bump everything to common 14.0.1 (will need to fix inherently failing CI)

.all-contributorsrc

@@ -1910,232 +1910,6 @@
       "contributions": [
         "code"
       ]
-    },
-    {
-      "login": "cedstrom",
-      "name": "cedstrom",
-      "avatar_url": "https://avatars.githubusercontent.com/u/6175957?v=4",
-      "profile": "https://github.com/cedstrom",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "v3DJG6GL",
-      "name": "v3DJG6GL",
-      "avatar_url": "https://avatars.githubusercontent.com/u/72495210?v=4",
-      "profile": "https://github.com/v3DJG6GL",
-      "contributions": [
-        "bug"
-      ]
-    },
-    {
-      "login": "polarstack",
-      "name": "polarstack",
-      "avatar_url": "https://avatars.githubusercontent.com/u/42521003?v=4",
-      "profile": "https://github.com/polarstack",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "K1Hyve",
-      "name": "Keyvan",
-      "avatar_url": "https://avatars.githubusercontent.com/u/53298451?v=4",
-      "profile": "https://github.com/K1Hyve",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "MickaelFontes",
-      "name": "MickaelFontes",
-      "avatar_url": "https://avatars.githubusercontent.com/u/81414455?v=4",
-      "profile": "https://github.com/MickaelFontes",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "blastik",
-      "name": "David CM",
-      "avatar_url": "https://avatars.githubusercontent.com/u/3662083?v=4",
-      "profile": "https://github.com/blastik",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "aamirazad",
-      "name": "Aamir Azad",
-      "avatar_url": "https://avatars.githubusercontent.com/u/82281117?v=4",
-      "profile": "http://tigertutoringtool.aamira.me",
-      "contributions": [
-        "doc"
-      ]
-    },
-    {
-      "login": "jordan-woyak",
-      "name": "Jordan Woyak",
-      "avatar_url": "https://avatars.githubusercontent.com/u/1768214?v=4",
-      "profile": "https://github.com/jordan-woyak",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "simon-hofmann",
-      "name": "Simon Hofman",
-      "avatar_url": "https://avatars.githubusercontent.com/u/23562420?v=4",
-      "profile": "https://github.com/simon-hofmann",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "notyouraveragegamer",
-      "name": "notyouraveragegamer",
-      "avatar_url": "https://avatars.githubusercontent.com/u/104248676?v=4",
-      "profile": "https://github.com/NotYourAverageGamer",
-      "contributions": [
-        "doc"
-      ]
-    },
-    {
-      "login": "varac",
-      "name": "Varac",
-      "avatar_url": "https://avatars.githubusercontent.com/u/488213?v=4",
-      "profile": "https://www.varac.net",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "tuxpizza",
-      "name": "tuxsudo",
-      "avatar_url": "https://avatars.githubusercontent.com/u/84710786?v=4",
-      "profile": "https://tux.pizza",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "TylerRudie",
-      "name": "TylerRudie",
-      "avatar_url": "https://avatars.githubusercontent.com/u/2695916?v=4",
-      "profile": "https://github.com/TylerRudie",
-      "contributions": [
-        "doc"
-      ]
-    },
-    {
-      "login": "qnb59bny5x",
-      "name": "qnb59bny5x",
-      "avatar_url": "https://avatars.githubusercontent.com/u/108427982?v=4",
-      "profile": "https://github.com/qnb59bny5x",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "drndos",
-      "name": "Filip Bednárik",
-      "avatar_url": "https://avatars.githubusercontent.com/u/5576134?v=4",
-      "profile": "https://blog.drndos.sk",
-      "contributions": [
-        "bug"
-      ]
-    },
-    {
-      "login": "sshcherbinin",
-      "name": "Serhii Shcherbinin",
-      "avatar_url": "https://avatars.githubusercontent.com/u/92396963?v=4",
-      "profile": "https://github.com/sshcherbinin",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "qraynaud",
-      "name": "Quentin Raynaud",
-      "avatar_url": "https://avatars.githubusercontent.com/u/65991?v=4",
-      "profile": "https://github.com/qraynaud",
-      "contributions": [
-        "bug"
-      ]
-    },
-    {
-      "login": "thegcat",
-      "name": "Felix Schäfer",
-      "avatar_url": "https://avatars.githubusercontent.com/u/22835?v=4",
-      "profile": "http://fachschaften.org",
-      "contributions": [
-        "doc"
-      ]
-    },
-    {
-      "login": "jndeverteuil",
-      "name": "Julien Nicolas de Verteuil",
-      "avatar_url": "https://avatars.githubusercontent.com/u/6644855?v=4",
-      "profile": "https://github.com/jndeverteuil",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "gabrieldonadel",
-      "name": "Gabriel Donadel Dall'Agnol",
-      "avatar_url": "https://avatars.githubusercontent.com/u/11707729?v=4",
-      "profile": "https://github.com/gabrieldonadel",
-      "contributions": [
-        "doc"
-      ]
-    },
-    {
-      "login": "jon-stumpf",
-      "name": "Jon S. Stumpf",
-      "avatar_url": "https://avatars.githubusercontent.com/u/7144996?v=4",
-      "profile": "https://github.com/jon-stumpf",
-      "contributions": [
-        "doc"
-      ]
-    },
-    {
-      "login": "Tanguille",
-      "name": "Tanguille",
-      "avatar_url": "https://avatars.githubusercontent.com/u/91473554?v=4",
-      "profile": "https://github.com/Tanguille",
-      "contributions": [
-        "doc"
-      ]
-    },
-    {
-      "login": "Plinsboorg",
-      "name": "Dennis",
-      "avatar_url": "https://avatars.githubusercontent.com/u/42300339?v=4",
-      "profile": "https://github.com/Plinsboorg",
-      "contributions": [
-        "bug",
-        "doc"
-      ]
-    },
-    {
-      "login": "TheIceCreamTroll",
-      "name": "TheIceCreamTroll",
-      "avatar_url": "https://avatars.githubusercontent.com/u/33820904?v=4",
-      "profile": "https://github.com/TheIceCreamTroll",
-      "contributions": [
-        "code"
-      ]
-    },
-    {
-      "login": "atanaspam",
-      "name": "Atanas Pamukchiev",
-      "avatar_url": "https://avatars.githubusercontent.com/u/9085090?v=4",
-      "profile": "https://github.com/atanaspam",
-      "contributions": [
-        "code"
-      ]
     }
   ],
   "contributorsPerLine": 7,

.github/README.md

@@ -48,7 +48,7 @@ For big changes we do have a roadmap, every spot on the roadmap is synced to a T
 
 **Restructure of the Project - TrueNAS SCALE "Bluefin" 22.xx ALPHA 1**
 
-_The current project is hitting internal performance issues, for this reason we need to rework the structure and split some parts of the project into separate repositories._
+_The current project is hitting internal performance issues, for this reason we need to rework the structure and split some parts of the project into seperate repositories._
 
 <br />
 
@@ -60,7 +60,7 @@ _The shared Common (chart) basis, used by all our Charts, needs some significant
 
 **Increased test coverage - TrueNAS SCALE "Bluefin" 22.xx BETA 1**
 
-_With most parts of our project somewhat cleaned up, we need to work on increasing the coverage of our test system. Our unit tests should cover all features and we should also take upgrades into account when testing Chart changes_
+_With most parts of our project somewhat cleaned up, we need to work on increasing the coverage of our test system. Our unittests should cover all features and we should also take upgrades into account when testing Chart changes_
 
 <br />
 
@@ -124,7 +124,7 @@ A lot of our work is based on the great effort of others. We would love to exten
 ## Contributors ✨
 
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
-[![All Contributors](https://img.shields.io/badge/all_contributors-229-orange.svg?style=for-the-badge)](#contributors)
+[![All Contributors](https://img.shields.io/badge/all_contributors-204-orange.svg?style=for-the-badge)](#contributors)
 <!-- ALL-CONTRIBUTORS-BADGE:END -->
 
 Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
@@ -399,37 +399,6 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
     </tr>
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/Shrinks99"><img src="https://avatars.githubusercontent.com/u/5672810?v=4?s=100" width="100px;" alt="Henry Wilkinson"/><br /><sub><b>Henry Wilkinson</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=Shrinks99" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/cedstrom"><img src="https://avatars.githubusercontent.com/u/6175957?v=4?s=100" width="100px;" alt="cedstrom"/><br /><sub><b>cedstrom</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=cedstrom" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/v3DJG6GL"><img src="https://avatars.githubusercontent.com/u/72495210?v=4?s=100" width="100px;" alt="v3DJG6GL"/><br /><sub><b>v3DJG6GL</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3Av3DJG6GL" title="Bug reports">🐛</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/polarstack"><img src="https://avatars.githubusercontent.com/u/42521003?v=4?s=100" width="100px;" alt="polarstack"/><br /><sub><b>polarstack</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=polarstack" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/K1Hyve"><img src="https://avatars.githubusercontent.com/u/53298451?v=4?s=100" width="100px;" alt="Keyvan"/><br /><sub><b>Keyvan</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=K1Hyve" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/MickaelFontes"><img src="https://avatars.githubusercontent.com/u/81414455?v=4?s=100" width="100px;" alt="MickaelFontes"/><br /><sub><b>MickaelFontes</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=MickaelFontes" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/blastik"><img src="https://avatars.githubusercontent.com/u/3662083?v=4?s=100" width="100px;" alt="David CM"/><br /><sub><b>David CM</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=blastik" title="Code">💻</a></td>
-    </tr>
-    <tr>
-      <td align="center" valign="top" width="14.28%"><a href="http://tigertutoringtool.aamira.me"><img src="https://avatars.githubusercontent.com/u/82281117?v=4?s=100" width="100px;" alt="Aamir Azad"/><br /><sub><b>Aamir Azad</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=aamirazad" title="Documentation">📖</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/jordan-woyak"><img src="https://avatars.githubusercontent.com/u/1768214?v=4?s=100" width="100px;" alt="Jordan Woyak"/><br /><sub><b>Jordan Woyak</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=jordan-woyak" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/simon-hofmann"><img src="https://avatars.githubusercontent.com/u/23562420?v=4?s=100" width="100px;" alt="Simon Hofman"/><br /><sub><b>Simon Hofman</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=simon-hofmann" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/NotYourAverageGamer"><img src="https://avatars.githubusercontent.com/u/104248676?v=4?s=100" width="100px;" alt="notyouraveragegamer"/><br /><sub><b>notyouraveragegamer</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=notyouraveragegamer" title="Documentation">📖</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://www.varac.net"><img src="https://avatars.githubusercontent.com/u/488213?v=4?s=100" width="100px;" alt="Varac"/><br /><sub><b>Varac</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=varac" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://tux.pizza"><img src="https://avatars.githubusercontent.com/u/84710786?v=4?s=100" width="100px;" alt="tuxsudo"/><br /><sub><b>tuxsudo</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=tuxpizza" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/TylerRudie"><img src="https://avatars.githubusercontent.com/u/2695916?v=4?s=100" width="100px;" alt="TylerRudie"/><br /><sub><b>TylerRudie</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=TylerRudie" title="Documentation">📖</a></td>
-    </tr>
-    <tr>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/qnb59bny5x"><img src="https://avatars.githubusercontent.com/u/108427982?v=4?s=100" width="100px;" alt="qnb59bny5x"/><br /><sub><b>qnb59bny5x</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=qnb59bny5x" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://blog.drndos.sk"><img src="https://avatars.githubusercontent.com/u/5576134?v=4?s=100" width="100px;" alt="Filip Bednárik"/><br /><sub><b>Filip Bednárik</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3Adrndos" title="Bug reports">🐛</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/sshcherbinin"><img src="https://avatars.githubusercontent.com/u/92396963?v=4?s=100" width="100px;" alt="Serhii Shcherbinin"/><br /><sub><b>Serhii Shcherbinin</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=sshcherbinin" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/qraynaud"><img src="https://avatars.githubusercontent.com/u/65991?v=4?s=100" width="100px;" alt="Quentin Raynaud"/><br /><sub><b>Quentin Raynaud</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3Aqraynaud" title="Bug reports">🐛</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="http://fachschaften.org"><img src="https://avatars.githubusercontent.com/u/22835?v=4?s=100" width="100px;" alt="Felix Schäfer"/><br /><sub><b>Felix Schäfer</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=thegcat" title="Documentation">📖</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/jndeverteuil"><img src="https://avatars.githubusercontent.com/u/6644855?v=4?s=100" width="100px;" alt="Julien Nicolas de Verteuil"/><br /><sub><b>Julien Nicolas de Verteuil</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=jndeverteuil" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/gabrieldonadel"><img src="https://avatars.githubusercontent.com/u/11707729?v=4?s=100" width="100px;" alt="Gabriel Donadel Dall'Agnol"/><br /><sub><b>Gabriel Donadel Dall'Agnol</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=gabrieldonadel" title="Documentation">📖</a></td>
-    </tr>
-    <tr>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/jon-stumpf"><img src="https://avatars.githubusercontent.com/u/7144996?v=4?s=100" width="100px;" alt="Jon S. Stumpf"/><br /><sub><b>Jon S. Stumpf</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=jon-stumpf" title="Documentation">📖</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/Tanguille"><img src="https://avatars.githubusercontent.com/u/91473554?v=4?s=100" width="100px;" alt="Tanguille"/><br /><sub><b>Tanguille</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=Tanguille" title="Documentation">📖</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/Plinsboorg"><img src="https://avatars.githubusercontent.com/u/42300339?v=4?s=100" width="100px;" alt="Dennis"/><br /><sub><b>Dennis</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3APlinsboorg" title="Bug reports">🐛</a> <a href="https://github.com/truecharts/charts/commits?author=Plinsboorg" title="Documentation">📖</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/TheIceCreamTroll"><img src="https://avatars.githubusercontent.com/u/33820904?v=4?s=100" width="100px;" alt="TheIceCreamTroll"/><br /><sub><b>TheIceCreamTroll</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=TheIceCreamTroll" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/atanaspam"><img src="https://avatars.githubusercontent.com/u/9085090?v=4?s=100" width="100px;" alt="Atanas Pamukchiev"/><br /><sub><b>Atanas Pamukchiev</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=atanaspam" title="Code">💻</a></td>
     </tr>
   </tbody>
 </table>

.github/SUPPORT.md

@@ -12,39 +12,15 @@ This document highlights which versions of TrueCharts (or rather branches), supp
 
 We also document which versions of TrueNAS will receive TrueCharts updates and for which versions we are accepting bug reports.
 
-### Supported Versions of TrueNAS SCALE
+### Supported Versions
 
-| TrueNAS version    | Branch   | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes                                                                                                                       |
-| ------------------ | -------- | ---------------------- | ------------------------- | --------------------- | --------------------------------------------------------------------------------------------------------------------------- |
-| 22.12.4.1 or prior | `master` | :x:                    | :x:                       | :x:                   | Update to 23.10.X Supported Version [TrueNAS SCALE](https://www.truenas.com/docs/scale/23.10/)                              |
-| 22.12.4.2          | `master` | :white_check_mark:     | :white_check_mark:        | :x:                   | Stable Release as of 2023-10-13 Recommended to update to 23.10.x [TrueNAS SCALE](https://www.truenas.com/docs/scale/23.10/) |
-| 23.10.0            | `master` | :white_check_mark:     | :white_check_mark:        | :white_check_mark:    | Stable Release as of 2023-10-24                                                                                             |
-| 23.10.0.1          | `master` | :white_check_mark:     | :white_check_mark:        | :white_check_mark:    | Stable Release as of 2023-10-31                                                                                             |
-| Nightly            | `master` | :white_check_mark:     | :x:                       | :white_check_mark:    | Please only submit bug reports during codefreeze                                                                            |
-| 23.10.1            | `master` | :white_check_mark:     | :x:                       | :x:                   | To Be Released                                                                                                              |
-
-## TrueCharts on Talos-OS
-
-Support for Talos-OS with either Rancher or FluxCD are in early alpha.
-
-### Supported Versions of Talos-OS
-
-| Talos-OS version | Branch   | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
-| ---------------- | -------- | ---------------------- | ------------------------- | --------------------- | ----- |
-| 1.5              | `master` | :white_check_mark:     | :x:                       | :x:                   |       |
-| 1.6              | `master` | :white_check_mark:     | :x:                       | :x:                   |       |
-
-### Supported Versions of FluxCD
-
-| FluxCD version | Branch   | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
-| -------------- | -------- | ---------------------- | ------------------------- | --------------------- | ----- |
-| 1.2.1 or prior | `master` | :white_check_mark:     | :x:                       | :x:                   |       |
-
-### Rancher Versions of Rancher
-
-| TrueNAS version | Branch   | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
-| --------------- | -------- | ---------------------- | ------------------------- | --------------------- | ----- |
-| v2.7.9 or prior | `master` | :white_check_mark:     | :x:                       | :x:                   |       |
+| TrueNAS version  | Branch   | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes                                                                                                          |
+| ---------------- | -------- | ---------------------- | ------------------------- | --------------------- | -------------------------------------------------------------------------------------------------------------- |
+| 22.02.4 or prior | `master` | :x:                    | :x:                       | :x:                   | Advised to update to 22.12.2 release of [TrueNAS SCALE](https://www.truenas.com/docs/scale/scalereleasenotes/) |
+| 22.12.0          | `master` | :white_check_mark:     | :white_check_mark:        | :white_check_mark:    | Stable Release as of 2022-12-13                                                                                |
+| 22.12.1          | `master` | :white_check_mark:     | :white_check_mark:        | :white_check_mark:    | Stable Release as of 2023-02-21                                                                                |
+| 22.12.2          | `master` | :white_check_mark:     | :white_check_mark:        | :white_check_mark:    | Stable Release as of 2023-04-11                                                                                |
+| Nightly          | `master` | :white_check_mark:     | :x:                       | :white_check_mark:    | Please only submit bug reports during codefreeze                                                               |
 
 :::warning Support Guidelines
 

.github/actions/collect-changes/action.yaml

@@ -50,6 +50,7 @@ runs:
         # Set output to changed charts
         echo "Changed charts: ${CHARTS[*]}"
         printf "::set-output name=addedOrModified::%s\n" "${CHARTS[*]}"
+        
 
     - name: Collect bumped charts after last tag
       id: filter-bumped-charts

.github/ct-install.yaml

@@ -12,26 +12,21 @@ chart-dirs:
 excluded-charts:
   - charts/dependency/subchart
   - charts/incubator/twingate-connector
-  - charts/incubator/docassemble
-  - charts/incubator/eco
   - charts/incubator/midarr
   - charts/incubator/orbital-sync
   - charts/incubator/plex-meta-manager
-  - charts/incubator/telepush
+  - charts/incubator/tauticord
   - charts/library/common
   - charts/stable/alertmanager-bot
   - charts/stable/alertmanager-bot
   - charts/stable/alertmanager-discord
   - charts/stable/amcrest2mqtt
-  - charts/stable/arksurvivalevolved
-  - charts/stable/tauticord
   - charts/stable/discordgsm
   - charts/stable/facebox
   - charts/stable/foundryvtt
   - charts/stable/heimdall
   - charts/stable/mc-router
   - charts/stable/multus
-  - charts/stable/local-ai
   - charts/stable/orbital-sync
   - charts/stable/plex-meta-manager
   - charts/stable/pod-gateway
@@ -50,7 +45,3 @@ chart-repos:
   - truecharts-library=https://library-charts.truecharts.org
   - truecharts-deps=https://deps.truecharts.org
   - jetstack=https://charts.jetstack.io
-  - vmwaretanzu=https://vmware-tanzu.github.io/helm-charts
-  - cnpg=https://cloudnative-pg.github.io/charts
-  - metallb=https://metallb.github.io/metallb
-  - prometheus-community=https://prometheus-community.github.io/helm-charts

.github/ct-lint.yaml

@@ -15,7 +15,3 @@ chart-repos:
   - truecharts-library=https://library-charts.truecharts.org
   - truecharts-deps=https://deps.truecharts.org
   - jetstack=https://charts.jetstack.io
-  - vmwaretanzu=https://vmware-tanzu.github.io/helm-charts
-  - cnpg=https://cloudnative-pg.github.io/charts
-  - metallb=https://metallb.github.io/metallb
-  - prometheus-community=https://prometheus-community.github.io/helm-charts

.github/renovate-config.js

@@ -0,0 +1,23 @@
+module.exports = {
+  dryRun: false,
+  username: "truecharts-admin",
+  gitAuthor: "truecharts-admin <bot@truecharts.org>",
+  onboarding: false,
+  platform: "github",
+  repositories: ["truecharts/charts"],
+  packageRules: [
+    {
+      description: "lockFileMaintenance",
+      matchUpdateTypes: [
+        "pin",
+        "digest",
+        "patch",
+        "minor",
+        "major",
+        "lockFileMaintenance",
+      ],
+      dependencyDashboardApproval: false,
+      stabilityDays: 0,
+    },
+  ],
+};

