more fixes and cleanup

* fix penpot multi secre

* fix disc gsm secret name and enable it

* fix CFddns

* fix shiori

* fix soft-serve

* fix focalborad

* whoops on penpot

* fix immich

* fix inventree

* fix k8s-gateway

* whoops on k8s-gateway

* fix mealie

* fix nocodb

* fix nextcloud

* fix statpingng

* fix synapse

* fix tailscale

* whoops on mealie

* whops on noco

* whoops on synapse

* fix wbo

* fix wireguard

* fix wger

* fix meshcentral

* fix authentik

* whoops

* fix typo

* fix more

* fix

* fix more

.github/lintconf.yaml

@@ -0,0 +1,46 @@
+---
+rules:
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments:
+    require-starting-space: true
+    min-spaces-from-content: 2
+  document-end: disable
+  # No --- to start a file
+  document-start: disable
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 0
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    spaces: consistent
+    # - list indentation will handle both indentation and without
+    indent-sequences: whatever
+    check-multi-line-strings: false
+  key-duplicates:
+    enable
+    # Lines can be any length
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  trailing-spaces: enable
+  truthy:
+    level: warning

.pre-commit-config.yaml

@@ -8,23 +8,33 @@ repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.0.1
     hooks:
-      - id: trailing-whitespace # trims trailing whitespace.
-      - id: end-of-file-fixer # ensures that a file is either empty, or ends with one newline.
+      # trims trailing whitespace.
+      - id: trailing-whitespace
+      # ensures that a file is either empty, or ends with one newline.
+      - id: end-of-file-fixer
       - id: fix-byte-order-marker
-      - id: mixed-line-ending # replaces or checks mixed line ending.
-      - id: check-merge-conflict # checks for files that contain merge conflict strings.
-      - id: check-case-conflict # checks for files that would conflict in case-insensitive filesystems.
-      - id: check-executables-have-shebangs # ensures that (non-binary) executables have a shebang.
-      - id: check-shebang-scripts-are-executable # ensures that (non-binary) files with a shebang are executable.
+      # replaces or checks mixed line ending.
+      - id: mixed-line-ending
+      # checks for files that contain merge conflict strings.
+      - id: check-merge-conflict
+      # checks for files that would conflict in case-insensitive filesystems.
+      - id: check-case-conflict
+      # ensures that (non-binary) executables have a shebang.
+      - id: check-executables-have-shebangs
+      # ensures that (non-binary) files with a shebang are executable.
+      - id: check-shebang-scripts-are-executable
       - id: check-docstring-first
       - id: check-symlinks
       - id: destroyed-symlinks
-      - id: fix-byte-order-marker # removes utf-8 byte order marker.
-      - id: requirements-txt-fixer # sorts entries in requirements.txt.
-      - id: check-added-large-files # prevents giant files from being committed.
-      - id: check-yaml # checks yaml files for parseable syntax.
+      # removes utf-8 byte order marker.
+      - id: fix-byte-order-marker
+      # sorts entries in requirements.txt.
+      - id: requirements-txt-fixer
+      # checks yaml files for parseable syntax.
+      - id: check-yaml
         exclude: (templates\/.*|crds\/.*|questions.yaml|chart_schema.yaml)
-      - id: detect-private-key # detects the presence of private keys.
+        # detects the presence of private keys.
+      - id: detect-private-key
 
   - repo: https://github.com/pre-commit/pygrep-hooks
     rev: v1.9.0
@@ -38,3 +48,13 @@ repos:
       - id: prettier
         exclude: (templates\/.*|crds\/.*|README.md|CHANGELOG.md|questions.yaml|devcontainer.json)
         files: \.(js|ts|jsx|tsx|css|less|html|json|markdown|md|yaml|yml)$
+
+  # Update the rev variable with the release version that you want, from the yamllint repo
+  # You can pass your custom .yamllint with args attribute.
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.17.0
+    hooks:
+      - id: yamllint
+        exclude: (templates\/.*|crds\/.*|README.md|CHANGELOG.md|questions.yaml|devcontainer.json|chart_schema.yaml)
+        files: \.(yaml|yml)$
+        args: [-c=.github/lintconf.yaml]

charts/dependency/clickhouse/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "23.2.1.253"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.2.1
+    version: 12.2.24
 deprecated: false
 description: ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP).
 home: https://truecharts.org/charts/dependency/clickhouse
@@ -23,7 +23,7 @@ sources:
   - https://hub.docker.com/r/clickhouse/clickhouse-server
   - https://clickhouse.com/
 type: application
-version: 4.0.0
+version: 4.0.9
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/clickhouse/ci/basic-values.yaml

@@ -0,0 +1 @@
+clickhousePassword: "testpassword"

charts/dependency/clickhouse/questions.yaml

@@ -123,7 +123,7 @@ questions:
                 description: "The group that should own ALL storage."
                 schema:
                   type: int
-                  default: 568568
+                  default: 568
 
 # Include{resources}
 # Include{advanced}

charts/dependency/clickhouse/values.yaml

@@ -17,7 +17,8 @@ workload:
             CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: "{{ .Values.clickhouseDefaultAccessManagement }}"
             CLICKHOUSE_PASSWORD:
               secretKeyRef:
-                name: "credentials"
+                expandObjectName: "{{ if .Values.clickhousePassword }}true{{ else }}false{{ end }}"
+                name: '{{ if .Values.clickhousePassword }}credentials{{ else if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ printf "%s-%s" .Release.Name "clickhousecreds" }}{{ end }}'
                 key: "clickhouse-password"
 
           probes:
@@ -59,8 +60,11 @@ volumeClaimTemplates:
 
 clickhouseDatabase: "test"
 clickhouseUsername: "test"
-clickhousePassword: "testpass"
 clickhouseDefaultAccessManagement: 0
+
+# -- Secret or password
+# One of these options is required, unless used as a dependency for another TrueCharts chart.
+clickhousePassword: ""
 existingSecret: ""
 
 secret:

charts/dependency/mariadb/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "10.11.2"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.2.1
+    version: 12.2.24
 deprecated: false
 description: Fast, reliable, scalable, and easy to use open-source relational database system.
 home: https://truecharts.org/charts/dependency/mariadb
@@ -26,7 +26,7 @@ sources:
   - https://github.com/prometheus/mysqld_exporter
   - https://mariadb.org
 type: application
-version: 6.0.0
+version: 6.0.9
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/mariadb/ci/basic-values.yaml

@@ -0,0 +1 @@
+mariadbPassword: "testpassword"

charts/dependency/mariadb/questions.yaml

@@ -101,7 +101,7 @@ questions:
                 description: "The group that should own ALL storage."
                 schema:
                   type: int
-                  default: 568568
+                  default: 568
 
 # Include{resources}
 # Include{advanced}

charts/dependency/mariadb/values.yaml

@@ -14,67 +14,38 @@ workload:
           env:
             MARIADB_PASSWORD:
               secretKeyRef:
-                name: "credentials"
+                expandObjectName: "{{ if .Values.mariadbPassword }}true{{ else }}false{{ end }}"
+                name: '{{ if .Values.mariadbPassword }}credentials{{ else if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ printf "%s-%s" .Release.Name "mariadbcreds" }}{{ end }}'
                 key: "mariadb-password"
             MARIADB_ROOT_PASSWORD:
               secretKeyRef:
-                name: "credentials"
+                expandObjectName: "{{ if .Values.mariadbPassword }}true{{ else }}false{{ end }}"
+                name: '{{ if .Values.mariadbPassword }}credentials{{ else if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ printf "%s-%s" .Release.Name "mariadbcreds" }}{{ end }}'
                 key: "mariadb-root-password"
             MARIADB_USER: "{{ .Values.mariadbUsername }}"
             MARIADB_DATABASE: "{{ .Values.mariadbDatabase }}"
-
-          # -- Probe configuration
-          # -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-          # @default -- See below
           probes:
-            # -- Liveness probe configuration
-            # @default -- See below
             liveness:
-              # -- Enable the liveness probe
               enabled: true
-              # -- Set this to `true` if you wish to specify your own livenessProbe
-              custom: true
-              # -- The spec field contains the values for the default livenessProbe.
-              # If you selected `custom: true`, this field holds the definition of the livenessProbe.
-              # @default -- See below
-              spec:
-                exec:
-                  command:
-                    - /bin/bash
-                    - -ec
-                    - "until /opt/bitnami/scripts/mariadb/healthcheck.sh; do sleep 2; done"
-
-            # -- Redainess probe configuration
-            # @default -- See below
+              type: exec
+              command:
+                - /bin/bash
+                - -ec
+                - "until /opt/bitnami/scripts/mariadb/healthcheck.sh; do sleep 2; done"
             readiness:
-              # -- Enable the readiness probe
               enabled: true
-              # -- Set this to `true` if you wish to specify your own readinessProbe
-              custom: true
-              # -- The spec field contains the values for the default readinessProbe.
-              # If you selected `custom: true`, this field holds the definition of the readinessProbe.
-              # @default -- See below
-              spec:
-                exec:
-                  command:
-                    - /bin/bash
-                    - -ec
-                    - "until /opt/bitnami/scripts/mariadb/healthcheck.sh; do sleep 2; done"
-            # -- Startup probe configuration
-            # @default -- See below
+              type: exec
+              command:
+                - /bin/bash
+                - -ec
+                - "until /opt/bitnami/scripts/mariadb/healthcheck.sh; do sleep 2; done"
             startup:
-              # -- Enable the startup probe
               enabled: true
-              custom: true
-              # -- The spec field contains the values for the default livenessProbe.
-              # If you selected `custom: true`, this field holds the definition of the livenessProbe.
-              # @default -- See below
-              spec:
-                exec:
-                  command:
-                    - /bin/bash
-                    - -ec
-                    - "until /opt/bitnami/scripts/mariadb/healthcheck.sh; do sleep 2; done"
+              type: exec
+              command:
+                - /bin/bash
+                - -ec
+                - "until /opt/bitnami/scripts/mariadb/healthcheck.sh; do sleep 2; done"
 
 service:
   main:
@@ -100,10 +71,13 @@ volumeClaimTemplates:
     enabled: true
     mountPath: "/bitnami/mariadb"
 
