chore(repo) change stable charts to the upstream images (#14739)

**Description**
Update the stable train charts to their direct upstream image.
⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [ ] ⚖️ My code follows the style guidelines of this project
- [ ] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning

**➕ App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._

Signed-off-by: Kjeld Schouten <kjeld@schouten-lebbing.nl>
Co-authored-by: Kjeld Schouten <kjeld@schouten-lebbing.nl>

.github/ct-install.yaml

@@ -50,3 +50,7 @@ chart-repos:
   - truecharts-library=https://library-charts.truecharts.org
   - truecharts-deps=https://deps.truecharts.org
   - jetstack=https://charts.jetstack.io
+  - vmwaretanzu=https://vmware-tanzu.github.io/helm-charts
+  - cnpg=https://cloudnative-pg.github.io/charts
+  - metallb=https://metallb.github.io/metallb
+  - prometheus-community=https://prometheus-community.github.io/helm-charts

.github/ct-lint.yaml

@@ -15,3 +15,7 @@ chart-repos:
   - truecharts-library=https://library-charts.truecharts.org
   - truecharts-deps=https://deps.truecharts.org
   - jetstack=https://charts.jetstack.io
+  - vmwaretanzu=https://vmware-tanzu.github.io/helm-charts
+  - cnpg=https://cloudnative-pg.github.io/charts
+  - metallb=https://metallb.github.io/metallb
+  - prometheus-community=https://prometheus-community.github.io/helm-charts

.github/scripts/fetch_helm_deps.sh

@@ -110,6 +110,18 @@ for idx in $(eval echo "{0..$length}"); do
               if [[ "$train_chart" =~ incubator\/.* ]]; then
                   helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
                   helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
+              elif [[ "$name" =~ "velero" ]]; then
+                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
+                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
+              elif [[ "$name" =~ "metallb" ]]; then
+                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
+                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
+              elif [[ "$name" =~ "cloudnative-pg" ]]; then
+                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
+                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
+              elif [[ "$name" =~ "kube-prometheus-stack" ]]; then
+                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
+                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
               elif [[ "$name" =~ "cert-manager" ]]; then
                   helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/certman.gpg || \
                   helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/certman.gpg || exit 1
@@ -124,6 +136,14 @@ for idx in $(eval echo "{0..$length}"); do
                 if [[ "$name" =~ "cert-manager" ]]; then
                   helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/certman.gpg || \
                   helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/certman.gpg || exit 1
+                elif [[ "$name" =~ "velero" ]]; then
+                   echo "Velero is not signed..."
+                elif [[ "$name" =~ "metallb" ]]; then
+                   echo "metallb is not signed..."
+                elif [[ "$name" =~ "cloudnative-pg" ]]; then
+                   echo "cloudnative-pg is not signed..."
+                elif [[ "$name" =~ "kube-prometheus-stack" ]]; then
+                   echo "kube-prometheus-stack is not signed..."
                 elif [[ ! "$train_chart" =~ incubator\/.* ]]; then
                   echo "Validating dependency signature..."
                   helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/pubring.gpg || \
@@ -137,6 +157,18 @@ for idx in $(eval echo "{0..$length}"); do
               if [[ "$train_chart" =~ incubator\/.* ]]; then
                   helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
                   helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
+              elif [[ "$name" =~ "velero" ]]; then
+                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
+                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
+              elif [[ "$name" =~ "metallb" ]]; then
+                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
+                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
+              elif [[ "$name" =~ "cloudnative-pg" ]]; then
+                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
+                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
+              elif [[ "$name" =~ "kube-prometheus-stack" ]]; then
+                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
+                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
               elif [[ "$name" =~ "cert-manager" ]]; then
                   helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/certman.gpg || \
                   helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/certman.gpg || exit 1

.github/workflows/charts-lint.yaml

@@ -50,7 +50,7 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
         with:
-          version: latest
+          version: v3.13.2
 
       - name: Prep Helm
         run: |
@@ -58,6 +58,10 @@ jobs:
           helm repo add truecharts-deps https://deps.truecharts.org
           helm repo add truecharts-library https://library-charts.truecharts.org
           helm repo add jetstack https://charts.jetstack.io
+          helm repo add vmwaretanzu https://vmware-tanzu.github.io/helm-charts
+          helm repo add cnpg https://cloudnative-pg.github.io/charts
+          helm repo add metallb https://metallb.github.io/metallb
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
           helm repo update
 
       - name: Collect changes (branch-based)

.github/workflows/charts-release.yaml

@@ -66,7 +66,7 @@ jobs:
         with:
           setup-tools: |
             helmv3
-          helm: "3.8.0"
+          helm: "3.13.2"
 
       - name: Prep Helm
         run: |
@@ -74,6 +74,9 @@ jobs:
           helm repo add truecharts-library https://library-charts.truecharts.org
           helm repo add truecharts-deps https://deps.truecharts.org
           helm repo add jetstack https://charts.jetstack.io
+          helm repo add vmwaretanzu https://vmware-tanzu.github.io/helm-charts
+          helm repo add cnpg https://cloudnative-pg.github.io/charts
+          helm repo add metallb https://metallb.github.io/metallb
           helm repo update
 
       # Optional step if GPG signing is used

.github/workflows/charts-test.yaml

@@ -123,7 +123,7 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
         with:
-          version: latest
+          version: v3.13.2
 
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
         with:
@@ -150,6 +150,10 @@ jobs:
           helm repo add truecharts-deps https://deps.truecharts.org
           helm repo add truecharts-library https://library-charts.truecharts.org
           helm repo add jetstack https://charts.jetstack.io
+          helm repo add vmwaretanzu https://vmware-tanzu.github.io/helm-charts
+          helm repo add cnpg https://cloudnative-pg.github.io/charts
+          helm repo add metallb https://metallb.github.io/metallb
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
           helm repo update
 
       - name: Add Dependencies
@@ -194,7 +198,7 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
         with:
-          version: latest
+          version: v3.13.2
 
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
         with:
@@ -257,7 +261,7 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
         with:
-          version: latest
+          version: v3.13.2
 
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
         with:
@@ -320,7 +324,7 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
         with:
-          version: latest
+          version: v3.13.2
 
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
         with:
@@ -383,7 +387,7 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
         with:
-          version: latest
+          version: v3.13.2
 
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
         with:
@@ -446,7 +450,7 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
         with:
-          version: latest
+          version: v3.13.2
 
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
         with:

.github/workflows/daily.yaml

@@ -245,6 +245,11 @@ jobs:
           helm repo add truecharts https://charts.truecharts.org
           helm repo add truecharts-library https://library-charts.truecharts.org
           helm repo add truecharts-deps https://deps.truecharts.org
+          helm repo add jetstack https://charts.jetstack.io
+          helm repo add vmwaretanzu https://vmware-tanzu.github.io/helm-charts
+          helm repo add cnpg https://cloudnative-pg.github.io/charts
+          helm repo add metallb https://metallb.github.io/metallb
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
           helm repo update
 
       - name: Checkout
@@ -360,7 +365,7 @@ jobs:
   lock-threads:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 # v4
+      - uses: dessant/lock-threads@d42e5f49803f3c4e14ffee0378e31481265dda22 # v5
         with:
           github-token: ${{ secrets.BOT_TOKEN }}
           issue-inactive-days: "7"

.github/workflows/renovate.yml

@@ -12,7 +12,7 @@ jobs:
         with:
           token: ${{ secrets.BOT_TOKEN }}
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@5c6c06aa0e3d7a6a9b6cba05c078c51631b5f11a # v39.1.1
+        uses: renovatebot/github-action@9c2e6e7dc5340821aa2c82094e7326895c94a435 # v39.1.3
         with:
           configurationFile: .github/renovate-config.js
           token: ${{ secrets.BOT_TOKEN }}

charts/dependency/clickhouse/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "23.10.2.13"
+appVersion: "23.10.3.5"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 14.3.5
+    version: 14.5.0
 deprecated: false
 description: ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP).
 home: https://truecharts.org/charts/dependency/clickhouse
@@ -22,7 +22,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/dependency/clickhouse
   - https://clickhouse.com/
 type: application
-version: 7.0.25
+version: 7.0.28
 annotations:
   truecharts.org/category: database
   truecharts.org/SCALE-support: "true"

charts/dependency/clickhouse/values.yaml

@@ -1,8 +1,7 @@
 image:
-  repository: tccr.io/truecharts/clickhouse
+  repository: clickhouse/clickhouse-server
   pullPolicy: IfNotPresent
-  tag: v23.10.2.13@sha256:52aaad330756add86aabf5f6894c3652439bc1d4b6558a30ac8c3d598f96e079
-
+  tag: 23.10.3.5@sha256:7361beec1aac01e832fc701f92de57941d7a9bcdc6219d9527b961595ca7856b
 workload:
   main:
     replicas: 1
@@ -28,7 +27,6 @@ workload:
             startup:
               type: http
               path: /ping
-
 securityContext:
   container:
     readOnlyRootFilesystem: false
@@ -41,7 +39,6 @@ securityContext:
     #     - IPC_LOCK
     #     - NET_ADMIN
     #     - SYS_NICE
-
 service:
   main:
     ports:
@@ -49,30 +46,24 @@ service:
         port: 8123
         protocol: http
         targetPort: 8123
-
 persistence:
   data:
     enabled: true
     mountPath: /var/lib/clickhouse
-
 clickhouseDatabase: "test"
 clickhouseUsername: "test"
 clickhouseDefaultAccessManagement: 0
-
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 clickhousePassword: ""
 existingSecret: ""
-
 secret:
   credentials:
     enabled: true
     data:
       clickhouse-password: '{{ ( .Values.clickhousePassword | default "empty" ) }}'
-
 portal:
   open:
     enabled: false
-
 manifestManager:
   enabled: false

charts/dependency/kube-state-metrics/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "2.10.0"
+appVersion: "2.10.1"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 14.3.5
+    version: 14.5.0
 deprecated: false
 description: kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
 home: https://truecharts.org/charts/dependency/kube-state-metrics
@@ -21,7 +21,7 @@ name: kube-state-metrics
 sources:
   - https://github.com/truecharts/charts/tree/master/charts/dependency/kube-state-metrics
 type: application
-version: 3.0.37
+version: 3.0.41
 annotations:
   truecharts.org/category: metrics
   truecharts.org/SCALE-support: "true"

charts/dependency/kube-state-metrics/values.yaml

@@ -1,8 +1,7 @@
 image:
-  repository: tccr.io/truecharts/kube-state-metrics
+  repository: bitnami/kube-state-metrics
   pullPolicy: IfNotPresent
-  tag: v2.10.0@sha256:5dd17a0a28532d6dfba742e1ba39f894e653cd5ca13c313e21120ee4f9d81024
-
+  tag: 2.10.1@sha256:6819ee084fdb0ddee851ffcda90833d4e5b991987bdd1fbe4804ade61f47ccdb
 service:
   main:
     ports:
@@ -16,7 +15,6 @@ service:
         enabled: true
         protocol: http
         port: 8081
-
 workload:
   main:
     podSpec:
@@ -51,28 +49,22 @@ workload:
             # - --resources=verticalpodautoscalers
             - --resources=validatingwebhookconfigurations
             - --resources=volumeattachments
-
           probes:
             liveness:
               path: /healthz
               port: main
-
             readiness:
               path: /healthz
               port: main
-
             startup:
               type: tcp
               port: main
-
 podOptions:
   automountServiceAccountToken: true
-
 serviceAccount:
   main:
     enabled: true
     primary: true
-
 rbac:
   main:
     enabled: true
@@ -279,7 +271,10 @@ rbac:
         verbs:
           - list
           - watch
-
+      - apiGroups: ["discovery.k8s.io"]
+        resources:
+          - endpointslices
+        verbs: ["list", "watch"]
 metrics:
   main:
     # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@@ -296,18 +291,16 @@ metrics:
       labels: {}
       # -- Configure additionial rules for the chart under this key.
       # @default -- See prometheusrules.yaml
-      rules:
-        []
-        # - alert: UnifiPollerAbsent
-        #   annotations:
-        #     description: Unifi Poller has disappeared from Prometheus service discovery.
-        #     summary: Unifi Poller is down.
-        #   expr: |
-        #     absent(up{job=~".*unifi-poller.*"} == 1)
-        #   for: 5m
-        #   labels:
-        #     severity: critical
-
+      rules: []
+      # - alert: UnifiPollerAbsent
+      #   annotations:
+      #     description: Unifi Poller has disappeared from Prometheus service discovery.
+      #     summary: Unifi Poller is down.
+      #   expr: |
+      #     absent(up{job=~".*unifi-poller.*"} == 1)
+      #   for: 5m
+      #   labels:
+      #     severity: critical
 portal:
   open:
     enabled: false

charts/dependency/mariadb/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "11.1.2"
+appVersion: "11.1.3"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 14.3.5
+    version: 14.5.0
 deprecated: false
 description: Fast, reliable, scalable, and easy to use open-source relational database system.
 home: https://truecharts.org/charts/dependency/mariadb
@@ -25,7 +25,7 @@ sources:
   - https://github.com/prometheus/mysqld_exporter
   - https://mariadb.org
 type: application
-version: 9.0.40
+version: 9.0.43
 annotations:
   truecharts.org/category: database
   truecharts.org/SCALE-support: "true"

