-controller/role.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
@ -34,26 +34,4 @@ rules:
  - events
  verbs:
  - create
-  - list
- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }}
- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  resourceNames:
-  - argocd-app-controller-shard-cm
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-{{- end }}
+  - list
--- a/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml
@ -1,15 +1,15 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  name: {{ template "argo-cd.controller.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
-  name: {{ include "argo-cd.controller.fullname" . }}
+  name: {{ template "argo-cd.controller.fullname" . }}
 subjects:
-  - kind: ServiceAccount
-    name: {{ include "argo-cd.controller.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}
+- kind: ServiceAccount
+  name: {{ template "argo-cd.controllerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
--- a/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
@ -3,17 +3,17 @@ apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
 metadata:
-  name: {{ include "argo-cd.controller.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  {{- with .Values.controller.serviceAccount.annotations }}
+  name: {{ template "argo-cd.controllerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+{{- if .Values.controller.serviceAccount.annotations }}
  annotations:
-    {{- range $key, $value := . }}
+  {{- range $key, $value := .Values.controller.serviceAccount.annotations }}
    {{ $key }}: {{ $value | quote }}
-    {{- end }}
  {{- end }}
+{{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
-    {{- with .Values.controller.serviceAccount.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
+  {{- range $key, $value := .Values.controller.serviceAccount.labels }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
@ -1,9 +1,9 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- with .Values.controller.metrics.serviceMonitor.selector }}
@ -22,9 +22,6 @@ spec:
      {{- with .Values.controller.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
-      {{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
      path: /metrics
      {{- with .Values.controller.metrics.serviceMonitor.relabelings }}
      relabelings:
@ -34,7 +31,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
-      honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.controller.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
@ -44,7 +40,7 @@ spec:
      {{- end }}
  namespaceSelector:
    matchNames:
-      - {{ include "argo-cd.namespace" . }}
+      - {{ .Release.Namespace }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }}
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -1,4 +1,3 @@
-{{- if not .Values.controller.dynamicClusterDistribution | default false }}
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@ -9,12 +8,13 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 spec:
  replicas: {{ .Values.controller.replicas }}
-  revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }}
+  # TODO: Remove for breaking release as history limit cannot be patched
+  revisionHistoryLimit: 5
  serviceName: {{ include "argo-cd.controller.fullname" . }}
  selector:
    matchLabels:
@ -23,9 +23,6 @@ spec:
    metadata:
      annotations:
        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
-        {{- if .Values.configs.cm.create }}
-        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
-        {{- end }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
@ -37,9 +34,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
-      {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
      {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -55,11 +49,7 @@ spec:
      {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
-      {{- if .Values.controller.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }}
+      serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }}
      containers:
      - args:
        - /usr/local/bin/argocd-application-controller
@ -70,6 +60,38 @@ spec:
        - {{ . }}
        {{- end }}
        {{- end }}
+        {{- with .Values.controller.args.statusProcessors }}
+        - --status-processors
+        - {{ . | quote }}
+        {{- end }}
+        {{- with .Values.controller.args.operationProcessors }}
+        - --operation-processors
+        - {{ . | quote }}
+        {{- end }}
+        {{- with .Values.controller.args.appResyncPeriod }}
+        - --app-resync
+        - {{ . | quote }}
+        {{- end }}
+        {{- with .Values.controller.args.appHardResyncPeriod }}
+        - --app-hard-resync
+        - {{ . | quote }}
+        {{- end }}
+        {{- with .Values.controller.args.selfHealTimeout }}
+        - --self-heal-timeout-seconds
+        - {{ . | quote }}
+        {{- end }}
+        {{- with .Values.controller.args.repoServerTimeoutSeconds }}
+        - --repo-server-timeout-seconds
+        - {{ . | quote }}
+        {{- end }}
+        {{- with .Values.controller.logFormat }}
+        - --logformat
+        - {{ . | quote }}
+        {{- end }}
+        {{- with .Values.controller.logLevel }}
+        - --loglevel
+        - {{ . | quote }}
+        {{- end }}
        {{- with .Values.controller.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
@ -77,13 +99,11 @@ spec:
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
        name: {{ .Values.controller.name }}
        env:
-          {{- with (concat .Values.global.env .Values.controller.env) }}
+          {{- with .Values.controller.env }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - name: ARGOCD_CONTROLLER_REPLICAS
            value: {{ .Values.controller.replicas | quote }}
-          - name: ARGOCD_APPLICATION_CONTROLLER_NAME
-            value: {{ template "argo-cd.controller.fullname" . }}
          - name: ARGOCD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
@ -96,18 +116,6 @@ spec:
                name: argocd-cm
                key: timeout.hard.reconciliation
                optional: true
-          - name: ARGOCD_RECONCILIATION_JITTER
-            valueFrom:
-              configMapKeyRef:
-                key: timeout.reconciliation.jitter
-                name: argocd-cm
-                optional: true
-          - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.repo.error.grace.period.seconds
-                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
            valueFrom:
              configMapKeyRef:
@ -156,30 +164,6 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.self.heal.timeout.seconds
                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.timeout.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.factor
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.self.heal.backoff.cap.seconds
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.sync.timeout.seconds
-                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
            valueFrom:
              configMapKeyRef:
@ -225,30 +209,14 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                {{- if .Values.externalRedis.host }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-password
-                {{- else }}
-                key: auth
-                {{- end }}
-                optional: true
-          - name: REDIS_SENTINEL_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-username
-                optional: true
-          - name: REDIS_SENTINEL_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
@ -262,80 +230,12 @@ spec:
                name: argocd-cmd-params-cm
                key: otlp.address
                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.insecure
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.headers
-                optional: true
          - name: ARGOCD_APPLICATION_NAMESPACES
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: application.namespaces
                optional: true
-          - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.sharding.algorithm
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.kubectl.parallelism.limit
-                optional: true
-          - name: ARGOCD_K8SCLIENT_RETRY_MAX
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.k8sclient.retry.max
-                optional: true
-          - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.k8sclient.retry.base.backoff
-                optional: true
-          - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.diff.server.side
-                optional: true