-mariadbPassword: "testpass"
 mariadbUsername: "test"
 mariadbDatabase: "test"
 mariadbRootPassword: "testroot"
+
+# -- Secret or password
+# One of these options is required, unless used as a dependency for another TrueCharts chart.
+mariadbPassword: ""
 existingSecret: ""
 
 portal:

charts/dependency/memcached/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.6.18"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.2.1
+    version: 12.2.24
 deprecated: false
 description: Memcached is a memory-backed database caching solution
 home: https://truecharts.org/charts/dependency/memcached
@@ -24,7 +24,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-memcached
   - http://memcached.org/
 type: application
-version: 6.0.0
+version: 6.0.9
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/memcached/questions.yaml

@@ -59,7 +59,7 @@ questions:
                 description: "The group that should own ALL storage."
                 schema:
                   type: int
-                  default: 568568
+                  default: 568
 
 # Include{resources}
 # Include{advanced}

charts/dependency/memcached/values.yaml

@@ -8,6 +8,7 @@ service:
     ports:
       main:
         port: 11211
+        protocol: tcp
         targetPort: 11211
 
 portal:

charts/dependency/mongodb/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "6.0.4"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.2.1
+    version: 12.2.24
 deprecated: false
 description: Fast, reliable, scalable, and easy to use open-source no-sql database system.
 home: https://truecharts.org/charts/dependency/mongodb
@@ -24,7 +24,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-mongodb
   - https://www.mongodb.com
 type: application
-version: 5.0.0
+version: 5.0.9
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/mongodb/ci/basic-values.yaml

@@ -0,0 +1 @@
+mongodbPassword: "testpassword"

charts/dependency/mongodb/questions.yaml

@@ -101,7 +101,7 @@ questions:
                 description: "The group that should own ALL storage."
                 schema:
                   type: int
-                  default: 568568
+                  default: 568
 
 # Include{resources}
 # Include{advanced}

charts/dependency/mongodb/values.yaml

@@ -16,11 +16,13 @@ workload:
             MONGODB_DATABASE: "{{ .Values.mongodbDatabase }}"
             MONGODB_PASSWORD:
               secretKeyRef:
-                name: "credentials"
+                expandObjectName: "{{ if .Values.mongodbPassword }}true{{ else }}false{{ end }}"
+                name: '{{ if .Values.mongodbPassword }}credentials{{ else if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ printf "%s-%s" .Release.Name "mongodbcreds" }}{{ end }}'
                 key: "mongodb-password"
             MONGODB_ROOT_PASSWORD:
               secretKeyRef:
-                name: "credentials"
+                expandObjectName: "{{ if .Values.mongodbPassword }}true{{ else }}false{{ end }}"
+                name: '{{ if .Values.mongodbPassword }}credentials{{ else if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ printf "%s-%s" .Release.Name "mongodbcreds" }}{{ end }}'
                 key: "mongodb-root-password"
           # -- Probe configuration
           # -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
@@ -93,10 +95,13 @@ volumeClaimTemplates:
     enabled: true
     mountPath: "/bitnami/mongodb"
 
-mongodbPassword: "testpass"
 mongodbUsername: "test"
 mongodbDatabase: "test"
 mongodbRootPassword: "testroot"
+
+# -- Secret or password
+# One of these options is required, unless used as a dependency for another TrueCharts chart.
+mongodbPassword: ""
 existingSecret: ""
 
 secret:

charts/dependency/redis/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "7.0.8"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.2.1
+    version: 12.2.24
 deprecated: false
 description: Open source, advanced key-value store.
 home: https://truecharts.org/charts/dependency/redis
@@ -24,7 +24,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-redis
   - http://redis.io/
 type: application
-version: 6.0.1
+version: 6.0.14
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/redis/ci/basic-values.yaml

@@ -0,0 +1 @@
+redisPassword: "testpassword"

charts/dependency/redis/questions.yaml

@@ -80,7 +80,7 @@ questions:
                 description: "The group that should own ALL storage."
                 schema:
                   type: int
-                  default: 568568
+                  default: 568
 
 # Include{resources}
 # Include{advanced}

charts/dependency/redis/values.yaml

@@ -17,60 +17,34 @@ workload:
             REDIS_PORT: "{{ .Values.service.main.ports.main.targetPort }}"
             REDIS_PASSWORD:
               secretKeyRef:
-                name: "credentials"
+                expandObjectName: "{{ if .Values.redisPassword }}true{{ else }}false{{ end }}"
+                name: '{{ if .Values.redisPassword }}credentials{{ else if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ printf "%s-%s" .Release.Name "rediscreds" }}{{ end }}'
                 key: "redis-password"
-          # -- Probe configuration
-          # -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-          # @default -- See below
           probes:
-            # -- Liveness probe configuration
-            # @default -- See below
             liveness:
-              # -- Enable the liveness probe
               enabled: true
-              # -- Set this to `true` if you wish to specify your own livenessProbe
-              custom: true
-              # -- The spec field contains the values for the default livenessProbe.
-              # If you selected `custom: true`, this field holds the definition of the livenessProbe.
-              # @default -- See below
-              spec:
-                exec:
-                  command:
-                    - sh
-                    - -c
-                    - /health/ping_liveness_local.sh 2
-
-            # -- Redainess probe configuration
-            # @default -- See below
+              type: exec
+              command:
+                - sh
+                - -c
+                - /health/ping_liveness_local.sh 2
             readiness:
-              # -- Enable the readiness probe
               enabled: true
-              # -- Set this to `true` if you wish to specify your own readinessProbe
-              custom: true
-              # -- The spec field contains the values for the default readinessProbe.
-              # If you selected `custom: true`, this field holds the definition of the readinessProbe.
-              # @default -- See below
-              spec:
-                exec:
-                  command:
-                    - sh
-                    - -c
-                    - /health/ping_readiness_local.sh 2
+              type: exec
+              command:
+                - sh
+                - -c
+                - /health/ping_readiness_local.sh 2
             # -- Startup probe configuration
             # @default -- See below
             startup:
               # -- Enable the startup probe
               enabled: true
-              custom: true
-              # -- The spec field contains the values for the default livenessProbe.
-              # If you selected `custom: true`, this field holds the definition of the livenessProbe.
-              # @default -- See below
-              spec:
-                exec:
-                  command:
-                    - sh
-                    - -c
-                    - /health/ping_readiness_local.sh 2
+              type: exec
+              command:
+                - sh
+                - -c
+                - /health/ping_readiness_local.sh 2
 
 securityContext:
   container:
@@ -156,7 +130,9 @@ secret:
     data:
       redis-password: '{{ ( .Values.redisPassword | default "nothing" ) }}'
 
-redisPassword: "testpass"
+# -- Secret or password
+# One of these options is required, unless used as a dependency for another TrueCharts chart.
+redisPassword: ""
 existingSecret: ""
 
 service:

charts/dependency/solr/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "9.1.1"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.2.1
+    version: 12.2.24
 deprecated: false
 description: Apache Solr
 home: https://truecharts.org/charts/dependency/solr
@@ -23,7 +23,7 @@ sources:
   - https://hub.docker.com/r/bitnami/solr
   - https://github.com/apache/solr
 type: application
-version: 2.0.31
+version: 3.0.7
 annotations:
   truecharts.org/catagories: |
     - search

charts/dependency/solr/ci/basic-values.yaml

@@ -0,0 +1 @@
+solrPassword: "testpassword"

charts/dependency/solr/questions.yaml

@@ -103,7 +103,7 @@ questions:
                 description: "The group that should own ALL storage."
                 schema:
                   type: int
-                  default: 568568
+                  default: 568
 
 # Include{resources}
 # Include{advanced}

charts/dependency/solr/values.yaml

@@ -18,7 +18,8 @@ workload:
             SOLR_OPTS: "{{ .Values.solrOpts }}"
             SOLR_ADMIN_PASSWORD:
               secretKeyRef:
-                name: "credentials"
+                expandObjectName: "{{ if .Values.solrPassword }}true{{ else }}false{{ end }}"
+                name: '{{ if .Values.solrPassword }}credentials{{ else if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ printf "%s-%s" .Release.Name "solrcreds" }}{{ end }}'
                 key: "solr-password"
 