charts/dependency/mariadb/values.yaml

@@ -1,8 +1,7 @@
 image:
-  repository: tccr.io/truecharts/mariadb
+  repository: bitnami/mariadb
   pullPolicy: IfNotPresent
-  tag: v11.1.2@sha256:3ec39631c2e7c4a3564ccf0726a19078fd056601ee7a66761d62344b585e9289
-
+  tag: 11.1.3@sha256:ec252de855742584bb2dace25f5cd83ccfdde4f61961cca00fc29a1d5200c2aa
 workload:
   main:
     podSpec:
@@ -43,43 +42,35 @@ workload:
                 - /bin/bash
                 - -ec
                 - "until /opt/bitnami/scripts/mariadb/healthcheck.sh; do sleep 2; done"
-
 service:
   main:
     ports:
       main:
         port: 3306
         targetPort: 3306
-
 securityContext:
   container:
     readOnlyRootFilesystem: false
     runAsGroup: 0
-
 secret:
   credentials:
     enabled: true
     data:
       mariadb-password: '{{ ( .Values.mariadbPassword | default "empty" ) }}'
       mariadb-root-password: '{{ ( .Values.mariadbRootPassword | default "empty" ) }}'
-
 persistence:
   data:
     enabled: true
     mountPath: "/bitnami/mariadb"
-
 mariadbUsername: "test"
 mariadbDatabase: "test"
 mariadbRootPassword: "testroot"
-
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 mariadbPassword: ""
 existingSecret: ""
-
 portal:
   open:
     enabled: false
-
 manifestManager:
   enabled: false

charts/dependency/memcached/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.6.22"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 14.3.5
+    version: 14.5.0
 deprecated: false
 description: Memcached is a memory-backed database caching solution
 home: https://truecharts.org/charts/dependency/memcached
@@ -23,7 +23,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-memcached
   - http://memcached.org/
 type: application
-version: 8.0.41
+version: 8.0.44
 annotations:
   truecharts.org/category: database
   truecharts.org/SCALE-support: "true"

charts/dependency/memcached/values.yaml

@@ -1,8 +1,7 @@
 image:
-  repository: tccr.io/truecharts/memcached
+  repository: bitnami/memcached
   pullPolicy: IfNotPresent
-  tag: v1.6.22@sha256:1d021040b76aceb199a879ff295f836a007ec64cabdba1482c511fd245b3b7ec
-
+  tag: 1.6.22@sha256:d4c4ba01c45b2fdbc58cbb94af8ed0690c46ce2c70b34de49751c8920042af02
 service:
   main:
     ports:
@@ -10,10 +9,8 @@ service:
         port: 11211
         protocol: tcp
         targetPort: 11211
-
 portal:
   open:
     enabled: false
-
 manifestManager:
   enabled: false

charts/dependency/mongodb/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "7.0.2"
+appVersion: "7.0.3"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 14.3.5
+    version: 14.5.0
 deprecated: false
 description: Fast, reliable, scalable, and easy to use open-source no-sql database system.
 home: https://truecharts.org/charts/dependency/mongodb
@@ -23,7 +23,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-mongodb
   - https://www.mongodb.com
 type: application
-version: 8.0.38
+version: 8.0.44
 annotations:
   truecharts.org/category: database
   truecharts.org/SCALE-support: "true"

charts/dependency/mongodb/values.yaml

@@ -1,8 +1,7 @@
 image:
-  repository: tccr.io/truecharts/mongodb
+  repository: bitnami/mongodb
   pullPolicy: IfNotPresent
-  tag: v7.0.2@sha256:2ecf33de2273eb9da76e778d5cad92e55ccbb8ade8e2e0a997e7f40afc058631
-
+  tag: 7.0.3@sha256:a7e4de9a179ed97842c5f7345ac47644606b94f37487ae1b49c7cc275cab5383
 workload:
   main:
     replicas: 1
@@ -42,7 +41,6 @@ workload:
                     - /bin/bash
                     - -ec
                     - echo "db.runCommand(\"ping\")" | mongosh --host localhost --port 27017 ${MONGODB_DATABASE} --quiet
-
             # -- Redainess probe configuration
             # @default -- See below
             readiness:
@@ -59,7 +57,6 @@ workload:
                     - /bin/bash
                     - -ec
                     - echo "db.runCommand(\"ping\")" | mongosh --host localhost --port 27017 ${MONGODB_DATABASE} --quiet
-
             # -- Startup probe configuration
             # @default -- See below
             startup:
@@ -75,43 +72,35 @@ workload:
                     - /bin/bash
                     - -ec
                     - echo "db.runCommand(\"ping\")" | mongosh --host localhost --port 27017 ${MONGODB_DATABASE} --quiet
-
 service:
   main:
     ports:
       main:
         port: 27017
         targetPort: 27017
-
 securityContext:
   container:
     runAsGroup: 0
     readOnlyRootFilesystem: false
-
 persistence:
   data:
     enabled: true
     mountPath: "/bitnami/mongodb"
-
 mongodbUsername: "test"
 mongodbDatabase: "test"
 mongodbRootPassword: "testroot"
-
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 mongodbPassword: ""
 existingSecret: ""
-
 secret:
   credentials:
     enabled: true
     data:
       mongodb-password: '{{ ( .Values.mongodbPassword | default "empty" ) }}'
       mongodb-root-password: '{{ ( .Values.mongodbRootPassword | default "empty" ) }}'
-
 portal:
   open:
     enabled: false
-
 manifestManager:
   enabled: false

charts/dependency/node-exporter/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "1.6.1"
+appVersion: "1.7.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 14.3.5
+    version: 14.5.0
 deprecated: false
 description: Prometheus exporter for hardware and OS metrics exposed by UNIX kernels, with pluggable metric collectors.
 home: https://truecharts.org/charts/dependency/node-exporter
@@ -21,7 +21,7 @@ name: node-exporter
 sources:
   - https://github.com/truecharts/charts/tree/master/charts/dependency/node-exporter
 type: application
-version: 3.0.39
+version: 3.0.43
 annotations:
   truecharts.org/category: metrics
   truecharts.org/SCALE-support: "true"

charts/dependency/node-exporter/values.yaml

@@ -1,15 +1,13 @@
 image:
-  repository: tccr.io/truecharts/node-exporter
+  repository: bitnami/node-exporter
   pullPolicy: IfNotPresent
-  tag: v1.6.1@sha256:c150064746d1155d557663650603ea428eacd22c40da62f2ec3078b4c2ade1ba
-
+  tag: 1.7.0@sha256:68d9e82bc1c876bdf78bc6a81965f1f32344087dd56bbec052acac8237d86cf8
 service:
   main:
     ports:
       main:
         protocol: http
         port: 9910
-
 workload:
   main:
     type: DaemonSet
@@ -29,19 +27,15 @@ workload:
             liveness:
               path: /
               port: main
-
             readiness:
               path: /
               port: main
-
             startup:
               type: tcp
               port: main
-
 podOptions:
   hostNetwork: true
   hostPID: true
-
 persistence:
   host:
     enabled: true
@@ -61,7 +55,6 @@ persistence:
     hostPath: /sys
     mountPath: /hostsys
     readOnly: true
-
 metrics:
   main:
     # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@@ -78,18 +71,16 @@ metrics:
       labels: {}
       # -- Configure additionial rules for the chart under this key.
       # @default -- See prometheusrules.yaml
-      rules:
-        []
-        # - alert: UnifiPollerAbsent
-        #   annotations:
-        #     description: Unifi Poller has disappeared from Prometheus service discovery.
-        #     summary: Unifi Poller is down.
-        #   expr: |
-        #     absent(up{job=~".*unifi-poller.*"} == 1)
-        #   for: 5m
-        #   labels:
-        #     severity: critical
-
+      rules: []
+      # - alert: UnifiPollerAbsent
+      #   annotations:
+      #     description: Unifi Poller has disappeared from Prometheus service discovery.
+      #     summary: Unifi Poller is down.
+      #   expr: |
+      #     absent(up{job=~".*unifi-poller.*"} == 1)
+      #   for: 5m
+      #   labels:
+      #     severity: critical
 portal:
   open:
     enabled: false

charts/dependency/redis/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "7.2.3"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 14.3.5
+    version: 14.5.0
 deprecated: false
 description: Open source, advanced key-value store.
 home: https://truecharts.org/charts/dependency/redis
@@ -23,7 +23,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-redis
   - http://redis.io/
 type: application
-version: 8.0.44
+version: 8.0.47
 annotations:
   truecharts.org/category: database
   truecharts.org/SCALE-support: "true"

charts/dependency/redis/values.yaml

@@ -1,8 +1,7 @@
 image:
-  repository: tccr.io/truecharts/redis
+  repository: bitnami/redis
   pullPolicy: IfNotPresent
-  tag: v7.2.3@sha256:9d51d05196beb255805741dbd3d843154de9a816f9f6a65e0fa0c8d43f48aa45
-
+  tag: 7.2.3@sha256:f7db3a51e2726109819b50004c3bbf8f1c792723af274f88532b8c3e64fcde0b
 workload:
   main:
     replicas: 1
@@ -45,12 +44,10 @@ workload:
                 - sh
                 - -c
                 - /health/ping_readiness_local.sh 2
-
 securityContext:
   container:
     readOnlyRootFilesystem: false
     runAsGroup: 0
-
 configmap:
   health:
     enabled: true
@@ -123,30 +120,25 @@ configmap:
         "$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
         "$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
         exit $exit_status
-
 secret:
   credentials:
     enabled: true
     data:
       redis-password: '{{ ( .Values.redisPassword | default "nothing" ) }}'
-
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 redisPassword: ""
 existingSecret: ""
-
 service:
   main:
     ports:
       main:
         port: 6379
         targetPort: 6379
-
 volumeClaimTemplates:
   data:
     enabled: true
     mountPath: "/bitnami/redis"
-
 persistence:
   redis-health:
     enabled: true
@@ -167,10 +159,8 @@ persistence:
         path: ping_liveness_local_and_master.sh
       - key: ping_readiness_local_and_master.sh
         path: ping_readiness_local_and_master.sh
-
 portal:
   open:
     enabled: false
-
 manifestManager:
   enabled: false

charts/dependency/solr/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "9.4.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 14.3.5
+    version: 14.5.0
 deprecated: false
 description: Apache Solr
 home: https://truecharts.org/charts/dependency/solr
@@ -22,7 +22,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/dependency/solr
   - https://github.com/apache/solr
 type: application
-version: 6.0.41
+version: 6.0.44
 annotations:
   truecharts.org/category: search
   truecharts.org/SCALE-support: "true"

charts/dependency/solr/values.yaml

@@ -1,8 +1,7 @@
 image:
-  repository: tccr.io/truecharts/solr
+  repository: bitnami/solr
   pullPolicy: IfNotPresent
-  tag: v9.4.0@sha256:4f2620c0115b8d36471f3247fc319dce25404db1d361ce0195e9ce8dfbf5143f
-
+  tag: 9.4.0@sha256:9a30d8e5ec3ba147325008ec0734e52e578904a7ac4eefa6127e936aadba9544
 workload:
   main:
     replicas: 1
@@ -19,7 +18,6 @@ workload:
                 expandObjectName: "{{ if .Values.solrPassword }}true{{ else }}false{{ end }}"
                 name: '{{ if .Values.solrPassword }}credentials{{ else if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ printf "%s-%s" .Release.Name "solrcreds" }}{{ end }}'
                 key: "solr-password"
-
           # -- Probe configuration
           # -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
           # @default -- See below
@@ -45,7 +43,6 @@ workload:
                       else
                         until curl --fail localhost:8983/solr/"${SOLR_CORES}"/admin/ping; do sleep 2; done
                       fi;
-
             # -- Redainess probe configuration
             # @default -- See below
             readiness:
@@ -87,47 +84,39 @@ workload:
                       else
                         until curl --fail localhost:8983/solr/"${SOLR_CORES}"/admin/ping; do sleep 2; done
                       fi;
-
 securityContext:
   container:
     runAsNonRoot: false
     readOnlyRootFilesystem: false
     runAsUser: 1001
     runAsGroup: 0
-
 service:
   main:
     ports:
       main:
         port: 8983
         targetPort: 8983
-
 persistence:
   db:
     enabled: true
     mountPath: "/bitnami/solr"
-
 # Currently only single core is supported, with multiple cores, probes will fail.
 solrCores: "testcore"
 solrEnableAuthentication: "yes"
 solrUsername: "test"
 # Used to pass a comma separated list of optional options like '-XX:G1HeapRegionSize=8m'
 solrOpts: ""
-
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 existingSecret: ""
 solrPassword: ""
-
 secret:
   credentials:
     enabled: true
     data:
       solr-password: '{{ ( .Values.solrPassword | default "empty" ) }}'
-
 portal:
   open:
     enabled: true
-
 manifestManager:
   enabled: false

charts/enterprise/authelia/Chart.yaml

@@ -7,7 +7,7 @@ dependencies:
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 8.0.43
+    version: 8.0.44
 deprecated: false
 description: Authelia is a Single Sign-On Multi-Factor portal for web apps
 home: https://truecharts.org/charts/enterprise/authelia
@@ -35,7 +35,7 @@ sources:
   - https://github.com/authelia/chartrepo
   - https://github.com/authelia/authelia
 type: application
-version: 19.0.10
+version: 19.0.13
 annotations:
   truecharts.org/category: security
   truecharts.org/SCALE-support: "true"