.github/renovate.json5

@@ -20,12 +20,6 @@
     "fileMatch": ["charts/.+/Chart\\.yaml$"]
   },
   "packageRules": [
-    // Bundle Github Actions
-    {
-      "matchManagers": ["github-actions"],
-      "groupName": "Github-Actions",
-      "automerge": true
-    },
     // Setup datasources for dep updates
     {
       "datasources": ["helm"],
@@ -33,15 +27,24 @@
       "commitMessageTopic": "Helm chart {{depName}}"
     },
     // global docker datasource settings
+    {
+      "datasources": ["docker"],
+      "matchManagers": ["helm-values"],
+      "enabled": true,
+      "pinDigests": true,
+      "automerge": false,
+      "commitMessageTopic": "container image {{depName}}",
+      "commitMessageExtra": "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}",
+      "matchUpdateTypes": ["major", "minor", "patch", "digest"],
+    },
     {
       "datasources": ["docker"],
       "enabled": true,
       "pinDigests": true,
       "automerge": false,
-      "autoApprove": true,
       "separateMinorPatch": true,
       "commitMessageTopic": "container image {{depName}}",
-      "commitMessageExtra": "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}@{{newDigestShort}}",
+      "commitMessageExtra": "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}",
     },
     // Setup datasources for github actions
     {
@@ -92,24 +95,8 @@
       "matchDatasources": ["helm"],
       "automerge": false,
       "matchUpdateTypes": [
-        "minor"
-      ],
-      "enabled": true,
-      "bumpVersion": "patch",
-      "labels": ["update/helm/general/non-major", "automerge"],
-      "groupName": "helm general non-major",
-      "matchPaths": ["charts/enterprise/**", "charts/operators/**"],
-      "schedule": [
-        "before 10pm on tuesday"
-      ],
-    },
-    {
-      "matchDatasources": ["helm"],
-      "automerge": true,
-      "matchUpdateTypes": [
-        "digest",
-        "patch",
-        "pin"
+        "minor",
+        "patch"
       ],
       "enabled": true,
       "bumpVersion": "patch",
@@ -135,30 +122,13 @@
         "before 10pm on tuesday"
       ],
     },
-
     {
       "matchDatasources": ["helm"],
-      "automerge": true,
+      "automerge": false,
       "enabled": true,
       "matchUpdateTypes": [
-        "minor"
-      ],
-      "bumpVersion": "patch",
-      "labels": ["update/helm/general/non-major", "automerge"],
-      "groupName": "helm general non-major",
-      "matchPaths": ["charts/incubator/**", "charts/SCALE/**", "charts/dev/**", "charts/stable/**", "templates/app/**"],
-      "schedule": [
-        "before 10pm on tuesday"
-      ],
-    },
-    {
-      "matchDatasources": ["helm"],
-      "automerge": true,
-      "enabled": true,
-      "matchUpdateTypes": [
-        "digest",
-        "patch",
-        "pin"
+        "minor",
+        "patch"
       ],
       "bumpVersion": "patch",
       "labels": ["update/helm/general/non-major", "automerge"],
@@ -169,14 +139,14 @@
       ],
     },
     //
-    // Tag updates for semantic Docker tags on enterprise and operatorApps
+    // Tag updates for semantic tags on enterprise and operatorApps
     //
     {
       "matchDatasources": ["docker"],
       "updateTypes": ["major"],
       "enabled": true,
       "bumpVersion": "major",
-      "labels": ["update/docker/major"],
+      "labels": ["update/docker/enterprise/major"],
       "matchPaths": ["charts/enterprise/**", "charts/operators/**"],
     },
     {
@@ -186,13 +156,13 @@
         "minor",
       ],
       "enabled": true,
-      "bumpVersion": "minor",
-      "labels": ["update/docker/minor"],
+      "bumpVersion": "patch",
+      "labels": ["update/docker/enterprise/minor"],
       "matchPaths": ["charts/enterprise/**", "charts/operators/**"],
     },
     {
       "matchDatasources": ["docker"],
-      "automerge": true,
+      "automerge": false,
       "matchUpdateTypes": [
         "patch",
         "digest",
@@ -200,8 +170,21 @@
       ],
       "bumpVersion": "patch",
       "enabled": true,
-      "labels": ["update/docker/patch", "automerge"],
-      "matchPaths": ["charts/enterprise/**", "charts/operator/**"],
+      "labels": ["update/docker/enterprise/patch", "automerge"],
+      "matchPaths": ["charts/enterprise/**"],
+    },
+    {
+      "matchDatasources": ["docker"],
+      "automerge": false,
+      "matchUpdateTypes": [
+        "patch",
+        "digest",
+        "pin",
+      ],
+      "bumpVersion": "patch",
+      "enabled": true,
+      "labels": ["update/docker/operator/patch"],
+      "matchPaths": ["charts/operator/**"],
     },
     //
     // Tag updates for semantic tags on incubator and dev charts
@@ -234,7 +217,7 @@
         "pin",
       ],
       "bumpVersion": "patch",
-      "enabled": false,
+      "enabled": true,
       "labels": ["update/docker/incubator/non-major", "automerge"],
       "matchPaths": ["charts/incubator/**", "charts/dev/**"],
     },
@@ -251,19 +234,9 @@
     },
     {
       "matchDatasources": ["docker"],
-      "automerge": true,
+      "automerge": false,
       "matchUpdateTypes": [
         "minor",
-      ],
-      "bumpVersion": "minor",
-      "enabled": true,
-      "labels": ["update/docker/general/non-major", "automerge"],
-      "matchPaths": ["charts/dependency/**", "charts/SCALE/**", "charts/library/**", "charts/stable/**", "templates/app/**"],
-    },
-    {
-      "matchDatasources": ["docker"],
-      "automerge": true,
-      "matchUpdateTypes": [
         "patch",
         "digest",
         "pin",
@@ -294,7 +267,7 @@
     {
       "matchDatasources": ["docker"],
       "versioning": "regex:^v(?<major>\\d+)-(?<minor>\\d+)$",
-      "matchPackagePrefixes": ["jupyter"],
+      "matchPackagePrefixes": ["tccr.io/truecharts/jupyter"],
       "groupName": "jupyter",
     },
     {
@@ -305,12 +278,12 @@
     },
     {
       "matchDatasources": ["docker"],
-      "matchPackagePrefixes": ["altran1502/immich"],
+      "matchPackagePrefixes": ["tccr.io/truecharts/immich"],
       "groupName": "immich",
     },
     {
       "matchDatasources": ["docker"],
-      "matchPackagePrefixes": ["portainer"],
+      "matchPackagePrefixes": ["tccr.io/truecharts/portainer"],
       "groupName": "portainer",
     },
     {
@@ -320,7 +293,7 @@
     },
     {
       "matchDatasources": ["docker"],
-      "matchPackagePrefixes": ["https://lscr.io/linuxserver/webtop"],
+      "matchPackagePrefixes": ["tccr.io/truecharts/webtop"],
       "groupName": "webtop",
     },
     {
@@ -335,7 +308,7 @@
     },
     {
       "matchDatasources": ["docker"],
-      "matchPackagePrefixes": ["vikunja"],
+      "matchPackagePrefixes": ["tccr.io/truecharts/vikunja"],
       "groupName": "vikunja",
     },
     {
@@ -345,12 +318,12 @@
     },
     {
       "matchDatasources": ["docker"],
-      "matchPackagePrefixes": ["itzg/bungeecord"],
+      "matchPackagePrefixes": ["tccr.io/truecharts/bungeecord"],
       "groupName": "bungeecord",
     },
     {
       "matchDatasources": ["docker"],
-      "matchPackagePrefixes": ["itzg/minecraft-java"],
+      "matchPackagePrefixes": ["tccr.io/truecharts/minecraft-java"],
       "groupName": "minecraft-java",
     },
     {
@@ -370,7 +343,7 @@
     },
     {
       "matchDatasources": ["docker"],
-      "matchPackagePrefixes": ["ghcr.io/goauthentik/"],
+      "matchPackagePrefixes": ["tccr.io/truecharts/authentik"],
       "groupName": "authentik",
     },
     {
@@ -412,305 +385,6 @@
       "matchDatasources": ["docker"],
       "matchPackagePrefixes": ["tccr.io/truecharts/ersatztv"],
       "groupName": "ersatztv",
-    },
-    // matchPackagePatterns
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>14)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackagePatterns": ["^bitnami/postgresql$"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d{4})-(?<minor>\\d{2})-(?<patch>\\d{2})$",
-      "matchPackagePatterns": ["^.*oznu\\/homebridge$"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)-(?<minor>\\d+)-(?<patch>\\d+)$",
-      "matchPackagePatterns": ["^jupyter\\/.+$"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-ubuntu$",
-      "matchPackagePatterns": ["^zabbix\\/zabbix-.*$"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^stable-(?<major>\\d{1})(?<minor>\\d{1})(?<patch>\\d{2}).*$",
-      "matchPackagePatterns": ["^jitsi\\/.*$"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackagePatterns": ["^penpot\\/.*$"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^\\d*-jammy-(?<variant>.+)-v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackagePatterns": ["^.+\\/koush\\/scrypted$"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^version-(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-.*$",
-      "matchPackagePatterns": ["^.*linuxserver\\/deluge$"],
-      "automerge": true,
-    },
-    // matchPackageNames
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-postgres-tomcat$",
-      "matchPackageNames": ["xwiki"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^version-(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackageNames": ["fireflyiii/core"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-\\d+\\.\\d+\\.\\d+$",
-      "matchPackageNames": ["netboxcommunity/netbox"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d{2})(?<minor>\\d{2})(?<patch>\\d{2})$",
-      "matchPackageNames": ["photoprism/photoprism"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackageNames": ["cloudflare/cloudflared"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^version-(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackageNames": ["linuxserver/calibre-web"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^version-v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackageNames": ["linuxserver/heimdall"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^postgresql-v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackageNames": ["ghcr.io/umami-software/umami"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^version-v(?<major>\\d+)\\.(?<minor>\\d+)\\.?(?<patch>\\d*)$",
-      "matchPackageNames": ["linuxserver/mylar3"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^[a-z0-9]{9}-v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-go\\d+\\.\\d+\\.\\d+$",
-      "matchPackageNames": ["storjlabs/storagenode"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-php8\\.0-apache$",
-      "matchPackageNames": ["joyqi/typecho"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^v\\.(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackageNames": ["difegue/lanraragi"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^RELEASE\\.(?<major>\\d+)-(?<minor>\\d+)-(?<patch>\\d+)T\\d+-\\d+-\\d+Z$",
-      "matchPackageNames": ["minio/minio"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^RELEASE\\.(?<major>\\d+)-(?<minor>\\d+)-(?<patch>\\d+)T\\d+-\\d+-\\d+Z$",
-      "matchPackageNames": ["minio/mc"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^apache-(?<major>\\d+)\\.(?<minor>\\d+)\\.?(?<patch>\\d*)-prod$",
-      "matchPackageNames": ["kimai/kimai2"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)-(?<minor>\\d+)-(?<patch>\\d+)$",
-      "matchPackageNames": ["rssbridge/rss-bridge"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)-(?<minor>\\d+)-(?<patch>\\d+)$",
-      "matchPackageNames": ["alexta69/metube"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^focal-(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackageNames": ["codeproject/senseai-server"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^latest-(?<major>\\d+)-(?<minor>\\d+)-(?<patch>\\d+)$",
-      "matchPackageNames": ["wangqiru/ttrss"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)(-\\d+)?$",
-      "matchPackageNames": ["kiwix/kiwix-serve"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-omnibus$",
-      "matchPackageNames": ["ghcr.io/analogj/scrutiny"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)-(?<minor>\\d+)-(?<patch>\\d+)$",
-      "matchPackageNames": ["diygod/rsshub"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-amd64(nvidia)?$",
-      "matchPackageNames": ["blakeblackshear/frigate"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d{1,4})\\.(?<minor>\\d+)\\.(?<patch>\\d+)$",
-      "matchPackageNames": ["kopia/kopia"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d{4})\\.(?<minor>\\d{1,2})\\.(?<patch>\\d{1,2).*$",
-      "matchPackageNames": ["alicevision/meshroom"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d{4})\\.(?<minor>\\d{1,2})\\.(?<patch>\\d{1,2})$",
-      "matchPackageNames": ["itzg/bungeecord"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^java8-(?<major>\\d{4})\\.(?<minor>\\d{1,2})\\.(?<patch>\\d{1,2})$",
-      "matchPackageNames": ["itzg/bungeecord"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^java11-(?<major>\\d{4})\\.(?<minor>\\d{1,2})\\.(?<patch>\\d{1,2})$",
-      "matchPackageNames": ["itzg/bungeecord"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^java17-(?<major>\\d{4})\\.(?<minor>\\d{1,2})\\.(?<patch>\\d{1,2})$",
-      "matchPackageNames": ["itzg/bungeecord"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d{4})\\.(?<minor>\d{1,2})\\.(?<patch>\\d{1,2})(-java\\d{1,2}.*)?$",
-      "matchPackageNames": ["itzg/minecraft-server"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d{4})(?<minor>\\d{2})(?<patch>\\d{2})$",
-      "matchPackageNames": ["ankicommunity/anki-sync-server"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)-jdk17$",
-      "matchPackageNames": ["jenkins/jenkins"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^x64-v(?<major>\\d*)\\.(?<minor>\\d*)\\.(?<patch>\\d*)$",
-      "matchPackageNames": ["housewrecker/gaps"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d*)\\.(?<minor>\\d*)\\.(?<patch>\\d*)-\\d*$",
-      "matchPackageNames": ["sameersbn/apt-cacher-ng"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^release-(?<major>\\d*)\\.(?<minor>\\d*)$",
-      "matchPackageNames": ["mattermost/mattermost-enterprise-edition"],
-      "automerge": true,
-    },
-    {
-      "matchDatasources": ["docker"],
-      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-.+$",
-      "matchPackageNames": ["corentinth/it-tools"],
-      "automerge": true,
-    },
-    //
-    // Version strategies
-    //
-    // Versioning for linuxserver two-three digit container versions
-    {
-      "packagePatterns": ["^linuxserver\\/","^deepquestai\\/"],
-      "versionScheme": "regex:^(?<compatibility>.*?(\\d+\\.)??)(?<major>\\d+)\\.(?<minor>\\d+)\\.?(?<patch>\\d+)?(-r?p?\\d)?$"
-    },
-    {
-      "matchDatasources": [
-        "docker"
-      ],
-      "versioning": "loose",
-      "matchPackageNames": [
-        "ghcr.io/onedr0p/plex",
-        "ghcr.io/onedr0p/qbittorrent",
-        "sirfragalot/hyperion.ng",
-      ],
-    },
-    {
-      "matchDatasources": [
-        "docker"
-      ],
-      "matchPackageNames": [
-        "quay.io/helmpack/chart-releaser",
-        "jnorwood/helm-docs",
-        "quay.io/git-chglog/git-chglog"
-      ],
-      "automerge": false,
-      "matchUpdateTypes": ["major", "minor", "patch", "digest", "pin"],
-      "labels": ["renovate/image", "ci"],
-    },
-
+    }
   ]
 }

.github/scripts/build-catalog.sh

@@ -74,8 +74,7 @@ patch_apps() {
     cat ${target}/Chart.yaml | grep "icon" >> catalog/${train}/${chartname}/item.yaml
     sed -i "s|^icon:|icon_url:|g" catalog/${train}/${chartname}/item.yaml
     echo "categories:" >> catalog/${train}/${chartname}/item.yaml
-    category=$(cat ${target}/Chart.yaml | yq '.annotations."truecharts.org/category"' -r)
-    echo "- $category" >> catalog/${train}/${chartname}/item.yaml
+    cat ${target}/Chart.yaml | yq '.annotations."truecharts.org/catagories"' -r >> catalog/${train}/${chartname}/item.yaml
 
     # Generate screenshots
     screenshots=""
@@ -124,7 +123,6 @@ copy_apps() {
 }
 export -f copy_apps
 
-rm -rf charts/unstable
 if [[ -d "charts/${1}" ]]; then
     echo "Start processing charts/${1} ..."
     chartversion=$(cat charts/${1}/Chart.yaml | grep "^version: " | awk -F" " '{ print $2 }')

.github/scripts/fetch_helm_deps.sh

@@ -110,18 +110,6 @@ for idx in $(eval echo "{0..$length}"); do
               if [[ "$train_chart" =~ incubator\/.* ]]; then
                   helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
                   helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
-              elif [[ "$name" =~ "velero" ]]; then
-                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
-                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
-              elif [[ "$name" =~ "metallb" ]]; then
-                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
-                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
-              elif [[ "$name" =~ "cloudnative-pg" ]]; then
-                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
-                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
-              elif [[ "$name" =~ "kube-prometheus-stack" ]]; then
-                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
-                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
               elif [[ "$name" =~ "cert-manager" ]]; then
                   helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/certman.gpg || \
                   helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/certman.gpg || exit 1
@@ -136,14 +124,6 @@ for idx in $(eval echo "{0..$length}"); do
                 if [[ "$name" =~ "cert-manager" ]]; then
                   helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/certman.gpg || \
                   helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/certman.gpg || exit 1
-                elif [[ "$name" =~ "velero" ]]; then
-                   echo "Velero is not signed..."
-                elif [[ "$name" =~ "metallb" ]]; then
-                   echo "metallb is not signed..."
-                elif [[ "$name" =~ "cloudnative-pg" ]]; then
-                   echo "cloudnative-pg is not signed..."
-                elif [[ "$name" =~ "kube-prometheus-stack" ]]; then
-                   echo "kube-prometheus-stack is not signed..."
                 elif [[ ! "$train_chart" =~ incubator\/.* ]]; then
                   echo "Validating dependency signature..."
                   helm verify $cache_path/$repo_dir/$name-$version.tgz --keyring $gpg_dir/pubring.gpg || \
@@ -157,18 +137,6 @@ for idx in $(eval echo "{0..$length}"); do
               if [[ "$train_chart" =~ incubator\/.* ]]; then
                   helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
                   helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
-              elif [[ "$name" =~ "velero" ]]; then
-                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
-                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
-              elif [[ "$name" =~ "metallb" ]]; then
-                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
-                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
-              elif [[ "$name" =~ "cloudnative-pg" ]]; then
-                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
-                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
-              elif [[ "$name" =~ "kube-prometheus-stack" ]]; then
-                  helm dependency build "$charts_path/$train_chart/Chart.yaml" || \
-                  helm dependency update "$charts_path/$train_chart/Chart.yaml"|| exit 1
               elif [[ "$name" =~ "cert-manager" ]]; then
                   helm dependency build "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/certman.gpg || \
                   helm dependency update "$charts_path/$train_chart/Chart.yaml" --verify --keyring $gpg_dir/certman.gpg || exit 1

.github/scripts/tc-lint.sh

@@ -147,18 +147,17 @@ function lint_chart(){
         echo "👣 Helm Lint - [$chart_path]"
         helm_lint "$chart_path"
 
-        # FIXME: Comment out for now as it requires deps installed in linting.
-        # if [[ ! $(ls $chart_path/ci/*values.yaml) ]]; then
-        #     echo "👣 Helm Template - [$chart_path]"
-        #     helm_template "$chart_path"
-        # fi
+        if [[ ! $(ls $chart_path/ci/*values.yaml) ]]; then
+            echo "👣 Helm Template - [$chart_path]"
+            helm_template "$chart_path"
+        fi
 
-        # for values in $chart_path/ci/*values.yaml; do
-        #     if [ -f "${values}" ]; then
-        #         echo "👣 Helm Template - [$values]"
-        #         helm_template "$chart_path" "$values"
-        #     fi
-        # done
+        for values in $chart_path/ci/*values.yaml; do
+            if [ -f "${values}" ]; then
+                echo "👣 Helm Template - [$values]"
+                helm_template "$chart_path" "$values"
+            fi
+        done
 
         echo "👣 Chart Version - [$chart_path] against [$target_branch]"
         check_version "$chart_path" "$target_branch"

.github/scripts/updateTraefikMiddlewareVersions.sh

@@ -0,0 +1,53 @@
+#! /bin/bash
+
+trainsPath="./charts"
+traefikTrain="enterprise"
+
+get_latest_release() {
+    # Get latest release from GitHub api, NOTE: Remove the header when running locally (or add a valid token)
+    curl --silent \
+         --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
+         --url "https://api.github.com/repos/$1/releases/latest" |
+    # Get tag line
+    grep '"tag_name":' |
+    # Pluck JSON value
+    sed -E 's/.*"([^"]+)".*/\1/'
+}
+
+set_key_to_version() {
+    key="$1"
+    version="$2"
+    traefikValuesFile="$trainsPath/$traefikTrain/traefik/values.yaml"
+    echo "Setting $key to $version..."
+    sed -i "s/${key}: .*/${key}: ${version}/" $traefikValuesFile
+
+    content=$(grep "$key:" "$traefikValuesFile" | sed "s/\s*${key}:\s*//" )
+    echo "New content of $key in values.yaml: $content"
+    echo ""
+}
+
+update_plugin() {
+    repo="$1"
+    key="$2"
+    pluginName="$3"
+
+    version=$(get_latest_release "$repo")
+    if [ -z "$version" ]
+    then
+        echo "Got empty version, skipping..."
+    else
+        echo "Fetched $pluginName plugin version: $version"
+        set_key_to_version "$key" "$version"
+    fi;
+}
+# Example
+# update_plugin "repo" "key_holding_version_in_values.yaml" "plugin_name_used_for_verbose_printing_only"
+
+# Real IP
+update_plugin "soulbalz/traefik-real-ip" "realIPVersion" "RealIP"
+
+# Theme Park
+update_plugin "packruler/traefik-themepark" "themeParkVersion" "ThemePark"
+
+# GeoBlock
+update_plugin "PascalMinder/geoblock" "geoBlockVersion" "GeoBlock"

.github/workflows/catalog-test.yaml

@@ -17,7 +17,7 @@ jobs:
     container:
       image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         name: Checkout
         with:
           fetch-depth: 100

.github/workflows/charts-lint.yaml

@@ -22,13 +22,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout [master]
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: master
 
       - name: Checkout [commit]
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -47,21 +47,12 @@ jobs:
         run: |
           pip3 install --no-cache-dir pre-commit yamale yamllint
 
-      - name: Install Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
-        with:
-          version: v3.13.2
-
       - name: Prep Helm
         run: |
           helm repo add truecharts https://charts.truecharts.org
           helm repo add truecharts-deps https://deps.truecharts.org
           helm repo add truecharts-library https://library-charts.truecharts.org
           helm repo add jetstack https://charts.jetstack.io
-          helm repo add vmwaretanzu https://vmware-tanzu.github.io/helm-charts
-          helm repo add cnpg https://cloudnative-pg.github.io/charts
-          helm repo add metallb https://metallb.github.io/metallb
-          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
           helm repo update
 
       - name: Collect changes (branch-based)
@@ -117,7 +108,7 @@ jobs:
       - name: Create/Update comment
         if: steps.list-changed.outputs.detected == 'true'
         continue-on-error: true
-        uses: thollander/actions-comment-pull-request@1d3973dc4b8e1399c0620d3f2b1aa5e795465308 # v2
+        uses: thollander/actions-comment-pull-request@dadb7667129e23f12ca3925c90dc5cd7121ab57e # v2
         with:
           filePath: /tmp/lint_result.txt
           comment_tag: lint_results

.github/workflows/charts-release.yaml

@@ -17,13 +17,13 @@ jobs:
       image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           token: ${{ secrets.BOT_TOKEN }}
           fetch-depth: 1
 
       - name: Checkout Helm-Staging
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           repository: truecharts/helm-staging
@@ -66,7 +66,7 @@ jobs:
         with:
           setup-tools: |
             helmv3
-          helm: "3.13.2"
+          helm: "3.8.0"
 
       - name: Prep Helm
         run: |
@@ -74,9 +74,6 @@ jobs:
           helm repo add truecharts-library https://library-charts.truecharts.org
           helm repo add truecharts-deps https://deps.truecharts.org
           helm repo add jetstack https://charts.jetstack.io
-          helm repo add vmwaretanzu https://vmware-tanzu.github.io/helm-charts
-          helm repo add cnpg https://cloudnative-pg.github.io/charts
-          helm repo add metallb https://metallb.github.io/metallb
           helm repo update
 
       # Optional step if GPG signing is used
@@ -96,7 +93,7 @@ jobs:
           GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           token: ${{ secrets.BOT_TOKEN }}
           fetch-depth: 0
@@ -128,7 +125,7 @@ jobs:
           find . -name '*.sh' | xargs chmod +x
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         if: |
           steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
         with:
@@ -209,10 +206,6 @@ jobs:
                 echo "" >> website/docs/charts/${train}/${chart}/index.md
                 cat charts/${train}/${chart}/Chart.yaml | yq .description -r >> website/docs/charts/${train}/${chart}/index.md
                 echo "" >> website/docs/charts/${train}/${chart}/index.md
-                echo "## Chart Sources" >> website/docs/charts/${train}/${chart}/index.md
-                echo "" >> website/docs/charts/${train}/${chart}/index.md
-                cat charts/${train}/${chart}/Chart.yaml | go-yq .sources -r >> website/docs/charts/${train}/${chart}/index.md
-                echo "" >> website/docs/charts/${train}/${chart}/index.md
                 echo "## Available Documentation" >> website/docs/charts/${train}/${chart}/index.md
                 echo "" >> website/docs/charts/${train}/${chart}/index.md
 
@@ -247,7 +240,7 @@ jobs:
           git push
 
       - name: Checkout Catalog
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         if: |
           steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
         with:
@@ -310,7 +303,7 @@ jobs:
           GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
 
       - name: Run chart-releaser for dependency apps
-        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
+        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
         if: |
           steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
         with:

.github/workflows/charts-test.yaml

@@ -50,7 +50,7 @@ jobs:
       detected6: ${{ steps.list-changed.outputs.detected6 }}
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -115,27 +115,29 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
 
-      - name: Install Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
+      - name: Install Kubernetes tools
+        uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
         with:
-          version: v3.13.2
+          setup-tools: |
+            helmv3
+          helm: "3.9.4"
 
-      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
+      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
         with:
           python-version: "3.11"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
 
       - name: Create k3d cluster
         uses: nolar/setup-k3d-k3s@v1
         with:
-          version: latest
+          version: v1.24
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -144,35 +146,18 @@ jobs:
         run: |
           kubectl taint --all=true nodes node.cloudprovider.kubernetes.io/uninitialized- || true
 
-      - name: Prep Helm
-        run: |
-          helm repo add truecharts https://charts.truecharts.org
-          helm repo add truecharts-deps https://deps.truecharts.org
-          helm repo add truecharts-library https://library-charts.truecharts.org
-          helm repo add jetstack https://charts.jetstack.io
-          helm repo add vmwaretanzu https://vmware-tanzu.github.io/helm-charts
-          helm repo add cnpg https://cloudnative-pg.github.io/charts
-          helm repo add metallb https://metallb.github.io/metallb
-          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-          helm repo update
-
       - name: Add Dependencies
         run: |
-          if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
-            helm install metallb truecharts/metallb --namespace metallb --create-namespace --wait
-          fi
+          ## TODO: Move to our Helm Charts
           ## TODO: Only add when required
-          if [[ "${{ matrix.chart }}" == "charts/enterprise/clusterissuer" ]]; then
-            helm install cert-manager truecharts/cert-manager --namespace cert-manager --create-namespace --wait
+          if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
-            helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.20/releases/cnpg-1.20.0.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
-            helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
-          fi
-          if [[ "${{ matrix.chart }}" != "charts/enterprise/traefik" ]]; then
-            helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.66.0/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
           fi
 
       - name: Run chart-testing (install)
@@ -190,27 +175,29 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
 
-      - name: Install Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
+      - name: Install Kubernetes tools
+        uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
         with:
-          version: v3.13.2
+          setup-tools: |
+            helmv3
+          helm: "3.9.4"
 
-      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
+      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
         with:
           python-version: "3.11"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
 
       - name: Create k3d cluster
         uses: nolar/setup-k3d-k3s@v1
         with:
-          version: latest
+          version: v1.24
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -222,20 +209,13 @@ jobs:
       - name: Add Dependencies
         run: |
           if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
-            helm install metallb truecharts/metallb --namespace metallb --create-namespace --wait
-          fi
-          ## TODO: Only add when required
-          if [[ "${{ matrix.chart }}" == "charts/enterprise/clusterissuer" ]]; then
-            helm install cert-manager truecharts/cert-manager --namespace cert-manager --create-namespace --wait
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
-            helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
-            helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
-          fi
-          if [[ "${{ matrix.chart }}" != "charts/enterprise/traefik" ]]; then
-            helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.66.0/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
           fi
 
       - name: Run chart-testing (install)
@@ -253,27 +233,29 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
 
-      - name: Install Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
+      - name: Install Kubernetes tools
+        uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
         with:
-          version: v3.13.2
+          setup-tools: |
+            helmv3
+          helm: "3.9.4"
 
-      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
+      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
         with:
           python-version: "3.11"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
 
       - name: Create k3d cluster
         uses: nolar/setup-k3d-k3s@v1
         with:
-          version: latest
+          version: v1.24
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -285,20 +267,13 @@ jobs:
       - name: Add Dependencies
         run: |
           if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
-            helm install metallb truecharts/metallb --namespace metallb --create-namespace --wait
-          fi
-          ## TODO: Only add when required
-          if [[ "${{ matrix.chart }}" == "charts/enterprise/clusterissuer" ]]; then
-            helm install cert-manager truecharts/cert-manager --namespace cert-manager --create-namespace --wait
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
-            helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
-            helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
-          fi
-          if [[ "${{ matrix.chart }}" != "charts/enterprise/traefik" ]]; then
-            helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.66.0/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
           fi
 
       - name: Run chart-testing (install)
@@ -316,27 +291,29 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
 
-      - name: Install Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
+      - name: Install Kubernetes tools
+        uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
         with:
-          version: v3.13.2
+          setup-tools: |
+            helmv3
+          helm: "3.9.4"
 
-      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
+      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
         with:
           python-version: "3.11"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
 