-          - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.ignore.normalizer.jq.timeout
-                optional: true
-          - name: ARGOCD_HYDRATOR_ENABLED
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: hydrator.enabled
-                optional: true
-          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.cluster.cache.batch.events.processing
-                optional: true
-          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: controller.cluster.cache.events.processing.interval
-                optional: true
-          - name: KUBECACHEDIR
-            value: /tmp/kubecache
        {{- with .Values.controller.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
@ -355,10 +255,8 @@ spec:
          failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
        resources:
          {{- toYaml .Values.controller.resources | nindent 10 }}
-        {{- with .Values.controller.containerSecurityContext }}
        securityContext:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
+          {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
        workingDir: /home/argocd
        volumeMounts:
        {{- with .Values.controller.volumeMounts }}
@ -368,10 +266,6 @@ spec:
          name: argocd-repo-server-tls
        - mountPath: /home/argocd
          name: argocd-home
-        - name: argocd-cmd-params-cm
-          mountPath: /home/argocd/params
-        - name: argocd-application-controller-tmp
-          mountPath: /tmp
      {{- with .Values.controller.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
@ -407,14 +301,7 @@ spec:
        {{- toYaml . | nindent 6 }}
      {{- end }}
      - name: argocd-home
-        {{- if .Values.controller.emptyDir.sizeLimit }}
-        emptyDir:
-          sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }}
-        {{- else }}
        emptyDir: {}
-        {{- end }}
-      - emptyDir: {}
-        name: argocd-application-controller-tmp
      - name: argocd-repo-server-tls
        secret:
          secretName: argocd-repo-server-tls
@ -426,13 +313,6 @@ spec:
            path: tls.key
          - key: ca.crt
            path: ca.crt
-      - name: argocd-cmd-params-cm
-        configMap:
-          optional: true
-          name: argocd-cmd-params-cm
-          items:
-          - key: controller.profile.enabled
-            path: profiler.enabled
      {{- if .Values.controller.hostNetwork }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
      {{- end }}
@ -441,4 +321,3 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
@ -1,39 +0,0 @@
-{{- if .Values.applicationSet.certificate.enabled -}}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-spec:
-  secretName: argocd-applicationset-controller-tls
-  commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
-  dnsNames:
-    - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
-    {{- range .Values.applicationSet.certificate.additionalHosts }}
-    - {{ . | quote }}
-    {{- end }}
-  {{- with .Values.applicationSet.certificate.duration }}
-  duration: {{ . | quote }}
-  {{- end }}
-  {{- with .Values.applicationSet.certificate.renewBefore }}
-  renewBefore: {{ . | quote }}
-  {{- end }}
-  issuerRef:
-    {{- with .Values.applicationSet.certificate.issuer.group }}
-    group: {{ . | quote }}
-    {{- end }}
-    kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }}
-    name: {{ .Values.applicationSet.certificate.issuer.name | quote }}
-  {{- with .Values.applicationSet.certificate.privateKey }}
-  privateKey:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
@ -1,90 +0,0 @@
-{{- if .Values.applicationSet.allowAnyNamespace }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-rules:
-  - apiGroups:
-    - argoproj.io
-    resources:
-    - applications
-    - applicationsets
-    - applicationsets/finalizers
-    verbs:
-    - create
-    - delete
-    - get
-    - list
-    - patch
-    - update
-    - watch
-  - apiGroups:
-    - argoproj.io
-    resources:
-    - applicationsets/status
-    verbs:
-    - get
-    - patch
-    - update
-  - apiGroups:
-    - argoproj.io
-    resources:
-    - appprojects
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - events
-    verbs:
-    - create
-    - get
-    - list
-    - patch
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - configmaps
-    verbs:
-    - create
-    - update
-    - delete
-    - get
-    - list
-    - patch
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - secrets
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - apps
-    - extensions
-    resources:
-    - deployments
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - coordination.k8s.io
-    resources:
-    - leases
-    verbs:
-    - create
-    - delete
-    - get
-    - list
-    - patch
-    - update
-    - watch
-{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
@ -1,16 +0,0 @@
-{{- if .Values.applicationSet.allowAnyNamespace }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "argo-cd.applicationSet.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
@ -1,3 +1,4 @@
+{{- if .Values.applicationSet.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -8,7 +9,7 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
@ -16,29 +17,25 @@ spec:
  strategy:
    {{- trim . | nindent 4 }}
  {{- end }}
-  replicas: {{ .Values.applicationSet.replicas }}
+  replicas: {{ .Values.applicationSet.replicaCount }}
  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
  template:
    metadata:
+      {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }}
      annotations:
-        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
-        {{- end }}
+      {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
-      {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
      {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -54,11 +51,7 @@ spec:
      {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
-      {{- if .Values.applicationSet.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }}
+      serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
      containers:
        - name: {{ .Values.applicationSet.name }}
          image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}
@ -68,35 +61,43 @@ spec:
            - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }}
            - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }}
            - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }}
+            {{- with .Values.applicationSet.args.policy }}
+            - --policy={{ . }}
+            {{- end }}
+            {{- with .Values.applicationSet.args.dryRun }}
+            - --dry-run={{ . }}
+            {{- end }}
+            {{- with .Values.applicationSet.logFormat }}
+            - --logformat
+            - {{ . }}
+            {{- end }}
+            {{- with .Values.applicationSet.logLevel }}
+            - --loglevel
+            - {{ . }}
+            {{- end }}
            {{- with .Values.applicationSet.extraArgs }}
              {{- toYaml . | nindent 12 }}
            {{- end }}
          env:
-            {{- with (concat .Values.global.env .Values.applicationSet.extraEnv) }}
+            {{- with .Values.applicationSet.extraEnv }}
              {{- toYaml . | nindent 12 }}
            {{- end }}
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.global.preserved.annotations
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.global.preserved.labels
-                  name: argocd-cmd-params-cm
-                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.leader.election
                  name: argocd-cmd-params-cm
                  optional: true
+            - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE
+              valueFrom:
+                configMapKeyRef:
+                  key: applicationsetcontroller.namespace
+                  name: argocd-cmd-params-cm
+                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
              valueFrom:
                configMapKeyRef:
@ -109,12 +110,6 @@ spec:
                  key: applicationsetcontroller.policy
                  name: argocd-cmd-params-cm
                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.enable.policy.override
-                  name: argocd-cmd-params-cm
-                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
              valueFrom:
                configMapKeyRef:
@ -151,78 +146,6 @@ spec:
                  key: applicationsetcontroller.enable.progressive.syncs
                  name: argocd-cmd-params-cm
                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.enable.tokenref.strict.mode