charts/enterprise/authelia/docs/authelia-rules.md

@@ -0,0 +1,107 @@
+# Authelia Rules
+
+This is a collection of some common Authelia Rules.
+
+:::note[RULE ORDER]
+
+It is important that rules are created in the correct order in Authelia. Rules are processed from top to bottom with the first matching rule being applied. The most narrow rules should be applied first with the most broad rules last.
+
+:::
+
+All rules requiring Authelia authentication were configured with `two_factor` (2FA). If you do not want 2FA on some or all rules replace the Policy with `one_factor` 
+
+## API Rule
+
+This rule will bypass Authelia for API level access in most apps. This should always be your first rule.
+
+Domain: `*.domain.tld`
+
+Policy: `bypass`
+
+Subject: `Not Used (Do Not Add)`
+
+Networks: `Not Used (Do Not Add)`
+
+Resources:
+
+- `^/api([/?].*)?$`
+- `^/identity.*$`
+- `^/triggers.*$`
+- `^/meshagents.*$`
+- `^/meshsettings.*$`
+- `^/agent.*$`
+- `^/control.*$`
+- `^/meshrelay.*$`
+- `^/wl.*$`
+
+![authelia-api](./img/authelia-api.png)
+
+## Vaultwarden
+
+These rules will protect the Vaultwarden admin page with Authelia but bypass when accessing the web vault. The order of these rules is critical or the admin page will not be protected.
+
+### Rule 1
+
+Domain: `vaultwarden.domain.tld`
+
+Policy: `two_factor`
+
+Subject: `Not Used (Do Not Add)`
+
+Networks: `Not Used (Do Not Add)`
+
+Resources: `^*/admin.*$`
+
+![authelia-vw1](./img/authelia-vw1.png)
+
+### Rule 2
+
+Domain: `vaultwarden.domain.tld`
+
+Policy: `bypass`
+
+Subject: `Not Used (Do Not Add)`
+
+Networks: `Not Used (Do Not Add)`
+
+Resources: `Not Used (Do Not Add)`
+
+![authelia-vw2](./img/authelia-vw2.png)
+
+## User Rule
+
+This rule will allow users in the `lldap_user` group access to only the specified applications.
+
+Domain:
+
+- `radarr.domain.tld`
+- `sonarr.domain.tld`
+
+Policy: `two_factor`
+
+Subject: `group:lldap_user`
+
+Networks: `Not Used (Do Not Add)`
+
+Resources: `Not Used (Do Not Add)`
+
+![authelia-user](./img/authelia-user.png)
+
+## Catch All Rule
+
+This rule will catch any access requests not covered by other rules.
+
+Domain:
+
+- `domain.tld`
+- `*.domain.tld`
+
+Policy: `two_factor`
+
+Subject: `group:lldap_admin`
+
+Networks: `Not Used (Do Not Add)`
+
+Resources: `Not Used (Do Not Add)`
+
+![authelia-catch](./img/authelia-catch.png)

charts/enterprise/authelia/questions.yaml

@@ -230,14 +230,20 @@ questions:
       attrs:
         - variable: name
           label: "Cookie Name"
-          description: "The name of the session cookie."
+          description: |
+            The name of the session cookie. By default this is set to authelia_session. 
+            It’s mostly useful to change this if you are doing development or running multiple instances of Authelia.
           schema:
             type: string
             required: true
             default: "authelia_session"
         - variable: same_site
           label: "SameSite Value"
-          description: "Sets the Cookie SameSite value"
+          description: |
+            You can read about the SameSite cookie in detail on the MDN. In short setting SameSite to Lax is generally 
+            the most desirable option for Authelia. None is not recommended unless you absolutely know what you’re doing 
+            and trust all the protected apps. Strict is not going to work in many use cases and we have not tested it in 
+            this state but it’s available as an option anyway.
           schema:
             type: string
             default: "lax"
@@ -248,21 +254,27 @@ questions:
                 description: "strict"
         - variable: expiration
           label: "Expiration Time"
-          description: "The time in seconds before the cookie expires and session is reset."
+          description: |
+            The period of time before the cookie expires and the session is destroyed. This is overriden by 
+            remember_me_duration when the remember me box is checked.
           schema:
             type: string
             default: "1h"
             required: true
         - variable: inactivity
           label: "Inactivity Time"
-          description: "The inactivity time in seconds before the session is reset."
+          description: |
+            The period of time the user can be inactive for until the session is destroyed when the remember me box is 
+            not checked or is otherwise disabled. Useful if you want long session timers but don’t want unused devices to be vulnerable.
           schema:
             type: string
             default: "5m"
             required: true
         - variable: remember_me_duration
           label: "Remember-Me duration"
-          description: "The remember me duration"
+          description: |
+            The period of time before the cookie expires and the session is destroyed when the remember me box is checked, a user 
+            selecting this option negates the inactivity timeout. Setting this to -1 disables this feature entirely.
           schema:
             type: string
             default: "5M"
@@ -283,14 +295,18 @@ questions:
             default: 3
         - variable: find_time
           label: "Find Time"
-          description: "The time range during which the user can attempt login before being banned."
+          description: |
+            The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to 
+            2m this means the user must have 3 failed logins in 2 minutes.
           schema:
             type: string
             default: "2m"
             required: true
         - variable: ban_time
           label: "Ban Duration"
-          description: "The length of time before a banned user can login again"
+          description: |
+            The period of time the user is banned for after meeting the max_retries and find_time configuration. 
+            After this duration the account will be able to login again.
           schema:
             type: string
             default: "5m"
@@ -298,7 +314,9 @@ questions:
   - variable: authentication_backend
     group: "App Configuration"
     label: "Authentication Backend Provider"
-    description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to."
+    description: | 
+      Used for verifying user passwords and retrieve information such as email 
+      address and groups users belong to.
     schema:
       additional_attrs: true
       type: dict
@@ -405,14 +423,14 @@ questions:
                       description: "The attribute holding the username of the user"
                       schema:
                         type: string
-                        default: ""
+                        default: "uid"
                         required: true
                     - variable: additional_users_dn
                       label: "Additional Users DN"
                       description: "An additional dn to define the scope to all users."
                       schema:
                         type: string
-                        default: "OU=Users"
+                        default: "OU=people"
                         required: true
                     - variable: users_filter
                       label: "Users Filter"
@@ -440,27 +458,27 @@ questions:
                       description: "The attribute holding the name of the group"
                       schema:
                         type: string
-                        default: ""
+                        default: "cn"
                         required: true
                     - variable: mail_attribute
                       label: "Mail Attribute"
                       description: "The attribute holding the primary mail address of the user"
                       schema:
                         type: string
-                        default: ""
+                        default: "mail"
                         required: true
                     - variable: display_name_attribute
                       label: "Display Name Attribute"
                       description: "he attribute holding the display name of the user. This will be used to greet an authenticated user."
                       schema:
                         type: string
-                        default: ""
+                        default: "displayName"
                     - variable: user
                       label: "Admin User"
                       description: "The username of the admin user used to connect to LDAP."
                       schema:
                         type: string
-                        default: "CN=Authelia,DC=example,DC=com"
+                        default: "CN=admin,ou=people,DC=example,DC=com"
                         required: true
                     - variable: plain_password
                       label: "Password"
@@ -688,10 +706,13 @@ questions:
       attrs:
         - variable: default_policy
           label: "Default Policy"
-          description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'."
+          description: |
+            The default policy defines the policy applied if no rules section apply to the information known about the request. 
+            It is recommended that this is configured to deny for security reasons. Sites which you do not wish to secure at all 
+            with Authelia should not be configured in your reverse proxy to perform authentication with Authelia at all for performance reasons.
           schema:
             type: string
-            default: "two_factor"
+            default: "deny"
             enum:
               - value: "bypass"
                 description: "bypass"
@@ -745,7 +766,7 @@ questions:
                   attrs:
                     - variable: domain
                       label: "Domains"
-                      description: "defines which domain or set of domains the rule applies to."
+                      description: "Defines which domain or set of domains the rule applies to."
                       schema:
                         type: list
                         default: []
@@ -758,7 +779,9 @@ questions:
                               required: true
                     - variable: policy
                       label: "Policy"
-                      description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'."
+                      description: |
+                        The specific policy to apply to the selected rule. This is not criteria for a match, this is the 
+                        action to take when a match is made.
                       schema:
                         type: string
                         default: "two_factor"
@@ -773,7 +796,11 @@ questions:
                             description: "deny"
                     - variable: subject
                       label: "Subject"
-                      description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided"
+                      description: |
+                        This criteria matches identifying characteristics about the subject. Currently this is either 
+                        user or groups the user belongs to. This allows you to effectively control exactly what each user is 
+                        authorized to access or to specifically require two-factor authentication to specific users. Subjects 
+                        are prefixed with either user: or group: to identify which part of the identity to check.
                       schema:
                         type: list
                         default: []
@@ -982,7 +1009,9 @@ questions:
                                         description: "two_factor"
                                 - variable: consent_mode
                                   label: "Consent Mode"
-                                  description: "Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)"
+                                  description: |
+                                    Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or 
+                                    implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)
                                   schema:
                                     type: string
                                     default: "auto"

charts/enterprise/authelia/values.yaml

@@ -1,7 +1,7 @@
 image:
-  repository: tccr.io/truecharts/authelia
+  repository: ghcr.io/authelia/authelia
   pullPolicy: IfNotPresent
-  tag: 4.37.5@sha256:76a4617539534cec140fd98a12f721b878524f2df3a3653f3df8ff2b7eaab586
+  tag: 4.37.5@sha256:25fc5423238b6f3a1fc967fda3f6a9212846aeb4a720327ef61c8ccff52dbbe2
 manifestManager:
   enabled: true
 workload:
@@ -22,40 +22,32 @@ workload:
             liveness:
               type: http
               path: "/api/health"
-
             readiness:
               type: http
               path: "/api/health"
-
             startup:
               type: http
               path: "/api/health"
-
 service:
   main:
     ports:
       main:
         port: 9091
         targetPort: 9091
-
 persistence:
   config:
     enabled: true
     mountPath: "/config"
-
 cnpg:
   main:
     enabled: true
     user: authelia
     database: authelia
-
 # Enabled redis
 # ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
 redis:
   enabled: true
-
 domain: example.com
-
 ##
 ## Server Configuration
 ##
@@ -65,7 +57,6 @@ server:
   ## Default is 9091 and should not need to be changed.
   ##
   port: 9091
-
   ## Buffers usually should be configured to be the same value.
   ## Explanation at https://www.authelia.com/docs/configuration/server.html
   ## Read buffer size adjusts the server's max incoming request size in bytes.
@@ -75,18 +66,14 @@ server:
   ## Set the single level path Authelia listens on.
   ## Must be alphanumeric chars and should not contain any slashes.
   path: ""
-
 log:
   ## Level of verbosity for logs: info, debug, trace.
   level: trace
-
   ## Format the logs are written as: json, text.
   format: text
-
   ## TODO: Statefulness check should check if this is set, and the configMap should enable it.
   ## File path where the logs will be written. If not set logs are written to stdout.
   # file_path: /config/authelia.log
-
 ## Default redirection URL
 ##
 ## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
@@ -99,7 +86,6 @@ default_redirection_url: ""
 # default_redirection_url: https://example.com
 