       - name: Create k3d cluster
         uses: nolar/setup-k3d-k3s@v1
         with:
-          version: latest
+          version: v1.24
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -348,20 +325,13 @@ jobs:
       - name: Add Dependencies
         run: |
           if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
-            helm install metallb truecharts/metallb --namespace metallb --create-namespace --wait
-          fi
-          ## TODO: Only add when required
-          if [[ "${{ matrix.chart }}" == "charts/enterprise/clusterissuer" ]]; then
-            helm install cert-manager truecharts/cert-manager --namespace cert-manager --create-namespace --wait
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
-            helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
-            helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
-          fi
-          if [[ "${{ matrix.chart }}" != "charts/enterprise/traefik" ]]; then
-            helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.66.0/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
           fi
 
       - name: Run chart-testing (install)
@@ -379,27 +349,29 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
 
-      - name: Install Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
+      - name: Install Kubernetes tools
+        uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
         with:
-          version: v3.13.2
+          setup-tools: |
+            helmv3
+          helm: "3.9.4"
 
-      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
+      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
         with:
           python-version: "3.11"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
 
       - name: Create k3d cluster
         uses: nolar/setup-k3d-k3s@v1
         with:
-          version: latest
+          version: v1.24
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -411,20 +383,13 @@ jobs:
       - name: Add Dependencies
         run: |
           if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
-            helm install metallb truecharts/metallb --namespace metallb --create-namespace --wait
-          fi
-          ## TODO: Only add when required
-          if [[ "${{ matrix.chart }}" == "charts/enterprise/clusterissuer" ]]; then
-            helm install cert-manager truecharts/cert-manager --namespace cert-manager --create-namespace --wait
+            kubectl apply -f --server-side --force-conflicts https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
-            helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
+            kubectl apply -f --server-side --force-conflicts https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
-            helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
-          fi
-          if [[ "${{ matrix.chart }}" != "charts/enterprise/traefik" ]]; then
-            helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
+            kubectl apply -f --server-side --force-conflicts --server-side --force-conflicts https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.66.0/bundle.yaml
           fi
 
       - name: Run chart-testing (install)
@@ -442,27 +407,29 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
 
-      - name: Install Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3
+      - name: Install Kubernetes tools
+        uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
         with:
-          version: v3.13.2
+          setup-tools: |
+            helmv3
+          helm: "3.9.4"
 
-      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4
+      - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4
         with:
           python-version: "3.11"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
 
       - name: Create k3d cluster
         uses: nolar/setup-k3d-k3s@v1
         with:
-          version: latest
+          version: v1.24
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -474,20 +441,13 @@ jobs:
       - name: Add Dependencies
         run: |
           if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
-            helm install metallb truecharts/metallb --namespace metallb --create-namespace --wait
-          fi
-          ## TODO: Only add when required
-          if [[ "${{ matrix.chart }}" == "charts/enterprise/clusterissuer" ]]; then
-            helm install cert-manager truecharts/cert-manager --namespace cert-manager --create-namespace --wait
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
-            helm install cloudnative-pg truecharts/cloudnative-pg --namespace cloudnative-pg --create-namespace --wait
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
-            helm install prometheus-operator truecharts/prometheus-operator --namespace prometheus-operator --create-namespace --wait
-          fi
-          if [[ "${{ matrix.chart }}" != "charts/enterprise/traefik" ]]; then
-            helm install traefik truecharts/traefik --namespace traefik --create-namespace --wait
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.66.0/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
           fi
 
       - name: Run chart-testing (install)

.github/workflows/daily.yaml

@@ -0,0 +1,397 @@
+name: "Chore: Daily Tasks"
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+concurrency:
+  group: lock
+
+jobs:
+  generate-readme:
+    runs-on: ubuntu-latest
+    name: "Generate readme files"
+    container:
+      image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
+    steps:
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        with:
+          token: ${{ secrets.BOT_TOKEN }}
+          fetch-depth: 1
+
+      - name: Setting repo parent dir as safe safe.directory
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: generate readme.md
+        shell: bash
+        run: |
+          for train in stable operators SCALE incubator games enterprise develop non-free deprecated dependency core; do
+            for chart in charts/${train}/*; do
+              if [ -d "${chart}" ]; then
+                echo "Generating readme.md for ${train}/${chart}"
+                cp "templates/README.md.tpl" "${chart}/README.md"
+                sed -i "s/TRAINPLACEHOLDER/${train}/" "${chart}/README.md"
+                sed -i "s/CHARTPLACEHOLDER/${chartname}/" "${chart}/README.md"
+              fi
+            done
+          done
+      - name: generate HelmIgnore
+        shell: bash
+        run: |
+          for train in stable operators SCALE incubator games enterprise develop non-free deprecated dependency core; do
+            for chart in charts/${train}/*; do
+              if [ -d "${chart}" ]; then
+                echo "Attempting to sync HelmIgnore file for: ${chartname}"
+                rm -rf ${chart}/.helmignore
+                cp templates/chart/.helmignore ${chart}/
+              fi
+            done
+          done
+
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        with:
+          repository: truecharts/website
+          path: website
+          fetch-depth: 1
+          token: ${{ secrets.BOT_TOKEN }}
+
+      - name: Bump and Sync
+        shell: bash
+        run: |
+          # Designed to ensure the appversion in Chart.yaml is in sync with the primary Chart tag if found
+          # Also makes sure that home link is pointing to the correct url
+          sync_tag() {
+            local chart="$1"
+            local chartname="$2"
+            local train="$3"
+            echo "Attempting to sync primary tag with appversion for: ${chartname}"
+            local tag="$(cat ${chart}/values.yaml | grep '^  tag: ' | awk -F" " '{ print $2 }' | head -1)"
+            tag="${tag%%@*}"
+            tag="${tag:-auto}"
+            tag=$(echo $tag | sed "s/release-//g")
+            tag=$(echo $tag | sed "s/release_//g")
+            tag=$(echo $tag | sed "s/version-//g")
+            tag=$(echo $tag | sed "s/version_//g")
+            tag="${tag#*V.}"
+            tag="${tag#*v-}"
+            tag="${tag#*v}"
+            tag="${tag%-*}"
+            tag="${tag:0:10}"
+            tag="${tag%-}"
+            tag="${tag%_}"
+            tag="${tag%.}"
+            echo "Updating tag of ${chartname} to ${tag}..."
+            sed -i -e "s|appVersion: .*|appVersion: \"${tag}\"|" "${chart}/Chart.yaml"
+            echo "Updating icon of ${chartname}..."
+            sed -i -e "s|icon: .*|icon: https:\/\/truecharts.org\/img\/hotlink-ok\/chart-icons\/${chartname}.png|" "${chart}/Chart.yaml"
+            echo "Updating home of ${chartname}..."
+            sed -i -e "s|home: .*|home: https:\/\/truecharts.org\/charts\/${train}\/${chartname}|" "${chart}/Chart.yaml"
+            echo "Attempting to update sources of ${chartname}..."
+            echo "Using go-yq verion: <$(go-yq -V)>"
+            # Get current sources, exluding those that may have been added automatically.
+            curr_sources=$(
+              go-yq '
+                .sources[] |
+                select(
+                  . != "https://github.com/truecharts*" and
+                  . != "https://ghcr*" and
+                  . != "docker.io*" and
+                  . != "https://docker.io*" and
+                  . != "https://hub.docker*" and
+                  . != "https://fleet.*" and
+                  . != "https://github.com/truecharts/containers/tree/master/mirror/*" and
+                  . != "https://public.ecr.aws*" and
+                  . != "https://ocir.io*" and
+                  . != "https://gcr*" and
+                  . != "https://azurecr*" and
+                  . != "https://quay*" and
+                  . != "https://lscr*" and
+                  . != "https://github.com/truecharts/containers*" and
+                  . == "http*"
+                )
+                ' \
+              "${chart}/Chart.yaml"
+            )
+            # Empty sources list in-place
+            go-yq -i 'del(.sources.[])' "${chart}/Chart.yaml"
+            # Add truechart source
+            tcsource="https://github.com/truecharts/charts/tree/master/charts/$train/$chartname" go-yq -i '.sources += env(tcsource)' "${chart}/Chart.yaml"
+            # Get the container image name that was parsed out of the Dockerfile for the website.
+            container=$(cat website/docs/charts/description_list.md | grep "\[${chartname}\]" | cut -f3 -d '|' | grep -v 'Not Found' || echo "")
+            # Convert the container image name to a URL.
+            if [ ! -z "$container" ]; then
+              prefix=""
+              case "$container" in
+                lscr.io/linuxserver/*)
+                  prefix="https://fleet.linuxserver.io/image?name="
+                  container=${container#lscr.io/}
+                  ;;
+                tccr.io/truecharts/*)
+                  prefix="https://github.com/truecharts/containers/tree/master/mirror"
+                  container=${container#tccr.io/truecharts/}
+                  ;;
+                mcr.microsoft.com/*)
+                  prefix=""
+                  ;;
+                public.ecr.aws/*)
+                  prefix="https://gallery.ecr.aws/"
+                  container=${container#public.ecr.aws/}
+                  ;;
+                ghcr.io/*)
+                  prefix="https://"
+                  ;;
+                quay.io/*)
+                  prefix="https://"
+                  ;;
+                gcr.io/*)
+                  prefix="https://"
+                  ;;
+                *.azurecr.io/*)
+                  prefix=""
+                  ;;
+                *.ocir.io/*)
+                  prefix=""
+                  ;;
+                # There have been a number of domains used for the Docker Hub registry over the years.
+                # NOTE:  This is also the default case!
+                docker.io/*|index.docker.io/*|registry-1.docker.io/*|registry.hub.docker.com/*|*)
+                  prefix="https://hub.docker.com/r/"
+                  container=${container#docker.io/}
+                  container=${container#index.docker.io/}
+                  container=${container#registry-1.docker.io/}
+                  container=${container#registry.hub.docker.com/}
+                  # If the image name does not contain a slash it is a Docker Official Image.
+                  if [ "$container" == "${container////}" ]; then
+                    prefix="https://hub.docker.com/_/"
+                  # If the user name is library it is a Docker Official Image.
+                  elif [ "${container%%/*}" == "library" ]; then
+                    prefix="https://hub.docker.com/_/"
+                    container=${container#library/}
+                  fi
+                  # Avoid creating a bad link since an unsupported registry may have been used.
+                  slashes=${container//[^\/]/}
+                  # Bail out if the image name has more than 1 slash.
+                  if [ ${#slashes} -gt 1 ]; then
+                    prefix=""
+                    echo "WARNING: Not assuming '$container' is a Docker Hub image"
+                  fi
+                  ;;
+              esac
+              if [ -n "${prefix}" ]; then
+                container="${prefix}${container}" go-yq -i '.sources += env(container) | .sources |= unique' "${chart}/Chart.yaml"
+              fi
+            fi
+            # Add the rest of the sources
+            while IFS= read -r line; do
+              src="$line" go-yq -i '.sources += env(src)' "${chart}/Chart.yaml" || echo "src set error"
+            done <<< "$curr_sources"
+            echo "Sources of ${chartname} updated!"
+          }
+          export -f sync_tag
+
+          for train in enterprise stable operators incubator dependency; do
+            echo "Correcting Chart.yaml for Train: ${train}..."
+            for chart in $(ls "charts/${train}"); do
+              echo "Correcting Chart.yaml for Chart: ${chart}..."
+              sync_tag "charts/${train}/${chart}" "${chart}" "${train}"
+            done
+          done
+
+      - name: Fix Fixable Pre-Commit issues
+        shell: bash
+        if: inputs.chartChangesDetected == 'true'
+        run: |
+          echo "Running pre-commit test-and-cleanup..."
+          pre-commit run --all ||:
+          # Fix sh files to always be executable
+          find . -name '*.sh' | xargs chmod +x
+
+      - name: Cleanup
+        run: |
+          rm -rf changes.json
+          rm -rf master
+
+      - name: Commit changes
+        run: |
+          git config user.name "TrueCharts-Bot"
+          git config user.email "bot@truecharts.org"
+          git pull
+          git add --all
+          git commit -sm "Commit daily changes" || exit 0
+          git push
+
+  generate-security-reports:
+    runs-on: ubuntu-latest
+    name: "Generate Security Reports"
+    container:
+      image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
+    steps:
+      - name: Install Kubernetes tools
+        uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
+        with:
+          setup-tools: |
+            helmv3
+          helm: "3.8.0"
+
+      - name: Prep Helm
+        run: |
+          helm repo add truecharts https://charts.truecharts.org
+          helm repo add truecharts-library https://library-charts.truecharts.org
+          helm repo add truecharts-deps https://deps.truecharts.org
+          helm repo update
+
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        with:
+          token: ${{ secrets.BOT_TOKEN }}
+          fetch-depth: 1
+
+      - name: Setting repo parent dir as safe safe.directory
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Checkout website
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        with:
+          fetch-depth: 1
+          repository: truecharts/website
+          token: ${{ secrets.BOT_TOKEN }}
+          path: website
+
+      - name: fetch dependencies
+        shell: bash
+        run: |
+          .github/scripts/fetch_helm_deps.sh
+
+      - name: generate security reports
+        shell: bash
+        run: |
+          #!/bin/bash
+          render() {
+              local chart="$1"
+              local chartname="$2"
+              local train="$3"
+              echo "Rendering helm-template for ${chartname}"
+              mkdir -p ${chart}/render
+              helm template ${chart} >> ${chart}/render/app.yaml || echo "Helm template failed..."
+          }
+          helm_sec_scan() {
+              local chart="$1"
+              local chartname="$2"
+              local train="$3"
+              echo "Scanning helm security for ${chartname}"
+              mkdir -p ${chart}/render
+              rm -rf website/docs/charts/${train}/${chartname}/helm-security.md || echo "removing old helm-security file failed..."
+              echo "# Helm Security" >> website/docs/charts/${train}/${chartname}/helm-security.md
+              echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
+              echo "## Helm-Chart" >> website/docs/charts/${train}/${chartname}/helm-security.md
+              echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
+              echo "##### Scan Results" >> website/docs/charts/${train}/${chartname}/helm-security.md
+              echo "" >> website/docs/charts/${train}/${chartname}/helm-security.md
+              trivy config --namespaces builtin.kubernetes.* -f template --template "@./templates/trivy-config.tpl" ${chart}/render >> website/docs/charts/${train}/${chartname}/helm-security.md || echo "trivy scan failed..."
+              }
+          container_sec_scan() {
+              local chart="$1"
+              local chartname="$2"
+              local train="$3"
+              echo "Scanning container security for ${chartname}"
+              mkdir -p ${chart}/render
+              rm -rf website/docs/charts/${train}/${chartname}/container-security.md || echo "removing old container-security file failed..."
+              echo "# Container Security" >> website/docs/charts/${train}/${chartname}/container-security.md
+              echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
+              echo "##### Detected Containers" >> website/docs/charts/${train}/${chartname}/container-security.md
+              echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
+              find ${chart}/render/ -name '*.yaml' -type f -exec cat {} \; | grep image: | sed "s/image: //g" | sed "s/\"//g" >> ${chart}/render/containers.tmp
+              cat ${chart}/render/containers.tmp >> website/docs/charts/${train}/${chartname}/container-security.md
+              echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
+              echo "##### Scan Results" >> website/docs/charts/${train}/${chartname}/container-security.md
+              echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
+              for container in $(cat ${chart}/render/containers.tmp | sort | uniq); do
+                if [[ "$container" == *"truecharts/alpine"* || "$container" == *"truecharts/ubuntu"* || "$container" == *"truecharts/kubectl"* ]]; then
+                  echo "Skipping ${container}, as it's a shared common container..."
+                else
+                  echo "**Container: ${container}**" >> website/docs/charts/${train}/${chartname}/container-security.md
+                  echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
+                  trivy image --security-checks vuln -f template --template "@./templates/trivy-container.tpl" ${container} >> website/docs/charts/${train}/${chartname}/container-security.md || echo "trivy container scan failed..."
+                  echo "" >> website/docs/charts/${train}/${chartname}/container-security.md
+                fi
+              done
+              }
+          cleanfiles() {
+              local chart="$1"
+              local chartname="$2"
+              local train="$3"
+              echo "sanitising website output for ${chartname}..."
+              rm -rf ${chart}/render
+              sed -i 's|<br>|<br />|g' website/docs/charts/${train}/${chartname}/helm-security.md ||:
+              sed -i 's|<br>|<br />|g' website/docs/charts/${train}/${chartname}/container-security.md ||:
+              sed -i 's|<hr>|<hr />|g' website/docs/charts/${train}/${chartname}/helm-security.md ||:
+              sed -i 's|<hr>|<hr />|g' website/docs/charts/${train}/${chartname}/container-security.md ||:
+              }
+          for train in enterprise stable operators incubator dependency; do
+            echo "Processing Charts for Train: ${train}..."
+            for chart in $(ls "charts/${train}"); do
+              render "charts/${train}/${chart}" ${chart} ${train} || echo "rendering failed for ${chart}"
+             helm_sec_scan "charts/${train}/${chart}" ${chart} ${train} || echo "helm chart processing failed for ${chart}"
+              if [ ${train} == "enterprise" ]; then
+                container_sec_scan "charts/${train}/${chart}" ${chart} ${train} || echo "container processing failed for ${chart}"
+              fi
+              cleanfiles "charts/${train}/${chart}" ${chart} ${train} || echo "cleaning failed for ${chart}"
+            done
+          done
+          echo "finsihed security scan"
+
+      - name: Commit Website Changes
+        run: |
+          cd website
+          git config user.name "TrueCharts-Bot"
+          git config user.email "bot@truecharts.org"
+          git pull
+          git add --all
+          git commit -sm "Commit released docs for TrueCharts" || exit 0
+          git push
+
+  lock-threads:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 # v4
+        with:
+          github-token: ${{ secrets.BOT_TOKEN }}
+          issue-inactive-days: "7"
+          exclude-any-issue-labels: ""
+          issue-comment: "This issue is locked to prevent necro-posting on closed issues. Please create a new issue or contact staff on discord of the problem persists"
+          issue-lock-reason: ""
+          pr-inactive-days: "7"
+          pr-comment: "This PR is locked to prevent necro-posting on closed PRs. Please create a issue or contact staff on discord if you want to further discuss this"
+          pr-lock-reason: "resolved"
+          log-output: true
+
+  check-contributors:
+    name: Check Contributors
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        with:
+          token: ${{ secrets.BOT_TOKEN }}
+          fetch-depth: 1
+
+      - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3
+        with:
+          node-version: 18
+
+      - uses: borales/actions-yarn@97ba8bebfe5b549bb7999261698a52a81fd62f1b # v4.2.0
+        with:
+          cmd: install --frozen-lockfile
+
+      - name: List missing and unknown contributors
+        env:
+          PRIVATE_TOKEN: ${{ secrets.BOT_TOKEN }}
+        run: |
+          awk -F', ' '{ for( i=1; i<=NF; i++ ) print $i }' <<<$(yarn all-contributors check)

.github/workflows/pr-validate.yaml

@@ -17,7 +17,7 @@ jobs:
       addedOrModifiedCharts: ${{ steps.collect-changes.outputs.addedOrModifiedCharts }}
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
 
       - name: Collect changes
         id: collect-changes
@@ -57,7 +57,7 @@ jobs:
       head-commit-message: ${{ steps.get_head_commit_message.outputs.headCommitMsg }}
     steps:
       - name: Get repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: verbose head git commit message
@@ -73,7 +73,7 @@ jobs:
       - charts-test
       - charts-lint
       - print_head_msg
-    if: ${{ contains( needs.print_head_msg.outputs.head-commit-message, 'update container image' ) }}
+    if: needs.print_head_msg.outputs.head-commit-message == 'Commit bumped Chart Version'
     name: Automerge and Approve build
     runs-on: ubuntu-latest
     steps:

.github/workflows/prune.yaml

@@ -9,7 +9,7 @@ jobs:
     name: "prune old releases"
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 0
       - uses: actions/delete-package-versions@0d39a63126868f5eefaa47169615edd3c0f61e20 # v4

.github/workflows/renovate-bump.yaml

@@ -0,0 +1,149 @@
+name: "Renovate: Bump on Push"
+
+on:
+  push:
+    branches:
+      - "renovate/**"
+    tags-ignore:
+      - "**"
+
+jobs:
+  renovate-bump:
+    name: Get changed Apps
+    runs-on: ubuntu-20.04
+    container:
+      image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        name: Checkout
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.BOT_TOKEN }}
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
+        name: Checkout
+        with:
+          fetch-depth: 0
+          ref: master
+          path: master
+
+      - name: Setting repo parent dir as safe safe.directory
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - uses: dorny/paths-filter@v2
+        id: filter
+        with:
+          list-files: json
+          filters: |
+            changed:
+            - 'charts/stable/**'
+            - 'charts/incubator/**'
+            - 'charts/SCALE/**'
+            - 'charts/library/**'
+            - 'charts/dependency/**'
+            - 'charts/core/**'
+            - 'charts/enterprise/**'
+            - 'charts/games/**'
+      - name: Filter filter-output
+        run: echo '${{ toJson(steps.filter.outputs) }}' > changes.json
+
+      - name: Bump and Sync
+        shell: bash
+        run: |
+          # Designed to ensure the appversion in Chart.yaml is in sync with the primary Chart tag if found
+          # Also makes sure that home link is pointing to the correct url
+          sync_tag() {
+              local chart="$1"
+              local chartname="$2"
+              local train="$3"
+              echo "Attempting to sync primary tag with appversion for: ${chartname}"
+              local tag="$(cat ${chart}/values.yaml | grep '^  tag: ' | awk -F" " '{ print $2 }' | head -1)"
+              tag="${tag%%@*}"
+              tag="${tag:-auto}"
+              tag=$(echo $tag | sed "s/release-//g")
+              tag=$(echo $tag | sed "s/release_//g")
+              tag=$(echo $tag | sed "s/version-//g")
+              tag=$(echo $tag | sed "s/version_//g")
+              tag="${tag#*V.}"
+              tag="${tag#*v-}"
+              tag="${tag#*v}"
+              tag="${tag%-*}"
+              tag="${tag:0:10}"
+              tag="${tag%-}"
+              tag="${tag%_}"
+              tag="${tag%.}"
+              echo "Updating tag of ${chartname} to ${tag}..."
+              sed -i -e "s|appVersion: .*|appVersion: \"${tag}\"|" "${chart}/Chart.yaml"
+              echo "Updating icon of ${chartname}..."
+              sed -i -e "s|icon: .*|icon: https:\/\/truecharts.org\/img\/hotlink-ok\/chart-icons\/${chartname}.png|" "${chart}/Chart.yaml"
+              echo "Updating home of ${chartname}..."
+              sed -i -e "s|home: .*|home: https:\/\/truecharts.org\/charts\/${train}\/${chartname}|" "${chart}/Chart.yaml"
+              echo "Attempting to update sources of ${chartname}..."
+              echo "Using go-yq verion: <$(go-yq -V)>"
+              # Get all sources (except truecharts)
+              curr_sources=$(go-yq '.sources[] | select(. != "https://github.com/truecharts*")' "${chart}/Chart.yaml")
+              # Empty sources list in-place
+              go-yq -i 'del(.sources.[])' "${chart}/Chart.yaml"
+              # Add truechart source
+              tcsource="https://github.com/truecharts/charts/tree/master/charts/$train/$chartname" go-yq -i '.sources += env(tcsource)' "${chart}/Chart.yaml"
+              # Add the rest of the sources
+              while IFS= read -r line; do
+                src="$line" go-yq -i '.sources += env(src)' "${chart}/Chart.yaml" || echo "src set error"
+              done <<< "$curr_sources"
+              echo "Sources of ${chartname} updated!"
+              }
+          export -f sync_tag
+
+          # The actual script
+          APPS=$(jq --raw-output '.changed_files | fromjson | .[] |= sub("(?<filepath>(?<first_directory>(?<root1>[\/]?)[^\/]+\/)(?<second_directory>(?<root2>[\/]?)[^\/]+\/)(?<third_directory>(?<root3>[\/]?)[^\/]+)(?<extra_paths>.+))"; "\(.third_directory)") | unique' changes.json  |  jq -r '.[]')
+          echo "changed apps: ${APPS[*]}"
+          for chart in ${APPS[*]}
+          do
+            if [[ "${chart}" == '.gitkeep' ]]; then
+              echo "Skipping..."
+              return
+            elif test -f "./charts/stable/${chart}/Chart.yaml"; then
+              train="stable"
+            elif test -f "./charts/incubator/${chart}/Chart.yaml"; then
+              train="incubator"
+            elif test -f "./charts/SCALE/${chart}/Chart.yaml"; then
+              train="SCALE"
+            elif test -f "./charts/library/${chart}/Chart.yaml"; then
+              train="library"
+            elif test -f "./charts/dependency/${chart}/Chart.yaml"; then
+              train="dependency"
+            elif test -f "./charts/core/${chart}/Chart.yaml"; then
+              train="core"
+            elif test -f "./charts/games/${chart}/Chart.yaml"; then
+              train="games"
+            elif test -f "./charts/enterprise/${chart}/Chart.yaml"; then
+              train="enterprise"
+            elif test -f "./charts/operators/${chart}/Chart.yaml"; then
+              train="operators"
+            else
+              train="incubator"
+            fi
+            echo "Comparing versions for ${train}/${chart}"
+            master=$(cat ./master/charts/${train}/${chart}/Chart.yaml | grep "^version")
+            current=$(cat ./charts/${train}/${chart}/Chart.yaml | grep "^version")
+            echo "master version: ${master}"
+            echo "current version: ${current}"
+            if [[ "${master}" != "${current}" ]]; then
+              echo "Version does not have to be bumped"
+            else
+              echo "Bumping patch version for ${train}/${chart}"
+              ./tools/bump.sh patch ./charts/${train}/${chart}
+            fi
+
+            sync_tag "charts/${train}/${chart}" "${chart}" "${train}"
+          done
+      - name: Cleanup
+        run: |
+          rm -rf changes.json
+          rm -rf master
+      - name: Commit and Push new version
+        run: |
+          git config user.name "TrueCharts-Bot"
+          git config user.email "bot@truecharts.org"
+          git add --all
+          git commit -sm "Commit bumped Chart Version" || exit 0
+          git push

