feat(argo-rollouts): Update resources as following upstream

Signed-off-by: yu-croco <yu.croco@gmail.com>
chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.0
2024-06-14 10:11:31 +09:00 · 2024-06-13 21:14:26 +00:00
134 changed files with 1083 additions and 9723 deletions
--- a/.github/configs/renovate-config.js
+++ b/.github/configs/renovate-config.js
@ -1,7 +1,6 @@
 module.exports = {
    platform: 'github',
-    // This ensures that the gitAuthor and gitSignOff fields match
+    gitAuthor: 'renovate[bot] <renovate[bot]@users.noreply.github.com>',
    gitAuthor: 'argoproj-renovate[bot] <161757507+argoproj-renovate[bot]@users.noreply.github.com>',
    autodiscover: false,
    allowPostUpgradeCommandTemplating: true,
    allowedPostUpgradeCommands: [".*"],
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -6,11 +6,3 @@ updates:
    schedule:
      interval: weekly
      day: "saturday"
    commit-message:
      prefix: "chore(deps)"
    groups:
      dependencies:
        applies-to: version-updates
        update-types:
          - "minor"
          - "patch"
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@ -13,7 +13,7 @@ jobs:
      options: --user 1001
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
      - name: Run ah lint
        working-directory: ./charts
        run: ah lint
@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          fetch-depth: 0
@ -32,16 +32,16 @@ jobs:
          version: v3.10.1 # Also update in publish.yaml
      - name: Set up python
-        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
        with:
          python-version: 3.9
      - name: Setup Chart Linting
        id: lint
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
        with:
          # Note: Also update in scripts/lint.sh
-          version: v3.11.0
+          version: v3.10.0
      - name: List changed charts
        id: list-changed
@ -70,10 +70,11 @@ jobs:
          fi
      - name: Create kind cluster
-        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
        if: steps.list-changed.outputs.changed == 'true'
        with:
          config: .github/configs/kind-config.yaml
      - name: Deploy latest ArgoCD CRDs when testing ArgoCD extensions
        if: |
          contains(steps.list-changed.outputs.changed_charts, 'argocd-image-updater') ||
--- a/.github/workflows/pr-sizing.yml
+++ b/.github/workflows/pr-sizing.yml
@ -25,6 +25,6 @@ jobs:
  size-label:
    runs-on: ubuntu-latest
    steps:
-      - uses: pascalgn/size-label-action@f8edde36b3be04b4f65dcfead05dc8691b374348 # v0.5.5
+      - uses: pascalgn/size-label-action@bbbaa0d5ccce8e2e76254560df5c64b82dac2e12 # v0.5.2
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@ -19,7 +19,7 @@ jobs:
    name: Validate PR title
    runs-on: ubuntu-latest
    steps:
-      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
+      - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          fetch-depth: 0
@ -59,14 +59,14 @@ jobs:
          PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
+        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
        with:
          config: "./.github/configs/cr.yaml"
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
      - name: Login to GHCR
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@ -16,23 +16,22 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Get token
-        uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # v1.11.5
+        uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
        id: get_token
        with:
          app-id: ${{ vars.RENOVATE_APP_ID }}
          private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Self-hosted Renovate
-        uses: renovatebot/github-action@e084b5ac6fd201023db6dd7743aec023babb02c8 # v41.0.13
+        uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12
        with:
          configurationFile: .github/configs/renovate-config.js
          # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
-          renovate-version: 39.153.2
+          renovate-version: 37.384.0
          token: '${{ steps.get_token.outputs.token }}'
          mount-docker-socket: true
        env:
          LOG_LEVEL: 'debug'
          RENOVATE_REPOSITORIES: '${{ github.repository }}'
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -33,12 +33,12 @@ jobs:
    steps:
      - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          persist-credentials: false
      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
        with:
          results_file: results.sarif
          results_format: sarif
@ -60,7 +60,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: SARIF file
          path: results.sarif
@ -68,6 +68,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
        with:
          sarif_file: results.sarif
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -14,7 +14,7 @@ jobs:
      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+    - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        # Number of days of inactivity before an issue becomes stale
--- a/SECURITY.md
+++ b/SECURITY.md
@ -6,7 +6,7 @@ Each helm chart currently supports the designated application version in the Cha
 * [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md)
 * [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md)
-* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security/security.md)
+* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md)
 * [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md)
 * [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md)
--- a/charts/argo-cd/Chart.lock
+++ b/charts/argo-cd/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
  repository: https://dandydeveloper.github.io/charts/
-  version: 4.29.4
+  version: 4.26.1
-digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7
+digest: sha256:d72c308ab0eef4233e25bfc3f8fc97cf9b02a9c5d0186ea89e2f8fb332cb9c41
-generated: "2024-11-13T09:07:36.494128+09:00"
+generated: "2024-02-18T19:42:53.135599+02:00"
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.14.2
+appVersion: v2.11.3
-kubeVersion: ">=1.25.0-0"
+kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.8.3
+version: 7.1.3
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -18,7 +18,7 @@ maintainers:
    url: https://argoproj.github.io/
 dependencies:
  - name: redis-ha
-    version: 4.29.4
+    version: 4.26.1
    repository: https://dandydeveloper.github.io/charts/
    condition: redis-ha.enabled
 annotations:
@ -26,5 +26,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: changed
+    - kind: fixed
-      description: Bump dex version to v2.42.0
+      description: Add missing permission for Dynamic Cluster Distribution
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -191,7 +191,7 @@ server:
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/backend-protocol: HTTP
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/ssl-redirect: '443'
    aws:
      serviceType: ClusterIP # <- Used with target-type: ip
@ -278,31 +278,6 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 7.0.0
 We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
 If you used the value, please migrate like below.
 ```yaml
 # before
 configs:
  clusterCredentials:
    - mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 # after
 configs:
  clusterCredentials:
    mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 ```
 ### 6.10.0
 This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
@ -312,10 +287,10 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr
 Upstream steps in the [FAQ] are not enough, since we chose a different approach.
 (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
-Steps to rotate the secret when using the helm chart (bold step is additional to upstream):
+Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
 * Delete `argocd-redis` secret in the namespace where Argo CD is installed.
  ```bash
-  kubectl delete secret argocd-redis -n <argocd namespace>
+  kubectl delete secret argocd-redis -n <argocd namesapce>
  ```
 * **Perform a helm upgrade**
  ```bash
@ -647,7 +622,7 @@ server:
 ## Prerequisites
- Kubernetes: `>=1.25.0-0`
+- Kubernetes: `>=1.23.0-0`
  - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach.
  - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info.
 - Helm v3.0.0+
@ -708,12 +683,11 @@ NAME: my-release
 | global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` |
 | global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components |
 | global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic |
-| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components |
+| global.nodeSelector | object | `{}` | Default node selector for all components |
 | global.podAnnotations | object | `{}` | Annotations for the all deployed pods |
 | global.podLabels | object | `{}` | Labels for the all deployed pods |
 | global.priorityClassName | string | `""` | Default priority class for all components |
 | global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. |
 | global.runtimeClassName | string | `""` | Runtime class name for all components |
 | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. |
 | global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets |
 | global.tolerations | list | `[]` | Default tolerations for all components |
@ -726,7 +700,6 @@ NAME: my-release
 | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
 | configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
 | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning |
 | configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) |
 | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
 | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement |
 | configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge |
@ -743,7 +716,6 @@ NAME: my-release
 | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
 | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] |
 | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
 | configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) |
 | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
 | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout |
 | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
@ -755,7 +727,6 @@ NAME: my-release
 | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / |
 | configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication |
 | configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression |
 | configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) |
 | configs.params."server.insecure" | bool | `false` | Run server without TLS |
 | configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / |
 | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets |
@ -784,13 +755,11 @@ NAME: my-release
 | configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events |
 | configs.secret.labels | object | `{}` | Labels to be added to argocd-secret |
 | configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap |
 | configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. |
 | configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories |
 | configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. |
 | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. |
 | configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap |
 | configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories |
 | configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. |
 ## Argo CD Controller
@ -837,7 +806,6 @@ NAME: my-release
 | controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
 | controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
 | controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. |
 | controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
 | controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
 | controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -863,7 +831,6 @@ NAME: my-release
 | controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. |
 | controller.resources | object | `{}` | Resource limits and requests for the application controller pods |
 | controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history |
 | controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller |
 | controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
 | controller.serviceAccount.create | bool | `true` | Create a service account for the application controller |
@ -932,7 +899,6 @@ NAME: my-release
 | repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
 | repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
 | repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. |
 | repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
 | repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
 | repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -959,7 +925,6 @@ NAME: my-release
 | repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
 | repoServer.replicas | int | `1` | The number of repo server pods to run |
 | repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods |
 | repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server |
 | repoServer.service.annotations | object | `{}` | Repo server service annotations |
 | repoServer.service.labels | object | `{}` | Repo server service labels |
 | repoServer.service.port | int | `8081` | Repo server service port |
@ -1002,7 +967,7 @@ NAME: my-release
 | server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
 | server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
-| server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources |
+| server.certificate.secretName | string | `"argocd-server-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
 | server.certificate.usages | list | `[]` | Usages for the certificate |
 | server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret |
 | server.certificateSecret.crt | string | `""` | Certificate data |
@ -1026,7 +991,7 @@ NAME: my-release
 | server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD |
 | server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions |
 | server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image |
-| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image |
+| server.extensions.image.tag | string | `"v0.0.5"` | Tag to use for extension installer image |
 | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
 | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
 | server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
@ -1083,7 +1048,6 @@ NAME: my-release
 | server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
 | server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
 | server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. |
 | server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
 | server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
 | server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -1114,12 +1078,10 @@ NAME: my-release
 | server.route.hostname | string | `""` | Hostname of OpenShift Route |
 | server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route |
 | server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route |
 | server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server |
 | server.service.annotations | object | `{}` | Server service annotations |
 | server.service.externalIPs | list | `[]` | Server service external IPs |
 | server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints |
 | server.service.labels | object | `{}` | Server service labels |
 | server.service.loadBalancerClass | string | `""` | The class of the load balancer implementation |
 | server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field |
 | server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from |
 | server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") |
@ -1170,7 +1132,7 @@ NAME: my-release
 | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod |
 | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy |
 | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository |
-| dex.image.tag | string | `"v2.42.0"` | Dex image tag |
+| dex.image.tag | string | `"v2.38.0"` | Dex image tag |
 | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
 | dex.initContainers | list | `[]` | Init containers to add to the dex pod |
 | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy |
@ -1195,7 +1157,6 @@ NAME: my-release
 | dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
 | dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
 | dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. |
 | dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
 | dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
 | dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -1223,7 +1184,6 @@ NAME: my-release
 | dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
 | dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
 | dex.resources | object | `{}` | Resource limits and requests for dex |
 | dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex |
 | dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
 | dex.serviceAccount.create | bool | `true` | Create dex service account |
@ -1261,7 +1221,7 @@ NAME: my-release
 | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter |
 | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
 | redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
-| redis.exporter.image.tag | string | `"1.67.0"` | Tag to use for the redis-exporter |
+| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
 | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter |
 | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated |
@ -1279,7 +1239,7 @@ NAME: my-release
 | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
 | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
 | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
-| redis.image.tag | string | `"7.4.2-alpine"` | Redis tag |
+| redis.image.tag | string | `"7.2.4-alpine"` | Redis tag |
 | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
 | redis.initContainers | list | `[]` | Init containers to add to the redis pod |
 | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server |
@ -1298,7 +1258,6 @@ NAME: my-release
 | redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
 | redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
 | redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. |
 | redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped |
 | redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
 | redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -1323,7 +1282,6 @@ NAME: my-release
 | redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
 | redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out |
 | redis.resources | object | `{}` | Resource limits and requests for redis |
 | redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis |
 | redis.securityContext | object | See [values.yaml] | Redis pod-level security context |
 | redis.service.annotations | object | `{}` | Redis service annotations |
 | redis.service.labels | object | `{}` | Additional redis service labels |
@ -1365,7 +1323,7 @@ The main options are listed here:
 | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
 | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
 | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
-| redis-ha.image.tag | string | `"7.4.2-alpine"` | Redis tag |
+| redis-ha.image.tag | string | `"7.2.4-alpine"` | Redis tag |
 | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
 | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
 | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""`  is disabled |
@ -1388,7 +1346,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored |
+| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis credentials (must contain key `redis-password`). When it's set, the `externalRedis.password` parameter is ignored |
 | externalRedis.host | string | `""` | External Redis server host |
 | externalRedis.password | string | `""` | External Redis password |
 | externalRedis.port | int | `6379` | External Redis server port |
@ -1402,7 +1360,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job |
 | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
 | redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods |
 | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job |
@ -1443,6 +1400,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` |
 | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
 | applicationSet.certificate.secretName | string | `"argocd-applicationset-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
 | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
 | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
 | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
@ -1491,7 +1449,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
 | applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
 | applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. |
 | applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
 | applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
 | applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
@ -1518,7 +1475,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
 | applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run |
 | applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. |
 | applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller |
 | applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations |
 | applicationSet.service.labels | object | `{}` | ApplicationSet service labels |
 | applicationSet.service.port | int | `7000` | ApplicationSet service port |
@ -1561,12 +1517,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller |
 | notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
 | notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod |
 | notifications.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods |
 | notifications.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | notifications.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
 | notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
 | notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
 | notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` |
 | notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` |
 | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server |
@ -1579,7 +1529,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
 | notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
 | notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. |
 | notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
 | notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
 | notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
@ -1596,14 +1545,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods |
 | notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods |
 | notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods |
 | notifications.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods |
 | notifications.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | notifications.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
 | notifications.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
 | notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
 | notifications.resources | object | `{}` | Resource limits and requests for the notifications controller |
 | notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller |
 | notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret |
 | notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret |
 | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret |
@ -1621,89 +1563,30 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller |
 | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
 ## Commit server (Manifest Hydrator)
 The Argo CD Commit Server provides push access to git repositories for hydrated manifests.
 To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator].
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
 | commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. |
 | commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context |
 | commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment |
 | commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment |
 | commitServer.dnsConfig | object | `{}` | [DNS configuration] |
 | commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods |
 | commitServer.enabled | bool | `false` | Enable commit server |
 | commitServer.extraArgs | list | `[]` | commit server command line flags |
 | commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server |
 | commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server |
 | commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) |
 | commitServer.extraVolumes | list | `[]` | List of extra volumes to add |
 | commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server |
 | commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server |
 | commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server |
 | commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server |
 | commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated |
 | commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] |
 | commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out |
 | commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server |
 | commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations |
 | commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
 | commitServer.metrics.service.labels | object | `{}` | Metrics service labels |
 | commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name |
 | commitServer.metrics.service.servicePort | int | `8087` | Metrics service port |
 | commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
 | commitServer.name | string | `"commit-server"` | Commit server name |
 | commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
 | commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods |
 | commitServer.podLabels | object | `{}` | Labels for the commit server pods |
 | commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods |
 | commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server |
 | commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated |
 | commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
 | commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. |
 | commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server |
 | commitServer.service.annotations | object | `{}` | commit server service annotations |
 | commitServer.service.labels | object | `{}` | commit server service labels |
 | commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
 | commitServer.serviceAccount.create | bool | `true` | Create commit server service account |
 | commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name |
 | commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
 | commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
 | commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
 [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
-[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom
+[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
 [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
 [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
 [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
 [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
 [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
 [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
-[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
+[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
 [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
 [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
 [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
 [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
 [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
-[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
 [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
 [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
-[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 [values.yaml]: values.yaml
 [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
 [tini]: https://github.com/argoproj/argo-cd/pull/12707
@ -1712,5 +1595,3 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
 [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
 [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer
 [Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/
 [Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md
--- a/charts/argo-cd/README.md.gotmpl
+++ b/charts/argo-cd/README.md.gotmpl
@ -190,7 +190,7 @@ server:
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/backend-protocol: HTTP
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/ssl-redirect: '443'
    aws:
      serviceType: ClusterIP # <- Used with target-type: ip
@ -278,31 +278,6 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 7.0.0
 We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
 If you used the value, please migrate like below.