 theme: light
-
 ##
 ## TOTP Configuration
 ##
@@ -116,7 +102,6 @@ totp:
   ## Warning: before changing skew read the docs link below.
   ## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation.
   skew: 1
-
 ##
 ## Password Policy Config
 ##
@@ -135,7 +120,6 @@ password_policy:
     ## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info
     enabled: false
     min_score: 3
-
 ##
 ## Duo Push API Configuration
 ##
@@ -146,16 +130,13 @@ duo_api:
   hostname: api-123456789.example.com
   integration_key: ABCDEF
   plain_api_key: ""
-
 ## NTP settings
-
 ntp:
   address: "time.cloudflare.com:123"
   version: 4
   max_desync: 3s
   disable_startup_check: false
   disable_failure: true
-
 ##
 ## Authentication Backend Provider Configuration
 ##
@@ -165,7 +146,6 @@ ntp:
 authentication_backend:
   ## Disable both the HTML element and the API for reset password functionality
   disable_reset_password: false
-
   ## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
   ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
   ## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
@@ -174,7 +154,6 @@ authentication_backend:
   ## Duration Notation docs:  https://www.authelia.com/docs/configuration/index.html#duration-notation-format
   ## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
   refresh_interval: 5m
-
   ## LDAP backend configuration.
   ##
   ## This backend allows Authelia to be scaled to more
@@ -183,7 +162,6 @@ authentication_backend:
   ldap:
     ## Enable LDAP Backend.
     enabled: false
-
     ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
     ## Acceptable options are as follows:
     ## - 'activedirectory' - For Microsoft Active Directory.
@@ -194,32 +172,24 @@ authentication_backend:
     ## attribute mappings have a default value that this config overrides, you can read more about these default values
     ## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
     implementation: activedirectory
-
     ## The url to the ldap server. Format: <scheme>://<address>[:<port>].
     ## Scheme can be ldap or ldaps in the format (port optional).
     url: ldap://openldap.default.svc.cluster.local
-
     ## Connection Timeout.
     timeout: 5s
-
     ## Use StartTLS with the LDAP connection.
     start_tls: false
-
     tls:
       ## Server Name for certificate validation (in case it's not set correctly in the URL).
       server_name: ""
-
       ## Skip verifying the server certificate (to allow a self-signed certificate).
       ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
       ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
       skip_verify: false
-
       ## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
       minimum_version: TLS1.2
-
     ## The base dn for every LDAP query.
     base_dn: DC=example,DC=com
-
     ## The attribute holding the username of the user. This attribute is used to populate the username in the session
     ## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
     ## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
@@ -228,11 +198,9 @@ authentication_backend:
     ## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also
     ## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
     ## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
-    username_attribute: ""
-
+    username_attribute: "uid"
     ## An additional dn to define the scope to all users.
     additional_users_dn: OU=Users
-
     ## The users filter used in search queries to find the user profile based on input filled in login form.
     ## Various placeholders are available in the user filter:
     ## - {input} is a placeholder replaced by what the user inputs in the login form.
@@ -250,10 +218,8 @@ authentication_backend:
     ## To allow sign in both with username and email, one can use a filter like
     ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
     users_filter: ""
-
     ## An additional dn to define the scope of groups.
     additional_groups_dn: OU=Groups
-
     ## The groups filter used in search queries to find the groups of the user.
     ## - {input} is a placeholder replaced by what the user inputs in the login form.
     ## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
@@ -268,21 +234,16 @@ authentication_backend:
     ## If your groups use the `groupOfUniqueNames` structure use this instead:
     ##    (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
     groups_filter: ""
-
     ## The attribute holding the name of the group
-    group_name_attribute: ""
-
+    group_name_attribute: "cn"
     ## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
     ## first one returned by the LDAP server is used.
-    mail_attribute: ""
-
+    mail_attribute: "mail"
     ## The attribute holding the display name of the user. This will be used to greet an authenticated user.
-    display_name_attribute: ""
-
+    display_name_attribute: "displayname"
     ## The username of the admin user.
-    user: CN=Authelia,DC=example,DC=com
+    user: CN=admin,DC=example,DC=com
     plain_password: ""
-
   ##
   ## File (Authentication Provider)
   ##
@@ -305,7 +266,6 @@ authentication_backend:
       salt_length: 16
       memory: 1024
       parallelism: 8
-
 ##
 ## Access Control Configuration
 ##
@@ -337,7 +297,6 @@ access_control:
   ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
   ## resource if there is no policy to be applied to the user.
   default_policy: deny
-
   networks: []
   # networks:
   # - name: private
@@ -392,7 +351,6 @@ access_control:
   #   policy: two_factor
   # - domain: "{user}.example.com"
   #   policy: bypass
-
 ##
 ## Session Provider Configuration
 ##
@@ -401,24 +359,19 @@ access_control:
 session:
   ## The name of the session cookie. (default: authelia_session).
   name: authelia_session
-
   ## Sets the Cookie SameSite value. Possible options are none, lax, or strict.
   ## Please read https://www.authelia.com/docs/configuration/session.html#same_site
   same_site: lax
-
   ## The time in seconds before the cookie expires and session is reset.
   expiration: 1h
-
   ## The inactivity time in seconds before the session is reset.
   inactivity: 5m
-
   ## The remember me duration.
   ## Value is in seconds, or duration notation. Value of 0 disables remember me.
   ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
   ## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to
   ## spy or attack. Currently the default is 1M or 1 month.
   remember_me_duration: 1M
-
 ##
 ## Redis Provider
 ##
@@ -427,35 +380,26 @@ session:
 ## The redis connection details
 redisProvider:
   port: 6379
-
   ## Optional username to be used with authentication.
   # username: authelia
   username: ""
-
   ## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
   database_index: 0
-
   ## The maximum number of concurrent active connections to Redis.
   maximum_active_connections: 8
-
   ## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
   minimum_idle_connections: 0
-
   ## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
   tls:
     enabled: false
-
     ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
     server_name: ""
-
     ## Skip verifying the server certificate (to allow a self-signed certificate).
     ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
     ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
     skip_verify: false
-
     ## Minimum TLS version for the connection.
     minimum_version: TLS1.2
-
   ## The Redis HA configuration options.
   ## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
   high_availability:
@@ -463,7 +407,6 @@ redisProvider:
     enabledSecret: false
     ## Sentinel Name / Master Name
     sentinel_name: mysentinel
-
     ## The additional nodes to pre-seed the redis provider with (for sentinel).
     ## If the host in the above section is defined, it will be combined with this list to connect to sentinel.
     ## For high availability to be used you must have either defined; the host above or at least one node below.
@@ -476,10 +419,8 @@ redisProvider:
 
     ## Choose the host with the lowest latency.
     route_by_latency: false
-
     ## Choose the host randomly.
     route_randomly: false
-
 ##
 ## Regulation Configuration
 ##
@@ -488,16 +429,13 @@ redisProvider:
 regulation:
   ## The number of failed login attempts before user is banned. Set it to 0 to disable regulation.
   max_retries: 3
-
   ## The time range during which the user can attempt login before being banned. The user is banned if the
   ## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation.
   ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
   find_time: 2m
-
   ## The length of time before a banned user can login again. Ban Time accepts duration notation.
   ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
   ban_time: 5m
-
 ##
 ## Storage Provider Configuration
 ##
@@ -512,7 +450,6 @@ storage:
     username: authelia
     sslmode: disable
     timeout: 5s
-
 ##
 ## Notification Provider
 ##
@@ -522,7 +459,6 @@ storage:
 notifier:
   ## You can disable the notifier startup check by setting this to true.
   disable_startup_check: false
-
   ##
   ## File System (Notification Provider)
   ##
@@ -531,7 +467,6 @@ notifier:
   filesystem:
     enabled: true
     filename: /config/notification.txt
-
   ##
   ## SMTP (Notification Provider)
   ##
@@ -561,91 +496,82 @@ notifier:
     startup_check_address: test@authelia.com
     disable_require_tls: false
     disable_html_emails: false
-
     tls:
       ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
       server_name: ""
-
       ## Skip verifying the server certificate (to allow a self-signed certificate).
       ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
       ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
       skip_verify: false
-
       ## Minimum TLS version for either StartTLS or SMTPS.
       minimum_version: TLS1.2
-
 identity_providers:
   oidc:
     ## Enables this in the config map. Currently in beta stage.
     ## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap
     enabled: false
-
     access_token_lifespan: 1h
     authorize_code_lifespan: 1m
     id_token_lifespan: 1h
     refresh_token_lifespan: 90m
-
     enable_client_debug_messages: false
-
     ## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for
     ## security reasons.
     minimum_parameter_entropy: 8
-
     clients: []
     # clients:
     # -
     ## The ID is the OpenID Connect ClientID which is used to link an application to a configuration.
     # id: myapp
+## The description to show to users when they end up on the consent screen. Defaults to the ID above.
+# description: My Application
 
-    ## The description to show to users when they end up on the consent screen. Defaults to the ID above.
-    # description: My Application
+## The client secret is a shared secret between Authelia and the consumer of this client.
+# secret: apple123
 
-    ## The client secret is a shared secret between Authelia and the consumer of this client.
-    # secret: apple123
+## Sets the client to public. This should typically not be set, please see the documentation for usage.
+# public: false
 
-    ## Sets the client to public. This should typically not be set, please see the documentation for usage.
-    # public: false
+## The policy to require for this client; one_factor or two_factor.
+# authorization_policy: two_factor
 
-    ## The policy to require for this client; one_factor or two_factor.
-    # authorization_policy: two_factor
+## Configures the consent mode; auto, explicit or implicit
+# consent_mode: auto
 
-    ## Configures the consent mode; auto, explicit or implicit
-    # consent_mode: auto
+## Audience this client is allowed to request.
+# audience: []
 
-    ## Audience this client is allowed to request.
-    # audience: []
+## Scopes this client is allowed to request.
+# scopes:
+#   - openid
+#   - profile
+#   - email
+#   - groups
 
-    ## Scopes this client is allowed to request.
-    # scopes:
-    #   - openid
-    #   - profile
-    #   - email
-    #   - groups
+## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
+# redirect_uris:
+#   - https://oidc.example.com/oauth2/callback
 
-    ## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
-    # redirect_uris:
-    #   - https://oidc.example.com/oauth2/callback
+## Grant Types configures which grants this client can obtain.
+## It's not recommended to configure this unless you know what you're doing.
+# grant_types:
+#   - refresh_token
+#   - authorization_code
 
-    ## Grant Types configures which grants this client can obtain.
-    ## It's not recommended to configure this unless you know what you're doing.
-    # grant_types:
-    #   - refresh_token
-    #   - authorization_code
+## Response Types configures which responses this client can be sent.
+## It's not recommended to configure this unless you know what you're doing.
+# response_types:
+#   - code
 
-    ## Response Types configures which responses this client can be sent.
-    ## It's not recommended to configure this unless you know what you're doing.
-    # response_types:
-    #   - code
+## Response Modes configures which response modes this client supports.
+## It's not recommended to configure this unless you know what you're doing.
+# response_modes:
+#   - form_post
+#   - query
+#   - fragment
 
-    ## Response Modes configures which response modes this client supports.
-    ## It's not recommended to configure this unless you know what you're doing.
-    # response_modes:
-    #   - form_post
-    #   - query
-    #   - fragment
-
-    ## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
-    # userinfo_signing_algorithm: none
+## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
+# userinfo_signing_algorithm: none
 
 portal:
   open:

charts/enterprise/blocky/Chart.yaml

@@ -7,7 +7,7 @@ dependencies:
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 8.0.43
+    version: 8.0.44
 description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go
 home: https://truecharts.org/charts/enterprise/blocky
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png
@@ -25,7 +25,7 @@ sources:
   - https://0xerr0r.github.io/blocky/
   - https://github.com/0xERR0R/blocky
   - https://github.com/Mozart409/blocky-frontend
-version: 9.0.8
+version: 9.0.10
 annotations:
   truecharts.org/category: network
   truecharts.org/SCALE-support: "true"

charts/enterprise/blocky/values.yaml

@@ -1,8 +1,7 @@
 image:
-  repository: tccr.io/truecharts/blocky
-  tag: v0.22.0@sha256:385055de8ad0b9074d2057d054768d649b8289c5dd566367e0b6289ba5d661a4
+  repository: spx01/blocky
+  tag: v0.22@sha256:7def473b1b553b730dd38ba0bc436fc732193c15d35681aa0b0eb962dd6350aa
   pullPolicy: IfNotPresent
-
 k8sgatewayImage:
   repository: tccr.io/truecharts/k8s_gateway
   pullPolicy: IfNotPresent
@@ -35,7 +34,6 @@ workload:
               command:
                 - /app/blocky
                 - healthcheck
-
 # -- Blocky Config File content
 blockyConfig: {}
 # upstream:
@@ -46,7 +44,6 @@ blockyConfig: {}
 blocky:
   # -- Enable prometheus annotations
   enablePrometheus: true
-
 service:
   main:
     enabled: true
@@ -95,7 +92,6 @@ service:
         port: 5353
         protocol: udp
         targetPort: 5353
-
 ## TODO Add support for SCALE certificates and certificates secrets here
 certFile: ""
 keyFile: ""
@@ -105,7 +101,6 @@ logTimestamp: true
 logPrivacy: false
 dohUserAgent: ""
 minTlsServeVersion: 1.2
-
 # -- set the default DNS upstream servers
 # Primarily designed for inclusion in the TrueNAS SCALE GUI
 defaultUpstreams:
@@ -125,13 +120,12 @@ defaultUpstreams:
   - 76.223.122.150
   - 76.76.2.0
   - 76.76.10.0
-
 # -- set additional upstreams
 # Primarily designed for inclusion in the TrueNAS SCALE GUI
 upstreams:
-  #  - name: group2
-  #    dnsservers:
-  #      - 1.1.1.1
+#  - name: group2
+#    dnsservers:
+#      - 1.1.1.1
 
 # -- set bootstrap dns (not needed)
 # Ensures bootstrap encryption and ensure it doesn't use k8s dns
@@ -140,18 +134,15 @@ bootstrapDns:
   upstream: ""
   # -- IP's linked to upstream DoT/DoH DNS name
   ips: []
-
 # -- set additional bootstrap dns (not needed, only used if bootstrapDns is set)
-additionalBootstrapDns:
-  []
-  # - upstream: ""
-  #   ips: []
+additionalBootstrapDns: []
+# - upstream: ""
+#   ips: []
 
 # -- Return empty answer for these queries
 filtering:
   # -- Ensures filtering by query type
   queryTypes: []
-
 # -- Set manual custom DNS resolution
 customDNS:
   customTTL: 1h
@@ -162,7 +153,6 @@ customDNS:
   mapping: []
   # - domain: something.com
   #   dnsserver: 192.168.178.1
-
 # -- Setup client-name lookup
 clientLookup:
   # -- upstream used for client-name lookup
@@ -171,7 +161,6 @@ clientLookup:
   clients:
   # - domain: laptop
   #   ips: []
-
 # -- Setup caching
 caching:
   minTime: 5m
@@ -182,7 +171,6 @@ caching:
   prefetchThreshold: 5
   prefetchMaxItemsCount: 0
   cacheTimeNegative: 30m
-
 # -- set conditional settings
 # Primarily designed for inclusion in the TrueNAS SCALE GUI
 conditional:
@@ -192,7 +180,6 @@ conditional:
   mapping: []
   # - domain: something.com
   #   dnsserver: 192.168.178.1
-
 # -- set blocking settings using Lists
 # Primarily designed for inclusion in the TrueNAS SCALE GUI
 blocking:
@@ -231,7 +218,6 @@ blocking:
   # - name: default
   #   groups:
   #     - ads
-
 # -- configure using hostsfile for lookups
 # Allows for using the hosts configured in kubernetes and such
 hostsFile:
@@ -239,7 +225,6 @@ hostsFile:
   filePath: /etc/hosts
   hostsTTL: 60m
   refreshPeriod: 30m
-
 ## TODO: add this with postgresql support as well
 # queryLog:
 #   type: csv
@@ -247,20 +232,16 @@ hostsFile:
 #   logRetentionDays: 0
 #   creationAttempts: 3
 #   CreationCooldown: 2
-
 podOptions:
   automountServiceAccountToken: true
-
 portal:
   open:
     enabled: false
-
 serviceAccount:
   main:
     # -- Specifies whether a service account should be created
     enabled: true
     primary: true
-
 # -- Create a ClusterRole and ClusterRoleBinding
 # @default -- See below
 rbac:
@@ -287,21 +268,16 @@ rbac:
         verbs:
           - list
           - watch
-
 k8sgateway:
   enabled: true
   # -- TTL for non-apex responses (in seconds)
   ttl: 300
-
   # -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
   watchedResources: []
-
   # -- Service name of a secondary DNS server (should be `serviceName.namespace`)
   secondary: ""
-
   # -- Override the default `serviceName.namespace` domain apex
   apex: ""
-
   # -- list of processed domains
   domains: []
   # -- Delegated domain
@@ -320,7 +296,6 @@ k8sgateway:
     options:
       - name: tls_servername
         value: cloudflare-dns.com
-
 metrics:
   main:
     # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@@ -330,7 +305,6 @@ metrics:
     endpoints:
       - port: main
         path: /metrics
-
     # -- Enable and configure Prometheus Rules for the chart under this key.
     # @default -- See values.yaml
     prometheusRule:
@@ -338,21 +312,18 @@ metrics:
       labels: {}
       # -- Configure additionial rules for the chart under this key.
       # @default -- See prometheusrules.yaml
-      rules:
-        []
-        # - alert: UnifiPollerAbsent
-        #   annotations:
-        #     description: Unifi Poller has disappeared from Prometheus service discovery.
-        #     summary: Unifi Poller is down.
-        #   expr: |
-        #     absent(up{job=~".*unifi-poller.*"} == 1)
-        #   for: 5m
-        #   labels:
-        #     severity: critical
-
+      rules: []
+      # - alert: UnifiPollerAbsent
+      #   annotations:
+      #     description: Unifi Poller has disappeared from Prometheus service discovery.
+      #     summary: Unifi Poller is down.
+      #   expr: |
+      #     absent(up{job=~".*unifi-poller.*"} == 1)
+      #   for: 5m
+      #   labels:
+      #     severity: critical
 redis:
   enabled: true
-
 # CANNOT be defined in above yaml section
 queryLog:
   # optional one of: mysql, postgresql, csv, csv-client. If empty, log to console
@@ -366,7 +337,6 @@ queryLog:
   creationAttempts: 3
   # optional: Time between the creation attempts, default: 2s
   creationCooldown: 2s
-
 cnpg:
   main:
     enabled: false