           # -- Probe configuration
@@ -112,10 +113,13 @@ volumeClaimTemplates:
 solrCores: "testcore"
 solrEnableAuthentication: "yes"
 solrUsername: "test"
-solrPassword: "testpass"
 # Used to pass a comma separated list of optional options like '-XX:G1HeapRegionSize=8m'
 solrOpts: ""
+
+# -- Secret or password
+# One of these options is required, unless used as a dependency for another TrueCharts chart.
 existingSecret: ""
+solrPassword: ""
 
 secret:
   credentials:

charts/dependency/subchart/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "jammy"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.2.1
+    version: 12.2.24
 deprecated: false
 description: This is only used as a subchart.
 home: https://truecharts.org/charts/dependency/subchart
@@ -19,7 +19,7 @@ name: subchart
 sources:
   - https://github.com/truecharts/charts/tree/master/charts/dependency/subchart
 type: application
-version: 4.0.0
+version: 4.0.9
 annotations:
   truecharts.org/catagories: |
     - subchart

charts/dev/testapp/questions.yaml

@@ -4,7 +4,8 @@ portals:
 # Include{portalLink}
 questions:
 # Include{global}
-# Include{workload}\n# Include{workloadDeployment}
+# Include{workload}
+# Include{workloadDeployment}
 # Include{replicas1}
 # Include{podSpec}
 # Include{containerMain}

charts/enterprise/authelia/Chart.yaml

@@ -3,18 +3,14 @@ appVersion: "4.37.5"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
-  - condition: postgresql.enabled
-    name: postgresql
-    repository: https://deps.truecharts.org/
-    version: 11.0.31
+    version: 12.2.24
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 5.0.33
+    version: 6.0.14
 deprecated: false
 description: Authelia is a Single Sign-On Multi-Factor portal for web apps
-home: https://truecharts.org/charts/stable/authelia
+home: https://truecharts.org/charts/enterprise/authelia
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png
 keywords:
   - authelia
@@ -35,12 +31,12 @@ maintainers:
     url: https://truecharts.org
 name: authelia
 sources:
-  - https://github.com/truecharts/charts/tree/master/charts/stable/authelia
-  - https://ghcr.io/authelia/authelia
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/authelia
+  - https://ghcr.io/authelia/authelia ghcr.io/authelia/authelia
   - https://github.com/authelia/chartrepo
   - https://github.com/authelia/authelia
 type: application
-version: 14.0.29
+version: 15.0.8
 annotations:
   truecharts.org/catagories: |
     - security

charts/enterprise/authelia/LICENSE

@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor:             The TrueCharts Project, it's owner and it's contributors
+Licensed Work:        The TrueCharts "Cert-Manager" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+                      as it is directly sourced from a TrueCharts provided
+                      official repository, catalog or source. You may also make private
+                      modification to the directly sourced licenced work,
+                      when used in production.
+
+                      The following cases are, due to their nature, also
+                      defined as 'production use' and explicitly prohibited:
+                      - Bundling, including or displaying the licensed work
+                      with(in) another work intended for production use,
+                      with the apparent intend of facilitating and/or
+                      promoting production use by third parties in
+                      violation of this license.
+
+Change Date:          2050-01-01
+
+Change License:       3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+   or a license that is compatible with GPL Version 2.0 or a later version,
+   where “compatible” means that software provided under the Change License can
+   be included in a program with software provided under GPL Version 2.0 or a
+   later version. Licensor may specify additional Change Licenses without
+   limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+   impose any additional restriction on the right granted in this License, as
+   the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.

charts/enterprise/authelia/README.md

@@ -5,7 +5,7 @@
 TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
 However only installations using the TrueNAS SCALE Apps system are supported.
 
-For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/dependency/)
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
 
 **This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
 

charts/enterprise/authelia/questions.yaml

@@ -6,13 +6,11 @@ questions:
 # Include{global}
 # Include{workload}
 # Include{workloadDeployment}
-
 # Include{replicas1}
 # Include{podSpec}
 # Include{containerMain}
 # Include{containerBasic}
 # Include{containerAdvanced}
-
 # Include{containerConfig}
   - variable: domain
     group: "App Configuration"
@@ -171,7 +169,7 @@ questions:
             type: string
             default: "5m"
             required: true
-        - variable: inactivity
+        - variable: remember_me_duration
           label: "Remember-Me duration"
           description: "The remember me duration"
           schema:
@@ -769,36 +767,29 @@ questions:
 # Include{ingressTraefik}
 # Include{ingressList}
 # Include{securityContextRoot}
-
               - variable: runAsUser
                 label: "runAsUser"
                 description: "The UserID of the user running the application"
                 schema:
                   type: int
                   default: 568
-        - variable: runAsGroup
-          label: "runAsGroup"
-          description: "The groupID this App of the user running the application"
-          schema:
-            type: int
-            default: 568
+              - variable: runAsGroup
+                label: "runAsGroup"
+                description: "The groupID of the user running the application"
+                schema:
+                  type: int
+                  default: 568
 # Include{securityContextContainer}
 # Include{securityContextAdvanced}
 # Include{securityContextPod}
-             - variable: fsGroup
+              - variable: fsGroup
                 label: "fsGroup"
                 description: "The group that should own ALL storage."
                 schema:
                   type: int
                   default: 568
-
 # Include{resources}
 # Include{advanced}
-# Include{addons}
-# Include{codeserver}
-# Include{netshoot}
-# Include{vpn}
-# Include{documentation}
   - variable: identity_providers
     group: "Advanced"
     label: "Authelia Identity Providers (BETA)"
@@ -1000,3 +991,10 @@ questions:
                                           type: string
                                           default: "form_post"
                                           required: true
+# Include{postgresql}
+# Include{postgresqlBasics}
+# Include{addons}
+# Include{codeserver}
+# Include{vpn}
+# Include{netshoot}
+# Include{documentation}

charts/enterprise/authelia/templates/_configmap.tpl

@@ -1,10 +1,6 @@
 {{/* Define the configmap */}}
-{{- define "authelia.configmap" -}}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: authelia-paths
+{{- define "authelia.configmap.paths" -}}
+enabled: true
 data:
   AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true"
   AUTHELIA_JWT_SECRET_FILE: "/secrets/JWT_TOKEN"
@@ -29,12 +25,10 @@ data:
   AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: "/secrets/OIDC_PRIVATE_KEY"
   {{- end }}
 
----
+{{- end -}}
 
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: authelia-configfile
+{{- define "authelia.configmap.configfile" -}}
+enabled: true
 data:
   configuration.yaml: |
     ---
@@ -46,8 +40,9 @@ data:
       {{- if not (eq "" (default "" .Values.server.path)) }}
       path: {{ .Values.server.path }}
       {{- end }}
-      read_buffer_size: {{ default 4096 .Values.server.read_buffer_size }}
-      write_buffer_size: {{ default 4096 .Values.server.write_buffer_size }}
+      buffers:
+        write: {{ default 4096 .Values.server.write_buffer_size }}
+        read: {{ default 4096 .Values.server.read_buffer_size }}
       enable_pprof: {{ default false .Values.server.enable_pprof }}
       enable_expvars: {{ default false .Values.server.enable_expvars }}
     log:
@@ -68,7 +63,8 @@ data:
     {{- end }}
     {{- with $auth := .Values.authentication_backend }}
     authentication_backend:
-      disable_reset_password: {{ $auth.disable_reset_password }}
+      password_reset:
+        disable: {{ $auth.disable_reset_password }}
     {{- if $auth.file.enabled }}
       file:
         path: {{ $auth.file.path }}
@@ -126,7 +122,7 @@ data:
       remember_me_duration: {{ default "1M" $session.remember_me_duration }}
     {{- end }}
       redis:
-        host: {{ .Values.redis.url.plain }}
+        host: {{ .Values.redis.creds.plain }}
       {{- with $redis := .Values.redisProvider }}
         port: {{ default 6379 $redis.port }}
         {{- if not (eq $redis.username "") }}
@@ -153,13 +149,14 @@ data:
     regulation: {{ toYaml .Values.regulation | nindent 6 }}
     storage:
       postgres:
-        host: {{ printf "%v-%v" .Release.Name "postgresql" }}
+        host: {{ $.Values.cnpg.main.creds.host }}
     {{- with $storage := .Values.storage }}
         port: {{ default 5432 $storage.postgres.port }}
         database: {{ default "authelia" $storage.postgres.database }}
         username: {{ default "authelia" $storage.postgres.username }}
         timeout: {{ default "5s" $storage.postgres.timeout }}
-        sslmode: {{ default "disable" $storage.postgres.sslmode }}
+        ssl:
+          mode: {{ default "disable" $storage.postgres.sslmode }}
     {{- end }}
     {{- with $notifier := .Values.notifier }}
     notifier:

charts/enterprise/authelia/templates/_secrets.tpl

@@ -1,67 +1,56 @@
 {{/* Define the secrets */}}
 {{- define "authelia.secrets" -}}
----
-
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: authelia-secrets
-{{- $autheliaprevious := lookup "v1" "Secret" .Release.Namespace "authelia-secrets" }}
+{{- $basename := include "tc.v1.common.lib.chart.names.fullname" $ -}}
+{{- $fetchname := printf "%s-authelia-secrets" $basename -}}
+{{- $autheliaprevious := lookup "v1" "Secret" .Release.Namespace $fetchname }}
 {{- $oidckey := "" }}
 {{- $oidcsecret := "" }}
 {{- $jwtsecret := "" }}
 {{- $sessionsecret := "" }}
 {{- $encryptionkey := "" }}
+enabled: true
 data:
   {{- if $autheliaprevious }}
-  SESSION_ENCRYPTION_KEY: {{ index $autheliaprevious.data "SESSION_ENCRYPTION_KEY"  }}
-  JWT_TOKEN: {{ index $autheliaprevious.data "JWT_TOKEN"  }}
-  {{- if ( hasKey $autheliaprevious.data "ENCRYPTION_KEY" ) }}
-  ENCRYPTION_KEY: {{ index $autheliaprevious.data "ENCRYPTION_KEY"  }}
-  {{- else }}
-  {{- $encryptionkey := randAlphaNum 100 }}
-  ENCRYPTION_KEY: {{ $encryptionkey | b64enc }}
-  {{- end }}
+  SESSION_ENCRYPTION_KEY: {{ index $autheliaprevious.data "SESSION_ENCRYPTION_KEY" | b64dec  }}
+  JWT_TOKEN: {{ index $autheliaprevious.data "JWT_TOKEN" | b64dec }}
+  ENCRYPTION_KEY: {{ index $autheliaprevious.data "ENCRYPTION_KEY" | b64dec }}
   {{- else }}
   {{- $jwtsecret := randAlphaNum 50 }}
   {{- $sessionsecret := randAlphaNum 50 }}
   {{- $encryptionkey := randAlphaNum 100 }}
-  SESSION_ENCRYPTION_KEY: {{ $sessionsecret | b64enc }}
-  JWT_TOKEN: {{ $jwtsecret | b64enc}}
-  ENCRYPTION_KEY: {{ $encryptionkey | b64enc }}
+  SESSION_ENCRYPTION_KEY: {{ $sessionsecret }}
+  JWT_TOKEN: {{ $jwtsecret}}
+  ENCRYPTION_KEY: {{ $encryptionkey }}
   {{- end }}
 