.github/workflows/renovate.yml

@@ -0,0 +1,18 @@
+name: Renovate
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 */1 * * *"
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          token: ${{ secrets.BOT_TOKEN }}
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@23a02fe7be9e93f857a953cc8162e57d2c8401ef # v39.0.1
+        with:
+          configurationFile: .github/renovate-config.js
+          token: ${{ secrets.BOT_TOKEN }}

.github/workflows/schedule-sync-labels.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           token: ${{ secrets.BOT_TOKEN }}
 

.github/workflows/stale.yaml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   stale:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-20.04
     steps:
       - name: Check for stale issues and PRs
         uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8

Gemfile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+group :test do
+  gem 'm'
+  gem 'minitest'
+  gem 'minitest-implicit-subject'
+  gem 'minitest-reporters'
+  gem 'pry'
+  gem 'ruby-jq'
+end

NOTICE

@@ -0,0 +1,4 @@
+This product includes software developed at
+The K8S-At-Home (https://k8s-at-home.com/).
+
+This Product Contains modified Apache2.0 Licensed software

charts/dependency/clickhouse/Chart.yaml

@@ -1,39 +1,30 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: clickhouse
-version: 8.0.2
-appVersion: 23.10.5.20
-description:
-  ClickHouse is a column-oriented database management system (DBMS) for
-  online analytical processing of queries (OLAP).
+appVersion: "23.7.1.247"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
+description: ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP).
 home: https://truecharts.org/charts/dependency/clickhouse
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/clickhouse.png
-deprecated: false
-sources:
-  - https://clickhouse.com/
-  - https://github.com/truecharts/charts/tree/master/charts/dependency/clickhouse
-  - https://hub.docker.com/r/clickhouse/clickhouse-server
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - database
   - clickhouse
   - sql
-dependencies:
-  - name: common
-    version: 15.3.3
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: clickhouse
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/dependency/clickhouse
+  - https://clickhouse.com/
+type: application
+version: 7.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - database
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: database
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: dependency
+  truecharts.org/grade: U

charts/dependency/clickhouse/values.yaml

@@ -1,7 +1,8 @@
 image:
-  repository: clickhouse/clickhouse-server
+  repository: tccr.io/truecharts/clickhouse
   pullPolicy: IfNotPresent
-  tag: 23.10.5.20@sha256:8d66487fa921fd942647182cf1b18355b0760329942f4965084c2a9ce46bef7a
+  tag: v23.7.1.2470@sha256:fbec51f0c6b09733fe4601bba2584dc750f0a8a5077702b86163744bd6f4573f
+
 workload:
   main:
     replicas: 1
@@ -27,6 +28,7 @@ workload:
             startup:
               type: http
               path: /ping
+
 securityContext:
   container:
     readOnlyRootFilesystem: false
@@ -39,6 +41,7 @@ securityContext:
     #     - IPC_LOCK
     #     - NET_ADMIN
     #     - SYS_NICE
+
 service:
   main:
     ports:
@@ -46,24 +49,30 @@ service:
         port: 8123
         protocol: http
         targetPort: 8123
+
 persistence:
   data:
     enabled: true
     mountPath: /var/lib/clickhouse
+
 clickhouseDatabase: "test"
 clickhouseUsername: "test"
 clickhouseDefaultAccessManagement: 0
+
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 clickhousePassword: ""
 existingSecret: ""
+
 secret:
   credentials:
     enabled: true
     data:
       clickhouse-password: '{{ ( .Values.clickhousePassword | default "empty" ) }}'
+
 portal:
   open:
     enabled: false
+
 manifestManager:
   enabled: false

charts/dependency/kube-state-metrics/Chart.yaml

@@ -1,38 +1,29 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: kube-state-metrics
-version: 4.0.2
-appVersion: 2.10.1
-description:
-  kube-state-metrics is a simple service that listens to the Kubernetes
-  API server and generates metrics about the state of the objects.
+appVersion: "2.9.2"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
+description: kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
 home: https://truecharts.org/charts/dependency/kube-state-metrics
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/kube-state-metrics.png
-deprecated: false
-sources:
-  - https://github.com/truecharts/charts/tree/master/charts/dependency/kube-state-metrics
-  - https://hub.docker.com/r/bitnami/kube-state-metrics
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - prometheus
   - kube-state-metrics
   - monitoring
-dependencies:
-  - name: common
-    version: 15.3.3
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: kube-state-metrics
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/dependency/kube-state-metrics
+type: application
+version: 3.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - metrics
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: metrics
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: dependency
+  truecharts.org/grade: U

charts/dependency/kube-state-metrics/values.yaml

@@ -1,7 +1,8 @@
 image:
-  repository: bitnami/kube-state-metrics
+  repository: tccr.io/truecharts/kube-state-metrics
   pullPolicy: IfNotPresent
-  tag: 2.10.1@sha256:6819ee084fdb0ddee851ffcda90833d4e5b991987bdd1fbe4804ade61f47ccdb
+  tag: v2.9.2@sha256:f97c4f80c68ea1fb7852ac7f0dd5a06e680d61c4c0b43b6f9feca282bd5958f4
+
 service:
   main:
     ports:
@@ -15,6 +16,7 @@ service:
         enabled: true
         protocol: http
         port: 8081
+
 workload:
   main:
     podSpec:
@@ -49,22 +51,28 @@ workload:
             # - --resources=verticalpodautoscalers
             - --resources=validatingwebhookconfigurations
             - --resources=volumeattachments
+
           probes:
             liveness:
               path: /healthz
               port: main
+
             readiness:
               path: /healthz
               port: main
+
             startup:
               type: tcp
               port: main
+
 podOptions:
   automountServiceAccountToken: true
+
 serviceAccount:
   main:
     enabled: true
     primary: true
+
 rbac:
   main:
     enabled: true
@@ -271,10 +279,7 @@ rbac:
         verbs:
           - list
           - watch
-      - apiGroups: ["discovery.k8s.io"]
-        resources:
-          - endpointslices
-        verbs: ["list", "watch"]
+
 metrics:
   main:
     # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@@ -291,16 +296,18 @@ metrics:
       labels: {}
       # -- Configure additionial rules for the chart under this key.
       # @default -- See prometheusrules.yaml
-      rules: []
-      # - alert: UnifiPollerAbsent
-      #   annotations:
-      #     description: Unifi Poller has disappeared from Prometheus service discovery.
-      #     summary: Unifi Poller is down.
-      #   expr: |
-      #     absent(up{job=~".*unifi-poller.*"} == 1)
-      #   for: 5m
-      #   labels:
-      #     severity: critical
+      rules:
+        []
+        # - alert: UnifiPollerAbsent
+        #   annotations:
+        #     description: Unifi Poller has disappeared from Prometheus service discovery.
+        #     summary: Unifi Poller is down.
+        #   expr: |
+        #     absent(up{job=~".*unifi-poller.*"} == 1)
+        #   for: 5m
+        #   labels:
+        #     severity: critical
+
 portal:
   open:
     enabled: false

charts/dependency/mariadb/Chart.yaml

@@ -1,42 +1,33 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: mariadb
-version: 10.0.2
-appVersion: 11.1.3
-description:
-  Fast, reliable, scalable, and easy to use open-source relational database
-  system.
+appVersion: "11.0.2"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
+description: Fast, reliable, scalable, and easy to use open-source relational database system.
 home: https://truecharts.org/charts/dependency/mariadb
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/mariadb.png
-deprecated: false
-sources:
-  - https://github.com/bitnami/bitnami-docker-mariadb
-  - https://github.com/prometheus/mysqld_exporter
-  - https://github.com/truecharts/charts/tree/master/charts/dependency/mariadb
-  - https://hub.docker.com/r/bitnami/mariadb
-  - https://mariadb.org
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - mariadb
   - mysql
   - database
   - sql
-dependencies:
-  - name: common
-    version: 15.3.3
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: mariadb
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/dependency/mariadb
+  - https://github.com/bitnami/bitnami-docker-mariadb
+  - https://github.com/prometheus/mysqld_exporter
+  - https://mariadb.org
+type: application
+version: 9.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - database
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: database
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: dependency
+  truecharts.org/grade: U

charts/dependency/mariadb/values.yaml

@@ -1,7 +1,8 @@
 image:
-  repository: bitnami/mariadb
+  repository: tccr.io/truecharts/mariadb
   pullPolicy: IfNotPresent
-  tag: 11.1.3@sha256:ec252de855742584bb2dace25f5cd83ccfdde4f61961cca00fc29a1d5200c2aa
+  tag: v11.0.2@sha256:01c12c8ab605cf1a613f87ea781d34a1311cfa18aa61babcc76d0be61c5cb1f1
+
 workload:
   main:
     podSpec:
@@ -42,35 +43,43 @@ workload:
                 - /bin/bash
                 - -ec
                 - "until /opt/bitnami/scripts/mariadb/healthcheck.sh; do sleep 2; done"
+
 service:
   main:
     ports:
       main:
         port: 3306
         targetPort: 3306
+
 securityContext:
   container:
     readOnlyRootFilesystem: false
     runAsGroup: 0
+
 secret:
   credentials:
     enabled: true
     data:
       mariadb-password: '{{ ( .Values.mariadbPassword | default "empty" ) }}'
       mariadb-root-password: '{{ ( .Values.mariadbRootPassword | default "empty" ) }}'
+
 persistence:
   data:
     enabled: true
     mountPath: "/bitnami/mariadb"
+
 mariadbUsername: "test"
 mariadbDatabase: "test"
 mariadbRootPassword: "testroot"
+
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 mariadbPassword: ""
 existingSecret: ""
+
 portal:
   open:
     enabled: false
+
 manifestManager:
   enabled: false

charts/dependency/memcached/Chart.yaml

@@ -1,37 +1,32 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: memcached
-version: 9.0.2
-appVersion: 1.6.22
+appVersion: "1.6.21"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
 description: Memcached is a memory-backed database caching solution
 home: https://truecharts.org/charts/dependency/memcached
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/memcached.png
-deprecated: false
-sources:
-  - https://github.com/bitnami/bitnami-docker-memcached
-  - https://github.com/truecharts/charts/tree/master/charts/dependency/memcached
-  - https://hub.docker.com/r/bitnami/memcached
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - memcached
   - database
   - cache
-dependencies:
-  - name: common
-    version: 15.3.3
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: memcached
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/dependency/memcached
+  - https://github.com/bitnami/bitnami-docker-memcached
+  - http://memcached.org/
+type: application
+version: 8.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - database
+    - cache
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: database
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: dependency
+  truecharts.org/grade: U

charts/dependency/memcached/values.yaml

@@ -1,7 +1,8 @@
 image:
-  repository: bitnami/memcached
+  repository: tccr.io/truecharts/memcached
   pullPolicy: IfNotPresent
-  tag: 1.6.22@sha256:d4c4ba01c45b2fdbc58cbb94af8ed0690c46ce2c70b34de49751c8920042af02
+  tag: v1.6.21@sha256:a4405d38745d617d73119228f0043b72f80007af25735743e1c3ac86da75d4ac
+
 service:
   main:
     ports:
@@ -9,8 +10,10 @@ service:
         port: 11211
         protocol: tcp
         targetPort: 11211
+
 portal:
   open:
     enabled: false
+
 manifestManager:
   enabled: false

charts/dependency/mongodb/Chart.yaml

@@ -1,40 +1,31 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: mongodb
-version: 9.0.3
-appVersion: 7.0.4
-description:
-  Fast, reliable, scalable, and easy to use open-source no-sql database
-  system.
+appVersion: "6.0.8"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
+description: Fast, reliable, scalable, and easy to use open-source no-sql database system.
 home: https://truecharts.org/charts/dependency/mongodb
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/mongodb.png
-deprecated: false
-sources:
-  - https://www.mongodb.com
-  - https://github.com/bitnami/bitnami-docker-mongodb
-  - https://github.com/truecharts/charts/tree/master/charts/dependency/mongodb
-  - https://hub.docker.com/r/bitnami/mongodb
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - mongodb
   - database
   - nosql
-dependencies:
-  - name: common
-    version: 15.3.3
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: mongodb
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/dependency/mongodb
+  - https://github.com/bitnami/bitnami-docker-mongodb
+  - https://www.mongodb.com
+type: application
+version: 8.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - database
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: database
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: dependency
+  truecharts.org/grade: U

charts/dependency/mongodb/values.yaml

@@ -1,7 +1,8 @@
 image:
-  repository: bitnami/mongodb
+  repository: tccr.io/truecharts/mongodb
   pullPolicy: IfNotPresent
-  tag: 7.0.4@sha256:20d7c04ac542ad5a46ac3ed0cc7f065b0da20cc72b5e9fe36ece2b565903fff1
+  tag: v6.0.8@sha256:7435fdeb21aa12486de9efdce9d72e1ed1c4ed1d5f4af9b3e37b3e8eb31576be
+
 workload:
   main:
     replicas: 1
@@ -41,6 +42,7 @@ workload:
                     - /bin/bash
                     - -ec
                     - echo "db.runCommand(\"ping\")" | mongosh --host localhost --port 27017 ${MONGODB_DATABASE} --quiet
+
             # -- Redainess probe configuration
             # @default -- See below
             readiness:
@@ -57,6 +59,7 @@ workload:
                     - /bin/bash
                     - -ec
                     - echo "db.runCommand(\"ping\")" | mongosh --host localhost --port 27017 ${MONGODB_DATABASE} --quiet
+
             # -- Startup probe configuration
             # @default -- See below
             startup:
@@ -72,35 +75,43 @@ workload:
                     - /bin/bash
                     - -ec
                     - echo "db.runCommand(\"ping\")" | mongosh --host localhost --port 27017 ${MONGODB_DATABASE} --quiet
+
 service:
   main:
     ports:
       main:
         port: 27017
         targetPort: 27017
+
 securityContext:
   container:
     runAsGroup: 0
     readOnlyRootFilesystem: false
+
 persistence:
   data:
     enabled: true
     mountPath: "/bitnami/mongodb"
+
 mongodbUsername: "test"
 mongodbDatabase: "test"
 mongodbRootPassword: "testroot"
+
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 mongodbPassword: ""
 existingSecret: ""
+
 secret:
   credentials:
     enabled: true
     data:
       mongodb-password: '{{ ( .Values.mongodbPassword | default "empty" ) }}'
       mongodb-root-password: '{{ ( .Values.mongodbRootPassword | default "empty" ) }}'
+
 portal:
   open:
     enabled: false
+
 manifestManager:
   enabled: false

charts/dependency/node-exporter/Chart.yaml

@@ -1,38 +1,29 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: node-exporter
-version: 4.0.2
-appVersion: 1.7.0
-description:
-  Prometheus exporter for hardware and OS metrics exposed by UNIX kernels,
-  with pluggable metric collectors.
+appVersion: "1.6.1"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
+description: Prometheus exporter for hardware and OS metrics exposed by UNIX kernels, with pluggable metric collectors.
 home: https://truecharts.org/charts/dependency/node-exporter
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/node-exporter.png
-deprecated: false
-sources:
-  - https://github.com/truecharts/charts/tree/master/charts/dependency/node-exporter
-  - https://hub.docker.com/r/bitnami/node-exporter
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - prometheus
   - node-exporter
   - monitoring
-dependencies:
-  - name: common
-    version: 15.3.3
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: node-exporter
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/dependency/node-exporter
+type: application
+version: 3.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - metrics
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: metrics
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: dependency
+  truecharts.org/grade: U

charts/dependency/node-exporter/values.yaml

@@ -1,13 +1,15 @@
 image:
-  repository: bitnami/node-exporter
+  repository: tccr.io/truecharts/node-exporter
   pullPolicy: IfNotPresent
-  tag: 1.7.0@sha256:68d9e82bc1c876bdf78bc6a81965f1f32344087dd56bbec052acac8237d86cf8
+  tag: v1.6.1@sha256:6c481c3c3ddf83b604f207f7a27b3dbd469035c4e4783fc100e478bf05f9a9c5
+
 service:
   main:
     ports:
       main:
         protocol: http
         port: 9910
+
 workload:
   main:
     type: DaemonSet
@@ -27,15 +29,19 @@ workload:
             liveness:
               path: /
               port: main
+
             readiness:
               path: /
               port: main
+
             startup:
               type: tcp
               port: main
+
 podOptions:
   hostNetwork: true
   hostPID: true
+
 persistence:
   host:
     enabled: true
@@ -55,6 +61,7 @@ persistence:
     hostPath: /sys
     mountPath: /hostsys
     readOnly: true
+
 metrics:
   main:
     # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@@ -71,16 +78,18 @@ metrics:
       labels: {}
       # -- Configure additionial rules for the chart under this key.
       # @default -- See prometheusrules.yaml
-      rules: []
-      # - alert: UnifiPollerAbsent
-      #   annotations:
-      #     description: Unifi Poller has disappeared from Prometheus service discovery.
-      #     summary: Unifi Poller is down.
-      #   expr: |
-      #     absent(up{job=~".*unifi-poller.*"} == 1)
-      #   for: 5m
-      #   labels:
-      #     severity: critical
+      rules:
+        []
+        # - alert: UnifiPollerAbsent
+        #   annotations:
+        #     description: Unifi Poller has disappeared from Prometheus service discovery.
+        #     summary: Unifi Poller is down.
+        #   expr: |
+        #     absent(up{job=~".*unifi-poller.*"} == 1)
+        #   for: 5m
+        #   labels:
+        #     severity: critical
+
 portal:
   open:
     enabled: false

charts/dependency/redis/Chart.yaml

@@ -1,37 +1,32 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: redis
-version: 9.0.2
-appVersion: 7.2.3
+appVersion: "7.0.12"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
 description: Open source, advanced key-value store.
 home: https://truecharts.org/charts/dependency/redis
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/redis.png
-deprecated: false
-sources:
-  - https://github.com/bitnami/bitnami-docker-redis
-  - https://github.com/truecharts/charts/tree/master/charts/dependency/redis
-  - https://hub.docker.com/r/bitnami/redis
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - redis
   - keyvalue
   - database
-dependencies:
-  - name: common
-    version: 15.3.3
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: redis
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/dependency/redis
+  - https://github.com/bitnami/bitnami-docker-redis
+  - http://redis.io/
+type: application
+version: 8.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - database
+    - cache
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: database
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: dependency
+  truecharts.org/grade: U

charts/dependency/redis/values.yaml

@@ -1,7 +1,8 @@
 image:
-  repository: bitnami/redis
+  repository: tccr.io/truecharts/redis
   pullPolicy: IfNotPresent
-  tag: 7.2.3@sha256:f7db3a51e2726109819b50004c3bbf8f1c792723af274f88532b8c3e64fcde0b
+  tag: v7.0.12@sha256:4a7b38a055a1183d226d8e2eb8bb1a55d2ef4ba217a74fd9c1562513c51e5064
+
 workload:
   main:
     replicas: 1
@@ -44,10 +45,12 @@ workload:
                 - sh
                 - -c
                 - /health/ping_readiness_local.sh 2
+
 securityContext:
   container:
     readOnlyRootFilesystem: false
     runAsGroup: 0
+
 configmap:
   health:
     enabled: true
@@ -120,25 +123,30 @@ configmap:
         "$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
         "$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
         exit $exit_status
+
 secret:
   credentials:
     enabled: true
     data:
       redis-password: '{{ ( .Values.redisPassword | default "nothing" ) }}'
+
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 redisPassword: ""
 existingSecret: ""
+
 service:
   main:
     ports:
       main:
         port: 6379
         targetPort: 6379
+
 volumeClaimTemplates:
   data:
     enabled: true
     mountPath: "/bitnami/redis"
+
 persistence:
   redis-health:
     enabled: true
@@ -159,8 +167,10 @@ persistence:
         path: ping_liveness_local_and_master.sh
       - key: ping_readiness_local_and_master.sh
         path: ping_readiness_local_and_master.sh
+
 portal:
   open:
     enabled: false
+
 manifestManager:
   enabled: false

charts/dependency/solr/Chart.yaml

@@ -1,37 +1,30 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: solr
-version: 7.0.2
-appVersion: 9.4.0
+appVersion: "9.3.0"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
 description: Apache Solr
 home: https://truecharts.org/charts/dependency/solr
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/solr.png
-deprecated: false
-sources:
-  - https://github.com/apache/solr
-  - https://github.com/truecharts/charts/tree/master/charts/dependency/solr
-  - https://hub.docker.com/r/bitnami/solr
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - solr
   - apache
   - search
-dependencies:
-  - name: common
-    version: 15.3.3
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: solr
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/dependency/solr
+  - https://github.com/apache/solr
+type: application
+version: 6.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - search
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: search
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: dependency
+  truecharts.org/grade: U

charts/dependency/solr/values.yaml

@@ -1,7 +1,8 @@
 image:
-  repository: bitnami/solr
+  repository: tccr.io/truecharts/solr
   pullPolicy: IfNotPresent
-  tag: 9.4.0@sha256:2ed1a4738c016c0d5d6549b6ad7bc977d9690c36b59cb6c682677792c8a059da
+  tag: v9.3.0@sha256:e4780b9d70fe771d1a6aa477fba5b3be92ddd8d858a685f334616f027f58772a
+
 workload:
   main:
     replicas: 1
@@ -18,6 +19,7 @@ workload:
                 expandObjectName: "{{ if .Values.solrPassword }}true{{ else }}false{{ end }}"
                 name: '{{ if .Values.solrPassword }}credentials{{ else if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ printf "%s-%s" .Release.Name "solrcreds" }}{{ end }}'
                 key: "solr-password"
+
           # -- Probe configuration
           # -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
           # @default -- See below
@@ -43,6 +45,7 @@ workload:
                       else
                         until curl --fail localhost:8983/solr/"${SOLR_CORES}"/admin/ping; do sleep 2; done
                       fi;
+
             # -- Redainess probe configuration
             # @default -- See below
             readiness:
@@ -84,39 +87,47 @@ workload:
                       else
                         until curl --fail localhost:8983/solr/"${SOLR_CORES}"/admin/ping; do sleep 2; done
                       fi;
+
 securityContext:
   container:
     runAsNonRoot: false
     readOnlyRootFilesystem: false
     runAsUser: 1001
     runAsGroup: 0
+
 service:
   main:
     ports:
       main:
         port: 8983
         targetPort: 8983
+
 persistence:
   db:
     enabled: true
     mountPath: "/bitnami/solr"
+
 # Currently only single core is supported, with multiple cores, probes will fail.
 solrCores: "testcore"
 solrEnableAuthentication: "yes"
 solrUsername: "test"
 # Used to pass a comma separated list of optional options like '-XX:G1HeapRegionSize=8m'
 solrOpts: ""
+
 # -- Secret or password
 # One of these options is required, unless used as a dependency for another TrueCharts chart.
 existingSecret: ""
 solrPassword: ""
+
 secret:
   credentials:
     enabled: true
     data:
       solr-password: '{{ ( .Values.solrPassword | default "empty" ) }}'
+
 portal:
   open:
     enabled: true
+
 manifestManager:
   enabled: false

charts/enterprise/authelia/Chart.yaml

@@ -1,21 +1,17 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: authelia
-version: 19.0.14
-appVersion: 4.37.5
+appVersion: "4.37.5"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+  - condition: redis.enabled
+    name: redis
+    repository: https://deps.truecharts.org
+    version: 7.0.6
+deprecated: false
 description: Authelia is a Single Sign-On Multi-Factor portal for web apps
 home: https://truecharts.org/charts/enterprise/authelia
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png
-deprecated: false
-sources:
-  - https://github.com/truecharts/charts/tree/master/charts/enterprise/authelia
-  - https://ghcr.io/authelia/authelia
-  - https://github.com/authelia/chartrepo
-  - https://github.com/authelia/authelia
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - authelia
   - authentication
@@ -28,26 +24,20 @@ keywords:
   - YubiKey
   - Push Notifications
   - LDAP
-dependencies:
-  - name: common
-    version: 14.3.5
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
-  - name: redis
-    version: 8.0.44
-    repository: https://deps.truecharts.org
-    condition: redis.enabled
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: authelia
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/authelia
+  - https://github.com/authelia/chartrepo
+  - https://github.com/authelia/authelia
+type: application
+version: 18.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - security
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: security
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: enterprise
+  truecharts.org/grade: U

charts/enterprise/authelia/docs/Setup-Guide.md

@@ -30,8 +30,8 @@ LLDAP is a `Stable` train chart and therefore isn't supported at the same level
 
 ### App Configuration
 
-- Domain: `mydomain.com` - Your domain without https://
-- Default Redirection URL: `https://auth.mydomain.com` - Can be anything, but we'll stick to auth.mydomain.com. As well, this will be the ingress URL for `Authelia`
+- Domain: `mydomain.com` <- Your domain without https://
+- Default Redirection URL: `https://auth.mydomain.com` <- Can be anything, but we'll stick to auth.mydomain.com. As well, this will be the ingress URL for `Authelia`
 
 ### LDAP Backend Configuration
 
@@ -54,7 +54,7 @@ LLDAP is a `Stable` train chart and therefore isn't supported at the same level
 - Group name Attribute:`cn`
 - Mail Attribute:`mail`
 - Display Name Attribute:`displayName`
-- Admin User: `uid=Steven,ou=people,dc=mydomain,dc=com` - Notice the uid=Steven, most of the time people use admin and a generated password
+- Admin User: `uid=Steven,ou=people,dc=mydomain,dc=com` <- Notice the uid=Steven, most of the time people use admin and a generated password
 - Password: `RANDOMPASSWORD`
 
 #### SMTP Configuration
@@ -103,7 +103,6 @@ The last step is adding the `forwardauth` along with the standard `ingress` sett
 - In this example we use the same name as above, or `auth`. Click `Add` to the `Traefik Middlewares` section, and enter your `forwardauth` name.
 