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.enable.new.git.file.globbing
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.repo.server.plaintext
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.repo.server.strict.tls
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.repo.server.timeout.seconds
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.concurrent.reconciliations.max
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.namespaces
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.scm.root.ca.path
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.allowed.scm.providers
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.enable.scm.providers
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT
-              valueFrom:
-                configMapKeyRef:
-                  name: argocd-cmd-params-cm
-                  key: applicationsetcontroller.webhook.parallelism.limit
-                  optional: true
-            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
-              valueFrom:
-                configMapKeyRef:
-                  key: applicationsetcontroller.requeue.after
-                  name: argocd-cmd-params-cm
-                  optional: true
          {{- with .Values.applicationSet.extraEnvFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
@ -259,10 +182,8 @@ spec:
          {{- end }}
          resources:
            {{- toYaml .Values.applicationSet.resources | nindent 12 }}
-          {{- with .Values.applicationSet.containerSecurityContext }}
          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
+            {{- toYaml .Values.applicationSet.containerSecurityContext | nindent 12 }}
          volumeMounts:
            {{- with .Values.applicationSet.extraVolumeMounts }}
              {{- toYaml . | nindent 12 }}
@ -275,8 +196,6 @@ spec:
              name: gpg-keys
            - mountPath: /app/config/gpg/keys
              name: gpg-keyring
-            - mountPath: /app/config/reposerver/tls
-              name: argocd-repo-server-tls
            - mountPath: /tmp
              name: tmp
        {{- with .Values.applicationSet.extraContainers }}
@ -323,32 +242,12 @@ spec:
          configMap:
            name: argocd-gpg-keys-cm
        - name: gpg-keyring
-          {{- if .Values.applicationSet.emptyDir.sizeLimit }}
-          emptyDir:
-            sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }}
-          {{- else }}
          emptyDir: {}
-          {{- end }}
        - name: tmp
-          {{- if .Values.applicationSet.emptyDir.sizeLimit }}
-          emptyDir:
-            sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }}
-          {{- else }}
          emptyDir: {}
-          {{- end }}
-        - name: argocd-repo-server-tls
-          secret:
-            secretName: argocd-repo-server-tls
-            optional: true
-            items:
-              - key: tls.crt
-                path: tls.crt
-              - key: tls.key
-                path: tls.key
-              - key: ca.crt
-                path: ca.crt
      {{- with .Values.applicationSet.dnsConfig }}
      dnsConfig:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.applicationSet.dnsPolicy }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/ingress.yaml
@ -1,62 +0,0 @@
-{{- if .Values.applicationSet.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-    {{- with .Values.applicationSet.ingress.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.applicationSet.ingress.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  {{- with .Values.applicationSet.ingress.ingressClassName }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  rules:
-    - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
-      http:
-        paths:
-          {{- with .Values.applicationSet.ingress.extraPaths }}
-            {{- tpl (toYaml .) $ | nindent 10 }}
-          {{- end }}
-          - path: {{ .Values.applicationSet.ingress.path }}
-            pathType: {{ .Values.applicationSet.ingress.pathType }}
-            backend:
-              service:
-                name: {{ include "argo-cd.applicationSet.fullname" . }}
-                port:
-                  number: {{ .Values.applicationSet.service.port }}
-    {{- range .Values.applicationSet.ingress.extraHosts }}
-    - host: {{ .name | quote }}
-      http:
-        paths:
-          - path: {{ default $.Values.applicationSet.ingress.path .path }}
-            pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }}
-            backend:
-              service:
-                name: {{ include "argo-cd.applicationSet.fullname" $ }}
-                port:
-                  number: {{ $.Values.applicationSet.service.port }}
-    {{- end }}
-    {{- with .Values.applicationSet.ingress.extraRules }}
-      {{- tpl (toYaml .) $ | nindent 4 }}
-    {{- end }}
-  {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }}
-  tls:
-    {{- if .Values.applicationSet.ingress.tls }}
-    - hosts:
-      - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }}
-      secretName: argocd-applicationset-controller-tls
-    {{- end }}
-    {{- with .Values.applicationSet.ingress.extraTls }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- end }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/metrics.yaml
@ -1,30 +1,21 @@
-{{- if .Values.applicationSet.metrics.enabled }}
+{{- if and .Values.applicationSet.enabled .Values.applicationSet.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }}
    {{- with .Values.applicationSet.metrics.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
-  {{- if or .Values.applicationSet.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
+  {{- with .Values.applicationSet.metrics.service.annotations }}
  annotations:
-    {{- if .Values.global.addPrometheusAnnotations }}
-    prometheus.io/port: {{ .Values.applicationSet.metrics.service.servicePort | quote }}
-    prometheus.io/scrape: "true"
-    {{- end }}
-    {{- range $key, $value := .Values.applicationSet.metrics.service.annotations }}
+    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
-  type: {{ .Values.applicationSet.metrics.service.type }}
-  {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }}
-  clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }}
-  {{- end }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name:  {{ .Values.applicationSet.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/networkpolicy.yaml
@ -1,14 +1,14 @@
-{{- if and .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }}
+{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
  ingress:
-  {{- if .Values.applicationSet.ingress.enabled }}
+  {{- if .Values.applicationSet.webhook.ingress.enabled }}
  - ports:
    - port: webhook
  {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/pdb.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/pdb.yaml
@ -1,9 +1,9 @@
-{{- if .Values.applicationSet.pdb.enabled }}
+{{- if and .Values.applicationSet.enabled .Values.applicationSet.pdb.enabled }}
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
    {{- with .Values.applicationSet.pdb.labels }}
--- a/charts/argo-cd/templates/argocd-applicationset/role.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml
@ -1,8 +1,9 @@
+{{- if .Values.applicationSet.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 rules:
@ -34,8 +35,6 @@ rules:
    - appprojects
    verbs:
    - get
-    - list
-    - watch
  - apiGroups:
    - ""
    resources:
@ -87,3 +86,4 @@ rules:
    - patch
    - update
    - watch
+{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/rolebinding.yaml
@ -1,15 +1,17 @@
+{{- if .Values.applicationSet.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  name: {{ template "argo-cd.applicationSet.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
-  name: {{ include "argo-cd.applicationSet.fullname" . }}
+  name: {{ template "argo-cd.applicationSet.fullname" . }}
 subjects:
  - kind: ServiceAccount
-    name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}
+    name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/service.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/service.yaml
@ -1,3 +1,4 @@
+{{- if .Values.applicationSet.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@ -8,18 +9,17 @@ metadata:
  {{- end }}
 {{- end }}
  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 {{- with .Values.applicationSet.service.labels }}
 {{- toYaml . | nindent 4 }}
 {{- end }}
 spec:
-  type: {{ .Values.applicationSet.service.type }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.applicationSet.service.portName }}