   {{- if .Values.authentication_backend.ldap.enabled }}
-  LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | b64enc | quote }}
+  LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }}
   {{- end }}
 
   {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }}
-  SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | b64enc | quote }}
+  SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }}
   {{- end }}
 
   {{- if .Values.duo_api.enabled }}
-  DUO_API_KEY: {{ .Values.duo_api.plain_api_key | b64enc }}
+  DUO_API_KEY: {{ .Values.duo_api.plain_api_key }}
   {{- end }}
 
-  STORAGE_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }}
+  STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }}
 
-  REDIS_PASSWORD: {{ .Values.redis.redisPassword | trimAll "\"" | b64enc }}
+  REDIS_PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }}
   {{- if .Values.redisProvider.high_availability.enabled}}
-  REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" | b64enc }}
+  REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" }}
   {{- end }}
 
   {{- if $autheliaprevious }}
   {{- if and ( hasKey $autheliaprevious.data "OIDC_PRIVATE_KEY" ) ( hasKey $autheliaprevious.data "OIDC_HMAC_SECRET" ) }}
-  OIDC_PRIVATE_KEY: {{ index $autheliaprevious.data "OIDC_PRIVATE_KEY"  }}
-  OIDC_HMAC_SECRET: {{ index $autheliaprevious.data "OIDC_HMAC_SECRET" }}
+  OIDC_PRIVATE_KEY: {{ index $autheliaprevious.data "OIDC_PRIVATE_KEY" | b64dec  }}
+  OIDC_HMAC_SECRET: {{ index $autheliaprevious.data "OIDC_HMAC_SECRET" | b64dec  }}
   {{- else }}
   {{- $oidckey := genPrivateKey "rsa"   }}
   {{- $oidcsecret := randAlphaNum 32 }}
-  OIDC_PRIVATE_KEY: {{ $oidckey | b64enc }}
-  OIDC_HMAC_SECRET: {{ $oidcsecret | b64enc }}
+  OIDC_PRIVATE_KEY: {{ $oidckey }}
+  OIDC_HMAC_SECRET: {{ $oidcsecret }}
   {{- end }}
   {{- end }}
-
-
 {{- end -}}

charts/enterprise/authelia/templates/common.yaml

@@ -0,0 +1,77 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{/* Render configmap for authelia */}}
+{{- $configmapPaths := include "authelia.configmap.paths" . | fromYaml -}}
+{{- if $configmapPaths -}}
+  {{- $_ := set .Values.configmap "authelia-paths" $configmapPaths -}}
+{{- end -}}
+
+{{- $configmapFile := include "authelia.configmap.configfile" . | fromYaml -}}
+{{- if $configmapFile -}}
+  {{- $_ := set .Values.configmap "authelia-configfile" $configmapFile -}}
+{{- end -}}
+
+{{/* Render secrets for authelia */}}
+{{- $secret := include "authelia.secrets" . | fromYaml -}}
+{{- if $secret -}}
+  {{- $_ := set .Values.secret "authelia-secrets" $secret -}}
+{{- end -}}
+
+{{/* Append the general configMap volume to the volumes */}}
+{{- define "authelia.configmapVolume" -}}
+enabled: true
+mountPath: /configuration.yaml
+subPath: configuration.yaml
+readOnly: true
+type: "configmap"
+objectName: authelia-configfile
+{{- end -}}
+
+{{/* Append the general secret volumes to the volumes */}}
+{{- define "authelia.secretVolumes" -}}
+enabled: true
+mountPath: "/secrets"
+readOnly: true
+type: "secret"
+objectName: authelia-secrets
+items:
+  - key: "JWT_TOKEN"
+    path: JWT_TOKEN
+  - key: "SESSION_ENCRYPTION_KEY"
+    path: SESSION_ENCRYPTION_KEY
+  - key: "ENCRYPTION_KEY"
+    path: ENCRYPTION_KEY
+  - key: "STORAGE_PASSWORD"
+    path: STORAGE_PASSWORD
+    {{- if .Values.authentication_backend.ldap.enabled }}
+  - key: "LDAP_PASSWORD"
+    path: LDAP_PASSWORD
+    {{- end }}
+    {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }}
+  - key: "SMTP_PASSWORD"
+    path: SMTP_PASSWORD
+    {{- end }}
+  - key: "REDIS_PASSWORD"
+    path: REDIS_PASSWORD
+    {{- if .Values.redisProvider.high_availability.enabled}}
+  - key: "REDIS_SENTINEL_PASSWORD"
+    path: REDIS_SENTINEL_PASSWORD
+    {{- end }}
+    {{- if .Values.duo_api.enabled }}
+  - key: "DUO_API_KEY"
+    path: DUO_API_KEY
+    {{- end }}
+    {{- if .Values.identity_providers.oidc.enabled }}
+  - key: "OIDC_PRIVATE_KEY"
+    path: OIDC_PRIVATE_KEY
+  - key: "OIDC_HMAC_SECRET"
+    path: OIDC_HMAC_SECRET
+    {{- end }}
+{{- end -}}
+
+{{- $_ := set .Values.persistence "authelia-configfile" (include "authelia.configmapVolume" . | fromYaml) -}}
+{{- $_ := set .Values.persistence "authelia-secrets" (include "authelia.secretVolumes" . | fromYaml) -}}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}

charts/enterprise/authelia/values.yaml

@@ -3,10 +3,28 @@ image:
   pullPolicy: IfNotPresent
   tag: 4.37.5@sha256:76a4617539534cec140fd98a12f721b878524f2df3a3653f3df8ff2b7eaab586
 
-command: ["authelia"]
-args: ["--config=/configuration.yaml"]
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          command: ["authelia"]
+          args: ["--config=/configuration.yaml"]
+          envFrom:
+            - configMapRef:
+                name: authelia-paths
+          probes:
+            liveness:
+              type: http
+              path: /api/health"
 
-enableServiceLinks: false
+            readiness:
+              type: http
+              path: "/api/health"
+
+            startup:
+              type: http
+              path: "/api/health"
 
 service:
   main:
@@ -19,45 +37,17 @@ persistence:
   config:
     enabled: true
     mountPath: "/config"
-# Enabled postgres
-postgresql:
-  enabled: true
-  existingSecret: "dbcreds"
-  postgresqlUsername: authelia
-  postgresqlDatabase: authelia
+
+cnpg:
+  main:
+    enabled: true
+    user: authelia
+    database: authelia
 
 # Enabled redis
 # ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
 redis:
   enabled: true
-  existingSecret: "rediscreds"
-
-resources:
-  limits: {}
-  # limits:
-  #   cpu: "4.00"
-  #   memory: 125Mi
-  requests: {}
-  # requests:
-  #   cpu: "0.25"
-  #   memory: 50Mi
-
-envFrom:
-  - configMapRef:
-      name: authelia-paths
-
-# probes:
-#   liveness:
-#     type: HTTP
-#     path: /api/health"
-
-#   readiness:
-#     type: HTTP
-#     path: "/api/health"
-
-#   startup:
-#     type: HTTP
-#     path: "/api/health"
 
 domain: example.com
 
@@ -625,4 +615,5 @@ identity_providers:
     # userinfo_signing_algorithm: none
 
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/enterprise/blocky/Chart.yaml