 ![TraefikForwardAuthMiddleware](img/TraefikForwardAuthMiddleware.png)
-
 ### References
 
 The origin material for this guide is available on the [LLDAP Github](https://github.com/lldap/lldap). While further information on Authelia can be found on their [Github](https://github.com/authelia/authelia) and [website](https://www.authelia.com/).

charts/enterprise/authelia/docs/authelia-rules.md

@@ -1,107 +0,0 @@
-# Authelia Rules
-
-This is a collection of some common Authelia Rules.
-
-:::note[RULE ORDER]
-
-It is important that rules are created in the correct order in Authelia. Rules are processed from top to bottom with the first matching rule being applied. The most narrow rules should be applied first with the most broad rules last.
-
-:::
-
-All rules requiring Authelia authentication were configured with `two_factor` (2FA). If you do not want 2FA on some or all rules replace the Policy with `one_factor`
-
-## API Rule
-
-This rule will bypass Authelia for API level access in most apps. This should always be your first rule.
-
-Domain: `*.domain.tld`
-
-Policy: `bypass`
-
-Subject: `Not Used (Do Not Add)`
-
-Networks: `Not Used (Do Not Add)`
-
-Resources:
-
-- `^/api([/?].*)?$`
-- `^/identity.*$`
-- `^/triggers.*$`
-- `^/meshagents.*$`
-- `^/meshsettings.*$`
-- `^/agent.*$`
-- `^/control.*$`
-- `^/meshrelay.*$`
-- `^/wl.*$`
-
-![authelia-api](./img/authelia-api.png)
-
-## Vaultwarden
-
-These rules will protect the Vaultwarden admin page with Authelia but bypass when accessing the web vault. The order of these rules is critical or the admin page will not be protected.
-
-### Rule 1
-
-Domain: `vaultwarden.domain.tld`
-
-Policy: `two_factor`
-
-Subject: `Not Used (Do Not Add)`
-
-Networks: `Not Used (Do Not Add)`
-
-Resources: `^*/admin.*$`
-
-![authelia-vw1](./img/authelia-vw1.png)
-
-### Rule 2
-
-Domain: `vaultwarden.domain.tld`
-
-Policy: `bypass`
-
-Subject: `Not Used (Do Not Add)`
-
-Networks: `Not Used (Do Not Add)`
-
-Resources: `Not Used (Do Not Add)`
-
-![authelia-vw2](./img/authelia-vw2.png)
-
-## User Rule
-
-This rule will allow users in the `lldap_user` group access to only the specified applications.
-
-Domain:
-
-- `radarr.domain.tld`
-- `sonarr.domain.tld`
-
-Policy: `two_factor`
-
-Subject: `group:lldap_user`
-
-Networks: `Not Used (Do Not Add)`
-
-Resources: `Not Used (Do Not Add)`
-
-![authelia-user](./img/authelia-user.png)
-
-## Catch All Rule
-
-This rule will catch any access requests not covered by other rules.
-
-Domain:
-
-- `domain.tld`
-- `*.domain.tld`
-
-Policy: `two_factor`
-
-Subject: `group:lldap_admin`
-
-Networks: `Not Used (Do Not Add)`
-
-Resources: `Not Used (Do Not Add)`
-
-![authelia-catch](./img/authelia-catch.png)

charts/enterprise/authelia/questions.yaml

@@ -98,95 +98,6 @@ questions:
           schema:
             type: int
             default: 1
-  - variable: password_policy
-    group: "App Configuration"
-    label: "Password Policy Configuration"
-    description: "Authelia allows administrators to configure an enforced password policy."
-    schema:
-      additional_attrs: true
-      type: dict
-      attrs:
-        - variable: enabled
-          label: "Enable"
-          schema:
-            type: boolean
-            default: false
-            show_subquestions_if: true
-            subquestions:
-              - variable: standard
-                label: Standard
-                schema:
-                  additional_attrs: true
-                  type: dict
-                  attrs:
-                    - variable: enabled
-                      label: Enabled
-                      schema:
-                        type: boolean
-                        default: false
-                    - variable: min_length
-                      label: "Minimum Password Length"
-                      description: "Minimum Password Length"
-                      schema:
-                        type: int
-                        required: true
-                        show_if: [["enabled", "=", true]]
-                        default: 8
-                    - variable: max_length
-                      label: "Max Passsword Length"
-                      description: "Max Password Length"
-                      schema:
-                        type: int
-                        required: true
-                        show_if: [["enabled", "=", true]]
-                        default: 0
-                    - variable: require_uppercase
-                      label: "Require Upppercase"
-                      schema:
-                        type: boolean
-                        default: false
-                        show_if: [["enabled", "=", true]]
-                        required: true
-                    - variable: require_lowercase
-                      label: "Require Lowercase"
-                      schema:
-                        type: boolean
-                        default: false
-                        show_if: [["enabled", "=", true]]
-                        required: true
-                    - variable: require_number
-                      label: "Require Numbers"
-                      description: "Require Numbers in the password"
-                      schema:
-                        type: boolean
-                        default: false
-                        show_if: [["enabled", "=", true]]
-                        required: true
-                    - variable: require_special
-                      label: "Require Special Characters"
-                      schema:
-                        type: boolean
-                        default: false
-                        show_if: [["enabled", "=", true]]
-              - variable: zxcvbn
-                label: zxcvbn
-                schema:
-                  additional_attrs: true
-                  type: dict
-                  attrs:
-                    - variable: enabled
-                      label: Enabled
-                      schema:
-                        type: boolean
-                        default: false
-                        required: true
-                    - variable: min_score
-                      label: "Min Score"
-                      schema:
-                        type: int
-                        required: true
-                        show_if: [["enabled", "=", true]]
-                        default: 3
   - variable: duo_api
     group: "App Configuration"
     label: "DUO API Configuration"
@@ -230,20 +141,14 @@ questions:
       attrs:
         - variable: name
           label: "Cookie Name"
-          description: |
-            The name of the session cookie. By default this is set to authelia_session.
-            It’s mostly useful to change this if you are doing development or running multiple instances of Authelia.
+          description: "The name of the session cookie."
           schema:
             type: string
             required: true
             default: "authelia_session"
         - variable: same_site
           label: "SameSite Value"
-          description: |
-            You can read about the SameSite cookie in detail on the MDN. In short setting SameSite to Lax is generally
-            the most desirable option for Authelia. None is not recommended unless you absolutely know what you’re doing
-            and trust all the protected apps. Strict is not going to work in many use cases and we have not tested it in
-            this state but it’s available as an option anyway.
+          description: "Sets the Cookie SameSite value"
           schema:
             type: string
             default: "lax"
@@ -254,27 +159,21 @@ questions:
                 description: "strict"
         - variable: expiration
           label: "Expiration Time"
-          description: |
-            The period of time before the cookie expires and the session is destroyed. This is overriden by
-            remember_me_duration when the remember me box is checked.
+          description: "The time in seconds before the cookie expires and session is reset."
           schema:
             type: string
             default: "1h"
             required: true
         - variable: inactivity
           label: "Inactivity Time"
-          description: |
-            The period of time the user can be inactive for until the session is destroyed when the remember me box is
-            not checked or is otherwise disabled. Useful if you want long session timers but don’t want unused devices to be vulnerable.
+          description: "The inactivity time in seconds before the session is reset."
           schema:
             type: string
             default: "5m"
             required: true
         - variable: remember_me_duration
           label: "Remember-Me duration"
-          description: |
-            The period of time before the cookie expires and the session is destroyed when the remember me box is checked, a user
-            selecting this option negates the inactivity timeout. Setting this to -1 disables this feature entirely.
+          description: "The remember me duration"
           schema:
             type: string
             default: "5M"
@@ -295,18 +194,14 @@ questions:
             default: 3
         - variable: find_time
           label: "Find Time"
-          description: |
-            The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to
-            2m this means the user must have 3 failed logins in 2 minutes.
+          description: "The time range during which the user can attempt login before being banned."
           schema:
             type: string
             default: "2m"
             required: true
         - variable: ban_time
           label: "Ban Duration"
-          description: |
-            The period of time the user is banned for after meeting the max_retries and find_time configuration.
-            After this duration the account will be able to login again.
+          description: "The length of time before a banned user can login again"
           schema:
             type: string
             default: "5m"
@@ -314,9 +209,7 @@ questions:
   - variable: authentication_backend
     group: "App Configuration"
     label: "Authentication Backend Provider"
-    description: |
-      Used for verifying user passwords and retrieve information such as email
-      address and groups users belong to.
+    description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to."
     schema:
       additional_attrs: true
       type: dict
@@ -423,14 +316,14 @@ questions:
                       description: "The attribute holding the username of the user"
                       schema:
                         type: string
-                        default: "uid"
+                        default: ""
                         required: true
                     - variable: additional_users_dn
                       label: "Additional Users DN"
                       description: "An additional dn to define the scope to all users."
                       schema:
                         type: string
-                        default: "OU=people"
+                        default: "OU=Users"
                         required: true
                     - variable: users_filter
                       label: "Users Filter"
@@ -458,27 +351,27 @@ questions:
                       description: "The attribute holding the name of the group"
                       schema:
                         type: string
-                        default: "cn"
+                        default: ""
                         required: true
                     - variable: mail_attribute
                       label: "Mail Attribute"
                       description: "The attribute holding the primary mail address of the user"
                       schema:
                         type: string
-                        default: "mail"
+                        default: ""
                         required: true
                     - variable: display_name_attribute
                       label: "Display Name Attribute"
                       description: "he attribute holding the display name of the user. This will be used to greet an authenticated user."
                       schema:
                         type: string
-                        default: "displayName"
+                        default: ""
                     - variable: user
                       label: "Admin User"
                       description: "The username of the admin user used to connect to LDAP."
                       schema:
                         type: string
-                        default: "CN=admin,ou=people,DC=example,DC=com"
+                        default: "CN=Authelia,DC=example,DC=com"
                         required: true
                     - variable: plain_password
                       label: "Password"
@@ -706,13 +599,10 @@ questions:
       attrs:
         - variable: default_policy
           label: "Default Policy"
-          description: |
-            The default policy defines the policy applied if no rules section apply to the information known about the request.
-            It is recommended that this is configured to deny for security reasons. Sites which you do not wish to secure at all
-            with Authelia should not be configured in your reverse proxy to perform authentication with Authelia at all for performance reasons.
+          description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'."
           schema:
             type: string
-            default: "deny"
+            default: "two_factor"
             enum:
               - value: "bypass"
                 description: "bypass"
@@ -766,7 +656,7 @@ questions:
                   attrs:
                     - variable: domain
                       label: "Domains"
-                      description: "Defines which domain or set of domains the rule applies to."
+                      description: "defines which domain or set of domains the rule applies to."
                       schema:
                         type: list
                         default: []
@@ -779,9 +669,7 @@ questions:
                               required: true
                     - variable: policy
                       label: "Policy"
-                      description: |
-                        The specific policy to apply to the selected rule. This is not criteria for a match, this is the
-                        action to take when a match is made.
+                      description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'."
                       schema:
                         type: string
                         default: "two_factor"
@@ -796,11 +684,7 @@ questions:
                             description: "deny"
                     - variable: subject
                       label: "Subject"
-                      description: |
-                        This criteria matches identifying characteristics about the subject. Currently this is either
-                        user or groups the user belongs to. This allows you to effectively control exactly what each user is
-                        authorized to access or to specifically require two-factor authentication to specific users. Subjects
-                        are prefixed with either user: or group: to identify which part of the identity to check.
+                      description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided"
                       schema:
                         type: list
                         default: []
@@ -1009,9 +893,7 @@ questions:
                                         description: "two_factor"
                                 - variable: consent_mode
                                   label: "Consent Mode"
-                                  description: |
-                                    Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or
-                                    implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)
+                                  description: "Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)"
                                   schema:
                                     type: string
                                     default: "auto"

charts/enterprise/authelia/templates/_configmap.tpl

@@ -62,20 +62,6 @@ data:
       issuer: {{ .Values.totp.issuer | default .Values.domain }}
       period: {{ .Values.totp.period | default 30 }}
       skew: {{ .Values.totp.skew | default 1 }}
-    {{- if .Values.password_policy.enabled }}
-    password_policy:
-      standard:
-        enabled: {{ .Values.password_policy.standard.enabled | default false }}
-        min_length: {{ .Values.password_policy.standard.min_length | default 8 }}
-        max_length: {{ .Values.password_policy.standard.max_length | default 0 }}
-        require_uppercase: {{ .Values.password_policy.standard.require_uppercase | default false }}
-        require_lowercase: {{ .Values.password_policy.standard.require_lowercase | default false }}
-        require_number: {{ .Values.password_policy.standard.require_number | default false }}
-        require_special: {{ .Values.password_policy.standard.require_special | default false }}
-      zxcvbn:
-        enabled: {{ .Values.password_policy.zxcvbn.enabled | default false }}
-        min_score: {{ .Values.password_policy.zxcvbn.min_score | default 3 }}
-    {{- end -}}
     {{- if .Values.duo_api.enabled }}
     duo_api:
       hostname: {{ .Values.duo_api.hostname }}
@@ -219,10 +205,10 @@ data:
         {{- with $notifier.smtp.username }}
         username: {{ . }}
         {{- end }}
-        sender: {{ $notifier.smtp.sender | quote }}
-        identifier: {{ $notifier.smtp.identifier | quote }}
+        sender: {{ $notifier.smtp.sender }}
+        identifier: {{ $notifier.smtp.identifier }}
         subject: {{ $notifier.smtp.subject | quote }}
-        startup_check_address: {{ $notifier.smtp.startup_check_address | quote }}
+        startup_check_address: {{ $notifier.smtp.startup_check_address }}
         disable_require_tls: {{ $notifier.smtp.disable_require_tls }}
         disable_html_emails: {{ $notifier.smtp.disable_html_emails }}
         tls:

charts/enterprise/authelia/values.yaml

@@ -1,7 +1,7 @@
 image:
-  repository: ghcr.io/authelia/authelia
+  repository: tccr.io/truecharts/authelia
   pullPolicy: IfNotPresent
-  tag: 4.37.5@sha256:25fc5423238b6f3a1fc967fda3f6a9212846aeb4a720327ef61c8ccff52dbbe2
+  tag: 4.37.5@sha256:76a4617539534cec140fd98a12f721b878524f2df3a3653f3df8ff2b7eaab586
 manifestManager:
   enabled: true
 workload:
@@ -22,32 +22,40 @@ workload:
             liveness:
               type: http
               path: "/api/health"
+
             readiness:
               type: http
               path: "/api/health"
+
             startup:
               type: http
               path: "/api/health"
+
 service:
   main:
     ports:
       main:
         port: 9091
         targetPort: 9091
+
 persistence:
   config:
     enabled: true
     mountPath: "/config"
+
 cnpg:
   main:
     enabled: true
     user: authelia
     database: authelia
+
 # Enabled redis
 # ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
 redis:
   enabled: true
+
 domain: example.com
+
 ##
 ## Server Configuration
 ##
@@ -57,6 +65,7 @@ server:
   ## Default is 9091 and should not need to be changed.
   ##
   port: 9091
+
   ## Buffers usually should be configured to be the same value.
   ## Explanation at https://www.authelia.com/docs/configuration/server.html
   ## Read buffer size adjusts the server's max incoming request size in bytes.
@@ -66,14 +75,18 @@ server:
   ## Set the single level path Authelia listens on.
   ## Must be alphanumeric chars and should not contain any slashes.
   path: ""
+
 log:
   ## Level of verbosity for logs: info, debug, trace.
   level: trace
+
   ## Format the logs are written as: json, text.
   format: text
+
   ## TODO: Statefulness check should check if this is set, and the configMap should enable it.
   ## File path where the logs will be written. If not set logs are written to stdout.
   # file_path: /config/authelia.log
+
 ## Default redirection URL
 ##
 ## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
@@ -86,6 +99,7 @@ default_redirection_url: ""
 # default_redirection_url: https://example.com
 
 theme: light
+
 ##
 ## TOTP Configuration
 ##
@@ -102,24 +116,7 @@ totp:
   ## Warning: before changing skew read the docs link below.
   ## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation.
   skew: 1
-##
-## Password Policy Config
-##
-## Parameters used for Password Policies
-password_policy:
-  ## See: https://www.authelia.com/configuration/security/password-policy/
-  standard:
-    enabled: false
-    min_length: 8
-    max_length: 0
-    require_uppercase: false
-    require_lowercase: false
-    require_number: false
-    require_special: false
-  zxcvbn:
-    ## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info
-    enabled: false
-    min_score: 3
+
 ##
 ## Duo Push API Configuration
 ##
@@ -130,13 +127,16 @@ duo_api:
   hostname: api-123456789.example.com
   integration_key: ABCDEF
   plain_api_key: ""
+
 ## NTP settings
+
 ntp:
   address: "time.cloudflare.com:123"
   version: 4
   max_desync: 3s
   disable_startup_check: false
   disable_failure: true
+
 ##
 ## Authentication Backend Provider Configuration
 ##
@@ -146,6 +146,7 @@ ntp:
 authentication_backend:
   ## Disable both the HTML element and the API for reset password functionality
   disable_reset_password: false
+
   ## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
   ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
   ## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
@@ -154,6 +155,7 @@ authentication_backend:
   ## Duration Notation docs:  https://www.authelia.com/docs/configuration/index.html#duration-notation-format
   ## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
   refresh_interval: 5m
+
   ## LDAP backend configuration.
   ##
   ## This backend allows Authelia to be scaled to more
@@ -162,6 +164,7 @@ authentication_backend:
   ldap:
     ## Enable LDAP Backend.
     enabled: false
+
     ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
     ## Acceptable options are as follows:
     ## - 'activedirectory' - For Microsoft Active Directory.
@@ -172,24 +175,32 @@ authentication_backend:
     ## attribute mappings have a default value that this config overrides, you can read more about these default values
     ## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
     implementation: activedirectory
+
     ## The url to the ldap server. Format: <scheme>://<address>[:<port>].
     ## Scheme can be ldap or ldaps in the format (port optional).
     url: ldap://openldap.default.svc.cluster.local
+
     ## Connection Timeout.
     timeout: 5s
+
     ## Use StartTLS with the LDAP connection.
     start_tls: false
+
     tls:
       ## Server Name for certificate validation (in case it's not set correctly in the URL).
       server_name: ""
+
       ## Skip verifying the server certificate (to allow a self-signed certificate).
       ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
       ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
       skip_verify: false
+
       ## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
       minimum_version: TLS1.2
+
     ## The base dn for every LDAP query.
     base_dn: DC=example,DC=com
+
     ## The attribute holding the username of the user. This attribute is used to populate the username in the session
     ## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
     ## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
@@ -198,9 +209,11 @@ authentication_backend:
     ## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also
     ## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
     ## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
-    username_attribute: "uid"
+    username_attribute: ""
+
     ## An additional dn to define the scope to all users.
     additional_users_dn: OU=Users
+
     ## The users filter used in search queries to find the user profile based on input filled in login form.
     ## Various placeholders are available in the user filter:
     ## - {input} is a placeholder replaced by what the user inputs in the login form.
@@ -218,8 +231,10 @@ authentication_backend:
     ## To allow sign in both with username and email, one can use a filter like
     ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
     users_filter: ""
+
     ## An additional dn to define the scope of groups.
     additional_groups_dn: OU=Groups
+
     ## The groups filter used in search queries to find the groups of the user.
     ## - {input} is a placeholder replaced by what the user inputs in the login form.
     ## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
@@ -234,16 +249,21 @@ authentication_backend:
     ## If your groups use the `groupOfUniqueNames` structure use this instead:
     ##    (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
     groups_filter: ""
+
     ## The attribute holding the name of the group
-    group_name_attribute: "cn"
+    group_name_attribute: ""
+
     ## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
     ## first one returned by the LDAP server is used.
-    mail_attribute: "mail"
+    mail_attribute: ""
+
     ## The attribute holding the display name of the user. This will be used to greet an authenticated user.
-    display_name_attribute: "displayname"
+    display_name_attribute: ""
+
     ## The username of the admin user.
-    user: CN=admin,DC=example,DC=com
+    user: CN=Authelia,DC=example,DC=com
     plain_password: ""
+
   ##
   ## File (Authentication Provider)
   ##
@@ -266,6 +286,7 @@ authentication_backend:
       salt_length: 16
       memory: 1024
       parallelism: 8
+
 ##
 ## Access Control Configuration
 ##
@@ -297,6 +318,7 @@ access_control:
   ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
   ## resource if there is no policy to be applied to the user.
   default_policy: deny
+
   networks: []
   # networks:
   # - name: private
@@ -351,6 +373,7 @@ access_control:
   #   policy: two_factor
   # - domain: "{user}.example.com"
   #   policy: bypass
+
 ##
 ## Session Provider Configuration
 ##
@@ -359,19 +382,24 @@ access_control:
 session:
   ## The name of the session cookie. (default: authelia_session).
   name: authelia_session
+
   ## Sets the Cookie SameSite value. Possible options are none, lax, or strict.
   ## Please read https://www.authelia.com/docs/configuration/session.html#same_site
   same_site: lax
+
   ## The time in seconds before the cookie expires and session is reset.
   expiration: 1h
+
   ## The inactivity time in seconds before the session is reset.
   inactivity: 5m
+
   ## The remember me duration.
   ## Value is in seconds, or duration notation. Value of 0 disables remember me.
   ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
   ## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to
   ## spy or attack. Currently the default is 1M or 1 month.
   remember_me_duration: 1M
+
 ##
 ## Redis Provider
 ##
@@ -380,26 +408,35 @@ session:
 ## The redis connection details
 redisProvider:
   port: 6379
+
   ## Optional username to be used with authentication.
   # username: authelia
   username: ""
+
   ## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
   database_index: 0
+
   ## The maximum number of concurrent active connections to Redis.
   maximum_active_connections: 8
+
   ## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
   minimum_idle_connections: 0
+
   ## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
   tls:
     enabled: false
+
     ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
     server_name: ""
+
     ## Skip verifying the server certificate (to allow a self-signed certificate).
     ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
     ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
     skip_verify: false
+
     ## Minimum TLS version for the connection.
     minimum_version: TLS1.2
+
   ## The Redis HA configuration options.
   ## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
   high_availability:
@@ -407,6 +444,7 @@ redisProvider:
     enabledSecret: false
     ## Sentinel Name / Master Name
     sentinel_name: mysentinel
+
     ## The additional nodes to pre-seed the redis provider with (for sentinel).
     ## If the host in the above section is defined, it will be combined with this list to connect to sentinel.
     ## For high availability to be used you must have either defined; the host above or at least one node below.
@@ -419,8 +457,10 @@ redisProvider:
 
     ## Choose the host with the lowest latency.
     route_by_latency: false
+
     ## Choose the host randomly.
     route_randomly: false
+
 ##
 ## Regulation Configuration
 ##
@@ -429,13 +469,16 @@ redisProvider:
 regulation:
   ## The number of failed login attempts before user is banned. Set it to 0 to disable regulation.
   max_retries: 3
+
   ## The time range during which the user can attempt login before being banned. The user is banned if the
   ## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation.
   ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
   find_time: 2m
+
   ## The length of time before a banned user can login again. Ban Time accepts duration notation.
   ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
   ban_time: 5m
+
 ##
 ## Storage Provider Configuration
 ##
@@ -450,6 +493,7 @@ storage:
     username: authelia
     sslmode: disable
     timeout: 5s
+
 ##
 ## Notification Provider
 ##
@@ -459,6 +503,7 @@ storage:
 notifier:
   ## You can disable the notifier startup check by setting this to true.
   disable_startup_check: false
+
   ##
   ## File System (Notification Provider)
   ##
@@ -467,6 +512,7 @@ notifier:
   filesystem:
     enabled: true
     filename: /config/notification.txt
+
   ##
   ## SMTP (Notification Provider)
   ##
@@ -496,82 +542,91 @@ notifier:
     startup_check_address: test@authelia.com
     disable_require_tls: false
     disable_html_emails: false
+
     tls:
       ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
       server_name: ""
+
       ## Skip verifying the server certificate (to allow a self-signed certificate).
       ## In preference to setting this we strongly recommend you add the public portion of the certificate to the
       ## certificates directory which is defined by the `certificates_directory` option at the top of the config.
       skip_verify: false
+
       ## Minimum TLS version for either StartTLS or SMTPS.
       minimum_version: TLS1.2
+
 identity_providers:
   oidc:
     ## Enables this in the config map. Currently in beta stage.
     ## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap
     enabled: false
+
     access_token_lifespan: 1h
     authorize_code_lifespan: 1m
     id_token_lifespan: 1h
     refresh_token_lifespan: 90m
+
     enable_client_debug_messages: false
+
     ## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for
     ## security reasons.
     minimum_parameter_entropy: 8
+
     clients: []
     # clients:
     # -
     ## The ID is the OpenID Connect ClientID which is used to link an application to a configuration.
     # id: myapp
-## The description to show to users when they end up on the consent screen. Defaults to the ID above.
-# description: My Application
 
-## The client secret is a shared secret between Authelia and the consumer of this client.
-# secret: apple123
+    ## The description to show to users when they end up on the consent screen. Defaults to the ID above.
+    # description: My Application
 
-## Sets the client to public. This should typically not be set, please see the documentation for usage.
-# public: false
+    ## The client secret is a shared secret between Authelia and the consumer of this client.
+    # secret: apple123
 