 ```yaml
 # before
 configs:
  clusterCredentials:
    - mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 # after
 configs:
  clusterCredentials:
    mycluster:
      server: https://mycluster.example.com
      labels: {}
      annotations: {}
      # ...
 ```
 ### 6.10.0
 This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr.
@ -312,10 +287,10 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr
 Upstream steps in the [FAQ] are not enough, since we chose a different approach.
 (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
-Steps to rotate the secret when using the helm chart (bold step is additional to upstream):
+Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
 * Delete `argocd-redis` secret in the namespace where Argo CD is installed. 
  ```bash
-  kubectl delete secret argocd-redis -n <argocd namespace>
+  kubectl delete secret argocd-redis -n <argocd namesapce>
  ```
 * **Perform a helm upgrade**
  ```bash
@ -672,7 +647,7 @@ NAME: my-release
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
-  {{- if not (or  (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) (hasPrefix "commitServer" .Key) ) }}
+  {{- if not (or  (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) ) }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
@ -813,44 +788,30 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
  {{- end }}
 {{- end }}
 ## Commit server (Manifest Hydrator)
 The Argo CD Commit Server provides push access to git repositories for hydrated manifests.
 To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator].
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 {{- range .Values }}
  {{- if hasPrefix "commitServer" .Key }}
 | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
  {{- end }}
 {{- end }}
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
 [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
-[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom
+[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
 [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
 [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
 [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
 [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
 [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
 [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
-[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
+[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
 [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
 [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
 [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
 [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
 [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
-[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
 [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
 [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
-[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 [values.yaml]: values.yaml
 [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
 [tini]: https://github.com/argoproj/argo-cd/pull/12707
@ -859,5 +820,3 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
 [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
 [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer
 [Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/
 [Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md
--- a/charts/argo-cd/ci/with-commit-server-values.yaml
+++ b/charts/argo-cd/ci/with-commit-server-values.yaml
@ -1,3 +0,0 @@
 # Test Argo CD with optional component "commit-server"
 commitServer:
  enabled: true
--- a/charts/argo-cd/templates/NOTES.txt
+++ b/charts/argo-cd/templates/NOTES.txt
@ -1,6 +1,6 @@
 In order to access the server UI you have the following options:
-1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include  "argo-cd.namespace" . }} 8080:443
+1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
    and then open the browser on http://localhost:8080 and accept the certificate
@ -12,7 +12,7 @@ In order to access the server UI you have the following options:
 {{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}}
 After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
-kubectl -n {{ include  "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
+kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
 (You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
 {{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}
--- a/charts/argo-cd/templates/_helpers.tpl
+++ b/charts/argo-cd/templates/_helpers.tpl
@ -99,7 +99,7 @@ Create the name of the Redis secret-init service account to use
 */}}
 {{- define "argo-cd.redisSecretInit.serviceAccountName" -}}
 {{- if .Values.redisSecretInit.serviceAccount.create -}}
-    {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }}
+    {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redis.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.redisSecretInit.serviceAccount.name }}
 {{- end -}}
@ -177,31 +177,13 @@ Create the name of the notifications service account to use
 {{- end -}}
 {{- end -}}
 {{/*
 Create argocd commit-server name and version as used by the chart label.
 */}}
 {{- define "argo-cd.commitServer.fullname" -}}
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create the name of the commit-server service account to use
 */}}
 {{- define "argo-cd.commitServer.serviceAccountName" -}}
 {{- if .Values.commitServer.serviceAccount.create -}}
    {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.commitServer.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Argo Configuration Preset Values (Influenced by Values configuration)
 */}}
 {{- define "argo-cd.config.cm.presets" -}}
 {{- $presets := dict -}}
 {{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}}
-{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}}
+{{- if index .Values.configs.cm "statusbadge.enabled" | eq true -}}
 {{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}}
 {{- end -}}
 {{- if .Values.configs.styles -}}
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -36,9 +36,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -157,30 +154,6 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.self.heal.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.factor
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.cap.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.sync.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
            valueFrom:
              configMapKeyRef:
@ -235,22 +208,10 @@ spec:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                optional: true
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
@ -317,24 +278,6 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.ignore.normalizer.jq.timeout
                optional: true
          - name: ARGOCD_HYDRATOR_ENABLED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: hydrator.enabled
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.batch.events.processing
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.events.processing.interval
                optional: true
        {{- with .Values.controller.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
@ -367,8 +310,6 @@ spec:
          name: argocd-repo-server-tls
        - mountPath: /home/argocd
          name: argocd-home
        - name: argocd-cmd-params-cm
          mountPath: /home/argocd/params
      {{- with .Values.controller.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
@ -422,13 +363,6 @@ spec:
            path: tls.key
          - key: ca.crt
            path: ca.crt
      - name: argocd-cmd-params-cm
        configMap:
          optional: true
          name: argocd-cmd-params-cm
          items:
          - key: controller.profile.enabled
            path: profiler.enabled
      {{- if .Values.controller.hostNetwork }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
      {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
@ -1,9 +1,9 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.controller.metrics.rules.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- if .Values.controller.metrics.rules.selector }}
--- a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.controller.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.controller.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
    {{- with .Values.controller.metrics.serviceMonitor.selector }}
@ -34,7 +34,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.controller.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -37,9 +37,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -156,30 +153,6 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.self.heal.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.factor
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.cap.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.sync.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
            valueFrom:
              configMapKeyRef:
@ -234,22 +207,10 @@ spec:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                optional: true
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
@ -316,26 +277,6 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.ignore.normalizer.jq.timeout
                optional: true
          - name: ARGOCD_HYDRATOR_ENABLED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: hydrator.enabled
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.batch.events.processing
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.events.processing.interval
                optional: true
          - name: KUBECACHEDIR
            value: /tmp/kubecache
        {{- with .Values.controller.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
@ -368,10 +309,6 @@ spec:
          name: argocd-repo-server-tls
        - mountPath: /home/argocd
          name: argocd-home
        - name: argocd-cmd-params-cm
          mountPath: /home/argocd/params
        - name: argocd-application-controller-tmp
          mountPath: /tmp
      {{- with .Values.controller.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
@ -413,8 +350,6 @@ spec:
        {{- else }}
        emptyDir: {}
        {{- end }}
      - emptyDir: {}
        name: argocd-application-controller-tmp
      - name: argocd-repo-server-tls
        secret:
          secretName: argocd-repo-server-tls
@ -426,13 +361,6 @@ spec:
            path: tls.key
          - key: ca.crt
            path: ca.crt
      - name: argocd-cmd-params-cm
        configMap:
          optional: true
          name: argocd-cmd-params-cm
          items:
          - key: controller.profile.enabled
            path: profiler.enabled
      {{- if .Values.controller.hostNetwork }}
      hostNetwork: {{ .Values.controller.hostNetwork }}
      {{- end }}
--- a/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/certificate.yaml
@ -13,7 +13,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 spec:
-  secretName: argocd-applicationset-controller-tls
+  secretName: {{ .Values.applicationSet.certificate.secretName }}
  commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
  dnsNames:
    - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }}
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrole.yaml
@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "argo-cd.applicationSet.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 rules:
@ -34,8 +35,6 @@ rules:
    - appprojects
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ template "argo-cd.applicationSet.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
 roleRef:
--- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
@ -36,9 +36,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -151,12 +148,6 @@ spec:
                  key: applicationsetcontroller.enable.progressive.syncs
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.tokenref.strict.mode
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
              valueFrom:
                configMapKeyRef:
@ -211,18 +202,6 @@ spec:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.enable.scm.providers
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.webhook.parallelism.limit
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.requeue.after
                  name: argocd-cmd-params-cm
                  optional: true
          {{- with .Values.applicationSet.extraEnvFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
--- a/charts/argo-cd/templates/argocd-applicationset/role.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/role.yaml
@ -34,8 +34,6 @@ rules:
    - appprojects
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
--- a/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.applicationSet.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.applicationSet.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
    {{- with .Values.applicationSet.metrics.serviceMonitor.selector }}
@ -34,7 +34,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/deployment.yaml
@ -1,238 +0,0 @@
 {{- if .Values.commitServer.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.commitServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
 spec:
  {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }}
  strategy:
    {{- trim . | nindent 4 }}
  {{- end }}
  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
  template:
    metadata:
      annotations:
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
        {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.hostAliases }}
      hostAliases:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.securityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      {{- with .Values.commitServer.terminationGracePeriodSeconds }}
      terminationGracePeriodSeconds: {{ . }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }}
      containers:
      - name: {{ .Values.commitServer.name }}
        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }}
        args:
        - /usr/local/bin/argocd-commit-server
        {{- with .Values.commitServer.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        env:
          {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.listen.address
                optional: true
          - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.metrics.listen.address
                optional: true
          - name: ARGOCD_COMMIT_SERVER_LOGFORMAT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.log.format
                optional: true
          - name: ARGOCD_COMMIT_SERVER_LOGLEVEL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.log.level
                optional: true
          - name: ARGOCD_LOG_FORMAT_TIMESTAMP
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: log.format.timestamp
                optional: true
        {{- with .Values.commitServer.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        ports:
        - containerPort: 8086
          name: server
          protocol: TCP
        - containerPort: 8087
          name: metrics
          protocol: TCP
        {{- if .Values.commitServer.livenessProbe.enabled }}
        livenessProbe:
          httpGet:
            path: /healthz?full=true
            port: 8087
          initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }}
          failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }}
          timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }}
        {{- end }}
        {{- if .Values.commitServer.readinessProbe.enabled }}
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8087
          initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }}
          failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }}
          timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }}
        {{- end }}
        resources:
          {{- toYaml .Values.commitServer.resources | nindent 10 }}
        {{- with .Values.commitServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- with .Values.commitServer.lifecycle }}
        lifecycle:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        volumeMounts:
        {{- with .Values.commitServer.extraVolumeMounts }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        - name: ssh-known-hosts
          mountPath: /app/config/ssh
        - name: tls-certs
          mountPath: /app/config/tls
        - name: gpg-keys
          mountPath: /app/config/gpg/source
        - name: gpg-keyring
          mountPath: /app/config/gpg/keys
        # We need a writeable temp directory for the askpass socket file.
        - name: tmp
          mountPath: /tmp
      initContainers:
      - command:
        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
        name: copyutil
        resources:
          {{- toYaml .Values.commitServer.resources | nindent 10 }}
        {{- with .Values.commitServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
      volumes:
        {{- with .Values.commitServer.extraVolumes }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        - name: ssh-known-hosts
          configMap:
            name: argocd-ssh-known-hosts-cm
        - name: tls-certs
          configMap:
            name: argocd-tls-certs-cm
        - name: gpg-keys
          configMap:
            name: argocd-gpg-keys-cm
        - name: gpg-keyring
          emptyDir: {}
        - name: tmp
          emptyDir: {}
        - name: argocd-commit-server-tls
          secret:
            secretName: argocd-commit-server-tls
            optional: true
            items:
            - key: tls.crt
              path: tls.crt
            - key: tls.key
              path: tls.key
            - key: ca.crt
              path: ca.crt
        - emptyDir: {}
          name: var-files
      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }}
      affinity:
        {{- trim . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- range $constraint := . }}
      - {{ toYaml $constraint | nindent 8 | trim }}
        {{- if not $constraint.labelSelector }}
        labelSelector:
          matchLabels:
            {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 12 }}
        {{- end }}
        {{- end }}
      {{- end }}
      {{- if .Values.commitServer.hostNetwork }}
      hostNetwork: {{ .Values.commitServer.hostNetwork }}
      {{- end }}
      {{- with .Values.commitServer.dnsConfig }}
      dnsConfig:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.commitServer.dnsPolicy }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/metrics.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/metrics.yaml
@ -1,35 +0,0 @@
 {{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.commitServer.fullname" . }}-metrics
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }}
    {{- with .Values.commitServer.metrics.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
  annotations:
    {{- if .Values.global.addPrometheusAnnotations }}
    prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }}
    prometheus.io/scrape: "true"
    {{- end }}
    {{- range $key, $value := .Values.commitServer.metrics.service.annotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
  type: {{ .Values.commitServer.metrics.service.type }}
  {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }}
  {{- end }}
  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name:  {{ .Values.commitServer.metrics.service.portName }}
    protocol: TCP
    port: {{ .Values.commitServer.metrics.service.servicePort }}
    targetPort: 8087
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/networkpolicy.yaml
@ -1,25 +0,0 @@
 {{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ template "argo-cd.commitServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
 spec:
  podSelector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }}
      ports:
        - protocol: TCP
          port: 8086
    - from:
        - namespaceSelector: { }
      ports:
        - port: 8087
 {{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/service.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/service.yaml
@ -1,26 +0,0 @@
 {{- if .Values.commitServer.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "argo-cd.commitServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
    {{- with .Values.commitServer.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.commitServer.service.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
  ports:
  - name: server
    protocol: TCP
    port: 8086
    targetPort: 8086
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml
+++ b/charts/argo-cd/templates/argocd-commit-server/serviceaccount.yaml
@ -1,19 +0,0 @@
 {{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ include "argo-cd.commitServer.serviceAccountName" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  {{- with .Values.commitServer.serviceAccount.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
    {{- with .Values.commitServer.serviceAccount.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
@ -1,4 +1,3 @@
 {{- if .Values.configs.ssh.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@ -18,4 +17,3 @@ data:
    {{- with .Values.configs.ssh.extraHosts }}
      {{- . | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
@ -1,4 +1,3 @@
 {{- if .Values.configs.tls.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@ -16,4 +15,3 @@ metadata:
 data:
  {{- toYaml . | nindent 2 }}
 {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
+++ b/charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }}
-  namespace: {{ include  "argo-cd.namespace" $ | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
    {{- with $cluster_value.labels }}
@ -19,10 +19,7 @@ metadata:
  {{- end }}
 type: Opaque
 stringData:
-  {{- if $cluster_value.shard }}
+  name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }}
  shard: {{ $cluster_value.shard | quote }}
  {{- end }}
  name: {{ $cluster_key }}
  server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
  {{- if $cluster_value.namespaces }}
  namespaces: {{ $cluster_value.namespaces }}
--- a/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-creds-{{ $repo_cred_key }}
-  namespace: {{ include  "argo-cd.namespace" $ | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
  labels:
    argocd.argoproj.io/secret-type: repo-creds
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
+++ b/charts/argo-cd/templates/argocd-configs/repository-secret.yaml
@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-repo-{{ $repo_key }}
-  namespace: {{ include  "argo-cd.namespace" $ | quote }}
+  namespace: {{ $.Release.Namespace | quote }}
  labels:
    argocd.argoproj.io/secret-type: repository
    {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
--- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml
@ -36,9 +36,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -102,12 +99,6 @@ spec:
                  key: notificationscontroller.selfservice.enabled
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
              valueFrom:
                configMapKeyRef:
                  key: notificationscontroller.repo.server.plaintext
                  name: argocd-cmd-params-cm
                  optional: true
          {{- with .Values.notifications.extraEnvFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
@ -116,26 +107,6 @@ spec:
          - name: metrics
            containerPort: {{ .Values.notifications.containerPorts.metrics }}
            protocol: TCP
          {{- if .Values.notifications.livenessProbe.enabled }}
          livenessProbe:
            tcpSocket:
              port: metrics
            initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.notifications.readinessProbe.enabled }}
          readinessProbe:
            tcpSocket:
              port: metrics
            initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }}
          {{- end }}
          resources:
            {{- toYaml .Values.notifications.resources | nindent 12 }}
          {{- with .Values.notifications.containerSecurityContext }}
--- a/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.notifications.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.notifications.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
    {{- with .Values.notifications.metrics.serviceMonitor.selector }}
@ -41,7 +41,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }}
  namespaceSelector:
    matchNames:
      - {{ include "argo-cd.namespace" . }}
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -47,9 +47,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -187,22 +184,10 @@ spec:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                optional: true
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
@ -239,12 +224,6 @@ spec:
                name: argocd-cmd-params-cm
                key: reposerver.plugin.tar.exclusions
                optional: true
          - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS
            valueFrom:
              configMapKeyRef:
                key: reposerver.plugin.use.manifest.generate.paths
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
            valueFrom:
              configMapKeyRef:
@ -299,12 +278,6 @@ spec:
                key: reposerver.revision.cache.lock.timeout
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES
            valueFrom:
              configMapKeyRef:
                key: reposerver.include.hidden.directories
                name: argocd-cmd-params-cm
                optional: true
          {{- if .Values.repoServer.useEphemeralHelmWorkingDir }}
          - name: HELM_CACHE_HOME
            value: /helm-working-dir
@ -386,8 +359,10 @@ spec:
        image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
        name: copyutil
        {{- with .Values.repoServer.resources }}
        resources:
-          {{- toYaml .Values.repoServer.resources | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- with .Values.repoServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
--- a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.repoServer.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.repoServer.metrics.serviceMonitor.namespace | default }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
    {{- with .Values.repoServer.metrics.serviceMonitor.selector }}
@ -34,7 +34,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.repoServer.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
--- a/charts/argo-cd/templates/argocd-server/certificate.yaml
+++ b/charts/argo-cd/templates/argocd-server/certificate.yaml
@ -13,14 +13,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
 spec:
-  {{- with .Values.server.certificate.secretTemplateAnnotations }}
+  secretName: {{ .Values.server.certificate.secretName }}
  secretTemplate:
    annotations:
      {{- range $key, $value := . }}
      {{ $key }}: {{ $value | quote }}
      {{- end }}
  {{- end }} 
  secretName: argocd-server-tls
  commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }}
  dnsNames:
    - {{ .Values.server.certificate.domain | default .Values.global.domain }}
--- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml
@ -14,23 +14,25 @@ rules:
    resources:
      - '*'
    verbs:
-      - delete  # supports deletion a live object in UI
+      - delete
-      - get     # supports viewing live object manifest in UI
+      - get
-      - patch   # supports `argocd app patch`
+      - patch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
-      - list    # supports listing events in UI
+      - list
      {{- if (index .Values.configs.params "application.namespaces") }}
      - create
      {{- end }}
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/log
    verbs:
-      - get     # supports viewing pod logs from UI
+      - get
  {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }}
  - apiGroups:
      - ""
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -41,9 +41,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -255,22 +252,10 @@ spec:
                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                optional: true
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-username
                optional: true
          - name: REDIS_SENTINEL_PASSWORD
            valueFrom:
              secretKeyRef:
                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
                key: redis-sentinel-password
                optional: true
          - name: ARGOCD_DEFAULT_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
@ -343,42 +328,6 @@ spec:
                name: argocd-cmd-params-cm
                key: server.api.content.types
                optional: true
          - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: server.webhook.parallelism.limit
                optional: true
          - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
            valueFrom:
              configMapKeyRef:
                key: applicationsetcontroller.enable.new.git.file.globbing
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
            valueFrom:
              configMapKeyRef:
                key: applicationsetcontroller.scm.root.ca.path
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: applicationsetcontroller.allowed.scm.providers
                optional: true
          - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: applicationsetcontroller.enable.scm.providers
                optional: true
          - name: ARGOCD_HYDRATOR_ENABLED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: hydrator.enabled
                optional: true
        {{- with .Values.server.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
@ -401,8 +350,6 @@ spec:
          name: styles
        - mountPath: /tmp
          name: tmp
        - name: argocd-cmd-params-cm
          mountPath: /home/argocd/params
        {{- if .Values.server.extensions.enabled }}
        - mountPath: /tmp/extensions
          name: extensions
@ -551,13 +498,6 @@ spec:
            path: tls.crt
          - key: ca.crt
            path: ca.crt
      - name: argocd-cmd-params-cm
        configMap:
          optional: true
          name: argocd-cmd-params-cm
          items:
          - key: server.profile.enabled
            path: profiler.enabled
      {{- if .Values.server.hostNetwork }}
      hostNetwork: {{ .Values.server.hostNetwork }}
      {{- end }}
--- a/charts/argo-cd/templates/argocd-server/ingress.yaml
+++ b/charts/argo-cd/templates/argocd-server/ingress.yaml
@ -9,20 +9,20 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
    {{- with .Values.server.ingress.labels }}
-      {{- tpl (toYaml .) $ | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.server.ingress.annotations }}
  annotations:
    {{- range $key, $value := . }}
-    {{ $key }}: {{ tpl (toString $value) $ | quote }}
+    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
  {{- with .Values.server.ingress.ingressClassName }}
-  ingressClassName: {{ tpl . $ }}
+  ingressClassName: {{ . }}
  {{- end }}
  rules:
-    - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }}
+    - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      http:
        paths:
          {{- with .Values.server.ingress.extraPaths }}
@ -36,7 +36,7 @@ spec:
                port:
                  number: {{ $servicePort }}
    {{- range .Values.server.ingress.extraHosts }}
-    - host: {{ tpl .name $ | quote }}
+    - host: {{ .name | quote }}
      http:
        paths:
          - path: {{ default $.Values.server.ingress.path .path }}
@ -54,16 +54,16 @@ spec:
  tls:
    {{- if .Values.server.ingress.tls }}
    - hosts:
-      - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }}
+      - {{ .Values.server.ingress.hostname | default .Values.global.domain }}
      {{- range .Values.server.ingress.extraHosts }}
        {{- if .name }}
-      - {{ tpl .name $ }}
+      -  {{ .name }}
        {{- end }}
      {{- end }}
      secretName: argocd-server-tls
    {{- end }}
    {{- with .Values.server.ingress.extraTls }}
-      {{- tpl (toYaml .) $ | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- end }}
 {{- end }}
--- a/charts/argo-cd/templates/argocd-server/service.yaml
+++ b/charts/argo-cd/templates/argocd-server/service.yaml
@ -24,9 +24,6 @@ spec:
  externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }}
  {{- end }}
  {{- if eq .Values.server.service.type "LoadBalancer" }}
  {{- with .Values.server.service.loadBalancerClass }}
  loadBalancerClass: {{ . }}
  {{- end }}
  {{- with .Values.server.service.loadBalancerIP }}
  loadBalancerIP: {{ . }}
  {{- end }}
--- a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml
+++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml
@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.server.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.server.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
    {{- with .Values.server.metrics.serviceMonitor.selector }}
@ -34,7 +34,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.server.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
--- a/charts/argo-cd/templates/crds/crd-application.yaml
+++ b/charts/argo-cd/templates/crds/crd-application.yaml
--- a/charts/argo-cd/templates/crds/crd-applicationset.yaml
+++ b/charts/argo-cd/templates/crds/crd-applicationset.yaml
--- a/charts/argo-cd/templates/crds/crd-project.yaml
+++ b/charts/argo-cd/templates/crds/crd-project.yaml
@ -31,28 +31,22 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: |-
+        description: 'AppProject provides a logical grouping of applications, providing
-          AppProject provides a logical grouping of applications, providing controls for:
+          controls for: * where the apps may deploy to (cluster whitelist) * what
-          * where the apps may deploy to (cluster whitelist)
+          may be deployed (repository whitelist, resource whitelist/blacklist) * who
-          * what may be deployed (repository whitelist, resource whitelist/blacklist)
+          can access these applications (roles, OIDC group claims bindings) * and
-          * who can access these applications (roles, OIDC group claims bindings)
+          what they can do (RBAC policies) * automation access to these roles (JWT
-          * and what they can do (RBAC policies)
+          tokens)'
          * automation access to these roles (JWT tokens)
        properties:
          apiVersion:
-            description: |-
+            description: 'APIVersion defines the versioned schema of this representation
-              APIVersion defines the versioned schema of this representation of an object.
+              of an object. Servers should convert recognized schemas to the latest
-              Servers should convert recognized schemas to the latest internal value, and
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: |-
+            description: 'Kind is a string value representing the REST resource this
-              Kind is a string value representing the REST resource this object represents.
+              object represents. Servers may infer this from the endpoint the client
-              Servers may infer this from the endpoint the client submits requests to.
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@ -63,9 +57,9 @@ spec:
                description: ClusterResourceBlacklist contains list of blacklisted
                  cluster level resources
                items:
-                  description: |-
+                  description: GroupKind specifies a Group and a Kind, but does not
-                    GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying
+                    force a version.  This is useful for identifying concepts during
-                    concepts during lookup stages without having partially valid types
+                    lookup stages without having partially valid types
                  properties:
                    group:
                      type: string
@ -80,9 +74,9 @@ spec:
                description: ClusterResourceWhitelist contains list of whitelisted
                  cluster level resources
                items:
-                  description: |-
+                  description: GroupKind specifies a Group and a Kind, but does not
-                    GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying
+                    force a version.  This is useful for identifying concepts during
-                    concepts during lookup stages without having partially valid types
+                    lookup stages without having partially valid types
                  properties:
                    group:
                      type: string
@ -96,32 +90,6 @@ spec:
              description:
                description: Description contains optional project description
                type: string
              destinationServiceAccounts:
                description: DestinationServiceAccounts holds information about the
                  service accounts to be impersonated for the application sync operation
                  for each destination.
                items:
                  description: ApplicationDestinationServiceAccount holds information
                    about the service account to be impersonated for the application
                    sync operation.
                  properties:
                    defaultServiceAccount:
                      description: DefaultServiceAccount to be used for impersonation
                        during the sync operation
                      type: string
                    namespace:
                      description: Namespace specifies the target namespace for the
                        application's resources.
                      type: string
                    server:
                      description: Server specifies the URL of the target cluster's
                        Kubernetes control plane API.
                      type: string
                  required:
                  - defaultServiceAccount
                  - server
                  type: object
                type: array
              destinations:
                description: Destinations contains list of destinations available
                  for deployment
@ -135,9 +103,9 @@ spec:
                        not set.
                      type: string
                    namespace:
-                      description: |-
+                      description: Namespace specifies the target namespace for the
-                        Namespace specifies the target namespace for the application's resources.
+                        application's resources. The namespace will only be set for
-                        The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
+                        namespace-scoped resources that have not set a value for .metadata.namespace
                      type: string
                    server:
                      description: Server specifies the URL of the target cluster's
@ -150,9 +118,9 @@ spec:
                description: NamespaceResourceBlacklist contains list of blacklisted
                  namespace level resources
                items:
-                  description: |-
+                  description: GroupKind specifies a Group and a Kind, but does not
-                    GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying
+                    force a version.  This is useful for identifying concepts during
-                    concepts during lookup stages without having partially valid types
+                    lookup stages without having partially valid types
                  properties:
                    group:
                      type: string
@ -167,9 +135,9 @@ spec:
                description: NamespaceResourceWhitelist contains list of whitelisted
                  namespace level resources
                items:
-                  description: |-
+                  description: GroupKind specifies a Group and a Kind, but does not
-                    GroupKind specifies a Group and a Kind, but does not force a version.  This is useful for identifying
+                    force a version.  This is useful for identifying concepts during
-                    concepts during lookup stages without having partially valid types
+                    lookup stages without having partially valid types
                  properties:
                    group:
                      type: string
--- a/charts/argo-cd/templates/dex/deployment.yaml
+++ b/charts/argo-cd/templates/dex/deployment.yaml
@ -43,9 +43,6 @@ spec:
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
@ -83,18 +80,6 @@ spec:
          {{- with (concat .Values.global.env .Values.dex.env) }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - name: ARGOCD_DEX_SERVER_LOGFORMAT
            valueFrom:
              configMapKeyRef:
                key: dexserver.log.format
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_DEX_SERVER_LOGLEVEL
            valueFrom:
              configMapKeyRef:
                key: dexserver.log.level
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_DEX_SERVER_DISABLE_TLS
            valueFrom:
              configMapKeyRef:
--- a/charts/argo-cd/templates/dex/servicemonitor.yaml
+++ b/charts/argo-cd/templates/dex/servicemonitor.yaml
@ -1,9 +1,9 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }}
+{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.dex.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.dex.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
    {{- with .Values.dex.metrics.serviceMonitor.selector }}
@ -31,7 +31,6 @@ spec:
      metricRelabelings:
        {{- toYaml . |nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.dex.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
--- a/charts/argo-cd/templates/redis-secret-init/job.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/job.yaml
@ -3,7 +3,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation
@ -13,7 +13,6 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
 spec:
  ttlSecondsAfterFinished: 60
  template:
    metadata:
      labels:
@ -28,9 +27,9 @@ spec:
        {{- end }}
      {{- end }}
    spec:
-      {{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }}
+      {{- with .Values.global.imagePullSecrets }}
      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
+        {{ toYaml . | nindent 8 }}
      {{- end }}
      containers:
      - command:
@ -54,10 +53,6 @@ spec:
      priorityClassName: {{ . }}
      {{- end }}
      restartPolicy: OnFailure
      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }}
      affinity:
        {{- trim . | nindent 8 }}
      {{- end }}
      {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
--- a/charts/argo-cd/templates/redis-secret-init/role.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/role.yaml
@ -8,7 +8,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
 rules:
  - apiGroups:
      - ""
--- a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
@ -8,7 +8,7 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }}
  name: {{ include "argo-cd.redisSecretInit.fullname" . }}
-  namespace: {{ include  "argo-cd.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
--- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
@ -1,10 +1,10 @@
-{{- if and .Values.redisSecretInit.enabled .Values.redisSecretInit.serviceAccount.create (not .Values.externalRedis.host) }}
+{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }}
-  namespace: {{ include  "argo-cd.namespace" . | quote }}
+  namespace: {{ .Release.Namespace | quote }}
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-delete-policy": before-hook-creation
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@ -33,9 +33,6 @@ spec:
        {{- end }}
      {{- end }}
    spec:
      {{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
--- a/charts/argo-cd/templates/redis/servicemonitor.yaml
+++ b/charts/argo-cd/templates/redis/servicemonitor.yaml
@ -4,7 +4,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ template "argo-cd.redis.fullname" . }}
-  namespace: {{ default (include  "argo-cd.namespace" .) .Values.redis.metrics.serviceMonitor.namespace | quote }}
+  namespace: {{ default .Release.Namespace .Values.redis.metrics.serviceMonitor.namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
    {{- with .Values.redis.metrics.serviceMonitor.selector }}
@ -32,7 +32,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.redis.metrics.serviceMonitor.honorLabels }}
      {{- with .Values.redis.metrics.serviceMonitor.scheme }}
      scheme: {{ . }}
      {{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -44,9 +44,6 @@ global:
  ## Used for ingresses, certificates, SSO, notifications, etc.
  domain: argocd.example.com
  # -- Runtime class name for all components
  runtimeClassName: ""
  # -- Common labels for the all resources
  additionalLabels: {}
    # app: argo-cd
@ -119,8 +116,7 @@ global:
  priorityClassName: ""
  # -- Default node selector for all components
-  nodeSelector:
+  nodeSelector: {}
    kubernetes.io/os: linux
  # -- Default tolerations for all components
  tolerations: []
@ -142,7 +138,7 @@ global:
        #    - antarctica-west1
  # -- Default [TopologySpreadConstraints] rules for all components
-  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector of the component
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -176,10 +172,6 @@ configs:
    # -- The name of tracking label used by Argo CD for resource pruning
    application.instanceLabelKey: argocd.argoproj.io/instance
    # -- Enable control of the service account used for the sync operation (alpha)
    ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/
    application.sync.impersonation.enabled: false
    # -- Enable logs RBAC enforcement
    ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement
    server.rbac.log.enforce.enable: false
@ -233,25 +225,6 @@ configs:
    #     - profile
    #     - email
    # Extension Configuration
    ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/
    # extension.config: |
    #   extensions:
    #   - name: httpbin
    #     backend:
    #       connectionTimeout: 2s
    #       keepAlive: 15s
    #       idleConnectionTimeout: 60s
    #       maxIdleConnections: 30
    #       services:
    #       - url: http://httpbin.org
    #         headers:
    #         - name: some-header
    #           value: '$some.argocd.secret.key'
    #         cluster:
    #           name: some-cluster
    #           server: https://some-cluster
  # Argo CD configuration parameters
  ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
  params:
@ -290,8 +263,6 @@ configs:
    server.disable.auth: false
    # -- Enable GZIP compression
    server.enable.gzip: true
    # -- Enable proxy extension feature. (proxy extension is in Alpha phase)
    server.enable.proxy.extension: false
    # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "".