charts/enterprise/clusterissuer/Chart.yaml

@@ -21,7 +21,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer
   - https://cert-manager.io/
 type: application
-version: 4.2.9
+version: 4.2.10
 annotations:
   truecharts.org/category: core
   truecharts.org/SCALE-support: "true"

charts/enterprise/clusterissuer/values.yaml

@@ -1,6 +1,6 @@
 image:
-  repository: tccr.io/truecharts/scratch
-  tag: latest@sha256:7f821eeb99d04ac248c47f79cfbcc2482651fea48aff9ec5d2ba0ba34f1f5531
+  repository: hello-world
+  tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
   pullPolicy: IfNotPresent
 manifestManager:
   enabled: true
@@ -18,7 +18,6 @@ workload:
               enabled: false
             startup:
               enabled: false
-
 service:
   main:
     enabled: false
@@ -26,18 +25,15 @@ service:
       main:
         enabled: false
         port: 9999
-
 portal:
   open:
     enabled: false
-
 operator:
   verify:
     additionalOperators:
       - cert-manager
     enabled: true
     failOnError: false
-
 clusterIssuer:
   selfSigned:
     enabled: true

charts/enterprise/external-dns/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: "0.13.6"
+appVersion: "0.14.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
@@ -22,7 +22,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/enterprise/external-dns
   - https://github.com/kubernetes-sigs/external-dns
 type: application
-version: 1.0.3
+version: 1.0.5
 annotations:
   truecharts.org/category: networking
   truecharts.org/SCALE-support: "true"

charts/enterprise/external-dns/templates/_args.tpl

@@ -3,7 +3,7 @@ args:
   {{- with .Values.externaldns.provider }}
   - --provider={{ . }}
   {{- end -}}
-  {{- with .Values.externaldns.zoneidFilters }}
+  {{- range .Values.externaldns.zoneidFilters }}
   - --zone-id-filter={{ . }}
   {{- end -}}
   {{- with .Values.externaldns.cloudflareProxied }}
@@ -36,11 +36,9 @@ args:
   {{- if .Values.externaldns.namespaced }}
   - --namespace={{ include "tc.v1.common.lib.metadata.namespace" (dict "caller" "External-DNS" "rootCtx" $ "objectData" .Values) }}
   {{- end -}}
-  {{- with .Values.externaldns.domainFilter }}
-  {{- range . -}}
+  {{- range .Values.externaldns.domainFilters }}
   - --domain-filter={{ . }}
   {{- end -}}
-  {{- end -}}
   {{- with .Values.externaldns.piholeServer }}
   - --pihole-server={{ . }}
   {{- end -}}

charts/enterprise/external-dns/values.yaml

@@ -1,8 +1,7 @@
 image:
-  repository: tccr.io/truecharts/external-dns
+  repository: registry.k8s.io/external-dns/external-dns
   pullPolicy: IfNotPresent
-  tag: v0.13.6@sha256:78c942addf7fbc79c384e55bed9a886706c748d744cedf6214d4a50dd7b76d54
-
+  tag: v0.14.0@sha256:474077b3dfccb3021db0a6638274967d0f64ce60dd9730a6f464bee2f78b046f
 externaldns:
   logLevel: "info"
   logFormat: "text"
@@ -22,7 +21,6 @@ externaldns:
   txtOwnerId: ""
   txtPrefix: ""
   txtSuffix: ""
-
 service:
   main:
     ports:
@@ -30,7 +28,6 @@ service:
         protocol: http
         targetPort: 7979
         port: 7979
-
 workload:
   main:
     podSpec:
@@ -55,7 +52,6 @@ workload:
             OVH_CONSUMER_KEY: ""
             SCW_ACCESS_KEY: ""
             SCW_SECRET_KEY: ""
-
 # -- Whether Role Based Access Control objects like roles and rolebindings should be created
 rbac:
   main:
@@ -65,87 +61,83 @@ rbac:
     rules:
       - apiGroups: [""]
         resources: ["nodes"]
-        verbs: ["list","watch"]
+        verbs: ["list", "watch"]
       - apiGroups: [""]
         resources: ["pods"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: [""]
-        resources: ["services","endpoints"]
-        verbs: ["get","watch","list"]
-      - apiGroups: ["extensions","networking.k8s.io"]
+        resources: ["services", "endpoints"]
+        verbs: ["get", "watch", "list"]
+      - apiGroups: ["extensions", "networking.k8s.io"]
         resources: ["ingresses"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["networking.istio.io"]
         resources: ["gateways"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["networking.istio.io"]
         resources: ["virtualservices"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["getambassador.io"]
-        resources: ["hosts","ingresses"]
-        verbs: ["get","watch","list"]
+        resources: ["hosts", "ingresses"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["projectcontour.io"]
         resources: ["httpproxies"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["externaldns.k8s.io"]
         resources: ["dnsendpoints"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["externaldns.k8s.io"]
         resources: ["dnsendpoints/status"]
         verbs: ["*"]
       - apiGroups: ["gateway.networking.k8s.io"]
         resources: ["gateways"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["gateway.networking.k8s.io"]
         resources: ["httproutes"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: [""]
         resources: ["namespaces"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["gateway.networking.k8s.io"]
         resources: ["grpcroutes"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["gateway.networking.k8s.io"]
         resources: ["tlsroutes"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["gateway.networking.k8s.io"]
         resources: ["tcproutes"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["gateway.networking.k8s.io"]
         resources: ["udproutes"]
-        verbs: ["get","watch","list"]
-      - apiGroups: ["gloo.solo.io","gateway.solo.io"]
-        resources: ["proxies","virtualservices"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
+      - apiGroups: ["gloo.solo.io", "gateway.solo.io"]
+        resources: ["proxies", "virtualservices"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["configuration.konghq.com"]
         resources: ["tcpingresses"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["traefik.containo.us", "traefik.io"]
         resources: ["ingressroutes", "ingressroutetcps", "ingressrouteudps"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["route.openshift.io"]
         resources: ["routes"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["zalando.org"]
         resources: ["routegroups"]
-        verbs: ["get","watch","list"]
+        verbs: ["get", "watch", "list"]
       - apiGroups: ["zalando.org"]
         resources: ["routegroups/status"]
-        verbs: ["patch","update"]
+        verbs: ["patch", "update"]
       - apiGroups: ["cis.f5.com"]
         resources: ["virtualservers"]
-        verbs: ["get","watch","list"]
-
-
+        verbs: ["get", "watch", "list"]
 # -- The service account the pods will use to interact with the Kubernetes API
 serviceAccount:
   main:
     enabled: true
     primary: true
-
 podOptions:
   automountServiceAccountToken: true
-
 portal:
   open:
     enabled: false

charts/enterprise/grafana/Chart.yaml

@@ -24,7 +24,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-grafana
   - https://grafana.com/
 type: application
-version: 9.0.38
+version: 9.0.39
 annotations:
   truecharts.org/category: metrics
   truecharts.org/SCALE-support: "true"

charts/enterprise/grafana/values.yaml

@@ -1,13 +1,12 @@
 image:
-  repository: tccr.io/truecharts/grafana
+  repository: bitnami/grafana
   pullPolicy: IfNotPresent
-  tag: v10.2.0@sha256:144e75d84d82a526ed804b253f91bea02fad28dac1e66e7a662f6dd985a64f7b
+  tag: 10.2.0@sha256:c488457595e458d4718c3748f106d9b331ca637a84b3f5ff07fdcc1dacaab646
 manifestManager:
   enabled: true
 securityContext:
   container:
     readOnlyRootFilesystem: false
-
 service:
   main:
     ports:
@@ -15,7 +14,6 @@ service:
         protocol: http
         targetPort: 3000
         port: 10038
-
 workload:
   main:
     replicas: 2
@@ -38,13 +36,10 @@ workload:
           probes:
             liveness:
               path: "/api/health"
-
             readiness:
               path: "/api/health"
-
             startup:
               path: "/api/health"
-
 persistence:
   config:
     enabled: true
@@ -53,7 +48,6 @@ persistence:
     enabled: true
     type: emptyDir
     mountPath: /opt/bitnami/grafana/tmp
-
 metrics:
   main:
     # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@@ -70,18 +64,16 @@ metrics:
       labels: {}
       # -- Configure additionial rules for the chart under this key.
       # @default -- See prometheusrules.yaml
-      rules:
-        []
-        # - alert: UnifiPollerAbsent
-        #   annotations:
-        #     description: Unifi Poller has disappeared from Prometheus service discovery.
-        #     summary: Unifi Poller is down.
-        #   expr: |
-        #     absent(up{job=~".*unifi-poller.*"} == 1)
-        #   for: 5m
-        #   labels:
-        #     severity: critical
-
+      rules: []
+      # - alert: UnifiPollerAbsent
+      #   annotations:
+      #     description: Unifi Poller has disappeared from Prometheus service discovery.
+      #     summary: Unifi Poller is down.
+      #   expr: |
+      #     absent(up{job=~".*unifi-poller.*"} == 1)
+      #   for: 5m
+      #   labels:
+      #     severity: critical
 portal:
   open:
     enabled: true

charts/enterprise/kubernetes-reflector/Chart.yaml

@@ -24,7 +24,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/enterprise/kubernetes-reflector
   - https://github.com/emberstack/kubernetes-reflector
 type: application
-version: 1.0.5
+version: 1.0.6
 annotations:
   truecharts.org/category: operators
   truecharts.org/SCALE-support: "true"

charts/enterprise/kubernetes-reflector/values.yaml

@@ -1,15 +1,12 @@
 image:
-  repository: tccr.io/truecharts/kubernetes-reflector
+  repository: docker.io/emberstack/kubernetes-reflector
   pullPolicy: IfNotPresent
-  tag: v7.1.217@sha256:4ca9ce8c04441786ba0d343b3e5bfe9c638ac8efcc25aba0aaff3c6fb2363b5f
-
+  tag: build-7.1.217@sha256:982b8fc714349abe480a6864f3c3fce8e8801fd5068fac6add5b22ed32efc033
 operator:
   register: true
-
 portal:
   open:
     enabled: false
-
 rbac:
   main:
     enabled: true
@@ -36,16 +33,12 @@ rbac:
         verbs:
           - "watch"
           - "list"
-
 serviceAccount:
   main:
     enabled: true
     primary: true
-
-
 kubernetesReflector:
   logLevel: Information
-
 workload:
   main:
     podSpec:
@@ -72,7 +65,6 @@ workload:
               type: http
               path: /healthz
               port: 25080
-
 service:
   main:
     enabled: false

charts/enterprise/metallb-config/Chart.yaml

@@ -22,7 +22,7 @@ sources:
   - https://github.com/metallb/metallb
   - https://metallb.universe.tf
 type: application
-version: 3.0.10
+version: 3.0.11
 annotations:
   truecharts.org/category: core
   truecharts.org/SCALE-support: "true"

charts/enterprise/metallb-config/values.yaml

@@ -1,6 +1,6 @@
 image:
-  repository: tccr.io/truecharts/scratch
-  tag: latest@sha256:7f821eeb99d04ac248c47f79cfbcc2482651fea48aff9ec5d2ba0ba34f1f5531
+  repository: hello-world
+  tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
   pullPolicy: IfNotPresent
 manifestManager:
   enabled: false
@@ -18,7 +18,6 @@ workload:
               enabled: false
             startup:
               enabled: false
-
 service:
   main:
     enabled: false
@@ -26,16 +25,13 @@ service:
       main:
         enabled: false
         port: 9999
-
 operator:
   verify:
     enabled: true
     additionalOperators: ["metallb"]
-
 portal:
   open:
     enabled: false
-
 ipAddressPools: []
 #   - name: example
 #     autoAssign: true