-## The policy to require for this client; one_factor or two_factor.
-# authorization_policy: two_factor
+    ## Sets the client to public. This should typically not be set, please see the documentation for usage.
+    # public: false
 
-## Configures the consent mode; auto, explicit or implicit
-# consent_mode: auto
+    ## The policy to require for this client; one_factor or two_factor.
+    # authorization_policy: two_factor
 
-## Audience this client is allowed to request.
-# audience: []
+    ## Configures the consent mode; auto, explicit or implicit
+    # consent_mode: auto
 
-## Scopes this client is allowed to request.
-# scopes:
-#   - openid
-#   - profile
-#   - email
-#   - groups
+    ## Audience this client is allowed to request.
+    # audience: []
 
-## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
-# redirect_uris:
-#   - https://oidc.example.com/oauth2/callback
+    ## Scopes this client is allowed to request.
+    # scopes:
+    #   - openid
+    #   - profile
+    #   - email
+    #   - groups
 
-## Grant Types configures which grants this client can obtain.
-## It's not recommended to configure this unless you know what you're doing.
-# grant_types:
-#   - refresh_token
-#   - authorization_code
+    ## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
+    # redirect_uris:
+    #   - https://oidc.example.com/oauth2/callback
 
-## Response Types configures which responses this client can be sent.
-## It's not recommended to configure this unless you know what you're doing.
-# response_types:
-#   - code
+    ## Grant Types configures which grants this client can obtain.
+    ## It's not recommended to configure this unless you know what you're doing.
+    # grant_types:
+    #   - refresh_token
+    #   - authorization_code
 
-## Response Modes configures which response modes this client supports.
-## It's not recommended to configure this unless you know what you're doing.
-# response_modes:
-#   - form_post
-#   - query
-#   - fragment
+    ## Response Types configures which responses this client can be sent.
+    ## It's not recommended to configure this unless you know what you're doing.
+    # response_types:
+    #   - code
 
-## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
-# userinfo_signing_algorithm: none
+    ## Response Modes configures which response modes this client supports.
+    ## It's not recommended to configure this unless you know what you're doing.
+    # response_modes:
+    #   - form_post
+    #   - query
+    #   - fragment
+
+    ## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
+    # userinfo_signing_algorithm: none
 
 portal:
   open:

charts/enterprise/blocky/Chart.yaml

@@ -1,47 +1,33 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: blocky
-version: 9.0.12
-appVersion: "0.22"
-description:
-  Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network
-  written in Go
+appVersion: "0.21.0"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+  - condition: redis.enabled
+    name: redis
+    repository: https://deps.truecharts.org
+    version: 7.0.6
+description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go
 home: https://truecharts.org/charts/enterprise/blocky
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png
-deprecated: false
-sources:
-  - https://github.com/0xERR0R/blocky
-  - https://github.com/Mozart409/blocky-frontend
-  - https://0xerr0r.github.io/blocky/
-  - https://github.com/truecharts/charts/tree/master/charts/enterprise/blocky
-  - https://hub.docker.com/r/spx01/blocky
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - dns
   - blocky
-dependencies:
-  - name: common
-    version: 14.3.5
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
-  - name: redis
-    version: 8.0.44
-    repository: https://deps.truecharts.org
-    condition: redis.enabled
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: blocky
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/blocky
+  - https://0xerr0r.github.io/blocky/
+  - https://github.com/0xERR0R/blocky
+  - https://github.com/Mozart409/blocky-frontend
+version: 8.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - network
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: network
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: enterprise
+  truecharts.org/grade: U

charts/enterprise/blocky/docs/setup-guide.md

@@ -1,29 +1,12 @@
 # Blocky Setup Guide
 
-This will guide you through the basic setup of Blocky which is the preferred DNS solution for TrueCharts. This guide will cover basic setup options which will get you up and running and is not all inclusive. Configuring your devices to use Blocky is out of scope of this guide.
+This will guide you through the basic setup of Blocky which is the preferred DNS solution for TrueCharts. This guide will cover basic setup options which will get you up and running and is not all inclusive.
 
 ## Upstream DNS
 
-Blocky has the following DNS entries configured by default. They can be overridden to your personal preferences or left as default. Here are some common ones:
+Blocky has multiple DNS entries configured by default these can be overridden to your personal preferences or left as default.
 
-- 1.1.1.1
-- 1.0.0.1
-- 8.8.8.8
-- 8.8.4.4
-- 9.9.9.9
-- 149.112.112.112
-- 208.67.222.222
-- 208.67.220.220
-- 8.26.56.26
-- 8.20.247.20
-- 185.228.168.9
-- 185.228.169.9
-- 76.76.19.19
-- 76.223.122.150
-- 76.76.2.0
-- 76.76.10.0
-
-Blocky supports 3 methods for upstream DNS. You can use any combination of the below.
+Blocky supports 3 methods for upstream DNS.
 
 - UDP - Basic DNS
 - DoT - DNS over TLS
@@ -54,9 +37,9 @@ While UDP provides no security for DNS both DoT and DoH will encrypt DNS request
 
 ## Bootstrap DNS
 
-If you entered a non-IP address (meaning you used a domain name) for DoT or DoH, then you need to ensure that a bootstrap DNS provider
-is configured to resolve the DoT or DoH address. This provider can be any UDP upstream DNS.
-In the below example I am using Google DNS.
+For DNS providers that do not use an IP address for DoT or DoH a bootstrap DNS provider
+ is needed to resolve the DoT or DoH address. This provider can be any UDP upstream DNS.
+ In the below example I am using Google DNS.
 
 ![blocky-bootstrap-google](./img/blocky-bootstrap-google.png)
 
@@ -76,17 +59,10 @@ certain blocklists if you find legitimate traffic being blocked.
 
 1. Pick a Group Name for your blocklists.
 2. Add List entries for each blocklist by URL.
-   ![blocky-blacklist](./img/blocky-blacklist.png)
+  ![blocky-blacklist](./img/blocky-blacklist.png)
 3. Add a Clients Group Block and set Client Group Name to `default`
 4. Under Groups Entry enter the Group name you used above.
-   ![blocky-blacklist-group](./img/blocky-blacklist-group.png)
-
-## Networking
-
-If you want to use Blocky on your local network to take advantage of the filtering above, or the k8s-gateway below, you
-need to setup a static ip address and leave the default setting DNS TCP Service and DNS UDP Service as LoadBalancer.
-
-You need to configure the devices on your network to use the static IP address configured above. This can be done per device or by changing the DHCP or DNS settings on your router.
+  ![blocky-blacklist-group](./img/blocky-blacklist-group.png)
 
 ## k8s-Gateway Configuration
 
@@ -99,3 +75,4 @@ is to add your root domain in the Domain name block.
 ## Prometheus/Grafana
 
 TBD
+

charts/enterprise/blocky/values.yaml

@@ -1,11 +1,12 @@
 image:
-  repository: spx01/blocky
-  tag: v0.22@sha256:7def473b1b553b730dd38ba0bc436fc732193c15d35681aa0b0eb962dd6350aa
+  repository: tccr.io/truecharts/blocky
+  tag: v0.21.0@sha256:ed72f8a64307b7b734174589ac631726dd642cc8202c3bdf2eeb1de4adedbe0a
   pullPolicy: IfNotPresent
+
 k8sgatewayImage:
-  repository: quay.io/oriedge/k8s_gateway
+  repository: tccr.io/truecharts/k8s_gateway
   pullPolicy: IfNotPresent
-  tag: v0.3.4@sha256:21571315aa3939d708dcf040a7cb78328fd957bf60887299ffdd417e7240387b
+  tag: 0.3.4@sha256:c49645e7b263e5cfc8fc269db2aef7d90149cecc7a50e2c2fe77ef935dd35742
 manifestManager:
   enabled: true
 workload:
@@ -34,6 +35,7 @@ workload:
               command:
                 - /app/blocky
                 - healthcheck
+
 # -- Blocky Config File content
 blockyConfig: {}
 # upstream:
@@ -44,6 +46,7 @@ blockyConfig: {}
 blocky:
   # -- Enable prometheus annotations
   enablePrometheus: true
+
 service:
   main:
     enabled: true
@@ -92,6 +95,7 @@ service:
         port: 5353
         protocol: udp
         targetPort: 5353
+
 ## TODO Add support for SCALE certificates and certificates secrets here
 certFile: ""
 keyFile: ""
@@ -101,6 +105,7 @@ logTimestamp: true
 logPrivacy: false
 dohUserAgent: ""
 minTlsServeVersion: 1.2
+
 # -- set the default DNS upstream servers
 # Primarily designed for inclusion in the TrueNAS SCALE GUI
 defaultUpstreams:
@@ -120,12 +125,13 @@ defaultUpstreams:
   - 76.223.122.150
   - 76.76.2.0
   - 76.76.10.0
+
 # -- set additional upstreams
 # Primarily designed for inclusion in the TrueNAS SCALE GUI
 upstreams:
-#  - name: group2
-#    dnsservers:
-#      - 1.1.1.1
+  #  - name: group2
+  #    dnsservers:
+  #      - 1.1.1.1
 
 # -- set bootstrap dns (not needed)
 # Ensures bootstrap encryption and ensure it doesn't use k8s dns
@@ -134,15 +140,18 @@ bootstrapDns:
   upstream: ""
   # -- IP's linked to upstream DoT/DoH DNS name
   ips: []
+
 # -- set additional bootstrap dns (not needed, only used if bootstrapDns is set)
-additionalBootstrapDns: []
-# - upstream: ""
-#   ips: []
+additionalBootstrapDns:
+  []
+  # - upstream: ""
+  #   ips: []
 
 # -- Return empty answer for these queries
 filtering:
   # -- Ensures filtering by query type
   queryTypes: []
+
 # -- Set manual custom DNS resolution
 customDNS:
   customTTL: 1h
@@ -153,6 +162,7 @@ customDNS:
   mapping: []
   # - domain: something.com
   #   dnsserver: 192.168.178.1
+
 # -- Setup client-name lookup
 clientLookup:
   # -- upstream used for client-name lookup
@@ -161,6 +171,7 @@ clientLookup:
   clients:
   # - domain: laptop
   #   ips: []
+
 # -- Setup caching
 caching:
   minTime: 5m
@@ -171,6 +182,7 @@ caching:
   prefetchThreshold: 5
   prefetchMaxItemsCount: 0
   cacheTimeNegative: 30m
+
 # -- set conditional settings
 # Primarily designed for inclusion in the TrueNAS SCALE GUI
 conditional:
@@ -180,6 +192,7 @@ conditional:
   mapping: []
   # - domain: something.com
   #   dnsserver: 192.168.178.1
+
 # -- set blocking settings using Lists
 # Primarily designed for inclusion in the TrueNAS SCALE GUI
 blocking:
@@ -218,6 +231,7 @@ blocking:
   # - name: default
   #   groups:
   #     - ads
+
 # -- configure using hostsfile for lookups
 # Allows for using the hosts configured in kubernetes and such
 hostsFile:
@@ -225,6 +239,7 @@ hostsFile:
   filePath: /etc/hosts
   hostsTTL: 60m
   refreshPeriod: 30m
+
 ## TODO: add this with postgresql support as well
 # queryLog:
 #   type: csv
@@ -232,16 +247,20 @@ hostsFile:
 #   logRetentionDays: 0
 #   creationAttempts: 3
 #   CreationCooldown: 2
+
 podOptions:
   automountServiceAccountToken: true
+
 portal:
   open:
     enabled: false
+
 serviceAccount:
   main:
     # -- Specifies whether a service account should be created
     enabled: true
     primary: true
+
 # -- Create a ClusterRole and ClusterRoleBinding
 # @default -- See below
 rbac:
@@ -268,16 +287,21 @@ rbac:
         verbs:
           - list
           - watch
+
 k8sgateway:
   enabled: true
   # -- TTL for non-apex responses (in seconds)
   ttl: 300
+
   # -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
   watchedResources: []
+
   # -- Service name of a secondary DNS server (should be `serviceName.namespace`)
   secondary: ""
+
   # -- Override the default `serviceName.namespace` domain apex
   apex: ""
+
   # -- list of processed domains
   domains: []
   # -- Delegated domain
@@ -296,6 +320,7 @@ k8sgateway:
     options:
       - name: tls_servername
         value: cloudflare-dns.com
+
 metrics:
   main:
     # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@@ -305,6 +330,7 @@ metrics:
     endpoints:
       - port: main
         path: /metrics
+
     # -- Enable and configure Prometheus Rules for the chart under this key.
     # @default -- See values.yaml
     prometheusRule:
@@ -312,18 +338,21 @@ metrics:
       labels: {}
       # -- Configure additionial rules for the chart under this key.
       # @default -- See prometheusrules.yaml
-      rules: []
-      # - alert: UnifiPollerAbsent
-      #   annotations:
-      #     description: Unifi Poller has disappeared from Prometheus service discovery.
-      #     summary: Unifi Poller is down.
-      #   expr: |
-      #     absent(up{job=~".*unifi-poller.*"} == 1)
-      #   for: 5m
-      #   labels:
-      #     severity: critical
+      rules:
+        []
+        # - alert: UnifiPollerAbsent
+        #   annotations:
+        #     description: Unifi Poller has disappeared from Prometheus service discovery.
+        #     summary: Unifi Poller is down.
+        #   expr: |
+        #     absent(up{job=~".*unifi-poller.*"} == 1)
+        #   for: 5m
+        #   labels:
+        #     severity: critical
+
 redis:
   enabled: true
+
 # CANNOT be defined in above yaml section
 queryLog:
   # optional one of: mysql, postgresql, csv, csv-client. If empty, log to console
@@ -337,9 +366,9 @@ queryLog:
   creationAttempts: 3
   # optional: Time between the creation attempts, default: 2s
   creationCooldown: 2s
+
 cnpg:
   main:
     enabled: false
     user: blocky
     database: blocky
-updated: true

charts/enterprise/clusterissuer/Chart.yaml

@@ -1,36 +1,29 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: clusterissuer
-version: 4.2.11
-appVersion: latest
+appVersion: "latest"
+deprecated: false
 description: Certificate management for Kubernetes
 home: https://truecharts.org/charts/enterprise/clusterissuer
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/clusterissuer.png
-deprecated: false
-sources:
-  - https://cert-manager.io/
-  - https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer
-  - https://hub.docker.com/_/hello-world
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - cert-manager
   - certificates
 dependencies:
   - name: common
-    version: 14.3.5
     repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+    version: 14.0.1
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: clusterissuer
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer
+  - https://cert-manager.io/
+type: application
+version: 4.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - core
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: core
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: enterprise
+  truecharts.org/grade: U

charts/enterprise/clusterissuer/docs/cluster-certificates.md

@@ -1,42 +0,0 @@
-# Cluster Certificates Setup Guide
-
-This guide will walk you through setting up and using `cluster certificates`.
-
-:::note
-
-Since this is an advanced feature, it is not covered by Truecharts support.
-
-:::
-
-## Prerequisites
-
-- Ensure you have completed the [clusterissuer Setup Guide](how-to)
-- Install the `kubernetes-reflector` app from the `enterprise` train
-
-## Creating a cluster certificate
-
-In the clusterissuer app settings create a new "Cluster-Wide certificate". As with a [single domain certificate](how-to#configure-ingress-using-clusterissuer), input a cert-manager issuer (for example an ACME issuer you configured previously), a list of hosts for which the certificate is valid (you can use wildcards), and a name you will use to reference it.
-
-:::note
-
-In order for an ACME issuer to issue a wildcard certificate, you need to have a DNS01 challenge solver configured.
-
-:::
-
-![clusterissuer6](img/clusterissuer6.png)
-
-After creating the cluster certificate, verify it is working by checking the `Application Events` created in the `clusterissuer` app (see [how to verify a single app certificate is working](how-to#verifying-clusterissuer-is-working) for more information).
-
-## Using a cluster certificate
-
-After you have verified the certificate was created successfully, edit the settings of the app you wish to use it for and go to the _Ingress_ section.
-
-If you have previously used a single domain certificate from clusterissuer, remove the specified issuer name. Then, click on _Show Advanced Settings_ and add a _TLS_ entry. Enter the name of your cluster certificate, and the certificate host(s) which it will be used for. These are usually the same as your app host(s), unless you wish to use more than one certificate. Save the chart.
-
-:::note
-
-In order for your cluster certificate to show up as valid, the certificate hosts it is used for must match the ones specified when creating it in the clusterissuer app settings. For example, in this case we configure the certificate host `jellyfin.example.com`, which matches the configured wildcard certificate host (`*.example.com`).
-
-:::
-
-![clusterissuer7](img/clusterissuer7.png)

charts/enterprise/clusterissuer/docs/how-to.md

@@ -8,20 +8,13 @@ This guide will walk you through setting up `clusterissuer`, certificate managem
 - [Traefik](https://truecharts.org/charts/enterprise/traefik/) is installed from enterprise train
 - [Cert-Mananger](https://truecharts.org/charts/operators/cert-manager/) and [Prometheus-Operator](https://truecharts.org/charts/operators/prometheus-operator/) are installed from the operators train
 
-:::warning DNS
-
-As part of the DNS verification process cert-manager will connect to authoritative nameservers to validate the DNS ACME entry. Any firewall or router rules blocking or modifying DNS traffic will cause this process to fail and prevent the issuance of certificates. Ensure no firewall or router rules are in place blocking or modifying DNS traffic to assigned authoritative nameservers. Below is an example of cloudflare assigned authoritative nameservers (these nameservers are unique to each user).
-
-![cloudflare-nameservers](./img/cloudflare-nameservers.png)
-
-:::
-
 ## Set Scale Nameservers
 
-It is important to configure Scale with reliable nameserver to avoid issues handling DNS-01 challenges. Under Network -> Global Configuration-> Nameservers, we recommend setting 1.1.1.1/1.0.0.1 or 8.8.8.8/8.8.4.4.
+It is important to configure Scale with reliable nameserver to avoid issues handling DNS-01 challenges. Under Network -> Global Configuration-> Nameservers, we recommend setting 1.1.1.1, 9.9.9.9 or 8.8.8.8.
 
 ![clusterissuer scale nameservers](img/scale-network-nameserver.png)
 
+
 ## Install clusterissuer App
 
 :::note
@@ -44,7 +37,7 @@ Login to Cloudflare dashboard and go to the [Cloudflare API Tokens](https://dash
 
 ![clusterissuer app card](img/cf-apitokens-template.png)
 
-The recommended `API Token` permissions are below:
+The recommended  `API Token` permissions are below:
 ![clusterissuer app card](img/cf-apitokens-perms.png)
 
 #### Cloudflare ACME Issuer Settings

charts/enterprise/clusterissuer/questions.yaml

@@ -47,8 +47,6 @@ questions:
                             description: rfc2136 (Advanced)
                           - value: HTTP01
                             description: HTTP01 (Experimental)
-                          - value: acmedns
-                            description: ACME DNS (Advanced)
                     - variable: server
                       label: Server
                       description: "Server for ACME, for example: letsencrypt"
@@ -73,12 +71,6 @@ questions:
                         type: string
                         show_if: [["server", "=", "custom"]]
                         default: 'https://acme-staging-v02.api.letsencrypt.org/directory'
-                    - variable: caBundle
-                      label: Trusted CABundle for private ACME server
-                      description: "Trusted CABundle for private ACME server, encoded in base64"
-                      schema:
-                        type: string
-                        show_if: [["server", "=", "custom"]]
                     - variable: email
                       label: Email
                       description: "Email adress to use for certificate issuing must match your DNS provider email when required"
@@ -203,64 +195,7 @@ questions:
                         type: string
                         required: true
                         default: ""
-                    - variable: acmednsHost
-                      label: ACME DNS host
-                      description: "ACME DNS API server address"
-                      schema:
-                        show_if: [["type", "=", "acmedns"]]
-                        type: string
-                        required: true
-                        default: "https://auth.acme-dns.io"
-                    - variable: acmednsConfig
-                      label: ACME DNS config
-                      description: "ACME DNS per-domain auth configuration"
-                      schema:
-                        show_if: [["type", "=", "acmedns"]]
-                        type: list
-                        default: []
-                        items:
-                          - variable: acmednsEntry
-                            label: 'ACME DNS entry'
-                            schema:
-                              type: dict
-                              attrs:
-                                - variable: domain
-                                  label: Domain
-                                  schema:
-                                    type: string
-                                    required: true
-                                - variable: username
-                                  label: Username
-                                  schema:
-                                    type: string
-                                    required: true
-                                - variable: password
-                                  label: Password
-                                  schema:
-                                    type: string
-                                    required: true
-                                - variable: fulldomain
-                                  label: Full domain
-                                  schema:
-                                    type: string
-                                    required: true
-                                - variable: subdomain
-                                  label: Subdomain
-                                  schema:
-                                    type: string
-                                    required: true
-                                - variable: allowFrom
-                                  label: Allow from
-                                  schema:
-                                    type: list
-                                    default: []
-                                    items:
-                                      - variable: cidr
-                                        label: CIDR
-                                        schema:
-                                          type: ipaddr
-                                          cidr: true
-                                          required: true
+
         - variable: CA
           label: Certificate Authority Issuer
           schema:
@@ -335,59 +270,6 @@ questions:
                   valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
                   default: "selfsigned"
 
-  - variable: clusterCertificates
-    group: App Configuration
-    label: Cluster Wide Certificates (Advanced)
-    description: "Creates certificates for use within the entire cluster. Can be used to create wildcard certificates."
-    schema:
-      additional_attrs: true
-      type: dict
-      attrs:
-        - variable: certificates
-          label: Cluster Certificates
-          schema:
-            type: list
-            default: []
-            items:
-              - variable: CertEntry
-                label: 'Certificate Entry'
-                schema:
-                  additional_attrs: true
-                  type: dict
-                  attrs:
-                    - variable: enabled
-                      label: Enabled
-                      schema:
-                        type: boolean
-                        default: true
-                    - variable: name
-                      label: Certificate Name
-                      schema:
-                        type: string
-                        required: true
-                        default: ""
-                    - variable: certificateIssuer
-                      label: Cert-Manager clusterIssuer
-                      description: "One of the Cert-Manager clusterIssuers defined above"
-                      schema:
-                        type: string
-                        required: true
-                        valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
-                        default: "selfsigned"
-                    - variable: hosts
-                      label: Certificate Hosts
-                      description: "NOTE: Creation of wildcard certificates with an ACME issuer requires a DNSO1 solver to be set up."
-                      schema:
-                        type: list
-                        default: []
-                        items:
-                          - variable: host
-                            label: Host
-                            schema:
-                              type: string
-                              default: ""
-                              required: true
-
   - variable: customMetrics
     group: Metrics
     label: Prometheus Metrics

charts/enterprise/clusterissuer/templates/clusterissuer/_ACME.tpl

@@ -1,31 +1,15 @@
 {{- define "certmanager.clusterissuer.acme" -}}
 {{- $operator := index $.Values.operator "cert-manager" -}}
 {{- $namespace := $operator.namespace | default "cert-manager" -}}
-
-{{- $rfctsigSecret := .rfctsigSecret | default "" -}}
-{{/* https://cert-manager.io/docs/configuration/acme/dns01/rfc2136/#troubleshooting */}}
-{{- if $rfctsigSecret -}} {{/* If we try to decode and fail, go on and encode it. */}}
-  {{- if (contains "illegal base64" (b64dec $rfctsigSecret)) -}}
-    {{- $rfctsigSecret = b64enc $rfctsigSecret -}}
-  {{- end -}}
-{{- end -}}
-
 {{- range .Values.clusterIssuer.ACME }}
-  {{- if or (not .name) (not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name)) -}}
+  {{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}}
     {{- fail "ACME - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
   {{- end -}}
-  {{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" "acmedns" -}}
+  {{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" -}}
   {{- if not (mustHas .type $validTypes) -}}
     {{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}}
   {{- end -}}
   {{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }}
-  {{- $acmednsDict := dict -}}
-  {{- if and (eq .type "acmedns") (not .acmednsConfigJson) }}
-    {{- range .acmednsConfig }}
-      {{/* Transform to a dict with domain as a key, also remove domain from the dict */}}
-      {{- $_ := set $acmednsDict .domain (omit . "domain") -}}
-    {{- end }}
-  {{- end }}
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
@@ -35,15 +19,12 @@ spec:
   acme:
     email: {{ .email }}
     server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }}
-    {{- if .caBundle }}
-    caBundle: {{ .caBundle }}
-    {{- end }}
     privateKeySecretRef:
       name: {{ .name }}-acme-clusterissuer-account-key
     solvers:
     {{- if eq .type "HTTP01" }}
     - http01:
-        ingress: {}
+        ingress:
     {{- else }}
     - dns01:
       {{- if eq .type "cloudflare" }}
@@ -95,12 +76,6 @@ spec:
           tsigSecretSecretRef:
             name: {{ $issuerSecretName }}
             key: rfctsigSecret
-      {{- else if eq .type "acmedns" }}
-        acmeDNS:
-          host: {{ .acmednsHost }}
-          accountSecretRef:
-            name: {{ $issuerSecretName }}
-            key: acmednsJson
       {{- end -}}
     {{- end }}
 ---
@@ -118,11 +93,6 @@ stringData:
   akclientSecret: {{ .akclientSecret | default "" }}
   akaccessToken: {{ .akaccessToken | default "" }}
   doaccessToken: {{ .doaccessToken | default "" }}
-  rfctsigSecret: {{ $rfctsigSecret }}
-{{- if .acmednsConfigJson }}
-  acmednsJson: {{ .acmednsConfigJson }}
-{{- else if $acmednsDict }}
-  acmednsJson: {{ toJson $acmednsDict }}
-{{- end -}}
-  {{- end -}}
+  rfctsigSecret: {{ .rfctsigSecret | default "" }}
+{{- end }}
 {{- end -}}