@@ -1,13 +1,13 @@
 apiVersion: v2
-appVersion: "0.19"
+appVersion: "0.20.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.24
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 5.0.33
+    version: 6.0.14
 description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go
 home: https://truecharts.org/charts/enterprise/blocky
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png
@@ -26,7 +26,7 @@ sources:
   - https://0xerr0r.github.io/blocky/
   - https://github.com/0xERR0R/blocky
   - https://github.com/Mozart409/blocky-frontend
-version: 4.0.24
+version: 5.0.9
 annotations:
   truecharts.org/catagories: |
     - network

charts/enterprise/blocky/ci/postgresql-values.yaml

@@ -0,0 +1,3 @@
+queryLog:
+  # optional one of: mysql, postgresql, csv, csv-client. If empty, log to console
+  type: "postgresql"

charts/enterprise/blocky/questions.yaml

@@ -547,6 +547,48 @@ questions:
                 schema:
                   type: string
                   default: 30m
+  - variable: queryLog
+    group: App Configuration
+    label: Query Logging configuration
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: type
+          label: Type
+          schema:
+            type: string
+            default: ""
+            enum:
+              - value: ""
+                description: Console
+              - value: postgresql
+                description: postgresql
+              - value: csv
+                description: csv
+              - value: csv-client
+                description: csv-client
+        - variable: target
+          label: Target
+          schema:
+            type: string
+            show_if: [["type", "!=", "postgresql"]]
+            default: "/var/log/something"
+        - variable: logRetentionDays
+          label: Log Retention Days
+          schema:
+            type: int
+            default: 0
+        - variable: creationAttempts
+          label: Creation Attempts
+          schema:
+            type: int
+            default: 3
+        - variable: creationCooldown
+          label: Creation Cooldown
+          schema:
+            type: string
+            default: 2s
   - variable: k8sgateway
     group: App Configuration
     label: k8s-Gateway Configuration
@@ -661,7 +703,7 @@ questions:
                             description: This port exposes the container port on the service
                             schema:
                               type: int
-                              default: 10315
+                              default: 4000
                               required: true
         - variable: dnstcp
           label: DNS TCP Service
@@ -729,28 +771,6 @@ questions:
                               type: int
                               default: 853
                               required: true
-        - variable: http
-          label: HTTP and Metrics Service
-          description: "service for things like metrics, pprof, API, DoH etc"
-          schema:
-            additional_attrs: true
-            type: dict
-            attrs:
-# Include{serviceSelectorClusterIP}
-# Include{serviceSelectorExtras}
-                    - variable: http
-                      label: HTTP and Metrics Port Configuration
-                      schema:
-                        additional_attrs: true
-                        type: dict
-                        attrs:
-                          - variable: port
-                            label: Port
-                            description: This port exposes the container port on the service
-                            schema:
-                              type: int
-                              default: 4000
-                              required: true
 # Include{serviceExpertRoot}
             default: false
 # Include{serviceExpert}
@@ -768,31 +788,30 @@ questions:
 # Include{ingressTraefik}
 # Include{ingressList}
 # Include{securityContextRoot}
-
-        - variable: runAsUser
-          label: runAsUser
-          description: The UserID of the user running the application
-          schema:
-            type: int
-            default: 568
-        - variable: runAsGroup
-          label: runAsGroup
-          description: The groupID this App of the user running the application
-          schema:
-            type: int
-            default: 568
+              - variable: runAsUser
+                label: "runAsUser"
+                description: "The UserID of the user running the application"
+                schema:
+                  type: int
+                  default: 568
+              - variable: runAsGroup
+                label: "runAsGroup"
+                description: "The groupID of the user running the application"
+                schema:
+                  type: int
+                  default: 568
 # Include{securityContextContainer}
 # Include{securityContextAdvanced}
 # Include{securityContextPod}
-        - variable: fsGroup
-          label: fsGroup
-          description: The group that should own ALL storage.
-          schema:
-            type: int
-            default: 568
-
+              - variable: fsGroup
+                label: "fsGroup"
+                description: "The group that should own ALL storage."
+                schema:
+                  type: int
+                  default: 568
 # Include{resources}
 # Include{metrics}
+# Include{prometheusRule}
 # Include{advanced}
 # Include{addons}
 # Include{codeserver}

charts/enterprise/blocky/templates/_blockyConfig.tpl

@@ -1,14 +1,7 @@
 {{/* Define the config */}}
 {{- define "blocky.configmap" -}}
-{{- $configName := printf "%s-config" (include "tc.common.names.fullname" .) }}
-{{- $config := merge ( include "blocky.config" . | fromYaml ) ( .Values.blockyConfig ) }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $configName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
+{{- $config := mustMerge ( include "blocky.config" . | fromYaml ) ( .Values.blockyConfig ) }}
+enabled: true
 data:
   config.yml: |
 {{ $config | toYaml | indent 4 }}
@@ -17,7 +10,7 @@ data:
 {{- define "blocky.config" -}}
 redis:
   address: {{ printf "%v-%v" .Release.Name "redis" }}:6379
-  password: {{ .Values.redis.redisPassword | trimAll "\"" }}
+  password: {{ .Values.redis.creds.redisPassword | trimAll "\"" }}
   database: 0
   required: true
   connectionAttempts: 10
@@ -25,6 +18,23 @@ redis:
 prometheus:
   enable: true
   path: /metrics
+queryLog:
+  # optional one of: postgresql, csv, csv-client. If empty, log to console
+  type: {{ .Values.queryLog.type }}
+  # directory (should be mounted as volume in docker) for csv, db connection string for mysql/postgresql
+  #postgresql target: postgres://user:password@db_host_or_ip:5432/db_name
+  {{- if eq .Values.queryLog.type "postgresql" }}
+  target: {{ .Values.cnpg.main.creds.std }}
+  {{- else }}
+  target: {{ .Values.queryLog.target }}
+  {{- end }}
+  # if > 0, deletes log files which are older than ... days
+  logRetentionDays: {{ .Values.queryLog.logRetentionDays | default 0 }}
+  # optional: Max attempts to create specific query log writer
+  creationAttempts: {{ .Values.queryLog.creationAttempts | default 3 }}
+  # optional: Time between the creation attempts
+  creationCooldown: {{ .Values.queryLog.creationAttempts | default "2s" }}
+
 upstream:
   default:
 {{- .Values.defaultUpstreams | toYaml | nindent 8 }}
@@ -41,14 +51,15 @@ port: {{ .Values.service.dnsudp.ports.dnsudp.targetPort }}
 tlsPort: {{ .Values.service.dot.ports.dot.targetPort }}
 {{- end }}
 
-{{- if .Values.service.http.enabled }}
-httpPort: {{ .Values.service.http.ports.http.targetPort }}
+{{- if .Values.service.main.enabled }}
+httpPort: {{ .Values.service.main.ports.main.targetPort }}
 {{- end }}
 
 {{- if .Values.service.https.enabled }}
 httpsPort: {{ .Values.service.https.ports.https.targetPort }}
 {{- end }}
 
+
 {{- if .Values.certFile }}
 certFile: {{ .Values.certFile }}
 {{- end }}

charts/enterprise/blocky/templates/_k8sgateway.tpl

@@ -1,42 +1,24 @@
 {{- define "k8sgateway.container" -}}
-image: {{ .Values.k8sgatewayImage.repository }}:{{ .Values.k8sgatewayImage.tag }}
-imagePullPolicy: {{ .Values.k8sgatewayImage.pullPolicy }}
+enabled: true
+imageSelector: k8sgatewayImage
 securityContext:
   runAsUser: 0
   runAsGroup: 0
   readOnlyRootFilesystem: true
-  runAsNonRoot: false
 args: ["-conf", "/etc/coredns/Corefile"]
-ports:
-  - containerPort: {{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }}
-    name: main
-volumeMounts:
-  - name: config-volume
-    mountPath: /etc/coredns
-readinessProbe:
-  httpGet:
+probes:
+  readiness:
+    enabled: true
     path: /ready
     port: 8181
-  initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
-livenessProbe:
-  httpGet:
+  liveness:
+    enabled: true
     path: /health
     port: 8080
-  initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
-startupProbe:
-  httpGet:
+  startup:
+    enabled: true
     path: /ready
     port: 8181
-  initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
 {{- end -}}
 
 {{/*
@@ -53,14 +35,8 @@ Create the matchable regex from domain
 {{/* Define the configmap */}}
 {{- define "k8sgateway.configmap" -}}
 {{- $values := .Values.k8sgateway }}
-{{- $fqdn := ( include "tc.common.names.fqdn" . ) }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "tc.common.names.fullname" . }}-corefile
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
+{{- $fqdn := ( include "tc.v1.common.lib.chart.names.fqdn" . ) }}
+enabled: true
 data:
   Corefile: |-
     .:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} {

charts/enterprise/blocky/templates/_prometheusrules.tpl

@@ -1,21 +0,0 @@
-{{- define "blocky.prometheusrule" -}}
-{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
----
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ include "tc.common.names.fullname" . }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-    {{- with .Values.metrics.prometheusRule.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  groups:
-    - name: {{ include "tc.common.names.fullname" . }}
-      rules:
-        {{- with .Values.metrics.prometheusRule.rules }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-{{- end }}
-{{- end -}}

charts/enterprise/blocky/templates/_servicemonitor.tpl

@@ -1,27 +0,0 @@
-{{- define "blocky.servicemonitor" -}}
-{{- if .Values.metrics.enabled }}
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ include "tc.common.names.fullname" . }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-    {{- with .Values.metrics.serviceMonitor.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "tc.common.labels.selectorLabels" . | nindent 6 }}
-  endpoints:
-    - port: http
-      {{- with .Values.metrics.serviceMonitor.interval }}
-      interval: {{ . }}
-      {{- end }}
-      {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
-      path: /metrics
-{{- end }}
-{{- end -}}

charts/enterprise/blocky/templates/_webui.tpl

@@ -1,48 +0,0 @@
-{{- define "blocky.frontend" -}}
-image: {{ .Values.WebUIImage.repository }}:{{ .Values.WebUIImage.tag }}
-imagePullPolicy: {{ .Values.WebUIImage.pullPolicy }}
-securityContext:
-  runAsUser: 568
-  runAsGroup: 568
-  readOnlyRootFilesystem: true
-  runAsNonRoot: true
-ports:
-  - containerPort: {{ .Values.service.main.ports.main.targetPort }}
-    name: main
-readinessProbe:
-  httpGet:
-    path: /
-    port: {{ .Values.service.main.ports.main.targetPort }}
-  initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
-livenessProbe:
-  httpGet:
-    path: /
-    port: {{ .Values.service.main.ports.main.targetPort }}
-  initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
-startupProbe:
-  httpGet:
-    path: /
-    port: {{ .Values.service.main.ports.main.targetPort }}
-  initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
-env:
-  - name: NODE_ENV
-    value: "production"
-{{- $url := .Values.webUI.apiURL }}
-{{- if .Values.ingress.main.enabled }}
-  {{- with (first .Values.ingress.main.hosts) }}
-  {{- $url = (  printf "https://%s" .host ) }}
-  {{- end }}
-{{- else }}
-{{- end }}
-  - name: API_URL
-    value: "{{ $url }}"
-{{- end -}}

charts/enterprise/blocky/templates/common.yaml

@@ -1,60 +1,64 @@
 {{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
+{{- if eq .Values.queryLog.type "postgresql" -}}
+  {{- $_ := set .Values.cnpg.main "enabled" true -}}
+{{- end }}
+{{- include "tc.v1.common.loader.init" . }}
 