charts/enterprise/prometheus/Chart.yaml

@@ -7,11 +7,11 @@ dependencies:
   - condition: exporters.enabled,exporters.node-exporter.enabled
     name: node-exporter
     repository: https://deps.truecharts.org
-    version: 3.0.38
+    version: 3.0.40
   - condition: exporters.enabled,exporters.kube-state-metrics.enabled
     name: kube-state-metrics
     repository: https://deps.truecharts.org
-    version: 3.0.36
+    version: 3.0.38
 deprecated: false
 description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png
@@ -29,7 +29,7 @@ sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
 type: application
-version: 13.0.17
+version: 13.0.20
 annotations:
   truecharts.org/category: metrics
   truecharts.org/SCALE-support: "true"

charts/enterprise/prometheus/values.yaml

@@ -1,15 +1,12 @@
 image:
-  repository: tccr.io/truecharts/prometheus
-  tag: v2.47.2@sha256:609ae6b1d62ee388d8dd552430985bbb332984b6aaa5df5dc62605dfe1f2e035
-
+  repository: bitnami/prometheus
+  tag: 2.47.2@sha256:e04c2d5d5cc86aa4f59b8cc645ef51ca81c70ed7a7abfa1aaafaaa7e868b44ad
 thanosImage:
   repository: tccr.io/truecharts/thanos
   tag: v0.32.5@sha256:4cea5ca36f1567993344c3375b9a80d8073dbc8d530656644d36c90683f96464
-
 alertmanagerImage:
   repository: tccr.io/truecharts/alertmanager
   tag: v0.26.0@sha256:f0bbf30d4901be33855b0fb4b71e3d7410b872a33b9d08cd2d7ed576505e40a8
-
 global:
   labels: {}
 workload:
@@ -26,7 +23,6 @@ workload:
               enabled: false
             startup:
               enabled: false
-
 service:
   main:
     selectorLabels:
@@ -59,7 +55,6 @@ service:
         port: 10901
         targetPort: 10901
         protocol: http
-
 ingress:
   main:
     enabled: false
@@ -67,20 +62,16 @@ ingress:
     enabled: false
   thanos:
     enabled: false
-
 ####
 ## Operator Config
 ####
-
 env:
   PROMETHEUS_CONFIG_RELOADER:
     configMapKeyRef:
       name: prometheus-operator-config
       key: prometheus-config-reloader
-
 podOptions:
   automountServiceAccountToken: true
-
 rbac:
   main:
     enabled: true
@@ -178,16 +169,13 @@ rbac:
           - get
           - list
           - watch
-
 # -- The service account the pods will use to interact with the Kubernetes API
 serviceAccount:
   main:
     enabled: true
     primary: true
-
 securityContext:
   readOnlyRootFilesystem: false
-
 probes:
   # -- Liveness probe configuration
   # @default -- See below
@@ -198,7 +186,6 @@ probes:
         path: "/metrics"
         port: promop
         scheme: HTTP
-
   # -- Redainess probe configuration
   # @default -- See below
   readiness:
@@ -208,7 +195,6 @@ probes:
         path: "/metrics"
         port: promop
         scheme: HTTP
-
   # -- Startup probe configuration
   # @default -- See below
   startup:
@@ -218,7 +204,6 @@ probes:
         path: "/metrics"
         port: promop
         scheme: HTTP
-
 operator:
   ## Create a servicemonitor for the operator
   ##
@@ -238,7 +223,6 @@ operator:
     ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
     ##
     relabelings: []
-
   ## Prometheus Configmap-reload image to use for reloading configmaps
   ## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus-operator/tags/)
   ##
@@ -251,7 +235,6 @@ operator:
       capabilities:
         drop:
           - ALL
-
     livenessProbe:
       enabled: true
       initialDelaySeconds: 10
@@ -259,7 +242,6 @@ operator:
       timeoutSeconds: 5
       failureThreshold: 6
       successThreshold: 1
-
     readinessProbe:
       enabled: true
       initialDelaySeconds: 15
@@ -267,7 +249,6 @@ operator:
       timeoutSeconds: 5
       failureThreshold: 6
       successThreshold: 1
-
 ####
 ## Prometheus Config (Spawned by Operator)
 ####
@@ -326,7 +307,6 @@ prometheus:
     capabilities:
       drop:
         - ALL
-
   serviceMonitor:
     ## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself
     ##
@@ -842,7 +822,6 @@ prometheus:
   ## @param prometheus.portName Port name used for the pods and governing service. This defaults to web
   ##
   portName: main
-
 ####
 ## Alert Manager Config
 ####
@@ -1120,7 +1099,6 @@ alertmanager:
   ## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {}
   ##
   configSelector: {}
-
 ####
 ## Exporters
 ####
@@ -1138,14 +1116,12 @@ exporters:
     ## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics
     ##
     enabled: true
-
 ## @param kube-state-metrics [object] Node Exporter deployment configuration
 ##
 kube-state-metrics:
   serviceMonitor:
     enabled: true
     honorLabels: true
-
 ## Component scraping for kubelet and kubelet hosted cAdvisor
 ##
 kubelet:
@@ -1361,7 +1337,6 @@ kubeProxy:
   ## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service
   ##
   enabled: false
-
 portal:
   open:
     enabled: true

charts/enterprise/traefik/Chart.yaml

@@ -23,7 +23,7 @@ sources:
   - https://github.com/traefik/traefik-helm-chart
   - https://traefik.io/
 type: application
-version: 21.1.7
+version: 21.1.8
 annotations:
   truecharts.org/category: network
   truecharts.org/SCALE-support: "true"

charts/enterprise/traefik/values.yaml

@@ -1,6 +1,6 @@
 image:
-  repository: tccr.io/truecharts/traefik
-  tag: v2.10.5@sha256:b277733b5b8d7f9d2761813d97e161c1f64ec77960f9c06adde13868efbc8dce
+  repository: traefik
+  tag: v2.10.5@sha256:948978f7ec62f137a79f8af7044a1785bd7868706ef2c8cba9c88db688d08661
   pullPolicy: IfNotPresent
 manifestManager:
   enabled: true
@@ -22,7 +22,6 @@ workload:
               # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
               # @default -- "/"
               # path: "/ping"
-
             # -- Readiness probe configuration
             # @default -- See below
             readiness:
@@ -32,7 +31,6 @@ workload:
               # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
               # @default -- "/"
               # path: "/ping"
-
             # -- Startup probe configuration
             # @default -- See below
             startup:
@@ -42,15 +40,12 @@ workload:
               # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
               # @default -- "/"
               # path: "/ping"
-
 # -- Options for all pods
 # Can be overruled per pod
 podOptions:
   automountServiceAccountToken: true
-
 operator:
   register: true
-
 # -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
 ingressClass:
   # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
@@ -58,7 +53,6 @@ ingressClass:
   isDefaultClass: false
   # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
   fallbackApiVersion: ""
-
 # -- Create an IngressRoute for the dashboard
 ingressRoute:
   dashboard:
@@ -72,22 +66,19 @@ ingressRoute:
 providers:
   kubernetesCRD:
     enabled: true
-    namespaces:
-      []
-      # - "default"
+    namespaces: []
+    # - "default"
   kubernetesIngress:
     enabled: true
     # labelSelector: environment=production,method=traefik
-    namespaces:
-      []
-      # - "default"
+    namespaces: []
+    # - "default"
     # IP used for Kubernetes Ingress endpoints
     publishedService:
       enabled: true
       # Published Kubernetes Service to copy status from. Format: namespace/servicename
       # By default this Traefik service
       # pathOverride: ""
-
 # -- Logs
 # https://docs.traefik.io/observability/logs/
 logs:
@@ -105,31 +96,27 @@ logs:
     # them to the selected output. In some cases, this option can greatly help performances.
     # bufferingSize: 100
     # Filtering https://docs.traefik.io/observability/access-logs/#filtering
-    filters:
-      {}
-      # statuscodes: "200,300-302"
-      # retryattempts: true
-      # minduration: 10ms
+    filters: {}
+    # statuscodes: "200,300-302"
+    # retryattempts: true
+    # minduration: 10ms
     # Fields
     # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
     fields:
       general:
         defaultmode: keep
-        names:
-          {}
-          # Examples:
-          # ClientUsername: drop
+        names: {}
+        # Examples:
+        # ClientUsername: drop
       headers:
         defaultmode: drop
-        names:
-          {}
-          # Examples:
-          # User-Agent: redact
-          # Authorization: drop
-          # Content-Type: keep
+        names: {}
+        # Examples:
+        # User-Agent: redact
+        # Authorization: drop
+        # Content-Type: keep
     # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
     format: common
-
 metrics:
   main:
     enabled: false
@@ -138,10 +125,8 @@ metrics:
       - port: metrics
         path: /metrics
     targetSelector: metrics
-
 globalArguments:
   - "--global.checknewversion"
-
 ##
 # -- Additional arguments to be passed at Traefik's binary
 # All available options available on https://docs.traefik.io/reference/static-configuration/cli/
@@ -149,7 +134,6 @@ globalArguments:
 additionalArguments:
   - "--serverstransport.insecureskipverify=true"
   - "--providers.kubernetesingress.allowexternalnameservices=true"
-
 # -- TLS Options to be created as TLSOption CRDs
 # https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
 # Example:
@@ -167,7 +151,6 @@ tlsOptions:
       - TLS_AES_128_GCM_SHA256
       - TLS_AES_256_GCM_SHA384
       - TLS_CHACHA20_POLY1305_SHA256
-
 # -- Options for the main traefik service, where the entrypoints traffic comes from
 # from.
 service:
@@ -258,7 +241,6 @@ service:
           enabled: false
   # udp:
   #   enabled: false
-
 # -- Whether Role Based Access Control objects like roles and rolebindings should be created
 rbac:
   main:
@@ -310,13 +292,11 @@ rbac:
           - get
           - list
           - watch
-
 # -- The service account the pods will use to interact with the Kubernetes API
 serviceAccount:
   main:
     enabled: true
     primary: true
-
 # -- SCALE Middleware Handlers
 middlewares:
   basicAuth: []
@@ -441,16 +421,13 @@ middlewares:
   ## Note: body of every request will be buffered in memory while the request is in-flight
   ## (i.e.: during the security check and during the request processing by traefik and the backend),
   ## so you may want to tune maxBodySize depending on how much RAM you have.
-
 portalhook:
   enabled: true
-
 persistence:
   plugins:
     enabled: true
     mountPath: "/plugins-storage"
     type: emptyDir
-
 portal:
   open:
     enabled: true

charts/enterprise/vaultwarden/Chart.yaml

@@ -25,7 +25,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden
   - https://github.com/dani-garcia/vaultwarden
 type: application
-version: 23.0.9
+version: 23.0.10
 annotations:
   truecharts.org/category: security
   truecharts.org/SCALE-support: "true"

charts/enterprise/vaultwarden/values.yaml

@@ -1,7 +1,7 @@
 image:
-  repository: tccr.io/truecharts/vaultwarden
+  repository: docker.io/vaultwarden/server
   pullPolicy: IfNotPresent
-  tag: v1.30.0@sha256:57bc723900152d5401473f9e458bed388c253f034eeae878984216166cd14967
+  tag: 1.30.0@sha256:27638a2ae977d66d99891c06562ff9ba78a60869d2e5a94cf2953f1d03fde12f
 manifestManager:
   enabled: true
 service:
@@ -10,7 +10,6 @@ service:
       main:
         port: 10102
         targetPort: 8080
-
 workload:
   main:
     podSpec:
@@ -22,13 +21,11 @@ workload:
               secretKeyRef:
                 name: cnpg-main-urls
                 key: std
-
           envFrom:
             - configMapRef:
                 name: vaultwardenconfig
             - secretRef:
                 name: vaultwardensecret
-
 database:
   # -- Database type,
   # must be one of: 'sqlite', 'mysql' or 'postgresql'.
@@ -42,7 +39,6 @@ database:
   # maxConnections: 10
   ## Connection retries during startup, 0 for infinite. 1 second between retries.
   # retries: 15
-
 # Set Bitwarden_rs application variables
 vaultwarden:
   # -- Allow any user to sign-up
@@ -84,7 +80,6 @@ vaultwarden:
     disableAdminToken: false
     ## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
     # token:
-
   # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
   smtp:
     enabled: false
@@ -112,7 +107,6 @@ vaultwarden:
     # user: ""
     ## SMTP password. Required is user is specified, ignored if no user provided.
     # password: ""
-
   ## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
   yubico:
     enabled: false
@@ -121,13 +115,11 @@ vaultwarden:
     ## Yubico ID and Secret Key.
     # clientId:
     # secretKey:
-
   ## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host
   push:
     enabled: false
     # installationId:
     # installationKey:
-
   ## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
   log:
     # Log to file.
@@ -136,7 +128,6 @@ vaultwarden:
     level: "trace"
     ## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
     # timeFormat: ""
-
   icons:
     # Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
     disableDownload: false
@@ -144,18 +135,15 @@ vaultwarden:
     # cache: 2592000
     ## Cache time-to-live for icons that were not available. 0 means no purging.
     # cacheFailed: 259200
-
 persistence:
   data:
     enabled: true
     mountPath: "/data"
-
 cnpg:
   main:
     enabled: true
     user: vaultwarden
     database: vaultwarden
-
 portal:
   open:
     enabled: true

charts/incubator/borg-server/.helmignore

@@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl
+# docs folder
+/docs
+# icon
+icon.png