    server.x.frame.options: sameorigin
@ -304,10 +275,6 @@ configs:
    applicationsetcontroller.policy: sync
    # -- Enables use of the Progressive Syncs capability
    applicationsetcontroller.enable.progressive.syncs: false
    # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`)
    # @default -- `""` (default is only the ns where the controller is installed)
    ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/
    applicationsetcontroller.namespaces: ""
    # -- Enables [Applications in any namespace]
    ## List of additional namespaces where applications may be created in and reconciled from.
@ -376,9 +343,6 @@ configs:
  # SSH known hosts for Git repositories
  ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
  ssh:
    # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
    create: true
    # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
    annotations: {}
@ -417,9 +381,6 @@ configs:
      #   ...
      #   -----END CERTIFICATE-----
    # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
    create: true
  # ConfigMap for Config Management Plugins
  # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
  cmp:
@ -500,16 +461,6 @@ configs:
    #     tlsClientConfig:
    #       insecure: false
    #       caData: "<base64 encoded certificate>"
    # mycluster4-sharded:
    #   shard: 1
    #   server: https://mycluster4.example.com
    #   labels: {}
    #   annotations: {}
    #   config:
    #     bearerToken: "<authentication token>"
    #     tlsClientConfig:
    #       insecure: false
    #       caData: "<base64 encoded certificate>"
  # -- Repository credentials to be used as Templates for other repos
  ## Creates a secret for each key/value specified below to create repository credentials
@ -658,10 +609,6 @@ controller:
  ## like round-robin, then the shards will be well-balanced.
  dynamicClusterDistribution: false
  # -- Runtime class name for the application controller
  # @default -- `""` (defaults to global.runtimeClassName)
  runtimeClassName: ""
  # -- Application controller heartbeat time
  # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
  heartbeatTime: 10
@ -800,7 +747,7 @@ controller:
      - ALL
  # Readiness probe for application controller
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
  readinessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
@ -834,7 +781,7 @@ controller:
  # -- Assign custom [TopologySpreadConstraints] rules to the application controller
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -885,8 +832,6 @@ controller:
      enabled: false
      # -- Prometheus ServiceMonitor interval
      interval: 30s
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -964,10 +909,6 @@ dex:
  # -- Additional command line arguments to pass to the Dex server
  extraArgs: []
  # -- Runtime class name for Dex
  # @default -- `""` (defaults to global.runtimeClassName)
  runtimeClassName: ""
  metrics:
    # -- Deploy metrics service
    enabled: false
@ -983,8 +924,6 @@ dex:
      enabled: false
      # -- Prometheus ServiceMonitor interval
      interval: 30s
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -1025,7 +964,7 @@ dex:
    # -- Dex image repository
    repository: ghcr.io/dexidp/dex
    # -- Dex image tag
-    tag: v2.42.0
+    tag: v2.38.0
    # -- Dex imagePullPolicy
    # @default -- `""` (defaults to global.image.imagePullPolicy)
    imagePullPolicy: ""
@ -1236,7 +1175,7 @@ dex:
  # -- Assign custom [TopologySpreadConstraints] rules to dex
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -1264,10 +1203,6 @@ redis:
  # -- Redis name
  name: redis
  # -- Runtime class name for redis
  # @default -- `""` (defaults to global.runtimeClassName)
  runtimeClassName: ""
  ## Redis Pod Disruption Budget
  ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
  pdb:
@ -1289,7 +1224,7 @@ redis:
    # -- Redis repository
    repository: public.ecr.aws/docker/library/redis
    # -- Redis tag
-    tag: 7.4.2-alpine
+    tag: 7.2.4-alpine
    # -- Redis image pull policy
    # @default -- `""` (defaults to global.image.imagePullPolicy)
    imagePullPolicy: ""
@ -1305,7 +1240,7 @@ redis:
      # -- Repository to use for the redis-exporter
      repository: public.ecr.aws/bitnami/redis-exporter
      # -- Tag to use for the redis-exporter
-      tag: 1.67.0
+      tag: 1.58.0
      # -- Image pull policy for the redis-exporter
      # @default -- `""` (defaults to global.image.imagePullPolicy)
      imagePullPolicy: ""
@ -1323,7 +1258,7 @@ redis:
        - ALL
    ## Probes for Redis exporter (optional)
-    ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+    ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
    readinessProbe:
      # -- Enable Kubernetes liveness probe for Redis exporter (optional)
      enabled: false
@ -1381,7 +1316,7 @@ redis:
  #     name: secret-name
  ## Probes for Redis server (optional)
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
  readinessProbe:
    # -- Enable Kubernetes liveness probe for Redis server
    enabled: false
@ -1491,7 +1426,7 @@ redis:
  # -- Assign custom [TopologySpreadConstraints] rules to redis
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -1544,8 +1479,6 @@ redis:
      enabled: false
      # -- Interval at which metrics should be scraped
      interval: 30s
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -1575,7 +1508,7 @@ redis-ha:
    # -- Redis repository
    repository: public.ecr.aws/docker/library/redis
    # -- Redis tag
-    tag: 7.4.2-alpine
+    tag: 7.2.4-alpine
  ## Prometheus redis-exporter sidecar
  exporter:
    # -- Enable Prometheus redis-exporter sidecar
@ -1640,7 +1573,7 @@ redis-ha:
  tolerations: []
  # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
-  ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  topologySpreadConstraints:
    # -- Enable Redis HA topology spread constraints
    enabled: false
@ -1668,7 +1601,7 @@ externalRedis:
  password: ""
  # -- External Redis server port
  port: 6379
-  # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials.
+  # -- The name of an existing secret with Redis credentials (must contain key `redis-password`).
  # When it's set, the `externalRedis.password` parameter is ignored
  existingSecret: ""
  # -- External Redis Secret annotations
@ -1742,9 +1675,6 @@ redisSecretInit:
  # @default -- `""` (defaults to global.priorityClassName)
  priorityClassName: ""
  # -- Assign custom [affinity] rules to the Redis secret-init Job
  affinity: {}
  # -- Node selector to be added to the Redis secret-init Job
  # @default -- `{}` (defaults to global.nodeSelector)
  nodeSelector: {}
@ -1761,10 +1691,6 @@ server:
  # -- The number of server pods to run
  replicas: 1
  # -- Runtime class name for the Argo CD server
  # @default -- `""` (defaults to global.runtimeClassName)
  runtimeClassName: ""
  ## Argo CD server Horizontal Pod Autoscaler
  autoscaling:
    # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server
@ -1858,7 +1784,7 @@ server:
      # -- Repository to use for extension installer image
      repository: "quay.io/argoprojlabs/argocd-extension-installer"
      # -- Tag to use for extension installer image
-      tag: "v0.0.8"
+      tag: "v0.0.5"
      # -- Image pull policy for extensions
      # @default -- `""` (defaults to global.image.imagePullPolicy)
      imagePullPolicy: ""
@ -1999,7 +1925,7 @@ server:
      - ALL
  ## Readiness and liveness probes for default backend
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
  readinessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
@ -2045,7 +1971,7 @@ server:
  # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -2064,6 +1990,8 @@ server:
  certificate:
    # -- Deploy a Certificate resource (requires cert-manager)
    enabled: false
    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
    secretName: argocd-server-tls
    # -- Certificate primary domain (commonName)
    # @default -- `""` (defaults to global.domain)
    domain: ""
@ -2101,8 +2029,6 @@ server:
    # -- Usages for the certificate
    ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
    usages: []
    # -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
    secretTemplateAnnotations: {}
  # TLS certificate configuration via Secret
  ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
@ -2141,13 +2067,10 @@ server:
    # -- Server service https port appProtocol
    ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
    servicePortHttpsAppProtocol: ""
    # -- The class of the load balancer implementation
    loadBalancerClass: ""
    # -- LoadBalancer will get created with the IP specified in this field
    loadBalancerIP: ""
    # -- Source IP ranges to allow access to service from
-    ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer
+    ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
    ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb
    loadBalancerSourceRanges: []
    # -- Server service external IPs
    externalIPs: []
@ -2182,8 +2105,6 @@ server:
      interval: 30s
      # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
      scrapeTimeout: ""
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -2431,10 +2352,6 @@ repoServer:
  # -- The number of repo server pods to run
  replicas: 1
  # -- Runtime class name for the repo server
  # @default -- `""` (defaults to global.runtimeClassName)
  runtimeClassName: ""
  ## Repo server Horizontal Pod Autoscaler
  autoscaling:
    # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server
@ -2647,7 +2564,7 @@ repoServer:
      - ALL
  ## Readiness and liveness probes for default backend
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
  readinessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
@ -2689,7 +2606,7 @@ repoServer:
  # -- Assign custom [TopologySpreadConstraints] rules to the repo server
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -2759,8 +2676,6 @@ repoServer:
      interval: 30s
      # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
      scrapeTimeout: ""
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -2825,10 +2740,6 @@ applicationSet:
  # -- The number of ApplicationSet controller pods to run
  replicas: 1
  # -- Runtime class name for the ApplicationSet controller
  # @default -- `""` (defaults to global.runtimeClassName)
  runtimeClassName: ""
  ## ApplicationSet controller Pod Disruption Budget
  ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
  pdb:
@ -2922,8 +2833,6 @@ applicationSet:
      interval: 30s
      # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
      scrapeTimeout: ""
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -3016,7 +2925,7 @@ applicationSet:
      - ALL
  ## Probes for ApplicationSet controller (optional)
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
  readinessProbe:
    # -- Enable Kubernetes liveness probe for ApplicationSet controller
    enabled: false
@ -3085,6 +2994,8 @@ applicationSet:
  certificate:
    # -- Deploy a Certificate resource (requires cert-manager)
    enabled: false
    # -- The name of the Secret that will be automatically created and managed by this Certificate resource
    secretName: argocd-applicationset-controller-tls
    # -- Certificate primary domain (commonName)
    # @default -- `""` (defaults to global.domain)
    domain: ""
@ -3198,10 +3109,6 @@ notifications:
  # @default -- `""` (defaults to https://`global.domain`)
  argocdUrl: ""
  # -- Runtime class name for the notifications controller
  # @default -- `""` (defaults to global.runtimeClassName)
  runtimeClassName: ""
  ## Notifications controller Pod Disruption Budget
  ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
  pdb:
@ -3338,8 +3245,6 @@ notifications:
      scheme: ""
      # -- Prometheus ServiceMonitor tlsConfig
      tlsConfig: {}
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
@ -3392,36 +3297,6 @@ notifications:
      drop:
      - ALL
  ## Probes for notifications controller Pods (optional)
  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Enable Kubernetes liveness probe for notifications controller Pods
    enabled: false
    # -- Number of seconds after the container has started before [probe] is initiated
    initialDelaySeconds: 10
    # -- How often (in seconds) to perform the [probe]
    periodSeconds: 10
    # -- Number of seconds after which the [probe] times out
    timeoutSeconds: 1
    # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
    successThreshold: 1
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
  livenessProbe:
    # -- Enable Kubernetes liveness probe for notifications controller Pods
    enabled: false
    # -- Number of seconds after the container has started before [probe] is initiated
    initialDelaySeconds: 10
    # -- How often (in seconds) to perform the [probe]
    periodSeconds: 10
    # -- Number of seconds after which the [probe] times out
    timeoutSeconds: 1
    # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
    successThreshold: 1
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
  # -- terminationGracePeriodSeconds for container lifecycle hook
  terminationGracePeriodSeconds: 30
@ -3439,7 +3314,7 @@ notifications:
  # -- Assign custom [TopologySpreadConstraints] rules to the application controller
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -3750,183 +3625,3 @@ notifications:
    # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
    # defaultTriggers: |
    #   - on-sync-status-unknown
 commitServer:
  # -- Enable commit server
  enabled: false
  # -- Commit server name
  name: commit-server
  # -- Runtime class name for the commit server
  # @default -- `""` (defaults to global.runtimeClassName)
  runtimeClassName: ""
  ## commit server controller image
  image:
    # -- Repository to use for the commit server
    # @default -- `""` (defaults to global.image.repository)
    repository: ""
    # -- Tag to use for the commit server
    # @default -- `""` (defaults to global.image.tag)
    tag: ""
    # -- Image pull policy for the commit server
    # @default -- `""` (defaults to global.image.imagePullPolicy)
    imagePullPolicy: ""
  # -- commit server command line flags
  extraArgs: []
  # -- Environment variables to pass to the commit server
  extraEnv: []
    # - name: "MY_VAR"
    #   value: "value"
  # -- envFrom to pass to the commit server
  # @default -- `[]` (See [values.yaml])
  extraEnvFrom: []
    # - configMapRef:
    #     name: config-map-name
    # - secretRef:
    #     name: secret-name
  # -- List of extra mounts to add (normally used with extraVolumes)
  extraVolumeMounts: []
  # -- List of extra volumes to add
  extraVolumes: []
  metrics:
    # -- Enables prometheus metrics server
    enabled: false
    service:
      # -- Metrics service type
      type: ClusterIP
      # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
      clusterIP: ""
      # -- Metrics service annotations
      annotations: {}
      # -- Metrics service labels
      labels: {}
      # -- Metrics service port
      servicePort: 8087
      # -- Metrics service port name
      portName: metrics
  ## commit server service configuration
  service:
    # -- commit server service annotations
    annotations: {}
    # -- commit server service labels
    labels: {}
  # -- Automount API credentials for the Service Account into the pod.
  automountServiceAccountToken: false
  serviceAccount:
    # -- Create commit server service account
    create: true
    # -- commit server service account name
    name: argocd-commit-server
    # -- Annotations applied to created service account
    annotations: {}
    # -- Labels applied to created service account
    labels: {}
    # -- Automount API credentials for the Service Account
    automountServiceAccountToken: true
  # -- Annotations to be added to commit server Deployment
  deploymentAnnotations: {}
  # -- Annotations for the commit server pods
  podAnnotations: {}
  # -- Labels for the commit server pods
  podLabels: {}
  # -- Resource limits and requests for the commit server pods.
  resources: {}
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi
  # -- [DNS configuration]
  dnsConfig: {}
  # -- Alternative DNS policy for commit server pods
  dnsPolicy: "ClusterFirst"
  # -- commit server container-level security context
  # @default -- See [values.yaml]
  containerSecurityContext:
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - ALL
    seccompProfile:
      type: RuntimeDefault
  ## Probes for commit server (optional)
  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Enable Kubernetes liveness probe for commit server
    enabled: true
    # -- Number of seconds after the container has started before [probe] is initiated
    initialDelaySeconds: 5
    # -- How often (in seconds) to perform the [probe]
    periodSeconds: 10
    # -- Number of seconds after which the [probe] times out
    timeoutSeconds: 1
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
  livenessProbe:
    # -- Enable Kubernetes liveness probe for commit server
    enabled: true
    # -- Number of seconds after the container has started before [probe] is initiated
    initialDelaySeconds: 30
    # -- How often (in seconds) to perform the [probe]
    periodSeconds: 30
    # -- Number of seconds after which the [probe] times out
    timeoutSeconds: 5
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
  # -- terminationGracePeriodSeconds for container lifecycle hook
  terminationGracePeriodSeconds: 30
  # -- [Node selector]
  # @default -- `{}` (defaults to global.nodeSelector)
  nodeSelector: {}
  # -- [Tolerations] for use with node taints
  # @default -- `[]` (defaults to global.tolerations)
  tolerations: []
  # -- Assign custom [affinity] rules
  # @default -- `{}` (defaults to global.affinity preset)
  affinity: {}
  # -- Assign custom [TopologySpreadConstraints] rules to the commit server
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
    #   topologyKey: topology.kubernetes.io/zone
    #   whenUnsatisfiable: DoNotSchedule
  # -- Deployment strategy to be added to the commit server Deployment
  deploymentStrategy: {}
    # type: RollingUpdate
    # rollingUpdate:
    #   maxSurge: 25%
    #   maxUnavailable: 25%
  # -- Priority class for the commit server pods
  # @default -- `""` (defaults to global.priorityClassName)
  priorityClassName: ""
--- a/charts/argo-events/Chart.yaml
+++ b/charts/argo-events/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v1.9.5
+appVersion: v1.9.1
 description: A Helm chart for Argo Events, the event-driven workflow automation framework
 name: argo-events
-version: 2.4.13
+version: 2.4.5
 home: https://github.com/argoproj/argo-helm
 icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
 keywords:
@ -18,5 +18,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: changed
+    - kind: fixed
-      description: Bump argo-events to v1.9.5
+      description: Support additional labels
--- a/charts/argo-events/README.md
+++ b/charts/argo-events/README.md
@ -60,58 +60,16 @@ done
 |-----|------|---------|-------------|
 | configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) |
 | configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) |
 | configs.jetstream.streamConfig.discard | int | `0` | 0: DiscardOld, 1: DiscardNew |
 | configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment |
 | configs.jetstream.streamConfig.maxAge | string | `"72h"` | Maximum age of existing messages, i.e. “72h”, “4h35m” |
 | configs.jetstream.streamConfig.maxBytes | string | `"1GB"` |  |
 | configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message |
 | configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 |
-| configs.jetstream.streamConfig.retention | int | `0` | 0: Limits, 1: Interest, 2: WorkQueue |
+| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:latest"` |  |
-| configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` |  |
+| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:latest"` |  |
-| configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` |  |
+| configs.jetstream.versions[0].natsImage | string | `"nats:latest"` |  |
 | configs.jetstream.versions[0].natsImage | string | `"nats:2.10.10"` |  |
 | configs.jetstream.versions[0].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[0].version | string | `"latest"` |  |
 | configs.jetstream.versions[1].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[1].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[1].natsImage | string | `"nats:2.8.1"` |  |
 | configs.jetstream.versions[1].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[1].version | string | `"2.8.1"` |  |
 | configs.jetstream.versions[2].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[2].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[2].natsImage | string | `"nats:2.8.1-alpine"` |  |
 | configs.jetstream.versions[2].startCommand | string | `"nats-server"` |  |
 | configs.jetstream.versions[2].version | string | `"2.8.1-alpine"` |  |
 | configs.jetstream.versions[3].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[3].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[3].natsImage | string | `"nats:2.8.2"` |  |
 | configs.jetstream.versions[3].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[3].version | string | `"2.8.2"` |  |
 | configs.jetstream.versions[4].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[4].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[4].natsImage | string | `"nats:2.8.2-alpine"` |  |
 | configs.jetstream.versions[4].startCommand | string | `"nats-server"` |  |
 | configs.jetstream.versions[4].version | string | `"2.8.2-alpine"` |  |
 | configs.jetstream.versions[5].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[5].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[5].natsImage | string | `"nats:2.9.1"` |  |
 | configs.jetstream.versions[5].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[5].version | string | `"2.9.1"` |  |
 | configs.jetstream.versions[6].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[6].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[6].natsImage | string | `"nats:2.9.12"` |  |
 | configs.jetstream.versions[6].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[6].version | string | `"2.9.12"` |  |
 | configs.jetstream.versions[7].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.7.0"` |  |
 | configs.jetstream.versions[7].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.9.1"` |  |
 | configs.jetstream.versions[7].natsImage | string | `"nats:2.9.16"` |  |
 | configs.jetstream.versions[7].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[7].version | string | `"2.9.16"` |  |
 | configs.jetstream.versions[8].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.0"` |  |
 | configs.jetstream.versions[8].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.14.0"` |  |
 | configs.jetstream.versions[8].natsImage | string | `"nats:2.10.10"` |  |
 | configs.jetstream.versions[8].startCommand | string | `"/nats-server"` |  |
 | configs.jetstream.versions[8].version | string | `"2.10.10"` |  |
 | configs.nats.versions | list | See [values.yaml] | Supported versions of NATS event bus |
 | crds.annotations | object | `{}` | Annotations to be added to all CRDs |
 | crds.install | bool | `true` | Install and upgrade CRDs |
@ -234,9 +192,9 @@ done
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
-[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
 [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 [values.yaml]: values.yaml
--- a/charts/argo-events/README.md.gotmpl
+++ b/charts/argo-events/README.md.gotmpl
@ -89,9 +89,9 @@ done
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
-[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
 [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
 [values.yaml]: values.yaml
--- a/charts/argo-events/templates/argo-events-controller/config.yaml
+++ b/charts/argo-events/templates/argo-events-controller/config.yaml
@ -32,8 +32,6 @@ data:
          maxBytes: {{ .Values.configs.jetstream.streamConfig.maxBytes }}
          replicas: {{ .Values.configs.jetstream.streamConfig.replicas }}
          duplicates: {{ .Values.configs.jetstream.streamConfig.duplicates }}
          retention: {{ .Values.configs.jetstream.streamConfig.retention }}
          discard: {{ .Values.configs.jetstream.streamConfig.discard }}
        versions:
        {{- range .Values.configs.jetstream.versions }}
        - version: {{ .version }}
--- a/charts/argo-events/templates/argo-events-controller/deployment.yaml
+++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml
@ -108,10 +108,6 @@ spec:
      {{- with .Values.controller.extraContainers }}
        {{- toYaml . | nindent 6 }}
      {{- end -}}
      {{- with .Values.controller.initContainers }}
      initContainers:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.controller.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
--- a/charts/argo-events/templates/argo-events-webhook/service.yaml
+++ b/charts/argo-events/templates/argo-events-webhook/service.yaml
@ -8,7 +8,7 @@ metadata:
    {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }}
 spec:
  ports:
-  - port: {{ int .Values.webhook.port }}
+  - port: 443
    targetPort: webhook
  selector:
    {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }}
--- a/charts/argo-events/values.yaml
+++ b/charts/argo-events/values.yaml
@ -94,56 +94,12 @@ configs:
      replicas: 3
      # -- Not documented at the moment
      duplicates: 300s
      # -- 0: Limits, 1: Interest, 2: WorkQueue
      retention: 0
      # -- 0: DiscardOld, 1: DiscardNew
      discard: 0
    # Supported versions of JetStream eventbus
    versions:
-      - version: latest
+      - version: "latest"
-        natsImage: nats:2.10.10
+        natsImage: nats:latest
-        metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
+        metricsExporterImage: natsio/prometheus-nats-exporter:latest
-        configReloaderImage: natsio/nats-server-config-reloader:0.14.0
+        configReloaderImage: natsio/nats-server-config-reloader:latest
        startCommand: /nats-server
      - version: 2.8.1
        natsImage: nats:2.8.1
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.8.1-alpine
        natsImage: nats:2.8.1-alpine
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: nats-server
      - version: 2.8.2
        natsImage: nats:2.8.2
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.8.2-alpine
        natsImage: nats:2.8.2-alpine
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: nats-server
      - version: 2.9.1
        natsImage: nats:2.9.1
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.9.12
        natsImage: nats:2.9.12
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.9.16
        natsImage: nats:2.9.16
        metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1
        configReloaderImage: natsio/nats-server-config-reloader:0.7.0
        startCommand: /nats-server
      - version: 2.10.10
        natsImage: nats:2.10.10
        metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
        configReloaderImage: natsio/nats-server-config-reloader:0.14.0
        startCommand: /nats-server
 # -- Array of extra K8s manifests to deploy
@ -243,7 +199,7 @@ controller:
    # runAsNonRoot: true
  ## Readiness and liveness probes for default backend
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
  readinessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
@ -281,7 +237,7 @@ controller:
  affinity: {}
  # -- Assign custom [TopologySpreadConstraints] rules to the events controller
-  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
  # - maxSkew: 1
@ -409,7 +365,7 @@ webhook:
    # runAsNonRoot: true
  ## Readiness and liveness probes for default backend
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
  readinessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
@ -447,7 +403,7 @@ webhook:
  affinity: {}
  # -- Assign custom [TopologySpreadConstraints] rules to the event controller
-  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
  # - maxSkew: 1
--- a/charts/argo-rollouts/Chart.yaml
+++ b/charts/argo-rollouts/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v1.8.0
+appVersion: v1.7.0
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 2.39.0
+version: 2.36.0
 home: https://github.com/argoproj/argo-helm
 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
 keywords:
@ -19,4 +19,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: changed
-      description: Bump argo-rollouts to v1.8.0
+      description: Bump argo-rollouts to v1.7.0
--- a/charts/argo-rollouts/README.md
+++ b/charts/argo-rollouts/README.md
@ -57,12 +57,9 @@ For full list of changes please check ArtifactHub [changelog].
 | keepCRDs | bool | `true` | Keep CRD's on helm uninstall |
 | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
 | nameOverride | string | `nil` | String to partially override "argo-rollouts.fullname" template |
 | notifications.configmap.create | bool | `true` | Whether to create notifications configmap |
 | notifications.notifiers | object | `{}` | Configures notification services |
-| notifications.secret.annotations | object | `{}` | Annotations to be added to the notifications secret |
+| notifications.secret.create | bool | `false` | Whether to create notifications secret |
 | notifications.secret.create | bool | `false` | Whether to create notifications secret. |
 | notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the notifications secret |
 | notifications.subscriptions | list | `[]` | The subscriptions define the subscriptions to the triggers in a general way for all rollouts |
 | notifications.templates | object | `{}` | Notification templates |
 | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
 | providerRBAC.additionalRules | list | `[]` | Additional RBAC rules for others providers |
@ -82,7 +79,7 @@ For full list of changes please check ArtifactHub [changelog].
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context to set on container level |
+| containerSecurityContext | object | `{}` | Security Context to set on container level |
 | controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment |
 | controller.component | string | `"rollouts-controller"` | Value of label `app.kubernetes.io/component` |
 | controller.containerPorts.healthz | int | `8080` | Healthz container port |
@ -98,12 +95,11 @@ For full list of changes please check ArtifactHub [changelog].
 | controller.image.repository | string | `"argoproj/argo-rollouts"` | Repository to use |
 | controller.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) |
 | controller.initContainers | list | `[]` | Init containers to add to the rollouts controller pod |
 | controller.lifecycle | object | `{}` | Specify lifecycle hooks for the  controller |
 | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
 | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
 | controller.logging.kloglevel | string | `"0"` | Set the klog logging level |
 | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
-| controller.metricProviderPlugins | list | `[]` | Configures 3rd party metric providers for controller |
+| controller.metricProviderPlugins | object | `{}` | Configures 3rd party metric providers for controller |
 | controller.metrics.enabled | bool | `false` | Deploy metrics service |
 | controller.metrics.service.annotations | object | `{}` | Service annotations |
 | controller.metrics.service.port | int | `8090` | Metrics service port |
@ -126,10 +122,9 @@ For full list of changes please check ArtifactHub [changelog].
 | controller.readinessProbe | object | See [values.yaml] | Configure readiness [probe] for the controller |
 | controller.replicas | int | `2` | The number of controller pods to run |
 | controller.resources | object | `{}` | Resource limits and requests for the controller pods. |
 | controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
 | controller.tolerations | list | `[]` | [Tolerations] for use with node taints |
 | controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the controller |
-| controller.trafficRouterPlugins | list | `[]` | Configures 3rd party traffic router plugins for controller |
+| controller.trafficRouterPlugins | object | `{}` | Configures 3rd party traffic router plugins for controller |
 | controller.volumeMounts | list | `[]` | Additional volumeMounts to add to the controller container |
 | controller.volumes | list | `[]` | Additional volumes to add to the controller pod |
 | podAnnotations | object | `{}` | Annotations for the all deployed pods |
@ -184,7 +179,6 @@ For full list of changes please check ArtifactHub [changelog].