    port: {{ .Values.applicationSet.service.port }}
    targetPort: webhook
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/serviceaccount.yaml
@ -1,19 +1,19 @@
-{{- if .Values.applicationSet.serviceAccount.create }}
+{{- if and .Values.applicationSet.enabled .Values.applicationSet.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }}
 metadata:
-  name: {{ include "argo-cd.applicationSet.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  {{- with .Values.applicationSet.serviceAccount.annotations }}
+  name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+{{- if .Values.applicationSet.serviceAccount.annotations }}
  annotations:
-    {{- range $key, $value := . }}
+  {{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }}
    {{ $key }}: {{ $value | quote }}
-    {{- end }}
  {{- end }}
+{{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
-    {{- with .Values.applicationSet.serviceAccount.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
+  {{- range $key, $value := .Values.applicationSet.serviceAccount.labels }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
@ -1,9 +1,10 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }}
+{{- if .Values.applicationSet.enabled }}
+{{- if and .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
    {{- with .Values.applicationSet.metrics.serviceMonitor.selector }}
@ -22,9 +23,6 @@ spec:
      {{- with .Values.applicationSet.metrics.serviceMonitor.interval }}
      interval: {{ . }}
      {{- end }}
-      {{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
      path: /metrics
      {{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }}
      relabelings:
@ -34,7 +32,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
-      honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
@ -44,8 +41,9 @@ spec:
      {{- end }}
  namespaceSelector:
    matchNames:
-      - {{ include "argo-cd.namespace" . }}
+      - {{ .Release.Namespace }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }}
 {{- end }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml
@ -0,0 +1,73 @@
+{{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}}
+{{- $servicePort := .Values.applicationSet.service.portName -}}
+{{- $paths := .Values.applicationSet.webhook.ingress.paths -}}
+{{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}}
+{{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "argo-cd.applicationSet.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
+    {{- with .Values.applicationSet.webhook.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.applicationSet.webhook.ingress.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- with .Values.applicationSet.webhook.ingress.ingressClassName }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  rules:
+  {{- if .Values.applicationSet.webhook.ingress.hosts }}
+    {{- range $host := .Values.applicationSet.webhook.ingress.hosts }}
+    - host: {{ $host }}
+      http:
+        paths:
+          {{- with $extraPaths }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+          {{- range $p := $paths }}
+          - path: {{ $p }}
+            pathType: {{ $pathType }}
+            backend:
+              service:
+                name: {{ include "argo-cd.applicationSet.fullname" $ }}
+                port:
+                  {{- if kindIs "float64" $servicePort }}
+                  number: {{ $servicePort }}
+                  {{- else }}
+                  name: {{ $servicePort }}
+                  {{- end }}
+          {{- end -}}
+    {{- end -}}
+  {{- else }}
+    - http:
+        paths:
+          {{- with $extraPaths }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+          {{- range $p := $paths }}
+          - path: {{ $p }}
+            pathType: {{ $pathType }}
+            backend:
+              service:
+                name: {{ include "argo-cd.applicationSet.fullname" $ }}
+                port:
+                  {{- if kindIs "float64" $servicePort }}
+                  number: {{ $servicePort }}
+                  {{- else }}
+                  name: {{ $servicePort }}
+                  {{- end }}
+          {{- end -}}
+  {{- end -}}
+  {{- with .Values.applicationSet.webhook.ingress.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end -}}
+{{- end -}}
--- a/charts/argo-cd/templates/argocd-commit-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml
@ -1,238 +0,0 @@
-{{- if .Values.commitServer.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  name: {{ template "argo-cd.commitServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
-spec:
-  {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }}
-  strategy:
-    {{- trim . | nindent 4 }}
-  {{- end }}
-  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
-  selector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }}
-        {{- range $key, $value := . }}
-        {{ $key }}: {{ $value | quote }}
-        {{- end }}
-        {{- end }}
-      labels:
-        {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }}
-        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
-      {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.global.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }}
-      priorityClassName: {{ . }}
-      {{- end }}
-      {{- with .Values.commitServer.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ . }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }}
-      containers:
-      - name: {{ .Values.commitServer.name }}
-        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
-        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }}
-        args:
-        - /usr/local/bin/argocd-commit-server
-        {{- with .Values.commitServer.extraArgs }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        env:
-          {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }}
-            {{- toYaml . | nindent 10 }}
-          {{- end }}
-          - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: commitserver.listen.address
-                optional: true
-          - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: commitserver.metrics.listen.address
-                optional: true
-          - name: ARGOCD_COMMIT_SERVER_LOGFORMAT
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: commitserver.log.format
-                optional: true
-          - name: ARGOCD_COMMIT_SERVER_LOGLEVEL
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: commitserver.log.level
-                optional: true
-          - name: ARGOCD_LOG_FORMAT_TIMESTAMP
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: log.format.timestamp
-                optional: true
-        {{- with .Values.commitServer.envFrom }}
-        envFrom:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        ports:
-        - containerPort: 8086
-          name: server
-          protocol: TCP
-        - containerPort: 8087
-          name: metrics
-          protocol: TCP
-        {{- if .Values.commitServer.livenessProbe.enabled }}
-        livenessProbe:
-          httpGet:
-            path: /healthz?full=true
-            port: 8087
-          initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }}
-          failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }}
-          timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }}
-        {{- end }}
-        {{- if .Values.commitServer.readinessProbe.enabled }}
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: 8087
-          initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }}
-          failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }}
-          timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }}
-        {{- end }}
-        resources:
-          {{- toYaml .Values.commitServer.resources | nindent 10 }}
-        {{- with .Values.commitServer.containerSecurityContext }}
-        securityContext:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        {{- with .Values.commitServer.lifecycle }}
-        lifecycle:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        volumeMounts:
-        {{- with .Values.commitServer.extraVolumeMounts }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        - name: ssh-known-hosts
-          mountPath: /app/config/ssh
-        - name: tls-certs
-          mountPath: /app/config/tls
-        - name: gpg-keys
-          mountPath: /app/config/gpg/source
-        - name: gpg-keyring
-          mountPath: /app/config/gpg/keys
-        # We need a writeable temp directory for the askpass socket file.