charts/incubator/borg-server/CHANGELOG.md

@@ -0,0 +1 @@
+# Changelog

charts/incubator/borg-server/Chart.yaml

@@ -0,0 +1,27 @@
+apiVersion: v2
+appVersion: "2.1.1"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.3.5
+deprecated: false
+description: A borg Backup server
+home: https://truecharts.org/charts/incubator/borg-server
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/borg-server.png
+keywords:
+  - borg-server
+  - backup
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: borg-server
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/incubator/borg-server
+  - https://github.com/AnotherStranger/docker-borg-backup
+type: application
+version: 0.0.1
+annotations:
+  truecharts.org/category: backup
+  truecharts.org/SCALE-support: "true"

charts/incubator/borg-server/README.md

@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/incubator/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*

charts/incubator/borg-server/questions.yaml

@@ -0,0 +1,94 @@
+# Include{groups}
+portals: {}
+questions:
+# Include{global}
+# Include{workload}
+# Include{workloadDeployment}
+
+# Include{replicas1}
+# Include{podSpec}
+# Include{containerMain}
+
+
+# Include{containerBasic}
+# Include{containerAdvanced}
+
+# Include{containerConfig}
+# Include{podOptions}
+# Include{serviceRoot}
+# Include{serviceMain}
+# Include{serviceSelectorLoadBalancer}
+# Include{serviceSelectorExtras}
+                    - variable: main
+                      label: "Main Service Port Configuration"
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: port
+                            label: "Port"
+                            description: "This port exposes the container port on the service"
+                            schema:
+                              type: int
+                              default: 8022
+                              required: true
+# Include{serviceExpertRoot}
+# Include{serviceExpert}
+# Include{serviceList}
+# Include{persistenceRoot}
+        - variable: borg
+          label: "App Borg Storage"
+          description: "Stores the Application Borg."
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+# Include{persistenceBasic}
+        - variable: backups
+          label: "App Backups Storage"
+          description: "Stores the Application Backups."
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+# Include{persistenceBasic}
+        - variable: ssh
+          label: "App SSH Storage"
+          description: "Stores the Application SSH."
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+# Include{persistenceBasic}
+# Include{persistenceList}
+# Include{securityContextRoot}
+
+              - variable: runAsUser
+                label: "runAsUser"
+                description: "The UserID of the user running the application"
+                schema:
+                  type: int
+                  default: 0
+              - variable: runAsGroup
+                label: "runAsGroup"
+                description: "The groupID of the user running the application"
+                schema:
+                  type: int
+                  default: 0
+# Include{securityContextContainer}
+# Include{securityContextAdvanced}
+# Include{securityContextPod}
+              - variable: fsGroup
+                label: "fsGroup"
+                description: "The group that should own ALL storage."
+                schema:
+                  type: int
+                  default: 568
+
+# Include{resources}
+# Include{advanced}
+# Include{addons}
+# Include{codeserver}
+# Include{netshoot}
+# Include{vpn}
+# Include{documentation}

charts/incubator/borg-server/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/incubator/borg-server/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "tc.v1.common.loader.all" . }}

charts/incubator/borg-server/values.yaml

@@ -0,0 +1,43 @@
+image:
+  repository: ghcr.io/anotherstranger/borg-server
+  pullPolicy: IfNotPresent
+  tag: 2.1.1@sha256:768c3522f846d8e8476a1f6527b5c0ff8c021dc31b7988876d34228ebdc7976e
+
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsUser: 0
+    runAsGroup: 0
+
+service:
+  main:
+    ports:
+      main:
+        protocol: tcp
+        targetPort: 22
+        port: 8022
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          env:
+            BORG_UID: "{{ .Values.securityContext.container.PUID }}"
+            BORG_GID: "{{ .Values.securityContext.pod.fsGroup }}"
+
+
+persistence:
+  borg:
+    enabled: true
+    mountPath: "/var/lib/docker-borg"
+  backups:
+    enabled: true
+    mountPath: "/home/borg/backups"
+  ssh:
+    enabled: true
+    mountPath: "/home/borg/.ssh"
+
+portal:
+  open:
+    enabled: false

charts/incubator/cs2/.helmignore

@@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl
+# docs folder
+/docs
+# icon
+icon.png

charts/incubator/cs2/CHANGELOG.md

@@ -0,0 +1 @@
+# Changelog

charts/incubator/cs2/Chart.yaml

@@ -0,0 +1,27 @@
+apiVersion: v2
+appVersion: "latest"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.3.3
+deprecated: false
+description: A custom SteamCMD chart that runs CS2.
+home: https://truecharts.org/charts/incubator/cs2
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/cs2.png
+keywords:
+  - cs2
+  - counter-strike
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: cs2
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/incubator/cs2
+  - https://github.com/ich777/docker-steamcmd-server/tree/cs2
+type: application
+version: 0.0.1
+annotations:
+  truecharts.org/category: games
+  truecharts.org/SCALE-support: "true"

charts/incubator/cs2/README.md

@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/incubator/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*

charts/incubator/cs2/questions.yaml

@@ -0,0 +1,146 @@
+# Include{groups}
+portals: {}
+questions:
+# Include{global}
+# Include{workload}
+# Include{workloadDeployment}
+
+# Include{replicas1}
+# Include{podSpec}
+# Include{containerMain}
+
+
+# Include{containerBasic}
+# Include{containerAdvanced}
+
+  - variable: cs2
+    group: App Configuration
+    label: CS2
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: game
+          label: Game Configuration
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+              - variable: id
+                label: Game Id
+                description: The ID of the container to download at start up.
+                schema:
+                  type: int
+                  required: true
+                  default: 730
+              - variable: user
+                label: Steam User
+                description: Leave blank for anonymous login.
+                schema:
+                  type: string
+                  default: ""
+              - variable: password
+                label: Steam Password
+                description: Leave blank for anonymous login.
+                schema:
+                  type: string
+                  private: true
+                  default: ""
+              - variable: validate
+                label: Validate
+                description: Validates the game data.
+                schema:
+                  type: boolean
+                  default: true
+              - variable: params
+                label: Game Params
+                schema:
+                  type: list
+                  default:
+                    - -dedicated
+                    - -dev
+                    - +map
+                    - de_inferno
+                    - +game_type 0
+                    - +game_mode 1
+                    - -usercon
+                  items:
+                    - variable: param
+                      label: Param
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+
+# Include{containerConfig}
+# Include{podOptions}
+# Include{serviceRoot}
+# Include{serviceMain}
+# Include{serviceSelectorLoadBalancer}
+# Include{serviceSelectorExtras}
+                    - variable: main
+                      label: "Main Service Port Configuration"
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: port
+                            label: "Port"
+                            description: "This port exposes the container port on the service"
+                            schema:
+                              type: int
+                              default: 27015
+                              required: true
+# Include{serviceExpertRoot}
+# Include{serviceExpert}
+# Include{serviceList}
+# Include{persistenceRoot}
+        - variable: steamcmd
+          label: App SteamCMD Storage
+          description: Stores the Application SteamCMD.
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+# Include{persistenceBasic}
+        - variable: serverfiles
+          label: App ServerFiles Storage
+          description: Stores the Application ServerFiles.
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+# Include{persistenceBasic}
+# Include{persistenceList}
+# Include{ingressList}
+# Include{securityContextRoot}
+
+              - variable: runAsUser
+                label: "runAsUser"
+                description: "The UserID of the user running the application"
+                schema:
+                  type: int
+                  default: 0
+              - variable: runAsGroup
+                label: "runAsGroup"
+                description: "The groupID of the user running the application"
+                schema:
+                  type: int
+                  default: 0
+# Include{securityContextContainer}
+# Include{securityContextAdvanced}
+# Include{securityContextPod}
+              - variable: fsGroup
+                label: "fsGroup"
+                description: "The group that should own ALL storage."
+                schema:
+                  type: int
+                  default: 568
+
+# Include{resources}
+# Include{advanced}
+# Include{addons}
+# Include{codeserver}
+# Include{netshoot}
+# Include{vpn}
+# Include{documentation}

charts/incubator/cs2/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/incubator/cs2/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "tc.v1.common.loader.all" . }}

charts/incubator/cs2/values.yaml

@@ -0,0 +1,67 @@
+image:
+  repository: tccr.io/truecharts/cs2
+  pullPolicy: IfNotPresent
+  tag: latest@sha256:24f52ee1c81175980b76914803bc3ca15c02d4217ccc1c0baf414b8cd2d5f44f
+
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsUser: 0
+    runAsGroup: 0
+
+service:
+  main:
+    ports:
+      main:
+        protocol: udp
+        port: 27015
+
+cs2:
+  game:
+    id: 730
+    user: ""
+    pass: ""
+    validate: false
+    params:
+      - -dedicated
+      - -dev
+      - +map
+      - de_inferno
+      - +game_type 0
+      - +game_mode 1
+      - -usercon
+
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              enabled: false
+            readiness:
+              enabled: false
+            startup:
+              enabled: false
+          env:
+            STEAMCMD_DIR: "{{ .Values.persistence.steamcmd.mountPath }}"
+            SERVER_DIR: "{{ .Values.persistence.serverfiles.mountPath }}"
+            GAME_PORT: "{{ .Values.service.main.ports.main.port }}"
+            GAME_ID: "{{ .Values.cs2.game.id }}"
+            USERNAME: "{{ .Values.cs2.game.user }}"
+            PASSWRD: "{{ .Values.cs2.game.password }}"
+            GAME_PARAMS: '{{ join " " .Values.cs2.game.params }}'
+            VALIDATE: "{{ .Values.cs2.game.validate }}"
+
+persistence:
+  steamcmd:
+    enabled: true
+    mountPath: /serverdata/steamcmd
+  serverfiles:
+    enabled: true
+    mountPath: /serverdata/serverfiles
+
+portal:
+  open:
+    enabled: false

charts/incubator/kimai/Chart.yaml

@@ -7,7 +7,7 @@ dependencies:
   - condition: mariadb.enabled
     name: mariadb
     repository: https://deps.truecharts.org/
-    version: 9.0.39
+    version: 9.0.40
 description: Kimai is a free, open source and online time-tracking software designed for small businesses and freelancers.
 home: https://truecharts.org/charts/incubator/kimai
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/kimai.png
@@ -25,7 +25,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/kimai
   - https://github.com/kevinpapst/kimai2
   - https://github.com/tobybatch/kimai2
-version: 8.0.7
+version: 8.0.8
 annotations:
   truecharts.org/category: productivity
   truecharts.org/SCALE-support: "true"

charts/incubator/multi-scrobbler/Chart.yaml

@@ -1,12 +1,9 @@
-annotations:
-  truecharts.org/SCALE-support: "true"
-  truecharts.org/category: Network-Web
 apiVersion: v2
-appVersion: "latest"
+appVersion: "0.6.1"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 14.3.5
 deprecated: false
 description: "Track your music listening history from many sources and record to many scrobble clients."
 home: https://truecharts.org/charts/incubator/multi-scrobbler
@@ -24,4 +21,7 @@ name: multi-scrobbler
 sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/multi-scrobbler
 type: application
-version: 2.0.11
+version: 3.0.0
+annotations:
+  truecharts.org/SCALE-support: "true"
+  truecharts.org/category: Network-Web

charts/incubator/multi-scrobbler/questions.yaml

@@ -15,13 +15,7 @@ questions:
 
 # Include{containerConfig}
 # Include{serviceRoot}
-        - variable: main
-          label: "Main Service"
-          description: "The Primary service on which the healthcheck runs, often the webUI"
-          schema:
-            additional_attrs: true
-            type: dict
-            attrs:
+# Include{serviceMain}
 # Include{serviceSelectorLoadBalancer}
 # Include{serviceSelectorExtras}
                     - variable: main
@@ -42,16 +36,8 @@ questions:
 # Include{serviceList}
 # Include{persistenceRoot}
         - variable: config
-          label: "config Storage"
-          description: "Container Path homenodeconfig"
-          schema:
-            additional_attrs: true
-            type: dict
-            attrs:
-# Include{persistenceBasic}
-        - variable: logs
-          label: "logs Storage"
-          description: "Container Path homenodeapplogs"
+          label: "App Config Storage"
+          description: "Stores the Application Configuration."
           schema:
             additional_attrs: true
             type: dict

charts/incubator/multi-scrobbler/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/incubator/multi-scrobbler/templates/common.yaml

@@ -1,2 +1,2 @@
 {{/* Render the templates */}}
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/incubator/multi-scrobbler/values.yaml

@@ -1,28 +1,27 @@
-env: {}
 image:
   pullPolicy: IfNotPresent
   repository: tccr.io/truecharts/multi-scrobbler
-  tag: latest@sha256:0e1ff0a7862b0463c743615cb0e26c8dff41f5c0663b22c48439eaf5a798033d
-persistence:
-  config:
-    enabled: true
-    mountPath: /home/node/config
-  logs:
-    enabled: true
-    mountPath: /home/node/app/logs
-podSecurityContext:
-  runAsGroup: 0
-  runAsUser: 0
+  tag: v0.6.1@sha256:a08454006d704a1ca96a6dcb89f28556b636c5f131f58eca37014d54bfd74474
+
 securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsGroup: 0
+    runAsUser: 0
+
 service:
   main:
     ports:
       main:
         port: 9078
-        protocol: TCP
         targetPort: 9078
 
+persistence:
+  config:
+    enabled: true
+    mountPath: /config
+
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/incubator/pocketmine-mp/.helmignore