-{{ include "blocky.configmap" . }}
+
+{{/* Render configmap for blocky */}}
+{{- $configmapFile := include "blocky.configmap" . | fromYaml -}}
+{{- if $configmapFile -}}
+  {{- $_ := set .Values.configmap "config" $configmapFile -}}
+{{- end -}}
+
+{{- $gatewayconfig := include "k8sgateway.configmap" . | fromYaml -}}
+{{- if $gatewayconfig -}}
+  {{- $_ := set .Values.configmap "corefile" $gatewayconfig -}}
+{{- end -}}
 
 {{/* Always mount the configmap, with the basic config, plus the 'blockyConfig' */}}
 {{- define "blocky.configmap.mount" -}}
 enabled: true
-type: custom
+type: configmap
 mountPath: /app/config.yml
-subPath: config.yml
+objectName: config
 readOnly: true
-volumeSpec:
-  configMap:
-    name: '{{ printf "%s-config" (include "tc.common.names.fullname" .) }}'
+subPath: config.yml
 {{- end -}}
 
 {{/* Append the general configMap volume to the volumes */}}
 {{- define "k8sgateway.configvolume" -}}
-enabled: "true"
-mountPath: "/etc/coredns"
-readOnly: true
-type: "custom"
-volumeSpec:
-  configMap:
-    name: {{ include "tc.common.names.fullname" . }}-corefile
-    items:
-    - key: Corefile
-      path: Corefile
+enabled: true
+type: configmap
+objectName: corefile
+items:
+   - key: Corefile
+     path: Corefile
+targetSelector:
+  main:
+    k8sgateway:
+      mountPath: "/etc/coredns"
+      readOnly: true
+
 {{- end -}}
 
 {{- $_ := set .Values.persistence "tc-config" (include "blocky.configmap.mount" . | fromYaml) -}}
 
-{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.http.ports.http.port | toString) -}}
-
-{{- if .Values.webUI.enabled -}}
-{{- $_ := set .Values.additionalContainers "frontend" (include "blocky.frontend" . | fromYaml) -}}
-{{- end -}}
-
 {{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains -}}
-{{- include "k8sgateway.configmap" . }}
 {{- $_ := set .Values.persistence "config-volume" (include "k8sgateway.configvolume" . | fromYaml) -}}
-{{- $_ := set .Values.additionalContainers "k8sgateway" (include "k8sgateway.container" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "k8sgateway" (include "k8sgateway.container" . | fromYaml) -}}
 {{- end -}}
 
 {{/* Define path for api */}}
 {{- define "blocky.api" -}}
-{{- $fullname := include "tc.common.names.fullname" . -}}
+{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . -}}
 path: "/api"
 # -- Ignored if not kubeVersion >= 1.14-0
 pathType: Prefix
 service:
   # -- Overrides the service name reference for this path
-  name: {{ printf "%s-http" $fullname }}
-  port: {{ .Values.service.http.ports.http.port }}
+  name: {{ printf "%s-main" $fullname }}
+  port: {{ .Values.service.main.ports.main.port }}
 {{- end -}}
 
 {{/* inject websocket path to all main ingress hosts*/}}
@@ -74,14 +78,14 @@ service:
 
 {{/* Define path for DoH */}}
 {{- define "blocky.doh" -}}
-{{- $fullname := include "tc.common.names.fullname" . -}}
+{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . -}}
 path: "/dns-query"
 # -- Ignored if not kubeVersion >= 1.14-0
 pathType: Prefix
 service:
   # -- Overrides the service name reference for this path
-  name: {{ printf "%s-http" $fullname }}
-  port: {{ .Values.service.http.ports.http.port }}
+  name: {{ printf "%s-main" $fullname }}
+  port: {{ .Values.service.main.ports.main.port }}
 {{- end -}}
 
 {{/* inject websocket path to all main ingress hosts*/}}
@@ -99,8 +103,5 @@ service:
 {{/* inject api paths in ingress */}}
 {{- include "blocky.dohinjector" . }}
 
-{{- include "blocky.servicemonitor" . -}}
-{{- include "blocky.prometheusrule" . -}}
-
 {{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}
+{{ include "tc.v1.common.loader.apply" . }}

charts/enterprise/blocky/values.yaml

@@ -1,13 +1,6 @@
 image:
-  # repository: spx01/blocky
-  # tag: development@sha256:ddb35986cbc924de11cd37ccf625ff6bd0896fad456e57ee9c0bd67bd034770e
   repository: tccr.io/truecharts/blocky
-  tag: v0.19@sha256:77a474542f12f480deca33ff0a6375846918b86988c13f858620839d8818ca84
-  pullPolicy: IfNotPresent
-
-WebUIImage:
-  repository: tccr.io/truecharts/blocky-frontend
-  tag: v0.0.3@sha256:81058f20520dcdb80c9883b6f21b338446fefc333e3ca8bd7d17336a24a5d842
+  tag: v0.20.0@sha256:873c357493403b5985c38b7cc16f278b8268ba51bc6e95b076fd00cfb010f085
   pullPolicy: IfNotPresent
 
 k8sgatewayImage:
@@ -15,15 +8,32 @@ k8sgatewayImage:
   pullPolicy: IfNotPresent
   tag: 0.3.3@sha256:246e7006afaf57a398b02e417a31d6f14fb43562901388772778f60be586b807
 
-controller:
-  # -- Set additional annotations on the deployment/statefulset/daemonset
-  # -- Number of desired pods
-  replicas: 2
-  # -- Set the controller upgrade strategy
-  # For Deployments, valid values are Recreate (default) and RollingUpdate.
-  # For StatefulSets, valid values are OnDelete and RollingUpdate (default).
-  # DaemonSets ignore this.
-  strategy: RollingUpdate
+workload:
+  main:
+    replicas: 2
+    strategy: RollingUpdate
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              enabled: false
+              type: exec
+              command:
+                - /app/blocky
+                - healthcheck
+            readiness:
+              enabled: false
+              type: exec
+              command:
+                - /app/blocky
+                - healthcheck
+            startup:
+              enabled: false
+              type: exec
+              command:
+                - /app/blocky
+                - healthcheck
 
 # -- Blocky Config File content
 blockyConfig: {}
@@ -31,61 +41,20 @@ blockyConfig: {}
 #   default:
 #     - 1.1.1.1
 
-# -- Configures blocky webUI
-# Requires apiURL or ingress
-webUI:
-  # -- Enable the WebUI
-  enabled: true
-  # -- url to the api, used by the WebUI. Only required when not using ingress
-  apiURL: "127.0.0.1:4000"
-
 # -- some general blocky settings
 blocky:
   # -- Enable prometheus annotations
   enablePrometheus: true
 
-probes:
-  liveness:
-    enabled: false
-    # TODO: Enable after v0.20 is released.
-    # Current version does not include the healthcheck command
-    # enabled: true
-    # custom: true
-    # spec:
-    #   exec:
-    #     command:
-    #       - /app/blocky
-    #       - healthcheck
-  readiness:
-    enabled: false
-    # TODO: Enable after v0.20 is released.
-    # Current version does not include the healthcheck command
-    # enabled: true
-    # custom: true
-    # spec:
-    #   exec:
-    #     command:
-    #       - /app/blocky
-    #       - healthcheck
-  startup:
-    enabled: false
-    # TODO: Enable after v0.20 is released.
-    # Current version does not include the healthcheck command
-    # enabled: true
-    # custom: true
-    # spec:
-    #   exec:
-    #     command:
-    #       - /app/blocky
-    #       - healthcheck
-
 service:
   main:
+    enabled: true
     ports:
       main:
-        port: 10315
-        protocol: HTTP
-        targetPort: 80
+        enabled: true
+        port: 4000
+        protocol: http
+        targetPort: 4000
   dnstcp:
     enabled: true
     ports:
@@ -99,7 +68,7 @@ service:
       dnsudp:
         enabled: true
         port: 53
-        protocol: UDP
+        protocol: udp
         targetPort: 53
   dot:
     enabled: true
@@ -107,23 +76,15 @@ service:
       dot:
         enabled: true
         port: 853
-        protocol: TCP
+        protocol: tcp
         targetPort: 853
-  http:
-    enabled: true
-    ports:
-      http:
-        enabled: true
-        port: 4000
-        protocol: HTTP
-        targetPort: 4000
   https:
     enabled: true
     ports:
       https:
         enabled: true
         port: 4443
-        protocol: HTTPS
+        protocol: https
         targetPort: 4443
   k8sgateway:
     enabled: true
@@ -131,7 +92,7 @@ service:
       k8sgateway:
         enabled: true
         port: 5353
-        protocol: UDP
+        protocol: udp
         targetPort: 5353
 
 ## TODO Add support for SCALE certificates and certificates secrets here
@@ -280,13 +241,18 @@ hostsFile:
 #   creationAttempts: 3
 #   CreationCooldown: 2
 
+podOptions:
+  automountServiceAccountToken: true
+
 portal:
-  enabled: true
+  open:
+    enabled: false
 
 serviceAccount:
   main:
     # -- Specifies whether a service account should be created
     enabled: true
+    primary: true
 