charts/enterprise/clusterissuer/templates/clusterissuer/_clusterCertificates.tpl

@@ -1,35 +0,0 @@
-{{- define "certmanager.clusterissuer.clusterCertificates" -}}
-  {{- if .Values.clusterCertificates -}}
-    {{- $certs := dict -}}
-    {{- $secretTemplates := dict -}}
-    {{- $certNamespace := (include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $ "objectData" $certs "caller" "ClusterCertificates")) -}}
-  {{- $replicationNamespaces := ".*" -}}
-  {{- if .Values.clusterCertificates.replicationNamespaces -}}
-    {{- $replicationNamespaces = .Values.clusterCertificates.replicationNamespaces -}}
-  {{- else if .Values.ixChartContext -}}
-    {{- $replicationNamespaces = "ix-.*" -}}
-  {{- end -}}
-    {{- $reflectorAnnotations := (dict
-        "reflector.v1.k8s.emberstack.com/reflection-allowed" "true"
-        "reflector.v1.k8s.emberstack.com/reflection-auto-enabled" "true"
-        "reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces" (printf "%v,%v" $certNamespace $replicationNamespaces)
-        "reflector.v1.k8s.emberstack.com/reflection-auto-namespaces" $replicationNamespaces ) -}}
-    {{- $certAnnotations := (mustMerge ($reflectorAnnotations) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
-
-    {{- $_ := set $secretTemplates "annotations" $certAnnotations -}}
-
-    {{- range .Values.clusterCertificates.certificates -}}
-      {{- $_ := set $certs .name dict -}}
-      {{- $currentCert := (index $certs (.name)) -}}
-      {{- $_ := set $currentCert "enabled" .enabled -}}
-      {{- $_ := set $currentCert "nameOverride" .name -}}
-      {{- $_ := set $currentCert "hosts" .hosts -}}
-      {{- $_ := set $currentCert "certificateIssuer" .certificateIssuer -}}
-      {{- $_ := set $currentCert "secretTemplate" $secretTemplates -}}
-    {{- end -}}
-
-  {{- $_ := set .Values "cert" $certs -}}
-  {{/* Render the ClusterWide Certificate(s) */}}
-  {{- include "tc.v1.common.spawner.certificate" . | nindent 0 -}}
-  {{- end -}}
-{{- end -}}

charts/enterprise/clusterissuer/templates/common.yaml

@@ -7,8 +7,3 @@
 {{- include "certmanager.clusterissuer.acme" . }}
 {{- include "certmanager.clusterissuer.selfsigned" . }}
 {{- include "certmanager.clusterissuer.ca" . }}
-
-{{/* Must be called after the initial loader.apply template,
-     because it overrides .Values.cert in order to generate
-     the additional cluster-wide certificates */}}
-{{- include "certmanager.clusterissuer.clusterCertificates" . }}

charts/enterprise/clusterissuer/values.yaml

@@ -1,6 +1,6 @@
 image:
-  repository: hello-world
-  tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
+  repository: tccr.io/truecharts/scratch
+  tag: latest@sha256:1a9a10a0a5f5cb5fe4b30ac6d9c56ff87ad47f3f3490bafb6938fc155230131b
   pullPolicy: IfNotPresent
 manifestManager:
   enabled: true
@@ -18,6 +18,7 @@ workload:
               enabled: false
             startup:
               enabled: false
+
 service:
   main:
     enabled: false
@@ -25,15 +26,18 @@ service:
       main:
         enabled: false
         port: 9999
+
 portal:
   open:
     enabled: false
+
 operator:
   verify:
     additionalOperators:
       - cert-manager
     enabled: true
     failOnError: false
+
 clusterIssuer:
   selfSigned:
     enabled: true
@@ -55,7 +59,7 @@ clusterIssuer:
 #     # Used primarily for the SCALE GUI
 #     customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory'
 #     email: ""
-#     # Options: HTTP01, cloudflare, route53, akamai, digitalocean, rfc2136, acmedns
+#     # Options: HTTP01, cloudflare, route53
 #     type: ""
 #     # for cloudflare
 #     cfapikey: ""
@@ -78,27 +82,3 @@ clusterIssuer:
 #     tsigKeyName: ""
 #     tsigAlgorithm: ""
 #     rfctsigSecret: ""
-#     # for acmedns
-#     name: sd
-#     acmednsHost: asdf
-#     # Pick one of the bellow acmednsConfig
-#     acmednsConfigJson:
-#     acmednsConfig:
-#       - domain: ""
-#         username: ""
-#         password: ""
-#         fulldomain: ""
-#         subdomain: ""
-#         allowFrom: []
-
-clusterCertificates:
-  # Namespaces in which the certificates must be available
-  # Accepts comma-separated regex expressions
-  # replicationNamespaces: 'ix-.*'
-  certificates: []
-  # - name: mycert
-  #   enabled: true
-  #   certificateIssuer: selfsigned
-  #   hosts:
-  #     - my.domain.com
-  #     - '*.my.domain.com'

charts/enterprise/grafana/Chart.yaml

@@ -1,41 +1,32 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: grafana
-version: 9.0.43
-appVersion: 10.2.2
-description:
-  Grafana is an open source, feature rich metrics dashboard and graph editor
-  for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
+appVersion: "10.0.3"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
+description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
 home: https://truecharts.org/charts/enterprise/grafana
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png
-deprecated: false
-sources:
-  - https://github.com/bitnami/bitnami-docker-grafana
-  - https://grafana.com/
-  - https://github.com/truecharts/charts/tree/master/charts/enterprise/grafana
-  - https://hub.docker.com/r/bitnami/grafana
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - analytics
   - monitoring
   - metrics
   - logs
-dependencies:
-  - name: common
-    version: 14.3.5
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: grafana
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/grafana
+  - https://github.com/bitnami/bitnami-docker-grafana
+  - https://grafana.com/
+type: application
+version: 9.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - metrics
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: metrics
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: enterprise
+  truecharts.org/grade: U

charts/enterprise/grafana/questions.yaml

@@ -11,6 +11,7 @@ questions:
 # Include{podSpec}
 # Include{containerMain}
                                 - variable: env
+                                  group: "App Configuration"
                                   label: "Image Environment"
                                   schema:
                                     additional_attrs: true
@@ -52,6 +53,8 @@ questions:
                                           default: "/opt/bitnami/grafana/conf/ldap.toml"
 # Include{containerBasic}
 # Include{containerAdvanced}
+
+
 # Include{containerConfig}
 # Include{podOptions}
 # Include{serviceRoot}

charts/enterprise/grafana/values.yaml

@@ -1,12 +1,13 @@
 image:
-  repository: bitnami/grafana
+  repository: tccr.io/truecharts/grafana
   pullPolicy: IfNotPresent
-  tag: 10.2.2@sha256:b611d3069b5396b5b9eabf48da0fc10c29c7fdd40f7cc3b500ca505ca4f81db9
+  tag: v10.0.3@sha256:c39406b61cd96aeb602fe1a2e6995053190fb3f09526cbc25886bcc252a2a016
 manifestManager:
   enabled: true
 securityContext:
   container:
     readOnlyRootFilesystem: false
+
 service:
   main:
     ports:
@@ -14,6 +15,7 @@ service:
         protocol: http
         targetPort: 3000
         port: 10038
+
 workload:
   main:
     replicas: 2
@@ -36,10 +38,13 @@ workload:
           probes:
             liveness:
               path: "/api/health"
+
             readiness:
               path: "/api/health"
+
             startup:
               path: "/api/health"
+
 persistence:
   config:
     enabled: true
@@ -48,6 +53,7 @@ persistence:
     enabled: true
     type: emptyDir
     mountPath: /opt/bitnami/grafana/tmp
+
 metrics:
   main:
     # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@@ -64,16 +70,18 @@ metrics:
       labels: {}
       # -- Configure additionial rules for the chart under this key.
       # @default -- See prometheusrules.yaml
-      rules: []
-      # - alert: UnifiPollerAbsent
-      #   annotations:
-      #     description: Unifi Poller has disappeared from Prometheus service discovery.
-      #     summary: Unifi Poller is down.
-      #   expr: |
-      #     absent(up{job=~".*unifi-poller.*"} == 1)
-      #   for: 5m
-      #   labels:
-      #     severity: critical
+      rules:
+        []
+        # - alert: UnifiPollerAbsent
+        #   annotations:
+        #     description: Unifi Poller has disappeared from Prometheus service discovery.
+        #     summary: Unifi Poller is down.
+        #   expr: |
+        #     absent(up{job=~".*unifi-poller.*"} == 1)
+        #   for: 5m
+        #   labels:
+        #     severity: critical
+
 portal:
   open:
     enabled: true

charts/enterprise/kubernetes-reflector/Chart.yaml

@@ -1,41 +0,0 @@
-kubeVersion: ">=1.24.0"
-apiVersion: v2
-name: kubernetes-reflector
-version: 1.0.7
-appVersion: 7.1.217
-description:
-  Kubernetes-Reflector is a Kubernetes addon designed to monitor and reflect
-  changes to secrets and configmaps across namespaces
-home: https://truecharts.org/charts/enterprise/kubernetes-reflector
-icon: https://truecharts.org/img/hotlink-ok/chart-icons/kubernetes-reflector.png
-deprecated: false
-sources:
-  - https://hub.docker.com/r/emberstack/kubernetes-reflector
-  - https://github.com/emberstack/kubernetes-reflector
-  - https://github.com/truecharts/charts/tree/master/charts/enterprise/kubernetes-reflector
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
-keywords:
-  - reflector
-  - secrets
-  - configmaps
-  - cert-manager
-  - certificates
-dependencies:
-  - name: common
-    version: 14.3.5
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
-annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
-  truecharts.org/SCALE-support: "true"
-  truecharts.org/category: operators
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: enterprise

charts/enterprise/kubernetes-reflector/README.md

@@ -1,27 +0,0 @@
-# README
-
-## General Info
-
-TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
-However only installations using the TrueNAS SCALE Apps system are supported.
-
-For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
-
-**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
-
-
-## Support
-
-- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
-- See the [Website](https://truecharts.org)
-- Check our [Discord](https://discord.gg/tVsPTHWTtr)
-- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
-
----
-
-## Sponsor TrueCharts
-
-TrueCharts can only exist due to the incredible effort of our staff.
-Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
-
-*All Rights Reserved - The TrueCharts Project*

charts/enterprise/kubernetes-reflector/questions.yaml

@@ -1,42 +0,0 @@
-# Include{groups}
-questions:
-# Include{global}
-# Include{workload}
-# Include{workloadDeployment}
-# Include{replicas1}
-# Include{podSpec}
-# Include{containerMain}
-# Include{containerBasic}
-# Include{containerAdvanced}
-  - variable: kubernetesReflector
-    group: "App Configuration"
-    label: "Kubernetes-Reflector Configuration"
-    schema:
-      additional_attrs: true
-      type: dict
-      attrs:
-        - variable: logLevel
-          label: "Log Level"
-          schema:
-            type: string
-            default: "Information"
-            enum:
-              - value: "Verbose"
-                description: "Trace"
-              - value: "Debug"
-                description: "Debug"
-              - value: "Information"
-                description: "Info"
-              - value: "Warning"
-                description: "Warnings"
-              - value: "Error"
-                description: "Errors"
-              - value: "Fatal"
-                description: "Fatal Errors"
-# Include{resources}
-# Include{advanced}
-# Include{addons}
-# Include{codeserver}
-# Include{netshoot}
-# Include{vpn}
-# Include{documentation}

charts/enterprise/kubernetes-reflector/templates/common.yaml

@@ -1 +0,0 @@
-{{- include "tc.v1.common.loader.all" . }}

charts/enterprise/kubernetes-reflector/values.yaml

@@ -1,70 +0,0 @@
-image:
-  repository: docker.io/emberstack/kubernetes-reflector
-  pullPolicy: IfNotPresent
-  tag: build-7.1.217@sha256:982b8fc714349abe480a6864f3c3fce8e8801fd5068fac6add5b22ed32efc033
-operator:
-  register: true
-portal:
-  open:
-    enabled: false
-rbac:
-  main:
-    enabled: true
-    primary: true
-    clusterWide: true
-    rules:
-      - apiGroups:
-          - ""
-        resources:
-          - "configmaps"
-          - "secrets"
-        verbs:
-          - "get"
-          - "list"
-          - "watch"
-          - "create"
-          - "update"
-          - "patch"
-          - "delete"
-      - apiGroups:
-          - ""
-        resources:
-          - "namespaces"
-        verbs:
-          - "watch"
-          - "list"
-serviceAccount:
-  main:
-    enabled: true
-    primary: true
-kubernetesReflector:
-  logLevel: Information
-workload:
-  main:
-    podSpec:
-      automountServiceAccountToken: true
-      containers:
-        main:
-          securityContext:
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-          env:
-            ES_Serilog__MinimumLevel__Default: "{{ .Values.kubernetesReflector.logLevel }}"
-            ES_Reflector__Watcher__Timeout: ""
-            ES_Reflector__Kubernetes__SkipTlsVerify: "false"
-          probes:
-            liveness:
-              type: http
-              path: /healthz
-              port: 25080
-            readiness:
-              type: http
-              path: /healthz
-              port: 25080
-            startup:
-              type: http
-              path: /healthz
-              port: 25080
-service:
-  main:
-    enabled: false

charts/enterprise/metallb-config/Chart.yaml

@@ -1,39 +1,30 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: metallb-config
-version: 3.0.12
-appVersion: latest
-description:
-  A network load-balancer implementation for Kubernetes using standard
-  routing protocols
+appVersion: "latest"
+deprecated: false
+description: A network load-balancer implementation for Kubernetes using standard routing protocols
 home: https://truecharts.org/charts/enterprise/metallb-config
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/metallb-config.png
-deprecated: false
-sources:
-  - https://github.com/metallb/metallb
-  - https://metallb.universe.tf
-  - https://github.com/truecharts/charts/tree/master/charts/enterprise/metallb-config
-  - https://hub.docker.com/_/hello-world
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - metallb
   - loadbalancer
 dependencies:
   - name: common
-    version: 14.3.5
     repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+    version: 14.0.1
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: metallb-config
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/metallb-config
+  - https://github.com/metallb/metallb
+  - https://metallb.universe.tf
+type: application
+version: 3.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - core
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: core
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: enterprise
+  truecharts.org/grade: U

charts/enterprise/metallb-config/docs/setup-guide.md

@@ -4,7 +4,7 @@ The guide walks through a basic configuration of MetalLB for a single address po
 
 :::warning
 
-With MetalLB installed, apps will not be reachable using the integrated LoadBalancer. You cannot combine two different LoadBalancers in TrueNAS SCALE.
+With MetalLB installed, apps will not be reachable using the integrated loadbalancer. You cannot combine two different loadbalancers in TrueNAS SCALE.
 
 :::
 
@@ -14,12 +14,6 @@ With MetalLB installed, apps will not be reachable using the integrated LoadBala
 
 ![metallb-addtrains](img/metallb_guide_trains.png)
 
-:::caution
-
-Our customized version of MetalLB is only intended for use with other TrueCharts applications. Other catalogs will likely not support our MetalLB application. MetalLB could technically work with TrueNAS catalog apps if they used the LoadBalancer service, but they don't as they use NodePort instead. These atypical configurations aren't officially supported nor encouraged by TrueCharts.
-
-:::
-
 ## 1. Install MetalLB Operator from Operators Train
 
 ![metallb-apps](img/metallb_guide_apps.png)
@@ -27,7 +21,7 @@ Our customized version of MetalLB is only intended for use with other TrueCharts
 Install `metallb` from `operators` train first. There is no config, so just hit save.
 
 If you encounter an error upon install, run the following command as root from system settings -> shell and attempt the install again:
-`k3s kubectl delete --grace-period 30 --v=4 -k https://github.com/truecharts/manifests/delete`
+```k3s kubectl delete  --grace-period 30 --v=4 -k https://github.com/truecharts/manifests/delete```
 
 If you previously had `metallb` installed and encounter an error, delete the old version, then run the above command before proceeding to install the `metallb` operator.
 
@@ -63,21 +57,21 @@ Once installed, `metallb-config` will always show as Stopped.
 
 ![metallb-specifyIP](img/metallb_guide_specifyIP.png)
 
-With MetalLB installed, it's recommended (but optional) to specify IP addresses for your apps.
+With MetalLB installed, its is recommended (but optional) to specify IP addresses for your apps.
 
 For each app, under **Networking and Services**, select `LoadBalancer` Service Type for the Main Service.
 
 In the **LoadBalancer IP** field, specify an IP address that is within the MetalLB address pool that you configured. Apply the same IP address to the **LoadBalancer IP** field on other services within the app.
 
-## 4. Disable SCALE's Default LoadBalancer
+## 4. Disable SCALE's Default Loadbalancer
 
-With MetalLB installed and configured, you must now disable SCALE's default LoadBalancer.
+With MetalLB installed and configured, you must now disable SCALE's default loadbalancer.
 
 In the SCALE UI, under **Apps** > **Settings** > **Advanced Settings**
 
 ![metallb-disable](img/metallb_guide_disableLB.png)
 
-Uncheck `Enable Integrated LoadBalancer`.
+Uncheck `Enable Integrated Loadbalancer`.
 
 **This will trigger a restart of Kubernetes and all apps**. After roughly 5-10 minutes, your apps will redeploy using the MetalLB-assigned IP addresses.
 

charts/enterprise/metallb-config/values.yaml

@@ -1,6 +1,6 @@
 image:
-  repository: hello-world
-  tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
+  repository: tccr.io/truecharts/scratch
+  tag: latest@sha256:1a9a10a0a5f5cb5fe4b30ac6d9c56ff87ad47f3f3490bafb6938fc155230131b
   pullPolicy: IfNotPresent
 manifestManager:
   enabled: false
@@ -18,6 +18,7 @@ workload:
               enabled: false
             startup:
               enabled: false
+
 service:
   main:
     enabled: false
@@ -25,13 +26,16 @@ service:
       main:
         enabled: false
         port: 9999
+        
 operator:
   verify:
     enabled: true
     additionalOperators: ["metallb"]
+
 portal:
   open:
     enabled: false
+
 ipAddressPools: []
 #   - name: example
 #     autoAssign: true

charts/enterprise/prometheus/Chart.yaml

@@ -1,48 +1,37 @@
-kubeVersion: ">=1.16.0-0"
 apiVersion: v2
-name: prometheus
-version: 13.0.23
-appVersion: 2.48.0
-description:
-  kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
-  and Prometheus rules combined with documentation and scripts to provide easy to
-  operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
-  Operator.
-home: https://truecharts.org/charts/enterprise/prometheus
-icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png
-deprecated: false
-sources:
-  - https://hub.docker.com/r/bitnami/prometheus
-  - https://github.com/prometheus-community/helm-charts
-  - https://github.com/prometheus-operator/kube-prometheus
-  - https://github.com/truecharts/charts/tree/master/charts/enterprise/prometheus
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
-keywords:
-  - metrics
+appVersion: "2.46.0"
 dependencies:
   - name: common
-    version: 14.3.5
     repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
-  - name: node-exporter
-    version: 3.0.40
+    version: 14.0.1
+  - condition: exporters.enabled,exporters.node-exporter.enabled
+    name: node-exporter
     repository: https://deps.truecharts.org
-    condition: exporters.enabled,exporters.node-exporter.enabled
-    alias: ""
-    tags: []
-    import-values: []
-  - name: kube-state-metrics
-    version: 3.0.38
+    version: 2.0.7
+  - condition: exporters.enabled,exporters.kube-state-metrics.enabled
+    name: kube-state-metrics
     repository: https://deps.truecharts.org
-    condition: exporters.enabled,exporters.kube-state-metrics.enabled
-    alias: ""
-    tags: []
-    import-values: []
+    version: 2.0.6
+deprecated: false
+description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png
+home: https://truecharts.org/charts/enterprise/prometheus
+keywords:
+  - metrics
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: prometheus
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/prometheus
+  - https://github.com/prometheus-community/helm-charts
+  - https://github.com/prometheus-operator/kube-prometheus
+type: application
+version: 12.0.0
 annotations:
-  "truecharts.org/category": metrics
+  truecharts.org/catagories: |
+    - metrics
+  truecharts.org/SCALE-support: "true"
+  truecharts.org/grade: U

charts/enterprise/prometheus/questions.yaml

@@ -80,45 +80,6 @@ questions:
                 schema:
                   type: boolean
                   default: false
-              - variable: remoteWrite
-                label: "Remote Write"
-                schema:
-                  type: list
-                  default: []
-                  items:
-                    - variable: remoteWriteEntry
-                      label: Remote Write Entry
-                      schema:
-                        additional_attrs: true
-                        type: dict
-                        attrs:
-                          - variable: url
-                            label: URL
-                            description: Remote write destination URL
-                            schema:
-                              type: string
-                              required: true
-                              default: ""
-                          - variable: basicAuth
-                            label: Basic Auth
-                            description: Basic authentication for remote write
-                            schema:
-                              type: dict
-                              attrs:
-                                - variable: username
-                                  label: Username
-                                  description: Basic auth username
-                                  schema:
-                                    type: string
-                                    required: true
-                                    default: ""
-                                - variable: password
-                                  label: Password
-                                  description: Basic auth password
-                                  schema:
-                                    type: string
-                                    required: false
-                                    default: ""
 
   - variable: exporters
     group: "App Configuration"

charts/enterprise/prometheus/templates/prometheus/_prometheus.tpl

@@ -126,9 +126,8 @@ spec:
   {{- if .Values.prometheus.remoteRead }}
   remoteRead: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }}
   {{- end }}
-  {{- with .Values.prometheus.remoteWrite }}
-  remoteWrite:
-    {{- tpl (toYaml .) $ | nindent 4 }}
+  {{- if .Values.prometheus.remoteWrite }}
+  remoteWrite: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.podSecurityContext.enabled }}
   securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }}

charts/enterprise/prometheus/values.yaml

@@ -1,12 +1,16 @@
 image:
-  repository: bitnami/prometheus
-  tag: 2.48.0@sha256:43de9da8d70cff6b862daedd3afd323465bee5ab87ef2f67a1811bf15a39019a
+  repository: tccr.io/truecharts/prometheus
+  tag: v2.46.0@sha256:0b0dc821c06967e8562bf32ebd9055eef7f1ddd8851187acbf8871d8bd9c72a3
+
 thanosImage:
-  repository: quay.io/thanos/thanos
-  tag: v0.32.5@sha256:3e5c47dd3a0bfc6c595036c1c49c7ca95979a89c1fb93ee4cdee3bf5d296f944
+  repository: tccr.io/truecharts/thanos
+  tag: 0.31.0@sha256:28282d3e63f84cdeeb05e965b173b610d5597997acc7ce75d5849207b0f97b28
+
 alertmanagerImage:
-  repository: bitnami/alertmanager
-  tag: 0.26.0@sha256:3da5256271a71100d822125dc4af6466f7f2d0a4a1680ba6c01087207be95192
+  repository: tccr.io/truecharts/alertmanager
+  tag: 0.25.0@sha256:6b534671b83aa7fbd91d1b10bf0f1b29b948e4b300f8359a86043d0deba07207
+manifestManager:
+  enabled: true
 global:
   labels: {}
 workload:
@@ -23,6 +27,7 @@ workload:
               enabled: false
             startup:
               enabled: false
+
 service:
   main:
     selectorLabels:
@@ -55,6 +60,7 @@ service:
         port: 10901
         targetPort: 10901
         protocol: http
+
 ingress:
   main:
     enabled: false
@@ -62,16 +68,20 @@ ingress:
     enabled: false
   thanos:
     enabled: false
+
 ####
 ## Operator Config
 ####
+
 env:
   PROMETHEUS_CONFIG_RELOADER:
     configMapKeyRef:
       name: prometheus-operator-config
       key: prometheus-config-reloader
+
 podOptions:
   automountServiceAccountToken: true
+
 rbac:
   main:
     enabled: true
@@ -169,13 +179,16 @@ rbac:
           - get
           - list
           - watch
+
 # -- The service account the pods will use to interact with the Kubernetes API
 serviceAccount:
   main:
     enabled: true
     primary: true
+
 securityContext:
   readOnlyRootFilesystem: false
+
 probes:
   # -- Liveness probe configuration
   # @default -- See below
@@ -186,6 +199,7 @@ probes:
         path: "/metrics"
         port: promop
         scheme: HTTP
+
   # -- Redainess probe configuration
   # @default -- See below
   readiness:
@@ -195,6 +209,7 @@ probes:
         path: "/metrics"
         port: promop
         scheme: HTTP
+
   # -- Startup probe configuration
   # @default -- See below
   startup:
@@ -204,6 +219,7 @@ probes:
         path: "/metrics"
         port: promop
         scheme: HTTP
+
 operator:
   ## Create a servicemonitor for the operator
   ##
@@ -223,6 +239,7 @@ operator:
     ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
     ##
     relabelings: []
+
   ## Prometheus Configmap-reload image to use for reloading configmaps
   ## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus-operator/tags/)
   ##
@@ -235,6 +252,7 @@ operator:
       capabilities:
         drop:
           - ALL
+
     livenessProbe:
       enabled: true
       initialDelaySeconds: 10
@@ -242,6 +260,7 @@ operator:
       timeoutSeconds: 5
       failureThreshold: 6
       successThreshold: 1
+
     readinessProbe:
       enabled: true
       initialDelaySeconds: 15
@@ -249,6 +268,7 @@ operator:
       timeoutSeconds: 5
       failureThreshold: 6
       successThreshold: 1
+
 ####
 ## Prometheus Config (Spawned by Operator)
 ####
@@ -307,6 +327,7 @@ prometheus:
     capabilities:
       drop:
         - ALL
+
   serviceMonitor:
     ## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself
     ##
@@ -822,6 +843,7 @@ prometheus:
   ## @param prometheus.portName Port name used for the pods and governing service. This defaults to web
   ##
   portName: main
+
 ####
 ## Alert Manager Config
 ####
@@ -1099,6 +1121,7 @@ alertmanager:
   ## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {}
   ##
   configSelector: {}
+
 ####
 ## Exporters
 ####
@@ -1116,12 +1139,14 @@ exporters:
     ## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics
     ##
     enabled: true
+
 ## @param kube-state-metrics [object] Node Exporter deployment configuration
 ##
 kube-state-metrics:
   serviceMonitor:
     enabled: true
     honorLabels: true
+
 ## Component scraping for kubelet and kubelet hosted cAdvisor
 ##
 kubelet:
@@ -1337,7 +1362,7 @@ kubeProxy:
   ## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service
   ##
   enabled: false
+
 portal:
   open:
     enabled: true
-updated: true