@@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl
+# docs folder
+/docs
+# icon
+icon.png

charts/incubator/pocketmine-mp/CHANGELOG.md

@@ -0,0 +1 @@
+# Changelog

charts/incubator/pocketmine-mp/Chart.yaml

@@ -0,0 +1,27 @@
+apiVersion: v2
+appVersion: "5.8.1"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.3.3
+deprecated: false
+description: A server software for Minecraft Bedrock Edition in PHP.
+home: https://truecharts.org/charts/incubator/pocketmine-mp
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/pocketmine-mp.png
+keywords:
+  - pocketmine-mp
+  - minecraft
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: pocketmine-mp
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/incubator/pocketmine-mp
+  - https://github.com/pmmp/PocketMine-MP
+type: application
+version: 0.0.1
+annotations:
+  truecharts.org/category: games
+  truecharts.org/SCALE-support: "true"

charts/incubator/pocketmine-mp/README.md

@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/incubator/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*

charts/incubator/pocketmine-mp/docs/installation_notes.md

@@ -0,0 +1,3 @@
+# Installation Notes
+
+Checkout pocketmine plugin's [Poggit](https://poggit.pmmp.io/plugins) and their [docs](https://doc.pmmp.io/en/rtfd/configuration.html).

charts/incubator/pocketmine-mp/questions.yaml

@@ -0,0 +1,87 @@
+# Include{groups}
+portals: {}
+questions:
+# Include{global}
+# Include{workload}
+# Include{workloadDeployment}
+
+# Include{replicas1}
+# Include{podSpec}
+# Include{containerMain}
+
+
+# Include{containerBasic}
+# Include{containerAdvanced}
+
+# Include{containerConfig}
+# Include{podOptions}
+# Include{serviceRoot}
+# Include{serviceMain}
+# Include{serviceSelectorLoadBalancer}
+# Include{serviceSelectorExtras}
+                    - variable: main
+                      label: "Main Service Port Configuration"
+                      schema:
+                        additional_attrs: true
+                        type: dict
+                        attrs:
+                          - variable: port
+                            label: "Port"
+                            description: "This port exposes the container port on the service"
+                            schema:
+                              type: int
+                              default: 19132
+                              required: true
+# Include{serviceExpertRoot}
+# Include{serviceExpert}
+# Include{serviceList}
+# Include{persistenceRoot}
+        - variable: data
+          label: "App Data Storage"
+          description: "Stores the Application Data."
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+# Include{persistenceBasic}
+        - variable: plugins
+          label: "App Plugins Storage"
+          description: "Stores the Application Plugins."
+          schema:
+            additional_attrs: true
+            type: dict
+            attrs:
+# Include{persistenceBasic}
+# Include{persistenceList}
+# Include{ingressList}
+# Include{securityContextRoot}
+
+              - variable: runAsUser
+                label: "runAsUser"
+                description: "The UserID of the user running the application"
+                schema:
+                  type: int
+                  default: 0
+              - variable: runAsGroup
+                label: "runAsGroup"
+                description: "The groupID of the user running the application"
+                schema:
+                  type: int
+                  default: 0
+# Include{securityContextContainer}
+# Include{securityContextAdvanced}
+# Include{securityContextPod}
+              - variable: fsGroup
+                label: "fsGroup"
+                description: "The group that should own ALL storage."
+                schema:
+                  type: int
+                  default: 568
+
+# Include{resources}
+# Include{advanced}
+# Include{addons}
+# Include{codeserver}
+# Include{netshoot}
+# Include{vpn}
+# Include{documentation}

charts/incubator/pocketmine-mp/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/incubator/pocketmine-mp/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "tc.v1.common.loader.all" . }}

charts/incubator/pocketmine-mp/values.yaml

@@ -0,0 +1,51 @@
+image:
+  repository: tccr.io/truecharts/pocketmine-mp
+  pullPolicy: IfNotPresent
+  tag: v5.8.1@sha256:b44daf2ac052e2c15d421e58c860802064de9555709576aae35a792201917d35
+
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsUser: 0
+    runAsGroup: 0
+
+service:
+  main:
+    ports:
+      main:
+        protocol: udp
+        targetPort: 19132
+        port: 19132
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          tty: true
+          stdin: true
+          probes:
+            # -- Liveness probe configuration
+            # @default -- See below
+            liveness:
+              enabled: false
+            # -- Redainess probe configuration
+            # @default -- See below
+            readiness:
+              enabled: false
+            # -- Startup probe configuration
+            # @default -- See below
+            startup:
+              enabled: false
+
+persistence:
+  data:
+    enabled: true
+    mountPath: "/data"
+  plugins:
+    enabled: true
+    mountPath: "/plugins"
+
+portal:
+  open:
+    enabled: false

charts/incubator/rimgo/Chart.yaml

@@ -1,12 +1,9 @@
-annotations:
-  truecharts.org/SCALE-support: "true"
-  truecharts.org/category: Network-Web
 apiVersion: v2
 appVersion: "latest"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 15.0.1
 deprecated: false
 description: "Alternative Imgur front-end"
 home: https://truecharts.org/charts/incubator/rimgo
@@ -23,4 +20,7 @@ name: rimgo
 sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/rimgo
 type: application
-version: 2.0.23
+version: 3.0.0
+annotations:
+  truecharts.org/SCALE-support: "true"
+  truecharts.org/category: Network-Web

charts/incubator/rimgo/questions.yaml

@@ -6,39 +6,38 @@ questions:
 # Include{global}
 # Include{workload}
 # Include{workloadDeployment}
-
 # Include{replicas1}
 # Include{podSpec}
 # Include{containerMain}
+                                - variable: env
+                                  group: "App Configuration"
+                                  label: "Image Environment"
+                                  schema:
+                                    additional_attrs: true
+                                    type: dict
+                                    attrs:
+                                      - variable: ADDRESS
+                                        label: "ADDRESS"
+                                        description: "Hosted IP Address"
+                                        schema:
+                                          type: string
+                                          default: "0.0.0.0"
+                                      - variable: IMGUR_CLIENT_ID
+                                        label: "IMGUR_CLIENT_ID"
+                                        description: "Imgur Client ID"
+                                        schema:
+                                          type: string
+                                          default: "546c25a59c58ad7"
+                                      - variable: FORCE_WEBP
+                                        label: "FORCE_WEBP"
+                                        description: "Force WEBP to reduce bandwidth"
+                                        schema:
+                                          type: string
+                                          default: "0"
 # Include{containerBasic}
 # Include{containerAdvanced}
-
-  - variable: env
-    group: "App Configuration"
-    label: "Image Environment"
-    schema:
-      additional_attrs: true
-      type: dict
-      attrs:
-        - variable: ADDRESS
-          label: "ADDRESS"
-          description: "Hosted IP Address"
-          schema:
-            type: string
-            default: "0.0.0.0"
-        - variable: IMGUR_CLIENT_ID
-          label: "IMGUR_CLIENT_ID"
-          description: "Imgur Client ID"
-          schema:
-            type: string
-            default: "546c25a59c58ad7"
-        - variable: FORCE_WEBP
-          label: "FORCE_WEBP"
-          description: "Force WEBP to reduce bandwidth"
-          schema:
-            type: string
-            default: "0"
 # Include{containerConfig}
+# Include{podOptions}
 # Include{serviceRoot}
         - variable: main
           label: "Main Service"
@@ -79,7 +78,6 @@ questions:
 # Include{ingressAdvanced}
 # Include{ingressList}
 # Include{securityContextRoot}
-
               - variable: runAsUser
                 label: "runAsUser"
                 description: "The UserID of the user running the application"

charts/incubator/rimgo/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/incubator/rimgo/templates/common.yaml

@@ -1,2 +1,2 @@
 {{/* Render the templates */}}
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/incubator/rimgo/values.yaml

@@ -1,25 +1,29 @@
-env:
-  ADDRESS: 0.0.0.0
-  FORCE_WEBP: "0"
-  IMGUR_CLIENT_ID: 546c25a59c58ad7
 image:
   pullPolicy: IfNotPresent
   repository: tccr.io/truecharts/rimgo
-  tag: latest@sha256:9532c533dff314bc0edbd5514ca7f0008973ba59f790c3017c0a1c741520a355
+  tag: latest@sha256:b7ad133ecb482fb454979686a8c590c438f4ad53cd71d6952eb5dc8529ce57df
 persistence: {}
-podSecurityContext:
-  runAsGroup: 0
-  runAsUser: 0
+
+env:
+  ADDRESS: 0.0.0.0
+  IMGUR_CLIENT_ID: 546c25a59c58ad7
+  FORCE_WEBP: "0"
+
 securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+
 service:
   main:
     ports:
       main:
         port: 3000
-        protocol: TCP
+        protocol: tcp
         targetPort: 3000
 
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/incubator/velero/.helmignore

@@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl
+# docs folder
+/docs
+# icon
+icon.png

charts/incubator/velero/Chart.yaml

@@ -0,0 +1,33 @@
+apiVersion: v2
+appVersion: "latest"
+deprecated: false
+description: Velero is a kubernetes-native backup solution
+home: https://truecharts.org/charts/incubator/velero
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/velero.png
+keywords:
+  - velero
+  - backup
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.3.5
+  - name: velero
+    repository: https://vmware-tanzu.github.io/helm-charts
+    version: 5.1.4
+    alias: velero
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: velero
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/incubator/velero
+  - https://github.com/cert-manager
+  - https://cert-manager.io/
+type: application
+version: 0.0.2
+annotations:
+  truecharts.org/category: operators
+  truecharts.org/SCALE-support: "true"
+  truecharts.org/grade: U

charts/incubator/velero/LICENSE

@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor:             The TrueCharts Project, it's owner and it's contributors
+Licensed Work:        The TrueCharts "MetalLB" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+                      as it is directly sourced from a TrueCharts provided
+                      official repository, catalog or source. You may also make private
+                      modification to the directly sourced licenced work,
+                      when used in production.
+
+                      The following cases are, due to their nature, also
+                      defined as 'production use' and explicitly prohibited:
+                      - Bundling, including or displaying the licensed work
+                      with(in) another work intended for production use,
+                      with the apparent intend of facilitating and/or
+                      promoting production use by third parties in
+                      violation of this license.
+
+Change Date:          2050-01-01
+
+Change License:       3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+   or a license that is compatible with GPL Version 2.0 or a later version,
+   where “compatible” means that software provided under the Change License can
+   be included in a program with software provided under GPL Version 2.0 or a
+   later version. Licensor may specify additional Change Licenses without
+   limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+   impose any additional restriction on the right granted in this License, as
+   the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.

charts/incubator/velero/README.md

@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/incubator/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*

charts/incubator/velero/questions.yaml

@@ -0,0 +1,3 @@
+# Include{groups}
+questions:
+# Include{global}

charts/incubator/velero/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/incubator/velero/templates/common.yaml

@@ -0,0 +1,5 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}

charts/incubator/velero/values.yaml

@@ -0,0 +1,110 @@
+image:
+  repository: tccr.io/truecharts/alpine
+  pullPolicy: IfNotPresent
+  tag: latest@sha256:17cd77e25d3fa829d168caec4db7bb5b52ceeb935d8ca0d1180de6f615553dc4
+
+service:
+  main:
+    enabled: false
+    ports:
+      main:
+        enabled: false
+
+workload:
+  main:
+    enabled: false
+
+portal:
+  open:
+    enabled: false
+
+operator:
+  register: true
+
+velero:
+  namespace:
+    labels:
+      # Enforce Pod Security Standards with Namespace Labels
+      # https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/
+      - key: pod-security.kubernetes.io/enforce
+        value: privileged
+      - key: pod-security.kubernetes.io/enforce-version
+        value: latest
+      - key: pod-security.kubernetes.io/audit
+        value: privileged
+      - key: pod-security.kubernetes.io/audit-version
+        value: latest
+      - key: pod-security.kubernetes.io/warn
+        value: privileged
+      - key: pod-security.kubernetes.io/warn-version
+        value: latest
+
+  # Resource requests/limits to specify for the Velero deployment.
+  # https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
+  resources:
+    limits:
+      cpu: 4000m
+      memory: 4Gi
+
+  # Init containers to add to the Velero deployment's pod spec. At least one plugin provider image is required.
+  # If the value is a string then it is evaluated as a template.
+  initContainers:
+    - name: opeebs-velero-plugin
+      image: openebs/velero-plugin:1.9.0
+      imagePullPolicy: IfNotPresent
+      volumeMounts:
+        - mountPath: /target
+          name: plugins
+    - name: velero-plugin-for-csi
+      image: velero/velero-plugin-for-csi:v0.6.0
+      imagePullPolicy: IfNotPresent
+      volumeMounts:
+        - mountPath: /target
+          name: plugins
+    - name: velero-plugin-for-aws
+      image: velero/velero-plugin-for-aws:v1.8.0
+      imagePullPolicy: IfNotPresent
+      volumeMounts:
+        - mountPath: /target
+          name: plugins
+
+  # Whether to deploy the node-agent daemonset.
+  deployNodeAgent: true
+
+  nodeAgent:
+    podVolumePath: /var/lib/kubelet/pods
+    privileged: true
+    # Resource requests/limits to specify for the node-agent daemonset deployment. Optional.
+    # https://velero.io/docs/v1.6/customize-installation/#customize-resource-requests-and-limits
+    resources:
+      limits:
+        cpu: 2000m
+        memory: 2048Mi
+
+  ##
+  ## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,
+  ## and additional server settings.
+  ##
+  configuration:
+    ## Please do not use, use .Values.backupStorageLocation instead
+    backupStorageLocation: []
+
+    ## Please do not use, use .Values.volumeSnapshotLocation instead
+    volumeSnapshotLocation: []
+
+  ## Please do not use, use .Values.schedules instead
+  schedules: {}
+
+manifestManager:
+  enabled: false
+
+# Parameters for the BackupStorageLocation(s). Configure multiple by adding other element(s) to the backupStorageLocation slice.
+# See https://velero.io/docs/v1.6/api-types/backupstoragelocation/
+backupStorageLocation: []
+
+# Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice.
+# See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/
+volumeSnapshotLocation: []
+
+# Backup schedules to create.
+schedules: []