 # -- Create a ClusterRole and ClusterRoleBinding
 # @default -- See below
@@ -294,7 +260,8 @@ rbac:
   main:
     # -- Enables or disables the ClusterRole and ClusterRoleBinding
     enabled: true
-
+    primary: true
+    clusterWide: true
     # -- Set Rules on the ClusterRole
     rules:
       - apiGroups:
@@ -348,32 +315,53 @@ k8sgateway:
         value: cloudflare-dns.com
 
 metrics:
-  # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
-  # @default -- See values.yaml
-  enabled: true
-  serviceMonitor:
-    interval: 1m
-    scrapeTimeout: 30s
-    labels: {}
-  # -- Enable and configure Prometheus Rules for the chart under this key.
-  # @default -- See values.yaml
-  prometheusRule:
-    enabled: false
-    labels: {}
-    # -- Configure additionial rules for the chart under this key.
-    # @default -- See prometheusrules.yaml
-    rules:
-      []
-      # - alert: UnifiPollerAbsent
-      #   annotations:
-      #     description: Unifi Poller has disappeared from Prometheus service discovery.
-      #     summary: Unifi Poller is down.
-      #   expr: |
-      #     absent(up{job=~".*unifi-poller.*"} == 1)
-      #   for: 5m
-      #   labels:
-      #     severity: critical
+  main:
+    # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
+    # @default -- See values.yaml
+    enabled: true
+    type: "servicemonitor"
+    endpoints:
+      - port: main
+        path: /metrics
+
+    # -- Enable and configure Prometheus Rules for the chart under this key.
+    # @default -- See values.yaml
+    prometheusRule:
+      enabled: false
+      labels: {}
+      # -- Configure additionial rules for the chart under this key.
+      # @default -- See prometheusrules.yaml
+      rules:
+        []
+        # - alert: UnifiPollerAbsent
+        #   annotations:
+        #     description: Unifi Poller has disappeared from Prometheus service discovery.
+        #     summary: Unifi Poller is down.
+        #   expr: |
+        #     absent(up{job=~".*unifi-poller.*"} == 1)
+        #   for: 5m
+        #   labels:
+        #     severity: critical
 
 redis:
   enabled: true
-  existingSecret: "rediscreds"
+
+# CANNOT be defined in above yaml section
+queryLog:
+  # optional one of: mysql, postgresql, csv, csv-client. If empty, log to console
+  type: ""
+  # directory (should be mounted as volume in docker) for csv, db connection string for mysql, ignored for included postgresql
+  # target: /var/log/something
+  # postgresql target: postgres://user:password@db_host_or_ip:5432/db_name
+  # if > 0, deletes log files which are older than ... days
+  logRetentionDays: 0
+  # optional: Max attempts to create specific query log writer, default: 3
+  creationAttempts: 3
+  # optional: Time between the creation attempts, default: 2s
+  creationCooldown: 2s
+
+cnpg:
+  main:
+    enabled: false
+    user: blocky
+    database: blocky

charts/enterprise/cert-manager/Chart.yaml

@@ -10,7 +10,7 @@ keywords:
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.24
 kubeVersion: ">=1.16.0-0"
 maintainers:
   - email: info@truecharts.org
@@ -21,7 +21,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/enterprise/cert-manager
   - https://cert-manager.io/
 type: application
-version: 0.0.7
+version: 1.0.7
 annotations:
   truecharts.org/catagories: |
     - core

charts/enterprise/cert-manager/questions.yaml

@@ -246,7 +246,7 @@ questions:
                         required: true
                         show_if: [["selfSigned", "=", "false"]]
                         default: ""
-                        
+
         - variable: selfSigned
           label: 'SelfSigned Issuer'
           schema:
@@ -267,7 +267,16 @@ questions:
                   required: true
                   default: "selfSigned"
 
-
-
-# Include{metrics}
-# Include{documentation}
+  - variable: customMetrics
+    group: Metrics
+    label: Prometheus Metrics
+    schema:
+      additional_attrs: true
+      type: dict
+      attrs:
+        - variable: enabled
+          label: Enabled
+          description: Enable Prometheus Metrics
+          schema:
+            type: boolean
+            default: true

charts/enterprise/cert-manager/templates/_metrics.tpl

@@ -1,5 +1,5 @@
 {{- define "certmanager.metrics" -}}
-{{- if .Values.metrics.enabled }}
+{{- if .Values.customMetrics.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:

charts/enterprise/cert-manager/templates/_wait.tpl

@@ -1,85 +0,0 @@
-{{- define "certmanager.wait" }}
-{{- $fullName := include "tc.common.names.fullname" . }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  namespace: {{ .Release.Namespace }}
-  name: {{ $fullName }}-wait
-  annotations:
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-spec:
-  template:
-    spec:
-      serviceAccountName: {{ $fullName }}-wait
-      containers:
-        - name: {{ $fullName }}-wait
-          image: {{ .Values.kubectlImage.repository }}:v1.26.0
-          securityContext:
-            runAsUser: 568
-            runAsGroup: 568
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-          command:
-            - "/bin/sh"
-            - "-c"
-            - |
-              /bin/sh <<'EOF'
-              kubectl wait --namespace metallb-system --for=condition=ready pod --selector=app=metallb --timeout=90s || echo "metallb-system wait failed..."
-              kubectl wait --namespace cert-manager --for=condition=ready pod --selector=app=cert-manager --timeout=90s || echo "cert-manager wait failed..."
-              cmctl check api --wait=2m || echo "cmctl wait failed..."
-              EOF
-          volumeMounts:
-            - name: {{ $fullName }}-manifests-temp
-              mountPath: /tmp
-            - name: {{ $fullName }}-manifests-home
-              mountPath: /home/apps/
-      restartPolicy: Never
-      volumes:
-        - name: {{ $fullName }}-manifests-temp
-          emptyDir: {}
-        - name: {{ $fullName }}-manifests-home
-          emptyDir: {}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ $fullName }}-wait
-  annotations:
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-2"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-rules:
-  - apiGroups:  ["*"]
-    resources:  ["*"]
-    verbs:  ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ $fullName }}-wait
-  annotations:
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-2"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ $fullName }}-wait
-subjects:
-  - kind: ServiceAccount
-    name: {{ $fullName }}-wait
-    namespace: {{ .Release.Namespace }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ $fullName }}-wait
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-2"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-{{- end }}

charts/enterprise/cert-manager/templates/clusterissuer/_ACME.tpl

@@ -1,5 +1,5 @@
 {{- define "certmanager.clusterissuer.acme" -}}
-{{- range .Values.clusterIssuer.acme }}
+{{- range .Values.clusterIssuer.ACME }}
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
@@ -25,6 +25,7 @@ spec:
             name: {{ .name }}-clusterissuer-secret
             key: cf-api-token
          {{- else if .cfapikey }}
+          apiKeySecretRef:
             name: {{ .name }}-clusterissuer-secret
             key: cf-api-key
          {{ else }}
@@ -73,6 +74,7 @@ spec:
 apiVersion: v1
 kind: Secret
 metadata:
+  namespace: cert-manager
   name: {{ .name }}-clusterissuer-secret
 type: Opaque
 stringData:

charts/enterprise/cert-manager/templates/common.yaml

@@ -1,11 +1,10 @@
 {{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
+{{- include "tc.v1.common.loader.init" . }}
 
 {{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}
+{{ include "tc.v1.common.loader.apply" . }}
 
 {{- include "certmanager.clusterissuer.acme" . }}
 {{- include "certmanager.clusterissuer.selfsigned" . }}
 {{- include "certmanager.clusterissuer.ca" . }}
 {{- include "certmanager.metrics" . }}
-{{- include "certmanager.wait" . }}

charts/enterprise/cert-manager/values.yaml

@@ -3,8 +3,20 @@ image:
   tag: latest@sha256:93878048bbc350e69bf246556ef3520f343487c7ffc40f0b0655ed8a360cb932
   pullPolicy: IfNotPresent
 
-controller:
-  enabled: false
+workload:
+  main:
+    enabled: false
+    podSpec:
+      containers:
+        main:
+          enabled: false
+          probes:
+            liveness:
+              enabled: false
+            readiness:
+              enabled: false
+            startup:
+              enabled: false
 
 service:
   main:
@@ -15,14 +27,7 @@ service:
         port: 9999
 
 portal:
-  enabled: false
-
-probes:
-  liveness:
-    enabled: false
-  readiness:
-    enabled: false
-  startup:
+  open:
     enabled: false
 
 clusterIssuer:
@@ -70,5 +75,5 @@ clusterIssuer:
 #     tsigAlgorithm: ""
 #     rfctsigSecret: ""
 