charts/enterprise/traefik/Chart.yaml

@@ -1,38 +1,31 @@
-kubeVersion: ">=1.24.0"
 apiVersion: v2
-name: traefik
-version: 22.1.1
-appVersion: 2.10.5
+appVersion: "2.10.4"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 14.0.1
+deprecated: false
 description: Traefik is a flexible reverse proxy and Ingress Provider.
 home: https://truecharts.org/charts/enterprise/traefik
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
-deprecated: false
-sources:
-  - https://github.com/truecharts/containers/tree/master/mirrortraefik
-  - https://github.com/traefik/traefik
-  - https://github.com/traefik/traefik-helm-chart
-  - https://traefik.io/
-  - https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik
-maintainers:
-  - name: TrueCharts
-    email: info@truecharts.org
-    url: https://truecharts.org
 keywords:
   - traefik
   - ingress
-dependencies:
-  - name: common
-    version: 14.3.5
-    repository: https://library-charts.truecharts.org
-    condition: ""
-    alias: ""
-    tags: []
-    import-values: []
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: traefik
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik
+  - https://github.com/traefik/traefik
+  - https://github.com/traefik/traefik-helm-chart
+  - https://traefik.io/
+type: application
+version: 21.0.0
 annotations:
-  max_scale_version: 23.10.1
-  min_scale_version: 22.12.4
+  truecharts.org/catagories: |
+    - network
   truecharts.org/SCALE-support: "true"
-  truecharts.org/category: network
-  truecharts.org/max_helm_version: "3.13"
-  truecharts.org/min_helm_version: "3.12"
-  truecharts.org/train: enterprise
+  truecharts.org/grade: U

charts/enterprise/traefik/crds/traefik.containo.us_ingressroutes.yaml

@@ -1,4 +1,3 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -39,7 +38,7 @@ spec:
               entryPoints:
                 description: 'EntryPoints defines the list of entry point names to
                   bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
                   Default: all.'
                 items:
                   type: string
@@ -56,11 +55,11 @@ spec:
                       - Rule
                       type: string
                     match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule'
                       type: string
                     middlewares:
                       description: 'Middlewares defines the list of references to
-                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware'
                       items:
                         description: MiddlewareRef is a reference to a Middleware
                           resource.
@@ -79,7 +78,7 @@ spec:
                       type: array
                     priority:
                       description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                        info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority'
                       type: integer
                     services:
                       description: Services defines the list of Service. It can contain
@@ -104,13 +103,6 @@ spec:
                             description: Namespace defines the namespace of the referenced
                               Kubernetes Service or TraefikService.
                             type: string
-                          nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
-                            type: boolean
                           passHostHeader:
                             description: PassHostHeader defines whether the client
                               Host header is forwarded to the upstream Kubernetes
@@ -152,7 +144,7 @@ spec:
                             type: string
                           sticky:
                             description: 'Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                              More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
                             properties:
                               cookie:
                                 description: Cookie defines the sticky cookie configuration.
@@ -197,16 +189,16 @@ spec:
                   type: object
                 type: array
               tls:
-                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls'
                 properties:
                   certResolver:
                     description: 'CertResolver defines the name of the certificate
                       resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
                     type: string
                   domains:
                     description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -224,15 +216,15 @@ spec:
                   options:
                     description: 'Options defines the reference to a TLSOption, that
                       specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
                     properties:
                       name:
                         description: 'Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
                         type: string
                       namespace:
                         description: 'Namespace defines the namespace of the referenced
-                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
                         type: string
                     required:
                     - name
@@ -248,11 +240,11 @@ spec:
                     properties:
                       name:
                         description: 'Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
                         type: string
                       namespace:
                         description: 'Namespace defines the namespace of the referenced
-                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
                         type: string
                     required:
                     - name

charts/enterprise/traefik/crds/traefik.containo.us_ingressroutetcps.yaml

@@ -39,7 +39,7 @@ spec:
               entryPoints:
                 description: 'EntryPoints defines the list of entry point names to
                   bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
                   Default: all.'
                 items:
                   type: string
@@ -50,7 +50,7 @@ spec:
                   description: RouteTCP holds the TCP route configuration.
                   properties:
                     match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1'
                       type: string
                     middlewares:
                       description: Middlewares defines the list of references to MiddlewareTCP
@@ -73,7 +73,7 @@ spec:
                       type: array
                     priority:
                       description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                        info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1'
                       type: integer
                     services:
                       description: Services defines the list of TCP services.
@@ -89,13 +89,6 @@ spec:
                             description: Namespace defines the namespace of the referenced
                               Kubernetes Service.
                             type: string
-                          nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
-                            type: boolean
                           port:
                             anyOf:
                             - type: integer
@@ -105,7 +98,7 @@ spec:
                             x-kubernetes-int-or-string: true
                           proxyProtocol:
                             description: 'ProxyProtocol defines the PROXY protocol
-                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                              configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol'
                             properties:
                               version:
                                 description: Version defines the PROXY Protocol version
@@ -136,16 +129,16 @@ spec:
                 type: array
               tls:
                 description: 'TLS defines the TLS configuration on a layer 4 / TCP
-                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                  Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1'
                 properties:
                   certResolver:
                     description: 'CertResolver defines the name of the certificate
                       resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
                     type: string
                   domains:
                     description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -163,7 +156,7 @@ spec:
                   options:
                     description: 'Options defines the reference to a TLSOption, that
                       specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
                     properties:
                       name:
                         description: Name defines the name of the referenced Traefik

charts/enterprise/traefik/crds/traefik.containo.us_ingressrouteudps.yaml

@@ -39,7 +39,7 @@ spec:
               entryPoints:
                 description: 'EntryPoints defines the list of entry point names to
                   bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
                   Default: all.'
                 items:
                   type: string
@@ -63,13 +63,6 @@ spec:
                             description: Namespace defines the namespace of the referenced
                               Kubernetes Service.
                             type: string
-                          nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
-                            type: boolean
                           port:
                             anyOf:
                             - type: integer

charts/enterprise/traefik/crds/traefik.containo.us_middlewares.yaml

@@ -20,7 +20,7 @@ spec:
     schema:
       openAPIV3Schema:
         description: 'Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+          More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -40,7 +40,7 @@ spec:
               addPrefix:
                 description: 'AddPrefix holds the add prefix middleware configuration.
                   This middleware updates the path of a request before forwarding
-                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+                  it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/'
                 properties:
                   prefix:
                     description: Prefix is the string to add before the current path
@@ -50,11 +50,11 @@ spec:
               basicAuth:
                 description: 'BasicAuth holds the basic auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/'
                 properties:
                   headerField:
                     description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
                     type: string
                   realm:
                     description: 'Realm allows the protected resources on a server
@@ -74,7 +74,7 @@ spec:
               buffering:
                 description: 'Buffering holds the buffering middleware configuration.
                   This middleware retries or limits the size of requests that can
-                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes'
                 properties:
                   maxRequestBodyBytes:
                     description: 'MaxRequestBodyBytes defines the maximum allowed
@@ -107,13 +107,13 @@ spec:
                   retryExpression:
                     description: 'RetryExpression defines the retry conditions. It
                       is a logical combination of functions with operators AND (&&)
-                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression'
                     type: string
                 type: object
               chain:
                 description: 'Chain holds the configuration of the chain middleware.
                   This middleware enables to define reusable combinations of other
-                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/'
                 properties:
                   middlewares:
                     description: Middlewares is the list of MiddlewareRef which composes
@@ -167,7 +167,7 @@ spec:
               compress:
                 description: 'Compress holds the compress middleware configuration.
                   This middleware compresses responses before sending them to the
-                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/'
                 properties:
                   excludedContentTypes:
                     description: ExcludedContentTypes defines the list of content
@@ -201,11 +201,11 @@ spec:
               digestAuth:
                 description: 'DigestAuth holds the digest auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/'
                 properties:
                   headerField:
                     description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
                     type: string
                   realm:
                     description: 'Realm allows the protected resources on a server
@@ -224,7 +224,7 @@ spec:
               errors:
                 description: 'ErrorPage holds the custom error middleware configuration.
                   This middleware returns a custom page in lieu of the default, according
-                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/'
                 properties:
                   query:
                     description: Query defines the URL for the error page (hosted
@@ -233,7 +233,7 @@ spec:
                     type: string
                   service:
                     description: 'Service defines the reference to a Kubernetes Service
-                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service'
                     properties:
                       kind:
                         description: Kind defines the kind of the Service.
@@ -250,13 +250,6 @@ spec:
                         description: Namespace defines the namespace of the referenced
                           Kubernetes Service or TraefikService.
                         type: string
-                      nativeLB:
-                        description: NativeLB controls, when creating the load-balancer,
-                          whether the LB's children are directly the pods IPs or if
-                          the only child is the Kubernetes Service clusterIP. The
-                          Kubernetes Service itself does load-balance to the pods.
-                          By default, NativeLB is false.
-                        type: boolean
                       passHostHeader:
                         description: PassHostHeader defines whether the client Host
                           header is forwarded to the upstream Kubernetes Service.
@@ -297,7 +290,7 @@ spec:
                         type: string
                       sticky:
                         description: 'Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
                         properties:
                           cookie:
                             description: Cookie defines the sticky cookie configuration.
@@ -346,7 +339,7 @@ spec:
               forwardAuth:
                 description: 'ForwardAuth holds the forward auth middleware configuration.
                   This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/'
                 properties:
                   address:
                     description: Address defines the authentication server address.
@@ -369,7 +362,7 @@ spec:
                     description: 'AuthResponseHeadersRegex defines the regex to match
                       headers to copy from the authentication server response and
                       set on forwarded request, after stripping all headers that match
-                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+                      the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex'
                     type: string
                   tls:
                     description: TLS defines the configuration used to secure the
@@ -400,7 +393,7 @@ spec:
               headers:
                 description: 'Headers holds the headers middleware configuration.
                   This middleware manages the requests and responses headers. More
-                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+                  info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders'
                 properties:
                   accessControlAllowCredentials:
                     description: AccessControlAllowCredentials defines whether the
@@ -561,7 +554,7 @@ spec:
               inFlightReq:
                 description: 'InFlightReq holds the in-flight request middleware configuration.
                   This middleware limits the number of requests being processed and
-                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/'
                 properties:
                   amount:
                     description: Amount defines the maximum amount of allowed simultaneous
@@ -575,11 +568,11 @@ spec:
                       group requests as originating from a common source. If several
                       strategies are defined at the same time, an error will be raised.
                       If none are set, the default is to use the requestHost. More
-                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+                      info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion'
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -607,11 +600,11 @@ spec:
               ipWhiteList:
                 description: 'IPWhiteList holds the IP whitelist middleware configuration.
                   This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
                 properties:
                   ipStrategy:
                     description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -635,7 +628,7 @@ spec:
               passTLSClientCert:
                 description: 'PassTLSClientCert holds the pass TLS client cert middleware
                   configuration. This middleware adds the selected data from the passed
-                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/'
                 properties:
                   info:
                     description: Info selects the specific client certificate details
@@ -730,7 +723,7 @@ spec:
                     type: object
                   pem:
                     description: PEM sets the X-Forwarded-Tls-Client-Cert header with
-                      the certificate.
+                      the escaped certificate.
                     type: boolean
                 type: object
               plugin:
@@ -742,7 +735,7 @@ spec:
               rateLimit:
                 description: 'RateLimit holds the rate limit configuration. This middleware
                   ensures that services will receive a fair amount of requests, and
-                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/'
                 properties:
                   average:
                     description: Average is the maximum rate, by default in requests/s,
@@ -775,7 +768,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -803,7 +796,7 @@ spec:
               redirectRegex:
                 description: 'RedirectRegex holds the redirect regex middleware configuration.
                   This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex'
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -821,7 +814,7 @@ spec:
               redirectScheme:
                 description: 'RedirectScheme holds the redirect scheme middleware
                   configuration. This middleware redirects requests from a scheme/port
-                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+                  to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/'
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -837,7 +830,7 @@ spec:
               replacePath:
                 description: 'ReplacePath holds the replace path middleware configuration.
                   This middleware replaces the path of the request URL and store the
-                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/'
                 properties:
                   path:
                     description: Path defines the path to use as replacement in the
@@ -847,7 +840,7 @@ spec:
               replacePathRegex:
                 description: 'ReplacePathRegex holds the replace path regex middleware
                   configuration. This middleware replaces the path of a URL using
-                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/'
                 properties:
                   regex:
                     description: Regex defines the regular expression used to match
@@ -863,7 +856,7 @@ spec:
                   middleware reissues requests a given number of times to a backend
                   server if that server does not reply. As soon as the server answers,
                   the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/'
                 properties:
                   attempts:
                     description: Attempts defines how many times the request should
@@ -883,7 +876,7 @@ spec:
               stripPrefix:
                 description: 'StripPrefix holds the strip prefix middleware configuration.
                   This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
                 properties:
                   forceSlash:
                     description: 'ForceSlash ensures that the resulting stripped path
@@ -900,7 +893,7 @@ spec:
               stripPrefixRegex:
                 description: 'StripPrefixRegex holds the strip prefix regex middleware
                   configuration. This middleware removes the matching prefixes from
-                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/'
                 properties:
                   regex:
                     description: Regex defines the regular expression to match the

charts/enterprise/traefik/crds/traefik.containo.us_middlewaretcps.yaml

@@ -20,7 +20,7 @@ spec:
     schema:
       openAPIV3Schema:
         description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+          More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation

charts/enterprise/traefik/crds/traefik.containo.us_serverstransports.yaml

@@ -22,7 +22,7 @@ spec:
         description: 'ServersTransport is the CRD implementation of a ServersTransport.
           If no serversTransport is specified, the default@internal will be used.
           The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+          More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation

charts/enterprise/traefik/crds/traefik.containo.us_tlsoptions.yaml

@@ -21,7 +21,7 @@ spec:
       openAPIV3Schema:
         description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
           allowing to configure some parameters of the TLS connection. More info:
-          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+          https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -41,13 +41,13 @@ spec:
               alpnProtocols:
                 description: 'ALPNProtocols defines the list of supported application
                   level protocols for the TLS handshake, in order of preference. More
-                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+                  info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols'
                 items:
                   type: string
                 type: array
               cipherSuites:
                 description: 'CipherSuites defines the list of supported cipher suites
-                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites'
                 items:
                   type: string
                 type: array
@@ -74,7 +74,7 @@ spec:
                 type: object
               curvePreferences:
                 description: 'CurvePreferences defines the preferred elliptic curves
-                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences'
                 items:
                   type: string
                 type: array

charts/enterprise/traefik/crds/traefik.containo.us_tlsstores.yaml

@@ -22,7 +22,7 @@ spec:
         description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
           the time being, only the TLSStore named default is supported. This means
           that you cannot have two stores that are named default in different Kubernetes
-          namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
+          namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation

charts/enterprise/traefik/crds/traefik.containo.us_traefikservices.yaml

@@ -21,7 +21,7 @@ spec:
       openAPIV3Schema:
         description: 'TraefikService is the CRD implementation of a Traefik Service.
           TraefikService object allows to: - Apply weight to Services on load-balancing
-          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
+          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -75,13 +75,6 @@ spec:
                           description: Namespace defines the namespace of the referenced
                             Kubernetes Service or TraefikService.
                           type: string
-                        nativeLB:
-                          description: NativeLB controls, when creating the load-balancer,
-                            whether the LB's children are directly the pods IPs or
-                            if the only child is the Kubernetes Service clusterIP.
-                            The Kubernetes Service itself does load-balance to the
-                            pods. By default, NativeLB is false.
-                          type: boolean
                         passHostHeader:
                           description: PassHostHeader defines whether the client Host
                             header is forwarded to the upstream Kubernetes Service.
@@ -127,7 +120,7 @@ spec:
                           type: string
                         sticky:
                           description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -173,13 +166,6 @@ spec:
                     description: Namespace defines the namespace of the referenced
                       Kubernetes Service or TraefikService.
                     type: string
-                  nativeLB:
-                    description: NativeLB controls, when creating the load-balancer,
-                      whether the LB's children are directly the pods IPs or if the
-                      only child is the Kubernetes Service clusterIP. The Kubernetes
-                      Service itself does load-balance to the pods. By default, NativeLB
-                      is false.
-                    type: boolean
                   passHostHeader:
                     description: PassHostHeader defines whether the client Host header
                       is forwarded to the upstream Kubernetes Service. By default,
@@ -218,7 +204,7 @@ spec:
                     type: string
                   sticky:
                     description: 'Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                      More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.
@@ -277,13 +263,6 @@ spec:
                           description: Namespace defines the namespace of the referenced
                             Kubernetes Service or TraefikService.
                           type: string
-                        nativeLB:
-                          description: NativeLB controls, when creating the load-balancer,
-                            whether the LB's children are directly the pods IPs or
-                            if the only child is the Kubernetes Service clusterIP.
-                            The Kubernetes Service itself does load-balance to the
-                            pods. By default, NativeLB is false.
-                          type: boolean
                         passHostHeader:
                           description: PassHostHeader defines whether the client Host
                             header is forwarded to the upstream Kubernetes Service.
@@ -325,7 +304,7 @@ spec:
                           type: string
                         sticky:
                           description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -364,7 +343,7 @@ spec:
                     type: array
                   sticky:
                     description: 'Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                      More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.

charts/enterprise/traefik/crds/traefik.io_serverstransporttcps.yaml

@@ -1,122 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
-  name: serverstransporttcps.traefik.io
-spec:
-  group: traefik.io
-  names:
-    kind: ServersTransportTCP
-    listKind: ServersTransportTCPList
-    plural: serverstransporttcps
-    singular: serverstransporttcp
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: 'ServersTransportTCP is the CRD implementation of a TCPServersTransport.
-          If no tcpServersTransport is specified, a default one named default@internal
-          will be used. The default@internal tcpServersTransport can be configured
-          in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3'
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ServersTransportTCPSpec defines the desired state of a ServersTransportTCP.
-            properties:
-              dialKeepAlive:
-                anyOf:
-                - type: integer
-                - type: string
-                description: DialKeepAlive is the interval between keep-alive probes
-                  for an active network connection. If zero, keep-alive probes are
-                  sent with a default value (currently 15 seconds), if supported by
-                  the protocol and operating system. Network protocols or operating
-                  systems that do not support keep-alives ignore this field. If negative,
-                  keep-alive probes are disabled.
-                x-kubernetes-int-or-string: true
-              dialTimeout:
-                anyOf:
-                - type: integer
-                - type: string
-                description: DialTimeout is the amount of time to wait until a connection
-                  to a backend server can be established.
-                x-kubernetes-int-or-string: true
-              terminationDelay:
-                anyOf:
-                - type: integer
-                - type: string
-                description: TerminationDelay defines the delay to wait before fully
-                  terminating the connection, after one connected peer has closed
-                  its writing capability.
-                x-kubernetes-int-or-string: true
-              tls:
-                description: TLS defines the TLS configuration
-                properties:
-                  certificatesSecrets:
-                    description: CertificatesSecrets defines a list of secret storing
-                      client certificates for mTLS.
-                    items:
-                      type: string
-                    type: array
-                  insecureSkipVerify:
-                    description: InsecureSkipVerify disables TLS certificate verification.
-                    type: boolean
-                  peerCertURI:
-                    description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
-                      to keep per-host. PeerCertURI defines the peer cert URI used
-                      to match against SAN URI during the peer certificate verification.
-                    type: string
-                  rootCAsSecrets:
-                    description: RootCAsSecrets defines a list of CA secret used to
-                      validate self-signed certificates.
-                    items:
-                      type: string
-                    type: array
-                  serverName:
-                    description: ServerName defines the server name used to contact
-                      the server.
-                    type: string
-                  spiffe:
-                    description: Spiffe defines the SPIFFE configuration.
-                    properties:
-                      ids:
-                        description: IDs defines the allowed SPIFFE IDs (takes precedence
-                          over the SPIFFE TrustDomain).
-                        items:
-                          type: string
-                        type: array
-                      trustDomain:
-                        description: TrustDomain defines the allowed SPIFFE trust
-                          domain.
-                        type: string
-                    type: object
-                type: object
-            type: object
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/enterprise/traefik/docs/Authelia-LLDAP-forwardauth.md

@@ -1,3 +1,3 @@
 # Authelia + LLDAP + Traefik ForwardAuth Setup guide
 
-Please refer to the full [Authelia + LLDAP + Traefik ForwardAuth Setup guide](https://truecharts.org/charts/enterprise/authelia/Setup-Guide) for a quick guide should take you through the steps necessary to setup `Authelia` as your `forwardAuth` for `Traefik`.
+Please refer to the full [Authelia + LLDAP + Traefik ForwardAuth Setup guide](https://truecharts.org/charts/enterprise/authelia/Setup-Guide) for a quick guide should take you through the steps necessary to setup `Authelia` as your `forwardAuth` for `Traefik`. 

charts/enterprise/traefik/questions.yaml

@@ -187,7 +187,6 @@ questions:
 # Include{bufferingMiddleware}
 # Include{customRequestHeadersMiddleware}
 # Include{customResponseHeadersMiddleware}
-# Include{rewriteResponseHeadersMiddleware}
 # Include{customFrameOptionsValueMiddleware}
 # Include{chainMiddleware}
 # Include{redirectSchemeMiddleware}

charts/enterprise/traefik/templates/_args.tpl

@@ -173,19 +173,9 @@ args:
   {{/* End of GeoBlock */}}
   {{/* RealIP */}}
   {{- if .Values.middlewares.realIP }}
-  - "--experimental.localPlugins.traefik-real-ip.modulename=github.com/jramsgz/traefik-real-ip"
+  - "--experimental.localPlugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip"
   {{- end }}
   {{/* End of RealIP */}}
-  {{/* ModSecurity */}}
-  {{- if .Values.middlewares.modsecurity }}
-  - "--experimental.localPlugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin"
-  {{- end }}
-  {{/* End of ModSecurity */}}
-  {{/* RewriteResponseHeaders */}}
-  {{- if .Values.middlewares.rewriteResponseHeaders }}
-  - "--experimental.localPlugins.rewriteResponseHeaders.modulename=github.com/XciD/traefik-plugin-rewrite-headers"
-  {{- end }}
-  {{/* End of RewriteResponseHeaders */}}
   {{- with .Values.additionalArguments }}
   {{- range . }}
   - {{ . | quote }}

charts/enterprise/traefik/templates/_ingressroute.tpl

@@ -2,8 +2,8 @@
 {{- define "traefik.ingressRoute" -}}
 {{ if .Values.ingressRoute.dashboard.enabled }}
 
-{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels }}
-{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations }}
+{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels -}}
+{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}}
 
 ---
 apiVersion: traefik.io/v1alpha1
@@ -31,4 +31,4 @@ spec:
     - name: api@internal
       kind: TraefikService
 {{ end }}
-{{- end }}
+{{- end -}}

charts/enterprise/traefik/templates/_tlsoptions.tpl

@@ -1,7 +1,6 @@
 {{/* Define the tlsOptions */}}
 {{- define "traefik.tlsOptions" -}}
 {{- range $name, $config := .Values.tlsOptions }}
-
 ---
 apiVersion: traefik.io/v1alpha1
 kind: TLSOption
@@ -10,4 +9,4 @@ metadata:
 spec:
   {{- toYaml $config | nindent 2 }}
 {{- end }}
-{{- end }}
+{{- end -}}

charts/enterprise/traefik/templates/_tlsstore.tpl

@@ -1,26 +0,0 @@
-{{/* Define the tlsOptions */}}
-{{- define "traefik.tlsstore" -}}
-{{- if .Values.defaultCertificate }}
----
-apiVersion: traefik.io/v1alpha1
-kind: TLSStore
-metadata:
-  name: default
-spec:
-  certificates:
-    - secretName: clusterissuer-templated-{{ tpl .Values.defaultCertificate $ }}
-  defaultCertificate:
-    secretName: clusterissuer-templated-{{ tpl .Values.defaultCertificate $ }}
-{{- end }}
-
-{{- range $name, $config := .Values.tlsStore }}
-
----
-apiVersion: traefik.io/v1alpha1
-kind: TLSStore
-metadata:
-  name: {{ $name }}
-spec:
-  {{- toYaml $config | nindent 2 }}
-{{- end }}
-{{- end }}

charts/enterprise/traefik/templates/common.yaml

@@ -7,7 +7,6 @@
 {{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}}
 
 {{- include "traefik.portalhook" . }}
-{{- include "traefik.tlsstore" . }}
 {{- include "traefik.tlsOptions" . }}
 {{- include "traefik.ingressRoute" . }}
 {{- include "traefik.ingressClass" . }}