 | dashboard.service.annotations | object | `{}` | Service annotations |
 | dashboard.service.externalIPs | list | `[]` | Dashboard service external IPs |
 | dashboard.service.labels | object | `{}` | Service labels |
 | dashboard.service.loadBalancerClass | string | `""` | The class of the load balancer implementation |
 | dashboard.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field |
 | dashboard.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from |
 | dashboard.service.nodePort | int | `nil` | Service nodePort |
--- a/charts/argo-rollouts/templates/_helpers.tpl
+++ b/charts/argo-rollouts/templates/_helpers.tpl
@ -109,311 +109,3 @@ Return the appropriate apiVersion for pod disruption budget
 {{- print "policy/v1" -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Return the rules for controller's Role and ClusterRole
 */}}
 {{- define "argo-rollouts.controller.roleRules" -}}
 - apiGroups:
  - argoproj.io
  resources:
  - rollouts
  - rollouts/status
  - rollouts/finalizers
  verbs:
  - get
  - list
  - watch
  - update
  - patch
 - apiGroups:
  - argoproj.io
  resources:
  - analysisruns
  - analysisruns/finalizers
  - experiments
  - experiments/finalizers
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
 - apiGroups:
  - argoproj.io
  resources:
  - analysistemplates
  - clusteranalysistemplates
  verbs:
  - get
  - list
  - watch
 # replicaset access needed for managing ReplicaSets
 - apiGroups:
  - apps
  resources:
  - replicasets
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
 # deployments and podtemplates read access needed for workload reference support
 - apiGroups:
  - ""
  - apps
  resources:
  - deployments
  - podtemplates
  verbs:
  - get
  - list
  - watch
  - update
 # services patch needed to update selector of canary/stable/active/preview services
 # services create needed to create and delete services for experiments
 - apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
  - patch
  - create
  - delete
 # leases create/get/update needed for leader election
 - apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - create
  - get
  - update
 # secret read access to run analysis templates which reference secrets
 - apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
 {{- if .Values.providerRBAC.providers.gatewayAPI }}
  - create
  - update
 {{- end }}
 # pod list/update needed for updating ephemeral data
 - apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - list
  - update
  - watch
 # pods eviction needed for restart
 - apiGroups:
  - ""
  resources:
  - pods/eviction
  verbs:
  - create
 # event write needed for emitting events
 - apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - update
  - patch
 # ingress patch needed for managing ingress annotations, create needed for nginx canary
 - apiGroups:
  - networking.k8s.io
  - extensions
  resources:
  - ingresses
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
 # job access needed for analysis template job metrics
 - apiGroups:
  - batch
  resources:
  - jobs
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
 {{- if .Values.providerRBAC.enabled }}
 {{- if .Values.providerRBAC.providers.istio }}
 # virtualservice/destinationrule access needed for using the Istio provider
 - apiGroups:
  - networking.istio.io
  resources:
  - virtualservices
  - destinationrules
  verbs:
  - watch
  - get
  - update
  - patch
  - list
 {{- end }}
 {{- if .Values.providerRBAC.providers.smi }}
 # trafficsplit access needed for using the SMI provider
 - apiGroups:
  - split.smi-spec.io
  resources:
  - trafficsplits
  verbs:
  - create
  - watch
  - get
  - update
  - patch
 {{- end }}
 {{- if .Values.providerRBAC.providers.ambassador }}
 # ambassador access needed for Ambassador provider
 - apiGroups:
  - getambassador.io
  - x.getambassador.io
  resources:
  - mappings
  - ambassadormappings
  verbs:
  - create
  - watch
  - get
  - update
  - list
  - delete
 {{- end }}
 {{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
 # Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
 - apiGroups:
  - ""
  resources:
  - endpoints
  verbs:
  - get
 - apiGroups:
  - elbv2.k8s.aws
  resources:
  - targetgroupbindings
  verbs:
  - list
  - get
 {{- end }}
 {{- if .Values.providerRBAC.providers.awsAppMesh }}
 # AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
 - apiGroups:
  - appmesh.k8s.aws
  resources:
  - virtualservices
  verbs:
  - watch
  - get
  - list
 # AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
 - apiGroups:
  - appmesh.k8s.aws
  resources:
  - virtualnodes
  - virtualrouters
  verbs:
  - watch
  - get
  - list
  - update
  - patch
 {{- end }}
 {{- if .Values.providerRBAC.providers.traefik }}
 # Traefik access needed when using the Traefik provider
 - apiGroups:
  - traefik.containo.us
  - traefik.io
  resources:
  - traefikservices
  verbs:
  - watch
  - get
  - update
 {{- end }}
 {{- if .Values.providerRBAC.providers.apisix }}
 # Access needed when using the Apisix provider
 - apiGroups:
  - apisix.apache.org
  resources:
  - apisixroutes
  verbs:
  - watch
  - get
  - update
 {{- end }}
 {{- if .Values.providerRBAC.providers.contour }}
  # Access needed when using the Contour provider
 - apiGroups:
  - projectcontour.io
  resources:
  - httpproxies
  verbs:
  - get
  - list
  - watch
  - update
 {{- end }}
 {{- if .Values.providerRBAC.providers.glooPlatform }}
  # Access needed when using the Gloo Platform provider
 - apiGroups:
  - networking.gloo.solo.io
  resources:
  - routetables
  verbs:
  - '*'
 {{- end }}
 {{- if .Values.providerRBAC.providers.gatewayAPI }}
  # Access needed when using the Gateway API provider
 - apiGroups:
  - gateway.networking.k8s.io
  resources:
  - httproutes
  - tcproutes
  - tlsroutes
  - udproutes
  - grpcroutes
  verbs:
  - get
  - list
  - watch
  - update
 {{- end }}
 {{- with .Values.providerRBAC.additionalRules }}
 {{ toYaml .  }}
 {{- end }}
 {{- end }}
 {{- end -}}
--- a/charts/argo-rollouts/templates/controller/clusterrole.yaml
+++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml
@ -7,5 +7,304 @@ metadata:
    app.kubernetes.io/component: {{ .Values.controller.component }}
    {{- include "argo-rollouts.labels" . | nindent 4 }}
 rules:
-  {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }}
+- apiGroups:
  - argoproj.io
  resources:
  - rollouts
  - rollouts/status
  - rollouts/finalizers
  verbs:
  - get
  - list
  - watch
  - update
  - patch
 - apiGroups:
  - argoproj.io
  resources:
  - analysisruns
  - analysisruns/finalizers
  - experiments
  - experiments/finalizers
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
 - apiGroups:
  - argoproj.io
  resources:
  - analysistemplates
  - clusteranalysistemplates
  verbs:
  - get
  - list
  - watch
 # replicaset access needed for managing ReplicaSets
 - apiGroups:
  - apps
  resources:
  - replicasets
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
 # deployments and podtemplates read access needed for workload reference support
 - apiGroups:
  - ""
  - apps
  resources:
  - deployments
  - podtemplates
  verbs:
  - get
  - list
  - watch
 # services patch needed to update selector of canary/stable/active/preview services
 # services create needed to create and delete services for experiments
 - apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
  - patch
  - create
  - delete
 # leases create/get/update needed for leader election
 - apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - create
  - get
  - update
 # secret read access to run analysis templates which reference secrets
 - apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
 {{- if .Values.providerRBAC.providers.gatewayAPI }}
  - create
  - update
 {{- end }}  
 # pod list/update needed for updating ephemeral data
 - apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - list
  - update
  - watch
 # pods eviction needed for restart
 - apiGroups:
  - ""
  resources:
  - pods/eviction
  verbs:
  - create
 # event write needed for emitting events
 - apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - update
  - patch
 # ingress patch needed for managing ingress annotations, create needed for nginx canary
 - apiGroups:
  - networking.k8s.io
  - extensions
  resources:
  - ingresses
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
 # job access needed for analysis template job metrics
 - apiGroups:
  - batch
  resources:
  - jobs
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
 {{- if .Values.providerRBAC.enabled }}
 {{- if .Values.providerRBAC.providers.istio }}
 # virtualservice/destinationrule access needed for using the Istio provider
 - apiGroups:
  - networking.istio.io
  resources:
  - virtualservices
  - destinationrules
  verbs:
  - watch
  - get
  - update
  - patch
  - list
 {{- end }}
 {{- if .Values.providerRBAC.providers.smi }}
 # trafficsplit access needed for using the SMI provider
 - apiGroups:
  - split.smi-spec.io
  resources:
  - trafficsplits
  verbs:
  - create
  - watch
  - get
  - update
  - patch
 {{- end }}
 {{- if .Values.providerRBAC.providers.ambassador }}
 # ambassador access needed for Ambassador provider
 - apiGroups:
  - getambassador.io
  - x.getambassador.io
  resources:
  - mappings
  - ambassadormappings
  verbs:
  - create
  - watch
  - get
  - update
  - list
  - delete
 {{- end }}
 {{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
 # Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
 - apiGroups:
  - ""
  resources:
  - endpoints
  verbs:
  - get
 - apiGroups:
  - elbv2.k8s.aws
  resources:
  - targetgroupbindings
  verbs:
  - list
  - get
 {{- end }}
 {{- if .Values.providerRBAC.providers.awsAppMesh }}
 # AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
 - apiGroups:
  - appmesh.k8s.aws
  resources:
  - virtualservices
  verbs:
  - watch
  - get
  - list
 # AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
 - apiGroups:
  - appmesh.k8s.aws
  resources:
  - virtualnodes
  - virtualrouters
  verbs:
  - watch
  - get
  - list
  - update
  - patch
 {{- end }}
 {{- if .Values.providerRBAC.providers.traefik }}
 # Traefik access needed when using the Traefik provider
 - apiGroups:
  - traefik.containo.us
  resources:
  - traefikservices
  verbs:
  - watch
  - get
  - update
 {{- end }}
 {{- if .Values.providerRBAC.providers.apisix }}
 # Access needed when using the Apisix provider
 - apiGroups:
  - apisix.apache.org
  resources:
  - apisixroutes
  verbs:
  - watch
  - get
  - update
 {{- end }}
 {{- if .Values.providerRBAC.providers.contour }}
  # Access needed when using the Contour provider
 - apiGroups:
  - projectcontour.io
  resources:
  - httpproxies
  verbs:
  - get
  - list
  - watch
  - update
 {{- end }}
 {{- if .Values.providerRBAC.providers.glooPlatform }}
  # Access needed when using the Gloo Platform provider
 - apiGroups:
  - networking.gloo.solo.io
  resources:
  - routetables
  verbs:
  - '*'
 {{- end }}
 {{- if .Values.providerRBAC.providers.gatewayAPI }}
  # Access needed when using the Gateway API provider
 - apiGroups:
  - gateway.networking.k8s.io
  resources:
  - httproutes
  - tcproutes
  - tlsroutes
  - udproutes
  - grpcroutes
  verbs:
  - get
  - list
  - watch
  - update
 {{- end }}
 {{- with .Values.providerRBAC.additionalRules }}
 {{ toYaml .  }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/argo-rollouts/templates/controller/configmap.yaml
+++ b/charts/argo-rollouts/templates/controller/configmap.yaml
@ -8,10 +8,8 @@ metadata:
    {{- include "argo-rollouts.labels" . | nindent 4 }}
 data:
  {{- with .Values.controller.metricProviderPlugins }}
-  metricProviderPlugins: |-
+    {{- toYaml . | nindent 2 }}
    {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- with .Values.controller.trafficRouterPlugins }}
-  trafficRouterPlugins: |-
+    {{- toYaml . | nindent 2 }}
    {{- toYaml . | nindent 4 }}
  {{- end }}
--- a/charts/argo-rollouts/templates/controller/deployment.yaml
+++ b/charts/argo-rollouts/templates/controller/deployment.yaml
@ -78,17 +78,10 @@ spec:
          {{- toYaml .Values.controller.readinessProbe | nindent 10 }}
        securityContext:
          {{- toYaml .Values.containerSecurityContext | nindent 10 }}
        {{- with .Values.controller.lifecycle }}
        lifecycle: {{ toYaml . | nindent 10 }}
        {{- end }}
        resources:
          {{- toYaml .Values.controller.resources | nindent 10 }}
        volumeMounts:
        - name: plugin-bin
          mountPath: /home/argo-rollouts/plugin-bin
        - name: tmp
          mountPath: /tmp
        {{- with .Values.controller.volumeMounts }}
        volumeMounts:
          {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- with .Values.controller.extraContainers }}
@ -104,9 +97,6 @@ spec:
      {{- end }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      {{- with .Values.controller.terminationGracePeriodSeconds }}
      terminationGracePeriodSeconds: {{ . }}
      {{- end }}
      {{- if .Values.controller.tolerations }}
      tolerations:
        {{- toYaml .Values.controller.tolerations | nindent 8 }}
@ -130,11 +120,7 @@ spec:
      {{- with .Values.controller.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      volumes:
      - name: plugin-bin
        emptyDir: {}
      - name: tmp
        emptyDir: {}
      {{- with .Values.controller.volumes }}
      volumes:
        {{- toYaml . | nindent 6 }}
      {{- end }}
--- a/charts/argo-rollouts/templates/controller/notifications-configmap.yaml
+++ b/charts/argo-rollouts/templates/controller/notifications-configmap.yaml
@ -1,4 +1,3 @@
 {{ if .Values.notifications.configmap.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@ -17,8 +16,3 @@ data:
  {{- with .Values.notifications.triggers }}
    {{- toYaml . | nindent 2 }}
  {{- end }}
  {{- with .Values.notifications.subscriptions }}
  subscriptions: |
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/charts/argo-rollouts/templates/controller/notifications-secret.yaml
+++ b/charts/argo-rollouts/templates/controller/notifications-secret.yaml
@ -4,12 +4,6 @@ kind: Secret
 metadata:
  name: argo-rollouts-notification-secret
  namespace: {{ .Release.Namespace | quote }}
  {{- with .Values.notifications.secret.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  labels:
    app.kubernetes.io/component: {{ .Values.controller.component }}
    {{- include "argo-rollouts.labels" . | nindent 4 }}
--- a/charts/argo-rollouts/templates/controller/role.yaml
+++ b/charts/argo-rollouts/templates/controller/role.yaml
@ -8,5 +8,289 @@ metadata:
    app.kubernetes.io/component: {{ .Values.controller.component }}
    {{- include "argo-rollouts.labels" . | nindent 4 }}
 rules:
-  {{- include "argo-rollouts.controller.roleRules" . | nindent 2 }}
+- apiGroups:
  - argoproj.io
  resources:
  - rollouts
  - rollouts/status
  - rollouts/finalizers
  verbs:
  - get
  - list
  - watch
  - update
  - patch
 - apiGroups:
  - argoproj.io
  resources:
  - analysisruns
  - analysisruns/finalizers
  - experiments
  - experiments/finalizers
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
 - apiGroups:
  - argoproj.io
  resources:
  - analysistemplates
  - clusteranalysistemplates
  verbs:
  - get
  - list
  - watch
 # replicaset access needed for managing ReplicaSets
 - apiGroups:
  - apps
  resources:
  - replicasets
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
 # deployments and podtemplates read access needed for workload reference support
 - apiGroups:
  - ""
  - apps
  resources:
  - deployments
  - podtemplates
  verbs:
  - get
  - list
  - watch
 # services patch needed to update selector of canary/stable/active/preview services
 # services create needed to create and delete services for experiments
 - apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
  - patch
  - create
  - delete
 # leases create/get/update needed for leader election
 - apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - create
  - get
  - update
 # secret read access to run analysis templates which reference secrets
 - apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
 {{- if .Values.providerRBAC.providers.gatewayAPI }}
  - create
  - update
 {{- end }}  
 # pod list/update needed for updating ephemeral data
 - apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - list
  - update
  - watch
 # pods eviction needed for restart
 - apiGroups:
  - ""
  resources:
  - pods/eviction
  verbs:
  - create
 # event write needed for emitting events
 - apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - update
  - patch
 # ingress patch needed for managing ingress annotations, create needed for nginx canary
 - apiGroups:
  - networking.k8s.io
  - extensions
  resources:
  - ingresses
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
 # job access needed for analysis template job metrics
 - apiGroups:
  - batch
  resources:
  - jobs
  verbs:
  - create
  - get
  - list
  - watch
  - update
  - patch
  - delete
 {{- if .Values.providerRBAC.enabled }}
 {{- if .Values.providerRBAC.providers.istio }}
 # virtualservice/destinationrule access needed for using the Istio provider
 - apiGroups:
  - networking.istio.io
  resources:
  - virtualservices
  - destinationrules
  verbs:
  - watch
  - get
  - update
  - patch
  - list
 {{- end }}
 {{- if .Values.providerRBAC.providers.smi }}
 # trafficsplit access needed for using the SMI provider
 - apiGroups:
  - split.smi-spec.io
  resources:
  - trafficsplits
  verbs:
  - create
  - watch
  - get
  - update
  - patch
 {{- end }}
 {{- if .Values.providerRBAC.providers.ambassador }}
 # ambassador access needed for Ambassador provider
 - apiGroups:
  - getambassador.io
  - x.getambassador.io
  resources:
  - mappings
  - ambassadormappings
  verbs:
  - create
  - watch
  - get
  - update
  - list
  - delete
 {{- end }}
 {{- if .Values.providerRBAC.providers.awsLoadBalancerController }}
 # Endpoints and TargetGroupBindings needed for ALB target group verification when using AWS Load Balancer Controller
 - apiGroups:
  - ""
  resources:
  - endpoints
  verbs:
  - get
 - apiGroups:
  - elbv2.k8s.aws
  resources:
  - targetgroupbindings
  verbs:
  - list
  - get
 {{- end }}
 {{- if .Values.providerRBAC.providers.awsAppMesh }}
 # AppMesh virtualservices/virtualrouter CRD read-only access needed for using the App Mesh provider
 - apiGroups:
  - appmesh.k8s.aws
  resources:
  - virtualservices
  verbs:
  - watch
  - get
  - list
 # AppMesh virtualnode CRD r/w access needed for using the App Mesh provider
 - apiGroups:
  - appmesh.k8s.aws
  resources:
  - virtualnodes
  - virtualrouters
  verbs:
  - watch
  - get
  - list
  - update
  - patch
 {{- end }}
 {{- if .Values.providerRBAC.providers.traefik }}
 # Traefik access needed when using the Traefik provider
 - apiGroups:
  - traefik.containo.us
  resources:
  - traefikservices
  verbs:
  - watch
  - get
  - update
 {{- end }}
 {{- if .Values.providerRBAC.providers.apisix }}
 # Access needed when using the Apisix provider
 - apiGroups:
  - apisix.apache.org
  resources:
  - apisixroutes
  verbs:
  - watch
  - get
  - update
 {{- end }}
 {{- if .Values.providerRBAC.providers.glooPlatform }}
  # Access needed when using the Gloo Platform provider
 - apiGroups:
  - networking.gloo.solo.io
  resources:
  - routetables
  verbs:
  - '*'
 {{- end }}
 {{- if .Values.providerRBAC.providers.gatewayAPI }}
  # Access needed when using the Gateway API provider
 - apiGroups:
  - gateway.networking.k8s.io
  resources:
  - httproutes
  - tcproutes
  - tlsroutes
  - udproutes
  - grpcroutes
  verbs:
  - get
  - list
  - watch
  - update
 {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
@ -108,11 +108,6 @@ spec:
                      - type: integer
                      - type: string
                      x-kubernetes-int-or-string: true
                    consecutiveSuccessLimit:
                      anyOf:
                      - type: integer
                      - type: string
                      x-kubernetes-int-or-string: true
                    count:
                      anyOf:
                      - type: integer
@ -194,6 +189,7 @@ spec:
                        datadog:
                          properties:
                            aggregator:
                              default: last
                              enum:
                              - avg
                              - min
@ -222,13 +218,6 @@ spec:
                              type: object
                            query:
                              type: string
                            secretRef:
                              properties:
                                name:
                                  type: string
                                namespaced:
                                  type: boolean
                              type: object
                          type: object
                        graphite:
                          properties:
@ -3037,9 +3026,6 @@ spec:
                              type: string
                            query:
                              type: string
                            timeout:
                              format: int64
                              type: integer
                          required:
                          - query
                          type: object
@ -3091,15 +3077,6 @@ spec:
                              type: boolean
                            query:
                              type: string
                            rangeQuery:
                              properties:
                                end:
                                  type: string
                                start:
                                  type: string
                                step:
                                  type: string
                              type: object
                            timeout:
                              format: int64
                              type: integer
@ -3234,9 +3211,6 @@ spec:
                    consecutiveError:
                      format: int32
                      type: integer
                    consecutiveSuccess:
                      format: int32
                      type: integer
                    count:
                      format: int32
                      type: integer
--- a/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
@ -104,11 +104,6 @@ spec:
                      - type: integer
                      - type: string
                      x-kubernetes-int-or-string: true
                    consecutiveSuccessLimit:
                      anyOf:
                      - type: integer
                      - type: string
                      x-kubernetes-int-or-string: true
                    count:
                      anyOf:
                      - type: integer
@ -190,6 +185,7 @@ spec:
                        datadog:
                          properties:
                            aggregator:
                              default: last
                              enum:
                              - avg
                              - min
@ -218,13 +214,6 @@ spec:
                              type: object
                            query:
                              type: string
                            secretRef:
                              properties:
                                name:
                                  type: string
                                namespaced:
                                  type: boolean
                              type: object
                          type: object
                        graphite:
                          properties:
@ -3033,9 +3022,6 @@ spec:
                              type: string
                            query:
                              type: string
                            timeout:
                              format: int64
                              type: integer
                          required:
                          - query
                          type: object
@ -3087,15 +3073,6 @@ spec:
                              type: boolean
                            query:
                              type: string
                            rangeQuery:
                              properties:
                                end:
                                  type: string
                                start:
                                  type: string
                                step:
                                  type: string
                              type: object
                            timeout:
                              format: int64
                              type: integer
--- a/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
@ -104,11 +104,6 @@ spec:
                      - type: integer
                      - type: string
                      x-kubernetes-int-or-string: true
                    consecutiveSuccessLimit:
                      anyOf:
                      - type: integer
                      - type: string
                      x-kubernetes-int-or-string: true
                    count:
                      anyOf:
                      - type: integer
@ -190,6 +185,7 @@ spec:
                        datadog:
                          properties:
                            aggregator:
                              default: last
                              enum:
                              - avg
                              - min
@ -218,13 +214,6 @@ spec:
                              type: object
                            query:
                              type: string
                            secretRef:
                              properties:
                                name:
                                  type: string
                                namespaced:
                                  type: boolean
                              type: object
                          type: object
                        graphite:
                          properties:
@ -3033,9 +3022,6 @@ spec:
                              type: string
                            query:
                              type: string
                            timeout:
                              format: int64
                              type: integer
                          required:
                          - query
                          type: object
@ -3087,15 +3073,6 @@ spec:
                              type: boolean
                            query:
                              type: string
                            rangeQuery:
                              properties:
                                end:
                                  type: string
                                start:
                                  type: string
                                step:
                                  type: string
                              type: object
                            timeout:
                              format: int64
                              type: integer
--- a/charts/argo-rollouts/templates/crds/experiment-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/experiment-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
--- a/charts/argo-rollouts/templates/crds/rollout-crd.yaml
+++ b/charts/argo-rollouts/templates/crds/rollout-crd.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.13.0
    {{- if .Values.keepCRDs }}
    "helm.sh/resource-policy": keep
    {{- end }}
@ -672,16 +672,6 @@ spec:
                                  - type: string
                                  x-kubernetes-int-or-string: true
                              type: object
                            plugin:
                              properties:
                                config:
                                  type: object
                                  x-kubernetes-preserve-unknown-fields: true
                                name:
                                  type: string
                              required:
                              - name
                              type: object
                            setCanaryScale:
                              properties:
                                matchTrafficWeight:
@ -954,10 +944,6 @@ spec:
                                type: object
                              annotationPrefix:
                                type: string
                              canaryIngressAnnotations:
                                additionalProperties:
                                  type: string
                                type: object
                              stableIngress:
                                type: string
                              stableIngresses:
@ -3741,45 +3727,6 @@ spec:
                    type: object
                  stablePingPong:
                    type: string
                  stepPluginStatuses:
                    items:
                      properties:
                        backoff:
                          type: string
                        disabled:
                          type: boolean
                        executions:
                          format: int32
                          type: integer
                        finishedAt:
                          format: date-time
                          type: string
                        index:
                          format: int32
                          type: integer
                        message:
                          type: string
                        name:
                          type: string
                        operation:
                          type: string
                        phase:
                          type: string
                        startedAt:
                          format: date-time
                          type: string
                        status:
                          type: object
                          x-kubernetes-preserve-unknown-fields: true
                        updatedAt:
                          format: date-time
                          type: string
                      required:
                      - index
                      - name
                      - operation
                      type: object
                    type: array
                  weights:
                    properties:
                      additional:
--- a/charts/argo-rollouts/templates/dashboard/service.yaml
+++ b/charts/argo-rollouts/templates/dashboard/service.yaml
@ -22,9 +22,6 @@ spec:
  externalIPs: {{- toYaml . | nindent 4 }}
  {{- end }}
  {{- if eq .Values.dashboard.service.type "LoadBalancer" }}
    {{- with .Values.dashboard.service.loadBalancerClass }}
  loadBalancerClass: {{ . }}
    {{- end }}
    {{- with .Values.dashboard.service.loadBalancerIP }}
  loadBalancerIP: {{ . | quote }}
    {{- end }}
--- a/charts/argo-rollouts/values.yaml
+++ b/charts/argo-rollouts/values.yaml
@ -79,10 +79,6 @@ controller:
  #   topologyKey: topology.kubernetes.io/zone
  #   whenUnsatisfiable: DoNotSchedule
  # -- terminationGracePeriodSeconds for container lifecycle hook
  terminationGracePeriodSeconds: 30
  # -- Specify lifecycle hooks for the  controller
  lifecycle: {}
  # -- [priorityClassName] for the controller
  priorityClassName: ""
  # -- The number of controller pods to run
@ -124,7 +120,6 @@ controller:
  #  limits:
  #    cpu: 100m
  #    memory: 128Mi
  #    ephemeral-storage: 1Gi
  #  requests:
  #    cpu: 50m
  #    memory: 64Mi
@ -213,13 +208,15 @@ controller:
  # -- Configures 3rd party metric providers for controller
  ## Ref: https://argo-rollouts.readthedocs.io/en/stable/analysis/plugins/
-  metricProviderPlugins: []
+  metricProviderPlugins: {}
    # metricProviderPlugins: |-
    #   - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so that it can find its configuration
    #     location: "file://./my-custom-plugin" # supports http(s):// urls and file://
  # -- Configures 3rd party traffic router plugins for controller
  ## Ref: https://argo-rollouts.readthedocs.io/en/stable/features/traffic-management/plugins/
-  trafficRouterPlugins: []
+  trafficRouterPlugins: {}
    # trafficRouterPlugins: |-
    #   - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration
    #     location: "file://./my-custom-plugin" # supports http(s):// urls and file://
@ -358,8 +355,6 @@ dashboard:
  service:
    # -- Sets the type of the Service
    type: ClusterIP
    # -- The class of the load balancer implementation
    loadBalancerClass: ""
    # -- LoadBalancer will get created with the IP specified in this field
    loadBalancerIP: ""
    # -- Source IP ranges to allow access to service from
@ -401,7 +396,7 @@ dashboard:
    maxUnavailable: # 0
  ## Ingress configuration.
-  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
+  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ##
  ingress:
    # -- Enable dashboard ingress support
@ -453,19 +448,12 @@ dashboard:
  volumeMounts: []
 notifications:
  configmap:
    # -- Whether to create notifications configmap
    create: true
  secret:
-    # -- Whether to create notifications secret.
+    # -- Whether to create notifications secret
    ## If you want to manually create secret, do not forget to add proper label to it: "app.kubernetes.io/component: {{ .Values.controller.component }}".
    create: false
    # -- Generic key:value pairs to be inserted into the notifications secret
    items: {}
      # slack-token:
    # -- Annotations to be added to the notifications secret
    annotations: {}
  # -- Configures notification services
  notifiers: {}
@ -489,11 +477,3 @@ notifications:
    # trigger.on-purple: |
    #   - send: [my-purple-template]
    #     when: rollout.spec.template.spec.containers[0].image == 'argoproj/rollouts-demo:purple'
  # -- The subscriptions define the subscriptions to the triggers in a general way for all rollouts
  subscriptions: []
    # - recipients:
    #   - slack:<channel>
    #   triggers:
    #   - on-rollout-completed
    #   - on-rollout-aborted
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v3.6.4
+appVersion: v3.5.7
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.45.7
+version: 0.41.8
 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -17,4 +17,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: fixed
-      description: Update the SSO configuration instructions to reflect the correct field name
+      description: changed BASE_HREF to ARGO_BASE_HREF for forward compat
--- a/charts/argo-workflows/README.md
+++ b/charts/argo-workflows/README.md
@ -133,8 +133,6 @@ Fields to note:
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. |
 | workflow.rbac.agentPermissions | bool | `false` | Allows permissions for the Argo Agent. Only required if using http/plugin templates |
 | workflow.rbac.artifactGC | bool | `false` | Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc |
 | workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) |
 | workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding |
 | workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
@ -151,7 +149,6 @@ Fields to note:
 | controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. |
 | controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding |
 | controller.columns | list | `[]` | Configure Argo Server to show custom [columns] |
 | controller.configMap.annotations | object | `{}` | ConfigMap annotations |
 | controller.configMap.create | bool | `true` | Create a ConfigMap for the controller |
 | controller.configMap.name | string | `""` | ConfigMap name |
 | controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ |
@ -170,16 +167,13 @@ Fields to note:
 | controller.kubeConfig | object | `{}` (See [values.yaml]) | Configure when workflow controller runs in a different k8s cluster with the workflow workloads, or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. |
 | controller.links | list | `[]` | Configure Argo Server to show custom [links] |
 | controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
 | controller.loadBalancerClass | string | `""` | The class of the load balancer implementation |
 | controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` |
 | controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
 | controller.logging.globallevel | string | `"0"` | Set the glog logging level |
 | controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
 | controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server |
 | controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service |
 | controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. |
 | controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. |
 | controller.metricsConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes metrics |
 | controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion |
 | controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory |
 | controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". |
@ -227,7 +221,6 @@ Fields to note:
 | controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service |
 | controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server |
 | controller.telemetryConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. |
 | controller.telemetryConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes telemetry data |
 | controller.telemetryConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory |
 | controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path |
 | controller.telemetryConfig.port | int | `8081` | telemetry container port |
@ -239,7 +232,6 @@ Fields to note:
 | controller.volumeMounts | list | `[]` | Additional volume mounts to the controller main container |
 | controller.volumes | list | `[]` | Additional volumes to the controller pod |
 | controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ |
 | controller.workflowEvents.enabled | bool | `true` | Enable to emit events on workflow status changes. |
 | controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. |
 | controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ |
 | controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers |
@ -309,8 +301,6 @@ Fields to note:
 | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` |
 | server.ingress.paths | list | `["/"]` | List of ingress paths |
 | server.ingress.tls | list | `[]` | Ingress TLS configuration |
 | server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for server container |
 | server.loadBalancerClass | string | `""` | The class of the load balancer implementation |
 | server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` |
 | server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` |
 | server.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
@ -344,7 +334,7 @@ Fields to note:
 | server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret |
 | server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret |
 | server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups |
-| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authModes` as `sso`. |
+| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. |
 | server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider |
 | server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client |
 | server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider |
@ -355,7 +345,6 @@ Fields to note:
 | server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider |
 | server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) |
 | server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim |
 | server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
 | server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. |
 | server.tolerations | list | `[]` | [Tolerations] for use with node taints |
 | server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server |
--- a/charts/argo-workflows/templates/_helpers.tpl
+++ b/charts/argo-workflows/templates/_helpers.tpl
@ -94,7 +94,6 @@ app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
 app.kubernetes.io/instance: {{ .context.Release.Name }}
 {{- if .component }}
 app.kubernetes.io/component: {{ .component }}
 app: {{ .component }}
 {{- end }}
 {{- end }}
--- a/charts/argo-workflows/templates/controller/agent-rb.yaml
+++ b/charts/argo-workflows/templates/controller/agent-rb.yaml
@ -1,29 +0,0 @@
 {{- if .Values.workflow.rbac.agentPermissions -}}
  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ template "argo-workflows.fullname" $ }}-workflow-agent
  labels:
    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
    {{- with $namespace }}
  namespace: {{ . }}
    {{- end }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ template "argo-workflows.fullname" $ }}-workflow-agent
 subjects:
  - kind: ServiceAccount
    name: {{ $.Values.workflow.serviceAccount.name }}
    {{- with $namespace }}
    namespace: {{ . }}
    {{- end }}
  {{- range $.Values.workflow.rbac.serviceAccounts }}
  - kind: ServiceAccount
    name: {{ .name }}
    namespace: {{ .namespace | quote }}
  {{- end }}
  {{- end }}
 {{- end }}
--- a/charts/argo-workflows/templates/controller/agent-role.yaml
+++ b/charts/argo-workflows/templates/controller/agent-role.yaml
@ -1,29 +0,0 @@
 {{- if .Values.workflow.rbac.agentPermissions -}}
  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ template "argo-workflows.fullname" $ }}-workflow-agent
  labels:
    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
    {{- with $namespace }}
  namespace: {{ . }}
    {{- end }}
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtasksets
    verbs:
      - list
      - watch
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtasksets/status
    verbs:
      - patch
  {{- end }}
 {{- end }}
--- a/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml
+++ b/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml
@ -1,29 +0,0 @@
 {{- if .Values.workflow.rbac.artifactGC -}}
  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc
  labels:
    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
    {{- with $namespace }}
  namespace: {{ . }}
    {{- end }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc
 subjects:
  - kind: ServiceAccount
    name: {{ $.Values.workflow.serviceAccount.name }}
    {{- with $namespace }}
    namespace: {{ . }}
    {{- end }}
  {{- range $.Values.workflow.rbac.serviceAccounts }}
  - kind: ServiceAccount
    name: {{ .name }}
    namespace: {{ .namespace | quote }}
  {{- end }}
  {{- end }}
 {{- end }}
--- a/charts/argo-workflows/templates/controller/artifact-gc-role.yaml
+++ b/charts/argo-workflows/templates/controller/artifact-gc-role.yaml
@ -1,29 +0,0 @@
 {{- if .Values.workflow.rbac.artifactGC -}}
  {{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq)  }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc
  labels:
    {{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
    {{- with $namespace }}
  namespace: {{ . }}
    {{- end }}
 rules:
  - apiGroups:
      - argoproj.io
    resources:
      - workflowartifactgctasks
    verbs:
      - list
      - watch
  - apiGroups:
      - argoproj.io
    resources:
      - workflowartifactgctasks/status
    verbs:
      - patch
  {{- end }}
 {{- end }}
--- a/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
@ -198,7 +198,7 @@ rules:
  - watch
 {{- end }}
-{{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }}
+{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
--- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
@ -6,10 +6,6 @@ metadata:
  namespace: {{ include "argo-workflows.namespace" . | quote }}
  labels:
    {{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
  {{- with .Values.controller.configMap.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 data:
  config: |
    {{- if .Values.controller.instanceID.enabled }}
@ -83,11 +79,6 @@ data:
        secretKeySecret:
          key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }}
          name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }}
        {{- if .Values.artifactRepository.s3.sessionTokenSecret }}
        sessionTokenSecret:
          key: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.key . }}
          name: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.name . }}
        {{- end }}
        {{- end }}
        bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
        endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }}
@ -200,8 +191,6 @@ data:
    {{- end }}
    nodeEvents:
      enabled: {{ .Values.controller.nodeEvents.enabled }}
    workflowEvents:
      enabled: {{ .Values.controller.workflowEvents.enabled }}
    {{- with .Values.controller.kubeConfig }}
    kubeConfig: {{- toYaml . | nindent 6 }}
    {{- end }}
--- a/charts/argo-workflows/templates/controller/workflow-controller-service.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-service.yaml
@ -35,13 +35,8 @@ spec:
  {{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }}
  clusterIP: None
  {{- end }}
-  {{- if eq .Values.controller.serviceType "LoadBalancer" }}
+  {{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }}
  {{- with .Values.controller.loadBalancerClass }}
  loadBalancerClass: {{ . }}
  {{- end }}
  {{- if .Values.controller.loadBalancerSourceRanges }}
  loadBalancerSourceRanges:
    {{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }}
  {{- end }}
  {{- end }}
 {{- end -}}
--- a/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml
@ -15,7 +15,7 @@ spec:
  {{- if .Values.controller.metricsConfig.enabled }}
    - port: {{ .Values.controller.metricsConfig.servicePortName }}
      path: {{ .Values.controller.metricsConfig.path }}
-      interval: {{ .Values.controller.metricsConfig.interval }}
+      interval: 30s
      {{- with .Values.controller.metricsConfig.relabelings }}
      relabelings:
        {{- toYaml . | nindent 8 }}
@ -24,12 +24,11 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.controller.metricsConfig.honorLabels }}
  {{- end }}
  {{- if .Values.controller.telemetryConfig.enabled }}
    - port: telemetry
      path: {{ .Values.controller.telemetryConfig.path }}
-      interval: {{ .Values.controller.telemetryConfig.interval }}
+      interval: 30s
      {{- with .Values.controller.metricsConfig.relabelings }}
      relabelings:
        {{- toYaml . | nindent 8 }}
@ -38,7 +37,6 @@ spec:
      metricRelabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      honorLabels: {{ .Values.controller.metricsConfig.honorLabels }}
  {{- end }}
  {{- with .Values.controller.metricsConfig.targetLabels }}
  targetLabels:
--- a/charts/argo-workflows/templates/controller/workflow-rb.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-rb.yaml
@ -17,9 +17,7 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: {{ $.Values.workflow.serviceAccount.name }}
-    {{- with $namespace }}
+    namespace: {{ $namespace }}
    namespace: {{ . }}
    {{- end }}
  {{- range $.Values.workflow.rbac.serviceAccounts }}
  - kind: ServiceAccount
    name: {{ .name }}
--- a/charts/argo-workflows/templates/controller/workflow-role.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-role.yaml
@ -11,6 +11,27 @@ metadata:
  namespace: {{ . }}
    {{- end }}
 rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
      - watch
      - patch
  - apiGroups:
      - ""
    resources:
      - pods/log
    verbs:
      - get
      - watch
  - apiGroups:
      - ""
    resources:
      - pods/exec
    verbs:
      - create
  - apiGroups:
      - argoproj.io
    resources:
@ -18,6 +39,21 @@ rules:
    verbs:
      - create
      - patch
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtasksets
      - workflowartifactgctasks
    verbs:
      - list
      - watch
  - apiGroups:
      - argoproj.io
    resources:
      - workflowtasksets/status
      - workflowartifactgctasks/status
    verbs:
      - patch
  {{- end }}
 {{- end }}
--- a/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml
+++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml
--- a/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml
+++ b/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml
@ -32,655 +32,9 @@ spec:
          metadata:
            type: object
          spec:
            properties:
              event:
                properties:
                  selector:
                    type: string
                required:
                - selector
                type: object
              submit:
                properties:
                  arguments:
                    properties:
                      artifacts:
                        items:
                          properties:
                            archive:
                              properties:
                                none:
                                  type: object
                                tar:
                                  properties:
                                    compressionLevel:
                                      format: int32
                                      type: integer
                                  type: object
                                zip:
                                  type: object
                              type: object
                            archiveLogs:
                              type: boolean
                            artifactGC:
                              properties:
                                podMetadata:
                                  properties:
                                    annotations:
                                      additionalProperties:
                                        type: string
                                      type: object
                                    labels:
                                      additionalProperties:
                                        type: string
                                      type: object
                                  type: object
                                serviceAccountName:
                                  type: string
                                strategy:
                                  enum:
                                  - ""
                                  - OnWorkflowCompletion
                                  - OnWorkflowDeletion
                                  - Never
                                  type: string
                              type: object
                            artifactory:
                              properties:
                                passwordSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
            type: object
            x-kubernetes-map-type: atomic
-                                url:
+            x-kubernetes-preserve-unknown-fields: true
                                  type: string
                                usernameSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                              required:
                              - url
                              type: object
                            azure:
                              properties:
                                accountKeySecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                blob:
                                  type: string
                                container:
                                  type: string
                                endpoint:
                                  type: string
                                useSDKCreds:
                                  type: boolean
                              required:
                              - blob
                              - container
                              - endpoint
                              type: object
                            deleted:
                              type: boolean
                            from:
                              type: string
                            fromExpression:
                              type: string
                            gcs:
                              properties:
                                bucket:
                                  type: string
                                key:
                                  type: string
                                serviceAccountKeySecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                              required:
                              - key
                              type: object
                            git:
                              properties:
                                branch:
                                  type: string
                                depth:
                                  format: int64
                                  type: integer
                                disableSubmodules:
                                  type: boolean
                                fetch:
                                  items:
                                    type: string
                                  type: array
                                insecureIgnoreHostKey:
                                  type: boolean
                                insecureSkipTLS:
                                  type: boolean
                                passwordSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                repo:
                                  type: string
                                revision:
                                  type: string
                                singleBranch:
                                  type: boolean
                                sshPrivateKeySecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                usernameSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                              required:
                              - repo
                              type: object
                            globalName:
                              type: string
                            hdfs:
                              properties:
                                addresses:
                                  items:
                                    type: string
                                  type: array
                                dataTransferProtection:
                                  type: string
                                force:
                                  type: boolean
                                hdfsUser:
                                  type: string
                                krbCCacheSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                krbConfigConfigMap:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                krbKeytabSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                krbRealm:
                                  type: string
                                krbServicePrincipalName:
                                  type: string
                                krbUsername:
                                  type: string
                                path:
                                  type: string
                              required:
                              - path
                              type: object
                            http:
                              properties:
                                auth:
                                  properties:
                                    basicAuth:
                                      properties:
                                        passwordSecret:
                                          properties:
                                            key:
                                              type: string
                                            name:
                                              default: ""
                                              type: string
                                            optional:
                                              type: boolean
                                          required:
                                          - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        usernameSecret:
                                          properties:
                                            key:
                                              type: string
                                            name:
                                              default: ""
                                              type: string
                                            optional:
                                              type: boolean
                                          required:
                                          - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      type: object
                                    clientCert:
                                      properties:
                                        clientCertSecret:
                                          properties:
                                            key:
                                              type: string
                                            name:
                                              default: ""
                                              type: string
                                            optional:
                                              type: boolean
                                          required:
                                          - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        clientKeySecret:
                                          properties:
                                            key:
                                              type: string
                                            name:
                                              default: ""
                                              type: string
                                            optional:
                                              type: boolean
                                          required:
                                          - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      type: object
                                    oauth2:
                                      properties:
                                        clientIDSecret:
                                          properties:
                                            key:
                                              type: string
                                            name:
                                              default: ""
                                              type: string
                                            optional:
                                              type: boolean
                                          required:
                                          - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        clientSecretSecret:
                                          properties:
                                            key:
                                              type: string
                                            name:
                                              default: ""
                                              type: string
                                            optional:
                                              type: boolean
                                          required:
                                          - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                        endpointParams:
                                          items:
                                            properties:
                                              key:
                                                type: string
                                              value:
                                                type: string
                                            required:
                                            - key
                                            type: object
                                          type: array
                                        scopes:
                                          items:
                                            type: string
                                          type: array
                                        tokenURLSecret:
                                          properties:
                                            key:
                                              type: string
                                            name:
                                              default: ""
                                              type: string
                                            optional:
                                              type: boolean
                                          required:
                                          - key
                                          type: object
                                          x-kubernetes-map-type: atomic
                                      type: object
                                  type: object
                                headers:
                                  items:
                                    properties:
                                      name:
                                        type: string
                                      value:
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                url:
                                  type: string
                              required:
                              - url
                              type: object
                            mode:
                              format: int32
                              type: integer
                            name:
                              type: string
                            optional:
                              type: boolean
                            oss:
                              properties:
                                accessKeySecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                bucket:
                                  type: string
                                createBucketIfNotPresent:
                                  type: boolean
                                endpoint:
                                  type: string
                                key:
                                  type: string
                                lifecycleRule:
                                  properties:
                                    markDeletionAfterDays:
                                      format: int32
                                      type: integer
                                    markInfrequentAccessAfterDays:
                                      format: int32
                                      type: integer
                                  type: object
                                secretKeySecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                securityToken:
                                  type: string
                                useSDKCreds:
                                  type: boolean
                              required:
                              - key
                              type: object
                            path:
                              type: string
                            raw:
                              properties:
                                data:
                                  type: string
                              required:
                              - data
                              type: object
                            recurseMode:
                              type: boolean
                            s3:
                              properties:
                                accessKeySecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                bucket:
                                  type: string
                                caSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                createBucketIfNotPresent:
                                  properties:
                                    objectLocking:
                                      type: boolean
                                  type: object
                                encryptionOptions:
                                  properties:
                                    enableEncryption:
                                      type: boolean
                                    kmsEncryptionContext:
                                      type: string
                                    kmsKeyId:
                                      type: string
                                    serverSideCustomerKeySecret:
                                      properties:
                                        key:
                                          type: string
                                        name:
                                          default: ""
                                          type: string
                                        optional:
                                          type: boolean
                                      required:
                                      - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                                endpoint:
                                  type: string
                                insecure:
                                  type: boolean
                                key:
                                  type: string
                                region:
                                  type: string
                                roleARN:
                                  type: string
                                secretKeySecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                sessionTokenSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                useSDKCreds:
                                  type: boolean
                              type: object
                            subPath:
                              type: string
                          required:
                          - name
                          type: object
                        type: array
                      parameters:
                        items:
                          properties:
                            default:
                              type: string
                            description:
                              type: string
                            enum:
                              items:
                                type: string
                              type: array
                            globalName:
                              type: string
                            name:
                              type: string
                            value:
                              type: string
                            valueFrom:
                              properties:
                                configMapKeyRef:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                default:
                                  type: string
                                event:
                                  type: string
                                expression:
                                  type: string
                                jqFilter:
                                  type: string
                                jsonPath:
                                  type: string
                                parameter:
                                  type: string
                                path:
                                  type: string
                                supplied:
                                  type: object
                              type: object
                          required:
                          - name
                          type: object
                        type: array
                    type: object
                  metadata:
                    type: object
                  workflowTemplateRef:
                    properties:
                      clusterScope:
                        type: boolean
                      name:
                        type: string
                    type: object
                required:
                - workflowTemplateRef
                type: object
            required:
            - event
            type: object
        required:
        - metadata
        - spec
--- a/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml
+++ b/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml
@ -81,14 +81,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        url:
                          type: string
                        usernameSecret:
@ -96,14 +94,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                      required:
                      - url
                      type: object
@ -114,14 +110,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        blob:
                          type: string
                        container:
@ -152,14 +146,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                      required:
                      - key
                      type: object
@ -178,21 +170,17 @@ spec:
                          type: array
                        insecureIgnoreHostKey:
                          type: boolean
                        insecureSkipTLS:
                          type: boolean
                        passwordSecret:
                          properties:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        repo:
                          type: string
                        revision:
@ -204,27 +192,23 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        usernameSecret:
                          properties:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                      required:
                      - repo
                      type: object
@ -236,8 +220,6 @@ spec:
                          items:
                            type: string
                          type: array
                        dataTransferProtection:
                          type: string
                        force:
                          type: boolean
                        hdfsUser:
@ -247,40 +229,34 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        krbConfigConfigMap:
                          properties:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        krbKeytabSecret:
                          properties:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        krbRealm:
                          type: string
                        krbServicePrincipalName:
@ -303,27 +279,23 @@ spec:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                usernameSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                              type: object
                            clientCert:
                              properties:
@ -332,27 +304,23 @@ spec:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                clientKeySecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                              type: object
                            oauth2:
                              properties:
@ -361,27 +329,23 @@ spec:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                clientSecretSecret:
                                  properties:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                                endpointParams:
                                  items:
                                    properties:
@ -402,14 +366,12 @@ spec:
                                    key:
                                      type: string
                                    name:
                                      default: ""
                                      type: string
                                    optional:
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                  x-kubernetes-map-type: atomic
                              type: object
                          type: object
                        headers:
@ -443,14 +405,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        bucket:
                          type: string
                        createBucketIfNotPresent:
@ -473,14 +433,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        securityToken:
                          type: string
                        useSDKCreds:
@ -506,14 +464,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        bucket:
                          type: string
                        caSecret:
@ -521,14 +477,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        createBucketIfNotPresent:
                          properties:
                            objectLocking:
@ -547,14 +501,12 @@ spec:
                                key:
                                  type: string
                                name:
                                  default: ""
                                  type: string
                                optional:
                                  type: boolean
                              required:
                              - key
                              type: object
                              x-kubernetes-map-type: atomic
                          type: object
                        endpoint:
                          type: string
@ -571,27 +523,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        sessionTokenSecret:
                          properties:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        useSDKCreds:
                          type: boolean
                      type: object
@ -627,14 +564,12 @@ spec:
                            key:
                              type: string
                            name:
                              default: ""
                              type: string
                            optional:
                              type: boolean
                          required:
                          - key
                          type: object
                          x-kubernetes-map-type: atomic
                        default:
                          type: string
                        event:
--- a/charts/argo-workflows/templates/server/server-cluster-roles.yaml
+++ b/charts/argo-workflows/templates/server/server-cluster-roles.yaml
@ -118,7 +118,7 @@ rules:
    - patch
    - delete
-{{- if and .Values.server.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }}
+{{- if .Values.server.clusterWorkflowTemplates.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
--- a/charts/argo-workflows/templates/server/server-deployment.yaml
+++ b/charts/argo-workflows/templates/server/server-deployment.yaml
@ -108,16 +108,9 @@ spec:
          {{- with .Values.server.volumeMounts }}
            {{- toYaml . | nindent 10}}
          {{- end }}
          {{- with .Values.server.lifecycle }}
          lifecycle:
            {{- toYaml . | nindent 12 }}
          {{- end }}
        {{- with .Values.server.extraContainers }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- with .Values.server.terminationGracePeriodSeconds }}
      terminationGracePeriodSeconds: {{ . }}
      {{- end }}
      {{- with .Values.images.pullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
yu-croco	068887ca7a	feat(argo-rollouts): Update resources as following upstream Signed-off-by: yu-croco <yu.croco@gmail.com>	2024-06-14 10:11:31 +09:00
renovate[bot]	4444ea2c92	chore(argo-rollouts): Update dependency argoproj/argo-rollouts to v1.7.0	2024-06-13 21:14:26 +00:00