-        - name: tmp
-          mountPath: /tmp
-      initContainers:
-      - command:
-        - /bin/cp
-        - -n
-        - /usr/local/bin/argocd
-        - /var/run/argocd/argocd-cmp-server
-        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
-        name: copyutil
-        resources:
-          {{- toYaml .Values.commitServer.resources | nindent 10 }}
-        {{- with .Values.commitServer.containerSecurityContext }}
-        securityContext:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        volumeMounts:
-        - mountPath: /var/run/argocd
-          name: var-files
-      volumes:
-        {{- with .Values.commitServer.extraVolumes }}
-          {{- toYaml . | nindent 8 }}
-        {{- end }}
-        - name: ssh-known-hosts
-          configMap:
-            name: argocd-ssh-known-hosts-cm
-        - name: tls-certs
-          configMap:
-            name: argocd-tls-certs-cm
-        - name: gpg-keys
-          configMap:
-            name: argocd-gpg-keys-cm
-        - name: gpg-keyring
-          emptyDir: {}
-        - name: tmp
-          emptyDir: {}
-        - name: argocd-commit-server-tls
-          secret:
-            secretName: argocd-commit-server-tls
-            optional: true
-            items:
-            - key: tls.crt
-              path: tls.crt
-            - key: tls.key
-              path: tls.key
-            - key: ca.crt
-              path: ca.crt
-        - emptyDir: {}
-          name: var-files
-      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }}
-      affinity:
-        {{- trim . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- range $constraint := . }}
-      - {{ toYaml $constraint | nindent 8 | trim }}
-        {{- if not $constraint.labelSelector }}
-        labelSelector:
-          matchLabels:
-            {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 12 }}
-        {{- end }}
-        {{- end }}
-      {{- end }}
-      {{- if .Values.commitServer.hostNetwork }}
-      hostNetwork: {{ .Values.commitServer.hostNetwork }}
-      {{- end }}
-      {{- with .Values.commitServer.dnsConfig }}
-      dnsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      dnsPolicy: {{ .Values.commitServer.dnsPolicy }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml
@ -1,35 +0,0 @@
-{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "argo-cd.commitServer.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }}
-    {{- with .Values.commitServer.metrics.service.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
-  annotations:
-    {{- if .Values.global.addPrometheusAnnotations }}
-    prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }}
-    prometheus.io/scrape: "true"
-    {{- end }}
-    {{- range $key, $value := .Values.commitServer.metrics.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  type: {{ .Values.commitServer.metrics.service.type }}
-  {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }}
-  clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }}
-  {{- end }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
-  ports:
-  - name:  {{ .Values.commitServer.metrics.service.portName }}
-    protocol: TCP
-    port: {{ .Values.commitServer.metrics.service.servicePort }}
-    targetPort: 8087
-  selector:
-    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml
@ -1,25 +0,0 @@
-{{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ template "argo-cd.commitServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-spec:
-  podSelector:
-    matchLabels:
-      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }}
-      ports:
-        - protocol: TCP
-          port: 8086
-    - from:
-        - namespaceSelector: { }
-      ports:
-        - port: 8087
-{{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/service.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/service.yaml
@ -1,26 +0,0 @@
-{{- if .Values.commitServer.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "argo-cd.commitServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
-    {{- with .Values.commitServer.service.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.commitServer.service.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-spec:
-  ports:
-  - name: server
-    protocol: TCP
-    port: 8086
-    targetPort: 8086
-  selector:
-    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml
@ -1,19 +0,0 @@
-{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }}
-metadata:
-  name: {{ include "argo-cd.commitServer.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  {{- with .Values.commitServer.serviceAccount.annotations }}
-  annotations:
-    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  {{- end }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
-    {{- with .Values.commitServer.serviceAccount.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
@ -1,12 +1,12 @@
-{{- if .Values.configs.cm.create }}
+{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }}
-  {{- with .Values.configs.cm.annotations }}
+  {{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml
@ -1,9 +1,8 @@
-{{- if .Values.configs.params.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-cmd-params-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }}
  {{- if .Values.configs.params.annotations }}
@ -14,4 +13,3 @@ metadata:
  {{- end }}
 data:
  {{- include "argo-cd.config.params" . | trim | nindent 2 }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-cmp-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }}
  {{- with .Values.configs.cmp.annotations }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-dex-server-tls
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }}
    {{- with .Values.dex.certificateSecret.labels }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml
@ -2,16 +2,16 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-gpg-keys-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
-  {{- with .Values.configs.gpg.annotations }}
+  {{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
-{{- with .Values.configs.gpg.keys }}
+{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}}
 data:
  {{- toYaml . | nindent 2 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml
@ -3,12 +3,12 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-notifications-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 data:
  context: |
-    argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }}
+    argocdUrl: {{ .Values.notifications.argocdUrl | quote }}
    {{- with .Values.notifications.context }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml
@ -2,13 +2,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Values.notifications.secret.name }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  name: argocd-notifications-secret
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
-    {{- with .Values.notifications.secret.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
  {{- with .Values.notifications.secret.annotations }}
  annotations:
    {{- range $key, $value := . }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
@ -1,18 +1,18 @@
-{{- if .Values.configs.rbac.create }}
+{{- if (hasKey .Values.server "rbacConfigCreate") | ternary .Values.server.rbacConfigCreate .Values.configs.rbac.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-rbac-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }}
-  {{- with .Values.configs.rbac.annotations }}
+  {{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
-{{- with (omit .Values.configs.rbac "create" "annotations") }}
+{{- with (mergeOverwrite (deepCopy (omit .Values.configs.rbac "create" "annotations")) (.Values.server.rbacConfig | default dict)) }}
 data:
  {{- toYaml . | nindent 2 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-server-tls
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }}
    {{- with .Values.repoServer.certificateSecret.labels }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-secret
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }}
    {{- with .Values.configs.secret.labels }}
@ -16,7 +16,7 @@ metadata:
    {{- end }}
  {{- end }}
 type: Opaque
-{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }}
+{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
 # Setting a blank data again will wipe admin password/key/cert
 data:
  {{- with .Values.configs.secret.githubSecret }}
@ -34,9 +34,9 @@ data:
  {{- with .Values.configs.secret.gogsSecret }}
  webhook.gogs.secret: {{ . | b64enc }}
  {{- end }}
-  {{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }}
-  webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }}
-  webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }}
+  {{- with .Values.configs.secret.argocdServerTlsConfig }}
+  tls.key: {{ .key | b64enc }}
+  tls.crt: {{ .crt | b64enc }}
  {{- end }}
  {{- if .Values.configs.secret.argocdServerAdminPassword }}
  admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-server-tls
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }}
    {{- with .Values.server.certificateSecret.labels }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
@ -1,12 +1,11 @@
-{{- if .Values.configs.ssh.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-ssh-known-hosts-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }}
-  {{- with .Values.configs.ssh.annotations }}
+  {{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
@ -14,8 +13,11 @@ metadata:
  {{- end }}
 data:
  ssh_known_hosts: |
-    {{- .Values.configs.ssh.knownHosts | nindent 4 }}
+    {{- if hasKey .Values.configs "knownHosts" }}
+      {{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }}
+    {{- else }}
+      {{- .Values.configs.ssh.knownHosts | nindent 4 }}
+    {{- end }}
    {{- with .Values.configs.ssh.extraHosts }}
      {{- . | nindent 4 }}
    {{- end }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-styles-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 data:
--- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
@ -1,17 +1,21 @@
-{{- if .Values.configs.tls.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-tls-certs-cm
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }}
-  {{- with .Values.configs.tls.annotations }}
+  {{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
+{{- if hasKey .Values.configs "tlsCerts" }}
+  {{- with .Values.configs.tlsCerts }}
+    {{- toYaml . | nindent 0 }}
+  {{- end }}
+{{- else }}
 {{- with .Values.configs.tls.certificates }}
 data:
  {{- toYaml . | nindent 2 }}
--- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
+++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
@ -1,17 +1,17 @@
-{{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }}
+{{- range .Values.configs.clusterCredentials }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }}
-  namespace: {{ include  "argo-cd.namespace" $ | quote }}
+  name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
+  namespace: {{ $.Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
-    {{- with $cluster_value.labels }}
+    {{- with .labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
    argocd.argoproj.io/secret-type: cluster
-  {{- with $cluster_value.annotations }}
+  {{- with .annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
@ -19,20 +19,17 @@ metadata:
  {{- end }}
 type: Opaque
 stringData:
-  {{- if $cluster_value.shard }}
-  shard: {{ $cluster_value.shard | quote }}
-  {{- end }}
-  name: {{ $cluster_key }}
-  server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
-  {{- if $cluster_value.namespaces }}
-  namespaces: {{ $cluster_value.namespaces }}
-    {{- if $cluster_value.clusterResources }}
-  clusterResources: {{ $cluster_value.clusterResources | quote }}
+  name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
+  server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
+  {{- if .namespaces }}
+  namespaces: {{ .namespaces }}
+    {{- if .clusterResources }}
+  clusterResources: {{ .clusterResources | quote }}
    {{- end }}
  {{- end }}
-  {{- if $cluster_value.project }}
-  project: {{ $cluster_value.project | quote }}
+  {{- if .project }}
+  project: {{ .project | quote }}
  {{- end }}
  config: |
-    {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }}
+    {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/externalredis-secret.yaml
@ -2,8 +2,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: argocd-redis
-  namespace: {{ include  "argo-cd.namespace" . }}
+  name: {{ include "argo-cd.redis.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
  {{- with .Values.externalRedis.secretAnnotations }}
--- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-creds-{{ $repo_cred_key }}
-  namespace: {{ include  "argo-cd.namespace" $ | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
  labels:
    argocd.argoproj.io/secret-type: repo-creds
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-{{ $repo_key }}
-  namespace: {{ include  "argo-cd.namespace" $ | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
  labels:
    argocd.argoproj.io/secret-type: repository
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/clusterrole.yaml
@ -1,52 +0,0 @@
-{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "argo-cd.notifications.fullname" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
-rules:
-  {{- with .Values.notifications.clusterRoleRules.rules }}
-    {{- toYaml . | nindent 2 }}
-  {{- end }}
-  - apiGroups:
-    - argoproj.io
-    resources:
-    - applications
-    - appprojects
-    verbs:
-    - get
-    - list
-    - watch
-    - update
-    - patch
-  - apiGroups:
-    - ""
-    resources:
-    - configmaps
-    - secrets
-    verbs:
-    - list
-    - watch
-    {{- if (index .Values.configs.params "application.namespaces") }}
-    - create
-    {{- end }}
-  {{- if .Values.notifications.cm.create }}
-  - apiGroups:
-    - ""
-    resourceNames:
-    - argocd-notifications-cm
-    resources:
-    - configmaps
-    verbs:
-    - get
-  {{- end }}
-  - apiGroups:
-    - ""
-    resourceNames:
-    - {{ .Values.notifications.secret.name }}
-    resources:
-    - secrets
-    verbs:
-    - get
-{{- end }}
--- a/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml
@ -1,16 +0,0 @@
-{{- if and .Values.notifications.enabled .Values.createClusterRoles }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "argo-cd.notifications.fullname" . }}
-  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "argo-cd.notifications.fullname" . }}
-subjects:
- kind: ServiceAccount
-  name: {{ include "argo-cd.notifications.serviceAccountName" . }}
-  namespace: {{ include "argo-cd.namespace" . }}
-{{- end }}
--- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml
@ -9,7 +9,7 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ include "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 spec:
@ -36,9 +36,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
-      {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
      {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -54,11 +51,7 @@ spec:
      {{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
-      {{- if .Values.notifications.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.notifications.automountServiceAccountToken }}
+      serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }}
      containers:
        - name: {{ .Values.notifications.name }}
          image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}
@ -68,46 +61,15 @@ spec:
            - --metrics-port={{ .Values.notifications.containerPorts.metrics }}
            - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
            - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
-            - --namespace={{ include "argo-cd.namespace" . }}
+            - --namespace={{ .Release.Namespace }}
            - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
-            - --secret-name={{ .Values.notifications.secret.name }}
            {{- range .Values.notifications.extraArgs }}
            - {{ . | squote }}
            {{- end }}
+          {{- with .Values.notifications.extraEnv }}
          env:
-            {{- with (concat .Values.global.env .Values.notifications.extraEnv) }}
-              {{- toYaml . | nindent 12 }}
-            {{- end }}
-            - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL
-              valueFrom:
-                configMapKeyRef:
-                  key: notificationscontroller.log.level
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT
-              valueFrom:
-                configMapKeyRef:
-                  key: notificationscontroller.log.format
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_APPLICATION_NAMESPACES
-              valueFrom:
-                configMapKeyRef:
-                  key: application.namespaces
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
-              valueFrom:
-                configMapKeyRef:
-                  key: notificationscontroller.selfservice.enabled
-                  name: argocd-cmd-params-cm
-                  optional: true
-            - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
-              valueFrom:
-                configMapKeyRef:
-                  key: notificationscontroller.repo.server.plaintext
-                  name: argocd-cmd-params-cm
-                  optional: true
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
          {{- with .Values.notifications.extraEnvFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
@ -116,32 +78,10 @@ spec:
          - name: metrics
            containerPort: {{ .Values.notifications.containerPorts.metrics }}
            protocol: TCP
-          {{- if .Values.notifications.livenessProbe.enabled }}
-          livenessProbe:
-            tcpSocket:
-              port: metrics
-            initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }}
-            failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }}
-          {{- end }}
-          {{- if .Values.notifications.readinessProbe.enabled }}
-          readinessProbe:
-            tcpSocket:
-              port: metrics
-            initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }}
-          {{- end }}
          resources:
            {{- toYaml .Values.notifications.resources | nindent 12 }}
-          {{- with .Values.notifications.containerSecurityContext }}
          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
+            {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
          workingDir: /app
          volumeMounts:
            - name: tls-certs
--- a/charts/argo-cd/templates/argocd-notifications/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/metrics.yaml
@ -3,28 +3,19 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.notifications.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }}
    {{- with .Values.notifications.metrics.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
-  {{- if or .Values.notifications.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
+  {{- with .Values.notifications.metrics.service.annotations }}
  annotations:
-    {{- if .Values.global.addPrometheusAnnotations }}
-    prometheus.io/port: {{ .Values.notifications.metrics.port | quote }}
-    prometheus.io/scrape: "true"
-    {{- end }}
-    {{- range $key, $value := .Values.notifications.metrics.service.annotations }}
+    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
-  type: {{ .Values.notifications.metrics.service.type }}
-  {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }}
-  clusterIP: {{ .Values.notifications.metrics.service.clusterIP }}
-  {{- end }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
  ports:
--- a/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/networkpolicy.yaml
@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ template "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 spec:
--- a/charts/argo-cd/templates/argocd-notifications/pdb.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/pdb.yaml
@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ include "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
    {{- with .Values.notifications.pdb.labels }}
--- a/charts/argo-cd/templates/argocd-notifications/role.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/role.yaml
@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ template "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 rules:
@ -37,7 +37,7 @@ rules:
 - apiGroups:
  - ""
  resourceNames:
-  - {{ .Values.notifications.secret.name }}
+  - argocd-notifications-secret
  resources:
  - secrets
  verbs:
--- a/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/rolebinding.yaml
@ -2,16 +2,16 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "argo-cd.notifications.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  name: {{ template "argo-cd.notifications.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
-  name: {{ include "argo-cd.notifications.fullname" . }}
+  name: {{ template "argo-cd.notifications.fullname" . }}
 subjects:
  - kind: ServiceAccount
-    name: {{ include "argo-cd.notifications.serviceAccountName" . }}
-    namespace: {{ include "argo-cd.namespace" . }}
+    name: {{ template "argo-cd.notificationsServiceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/serviceaccount.yaml
@ -3,17 +3,17 @@ apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }}
 metadata:
-  name: {{ include "argo-cd.notifications.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
-  {{- with .Values.notifications.serviceAccount.annotations }}
+  name: {{ template "argo-cd.notificationsServiceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+{{- if .Values.notifications.serviceAccount.annotations }}
  annotations:
-    {{- range $key, $value := . }}
+  {{- range $key, $value := .Values.notifications.serviceAccount.annotations }}
    {{ $key }}: {{ $value | quote }}
-    {{- end }}
  {{- end }}
+{{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
-    {{- with .Values.notifications.serviceAccount.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
+  {{- range $key, $value := .Values.notifications.serviceAccount.labels }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
@ -1,9 +1,9 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }}
+{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.notifications.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
    {{- with .Values.notifications.metrics.serviceMonitor.selector }}
@ -41,10 +41,9 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
-      honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }}
  namespaceSelector:
    matchNames:
-      - {{ include "argo-cd.namespace" . }}
+      - {{ .Release.Namespace }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 6 }}
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
@ -1,4 +1,5 @@
-{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
+{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
+{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@ -6,8 +7,8 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 rules:
-  {{- with .Values.repoServer.clusterRoleRules.rules }}
-    {{- toYaml . | nindent 2 }}
+  {{- if .Values.repoServer.clusterRoleRules.enabled }}
+    {{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }}
  {{- else }}
  - apiGroups:
    - '*'
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
@ -1,4 +1,5 @@
-{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }}
+{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
+{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -11,6 +12,6 @@ roleRef:
  name: {{ include "argo-cd.repoServer.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
-  namespace: {{ include "argo-cd.namespace" . }}
+  name: {{ include "argo-cd.repoServerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -8,7 +8,7 @@ metadata:
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
 spec:
@ -30,12 +30,6 @@ spec:
        {{- if .Values.repoServer.certificateSecret.enabled }}
        checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }}
        {{- end }}
-        {{- if .Values.configs.cm.create }}
-        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
-        {{- end }}
-        {{- if .Values.configs.cmp.create }}
-        checksum/cmp-cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmp-cm.yaml") . | sha256sum }}
-        {{- end }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
@ -47,9 +41,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
-      {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }}
-      runtimeClassName: {{ . }}
-      {{- end }}
      {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -65,11 +56,7 @@ spec:
      {{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
-      {{- if .Values.repoServer.terminationGracePeriodSeconds }}
-      terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }}
-      {{- end }}
-      serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.repoServer.automountServiceAccountToken }}
+      serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }}
      containers:
      - name: {{ .Values.repoServer.name }}
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
@ -78,19 +65,25 @@ spec:
        - /usr/local/bin/argocd-repo-server
        - --port={{ .Values.repoServer.containerPorts.server }}
        - --metrics-port={{ .Values.repoServer.containerPorts.metrics }}
+        {{- with .Values.repoServer.logFormat }}
+        - --logformat
+        - {{ . | quote }}
+        {{- end }}
+        {{- with .Values.repoServer.logLevel }}
+        - --loglevel
+        - {{ . | quote }}
+        {{- end }}
        {{- with .Values.repoServer.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        env:
-          {{- with (concat .Values.global.env .Values.repoServer.env) }}
+          {{- with .Values.repoServer.env }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          {{- if .Values.openshift.enabled }}
          - name: USER_NAME
            value: argocd
          {{- end }}
-          - name: ARGOCD_REPO_SERVER_NAME
-            value: {{ template "argo-cd.repoServer.fullname" . }}
          - name: ARGOCD_RECONCILIATION_TIMEOUT
            valueFrom:
              configMapKeyRef:
@ -115,18 +108,6 @@ spec:
                name: argocd-cmd-params-cm
                key: reposerver.parallelism.limit
                optional: true
-          - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: reposerver.listen.address
-                optional: true
-          - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: reposerver.metrics.listen.address
-                optional: true
          - name: ARGOCD_REPO_SERVER_DISABLE_TLS
            valueFrom:
              configMapKeyRef:
@ -178,30 +159,14 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
-                {{- if .Values.externalRedis.host }}
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-password
-                {{- else }}
-                key: auth
-                {{- end }}
-                optional: true
-          - name: REDIS_SENTINEL_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-username
-                optional: true
-          - name: REDIS_SENTINEL_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
-                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
@ -215,18 +180,6 @@ spec:
                name: argocd-cmd-params-cm
                key: otlp.address
                optional: true
-          - name: ARGOCD_REPO_SERVER_OTLP_INSECURE
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.insecure
-                optional: true
-          - name: ARGOCD_REPO_SERVER_OTLP_HEADERS
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: otlp.headers
-                optional: true
          - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
            valueFrom:
              configMapKeyRef:
@ -239,12 +192,6 @@ spec:
                name: argocd-cmd-params-cm
                key: reposerver.plugin.tar.exclusions
                optional: true
-          - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS
-            valueFrom:
-              configMapKeyRef:
-                key: reposerver.plugin.use.manifest.generate.paths
-                name: argocd-cmd-params-cm
-                optional: true
          - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
            valueFrom:
              configMapKeyRef:
@ -263,56 +210,18 @@ spec:
                key: reposerver.streamed.manifest.max.extracted.size
                name: argocd-cmd-params-cm
                optional: true
-          - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
-            valueFrom:
-              configMapKeyRef:
-                key: reposerver.helm.manifest.max.extracted.size
-                name: argocd-cmd-params-cm
-                optional: true
-          - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
-            valueFrom:
-              configMapKeyRef:
-                name: argocd-cmd-params-cm
-                key: reposerver.disable.helm.manifest.max.extracted.size
-                optional: true
          - name: ARGOCD_GIT_MODULES_ENABLED
            valueFrom:
              configMapKeyRef:
                key: reposerver.enable.git.submodule
                name: argocd-cmd-params-cm
                optional: true
-          - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT
-            valueFrom:
-              configMapKeyRef:
-                key: reposerver.git.lsremote.parallelism.limit
-                name: argocd-cmd-params-cm
-                optional: true
-          - name: ARGOCD_GIT_REQUEST_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                key: reposerver.git.request.timeout
-                name: argocd-cmd-params-cm
-                optional: true
-          - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
-            valueFrom:
-              configMapKeyRef:
-                key: reposerver.revision.cache.lock.timeout
-                name: argocd-cmd-params-cm
-                optional: true
-          - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES
-            valueFrom:
-              configMapKeyRef:
-                key: reposerver.include.hidden.directories
-                name: argocd-cmd-params-cm
-                optional: true
-          {{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
          - name: HELM_CACHE_HOME
            value: /helm-working-dir
          - name: HELM_CONFIG_HOME
            value: /helm-working-dir
          - name: HELM_DATA_HOME
            value: /helm-working-dir
-          {{- end }}
        {{- with .Values.repoServer.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
@ -331,10 +240,8 @@ spec:
          name: gpg-keyring
        - mountPath: /app/config/reposerver/tls
          name: argocd-repo-server-tls
-        {{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
        - mountPath: /helm-working-dir
          name: helm-working-dir
-        {{- end }}
        - mountPath: /home/argocd/cmp-server/plugins
          name: plugins
        - mountPath: /tmp
@ -366,14 +273,8 @@ spec:
          failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }}
        resources:
          {{- toYaml .Values.repoServer.resources | nindent 10 }}
-        {{- with .Values.repoServer.containerSecurityContext }}
        securityContext:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-        {{- with .Values.repoServer.lifecycle }}
-        lifecycle:
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
+          {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
      {{- with .Values.repoServer.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
@ -386,8 +287,10 @@ spec:
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
        name: copyutil
+        {{- with .Values.repoServer.resources }}
        resources:
-          {{- toYaml .Values.repoServer.resources | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
        {{- with .Values.repoServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
@ -425,52 +328,14 @@ spec:
      {{- with .Values.repoServer.volumes }}
        {{- toYaml . | nindent 6 }}
      {{- end }}
-      {{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
      - name: helm-working-dir
-        {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}}
-        {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8  }}
-        {{- else }}
-          {{- if .Values.repoServer.emptyDir.sizeLimit }}
-        emptyDir:
-          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
-          {{- else }}
        emptyDir: {}
-          {{- end }}
-        {{- end }}
-      {{- end }}
      - name: plugins
-        {{- if .Values.repoServer.existingVolumes.plugins -}}
-        {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8  }}
-        {{- else }}
-          {{- if .Values.repoServer.emptyDir.sizeLimit }}
-        emptyDir:
-          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
-          {{- else }}
        emptyDir: {}
-          {{- end }}
-        {{- end }}
      - name: var-files
-        {{- if .Values.repoServer.existingVolumes.varFiles -}}
-        {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8  }}
-        {{- else }}
-          {{- if .Values.repoServer.emptyDir.sizeLimit }}
-        emptyDir:
-          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
-          {{- else }}
        emptyDir: {}
-          {{- end }}
-        {{- end }}
      - name: tmp
-        {{- if .Values.repoServer.existingVolumes.tmp -}}
-        {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8  }}
-        {{- else }}
-          {{- if .Values.repoServer.emptyDir.sizeLimit }}
-        emptyDir:
-          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
-          {{- else }}
        emptyDir: {}
-          {{- end }}
-        {{- end }}
      - name: ssh-known-hosts
        configMap:
          name: argocd-ssh-known-hosts-cm
@ -481,16 +346,7 @@ spec:
        configMap:
          name: argocd-gpg-keys-cm
      - name: gpg-keyring
-        {{- if .Values.repoServer.existingVolumes.gpgKeyring -}}
-        {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8  }}
-        {{- else }}
-          {{- if .Values.repoServer.emptyDir.sizeLimit }}
-        emptyDir:
-          sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }}
-          {{- else }}
        emptyDir: {}
-          {{- end }}
-        {{- end }}
      - name: argocd-repo-server-tls
        secret:
          secretName: argocd-repo-server-tls
--- a/charts/argo-cd/templates/argocd-repo-server/hpa.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/hpa.yaml
@ -1,38 +1,42 @@
 {{- if .Values.repoServer.autoscaling.enabled }}
-apiVersion: autoscaling/v2
+apiVersion: {{ include "argo-cd.apiVersion.autoscaling" . }}
 kind: HorizontalPodAutoscaler
 metadata:
-  name: {{ include "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
-    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }}
+  name: {{ template "argo-cd.repoServer.fullname" . }}-hpa
+  namespace: {{ .Release.Namespace | quote }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
-    name: {{ include "argo-cd.repoServer.fullname" . }}
+    name: {{ template "argo-cd.repoServer.fullname" . }}
  minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }}
  metrics:
-  {{- with .Values.repoServer.autoscaling.metrics }}
-    {{- toYaml . | nindent 4 }}
-  {{- else }}
-    {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }}
    - type: Resource
      resource:
        name: memory
+        {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
+        targetAverageUtilization: {{ . }}
+        {{- else }}
        target:
-          type: Utilization
          averageUtilization: {{ . }}
-    {{- end }}
-    {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }}
+          type: Utilization
+        {{- end }}
+  {{- end }}
+  {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }}
    - type: Resource
      resource:
        name: cpu
+        {{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
+        targetAverageUtilization: {{ . }}
+        {{- else }}
        target:
-          type: Utilization
          averageUtilization: {{ . }}
-    {{- end }}
+          type: Utilization
+        {{- end }}
  {{- end }}
  {{- with .Values.repoServer.autoscaling.behavior }}
  behavior:
--- a/charts/argo-cd/templates/argocd-repo-server/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/metrics.yaml
@ -3,28 +3,19 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.repoServer.fullname" . }}-metrics
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }}
    {{- with .Values.repoServer.metrics.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
-  {{- if or .Values.repoServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
+  {{- with .Values.repoServer.metrics.service.annotations }}
  annotations:
-    {{- if .Values.global.addPrometheusAnnotations }}
-    prometheus.io/port: {{ .Values.repoServer.metrics.service.servicePort | quote }}
-    prometheus.io/scrape: "true"
-    {{- end }}
-    {{- range $key, $value := .Values.repoServer.metrics.service.annotations }}
+    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
-  type: {{ .Values.repoServer.metrics.service.type }}
-  {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }}
-  clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }}
-  {{- end }}
-  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name: {{ .Values.repoServer.metrics.service.portName }}
    protocol: TCP
--- a/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
 spec:
  ingress:
  - from:
@ -20,9 +20,11 @@ spec:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }}
    {{- end }}
+    {{- if .Values.applicationSet.enabled }}
    - podSelector:
        matchLabels:
          {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }}
+    {{- end }}
    ports:
    - port: repo-server
      protocol: TCP
--- a/charts/argo-cd/templates/argocd-repo-server/pdb.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/pdb.yaml
@ -3,7 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ include "argo-cd.repoServer.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . }}
+  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
    {{- with .Values.repoServer.pdb.labels }}
--- a/Show more
+++ b/Show more