-metrics:
+customMetrics:
   enabled: true

charts/enterprise/grafana/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "9.3.6"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.24
 deprecated: false
 description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
 home: https://truecharts.org/charts/enterprise/grafana
@@ -25,7 +25,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-grafana
   - https://grafana.com/
 type: application
-version: 6.0.31
+version: 7.0.8
 annotations:
   truecharts.org/catagories: |
     - metrics

charts/enterprise/grafana/questions.yaml

@@ -10,57 +10,51 @@ questions:
 # Include{replicas1}
 # Include{podSpec}
 # Include{containerMain}
+                                - variable: env
+                                  group: "App Configuration"
+                                  label: "Image Environment"
+                                  schema:
+                                    additional_attrs: true
+                                    type: dict
+                                    attrs:
+                                      - variable: GF_SECURITY_ADMIN_USER
+                                        label: "Admin User"
+                                        schema:
+                                          type: string
+                                          required: true
+                                          default: "admin"
+                                      - variable: GF_SECURITY_ADMIN_PASSWORD
+                                        label: "Admin Password"
+                                        schema:
+                                          type: string
+                                          required: true
+                                          private: true
+                                          default: "REPLACETHIS"
+                                      - variable: GF_INSTALL_PLUGINS
+                                        label: "Extra Plugins to Install"
+                                        description: "comma seperated"
+                                        schema:
+                                          type: string
+                                          default: ""
+                                      - variable: GF_AUTH_LDAP_ENABLED
+                                        label: "enable LDAP"
+                                        schema:
+                                          type: boolean
+                                          default: false
+                                      - variable: GF_AUTH_LDAP_ALLOW_SIGN_UP
+                                        label: "Allow LDAP Signup"
+                                        schema:
+                                          type: boolean
+                                          default: false
+                                      - variable: GF_AUTH_LDAP_CONFIG_FILE
+                                        label: "LDAP Config Path"
+                                        schema:
+                                          type: string
+                                          default: "/opt/bitnami/grafana/conf/ldap.toml"
 # Include{containerBasic}
 # Include{containerAdvanced}
 
-  - variable: secretEnv
-    group: "App Configuration"
-    label: "Secret Image Environment"
-    schema:
-      additional_attrs: true
-      type: dict
-      attrs:
-        - variable: GF_SECURITY_ADMIN_USER
-          label: "Admin User"
-          schema:
-            type: string
-            required: true
-            default: "admin"
-        - variable: GF_SECURITY_ADMIN_PASSWORD
-          label: "Admin Password"
-          schema:
-            type: string
-            required: true
-            private: true
-            default: "REPLACETHIS"
-  - variable: env
-    group: "App Configuration"
-    label: "Image Environment"
-    schema:
-      additional_attrs: true
-      type: dict
-      attrs:
-        - variable: GF_INSTALL_PLUGINS
-          label: "Extra Plugins to Install"
-          description: "comma seperated"
-          schema:
-            type: string
-            default: ""
-        - variable: GF_AUTH_LDAP_ENABLED
-          label: "enable LDAP"
-          schema:
-            type: boolean
-            default: false
-        - variable: GF_AUTH_LDAP_ALLOW_SIGN_UP
-          label: "Allow LDAP Signup"
-          schema:
-            type: boolean
-            default: false
-        - variable: GF_AUTH_LDAP_CONFIG_FILE
-          label: "LDAP Config Path"
-          schema:
-            type: string
-            default: "/opt/bitnami/grafana/conf/ldap.toml"
+
 # Include{containerConfig}
 # Include{serviceRoot}
         - variable: main
@@ -118,16 +112,16 @@ questions:
                 schema:
                   type: int
                   default: 568
-        - variable: runAsGroup
-          label: "runAsGroup"
-          description: "The groupID this App of the user running the application"
-          schema:
-            type: int
-            default: 568
+              - variable: runAsGroup
+                label: "runAsGroup"
+                description: "The groupID of the user running the application"
+                schema:
+                  type: int
+                  default: 568
 # Include{securityContextContainer}
 # Include{securityContextAdvanced}
 # Include{securityContextPod}
-             - variable: fsGroup
+              - variable: fsGroup
                 label: "fsGroup"
                 description: "The group that should own ALL storage."
                 schema:
@@ -137,6 +131,7 @@ questions:
 # Include{resources}
 # Include{metrics}
 # Include{prometheusRule}
+# Include{prometheusRule}
 # Include{advanced}
 # Include{addons}
 # Include{codeserver}

charts/enterprise/grafana/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/enterprise/grafana/templates/prometheusrules.yaml

@@ -1,18 +0,0 @@
-{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ include "tc.common.names.fullname" . }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-    {{- with .Values.metrics.prometheusRule.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  groups:
-    - name: {{ include "tc.common.names.fullname" . }}
-      rules:
-        {{- with .Values.metrics.prometheusRule.rules }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-{{- end }}

charts/enterprise/grafana/templates/servicemonitor.yaml

@@ -1,24 +0,0 @@
-{{- if .Values.metrics.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ include "tc.common.names.fullname" . }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-    {{- with .Values.metrics.serviceMonitor.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "tc.common.labels.selectorLabels" . | nindent 6 }}
-  endpoints:
-    - port: main
-      {{- with .Values.metrics.serviceMonitor.interval }}
-      interval: {{ . }}
-      {{- end }}
-      {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
-      path: /metrics
-{{- end }}

charts/enterprise/grafana/values.yaml

@@ -4,40 +4,45 @@ image:
   tag: 9.3.6@sha256:e9d2674578a97b9442af115c6137fa0bc7273984109d7b9ea1ea17e2ceba1129
 
 securityContext:
-  readOnlyRootFilesystem: false
+  container:
+    readOnlyRootFilesystem: false
 
 service:
   main:
     ports:
       main:
-        protocol: HTTP
+        protocol: http
         targetPort: 3000
         port: 10038
 
-probes:
-  liveness:
-    path: "/api/health"
+workload:
+  main:
+    replicas: 2
+    strategy: RollingUpdate
+    podSpec:
+      containers:
+        main:
+          env:
+            GF_SECURITY_ADMIN_USER: "admin"
+            GF_SECURITY_ADMIN_PASSWORD: "testpassword"
+            GF_INSTALL_PLUGINS: ""
+            GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins"
+            GF_AUTH_LDAP_ENABLED: "false"
+            GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml"
+            GF_AUTH_LDAP_ALLOW_SIGN_UP: "false"
+            GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning"
+            GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini"
+            GF_PATHS_DATA: "/opt/bitnami/grafana/data"
+            GF_PATHS_LOGS: "/opt/bitnami/grafana/logs"
+          probes:
+            liveness:
+              path: "/api/health"
 
-  readiness:
-    path: "/api/health"
+            readiness:
+              path: "/api/health"
 
-  startup:
-    path: "/api/health"
-
-secretEnv:
-  GF_SECURITY_ADMIN_USER: "admin"
-  GF_SECURITY_ADMIN_PASSWORD: "testpassword"
-
-env:
-  GF_INSTALL_PLUGINS: ""
-  GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins"
-  GF_AUTH_LDAP_ENABLED: "false"
-  GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml"
-  GF_AUTH_LDAP_ALLOW_SIGN_UP: "false"
-  GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning"
-  GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini"
-  GF_PATHS_DATA: "/opt/bitnami/grafana/data"
-  GF_PATHS_LOGS: "/opt/bitnami/grafana/logs"
+            startup:
+              path: "/api/health"
 
 persistence:
   config:
@@ -49,31 +54,33 @@ persistence:
     mountPath: /opt/bitnami/grafana/tmp
 
 metrics:
-  # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
-  # @default -- See values.yaml
-  enabled: false
-  serviceMonitor:
-    interval: 1m
-    scrapeTimeout: 30s
-    labels: {}
-  # -- Enable and configure Prometheus Rules for the chart under this key.
-  # @default -- See values.yaml
-  prometheusRule:
-    enabled: false
-    labels: {}
-    # -- Configure additionial rules for the chart under this key.
-    # @default -- See prometheusrules.yaml
-    rules:
-      []
-      # - alert: UnifiPollerAbsent
-      #   annotations:
-      #     description: Unifi Poller has disappeared from Prometheus service discovery.
-      #     summary: Unifi Poller is down.
-      #   expr: |
-      #     absent(up{job=~".*unifi-poller.*"} == 1)
-      #   for: 5m
-      #   labels:
-      #     severity: critical
+  main:
+    # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
+    # @default -- See values.yaml
+    enabled: true
+    type: serviceMonitor
+    endpoints:
+      - port: main
+        path: /metrics
+    # -- Enable and configure Prometheus Rules for the chart under this key.
+    # @default -- See values.yaml
+    prometheusRule:
+      enabled: false
+      labels: {}
+      # -- Configure additionial rules for the chart under this key.
+      # @default -- See prometheusrules.yaml
+      rules:
+        []
+        # - alert: UnifiPollerAbsent
+        #   annotations:
+        #     description: Unifi Poller has disappeared from Prometheus service discovery.
+        #     summary: Unifi Poller is down.
+        #   expr: |
+        #     absent(up{job=~".*unifi-poller.*"} == 1)
+        #   for: 5m
+        #   labels:
+        #     severity: critical
 
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/enterprise/metallb/Chart.yaml

@@ -10,7 +10,7 @@ keywords:
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.24
 kubeVersion: ">=1.16.0-0"
 maintainers:
   - email: info@truecharts.org
@@ -22,7 +22,7 @@ sources:
   - https://github.com/metallb/metallb
   - https://metallb.universe.tf
 type: application
-version: 7.0.12
+version: 8.0.5
 annotations:
   truecharts.org/catagories: |
     - core

charts/enterprise/metallb/templates/_wait.tpl

@@ -1,68 +0,0 @@
-{{- define "metallb.wait" }}
-{{- $fullName := include "tc.common.names.fullname" . }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  namespace: {{ .Release.Namespace }}
-  name: {{ $fullName }}-wait
-  annotations:
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-spec:
-  template:
-    spec:
-      serviceAccountName: {{ $fullName }}-wait
-      containers:
-        - name: {{ $fullName }}-wait
-          image: {{ .Values.ubuntuImage.repository }}:{{ .Values.ubuntuImage.tag }}
-          command:
-            - "/bin/sh"
-            - "-c"
-            - |
-              /bin/bash <<'EOF'
-              kubectl wait --namespace metallb-system --for=condition=ready pod --selector=app=metallb --timeout=90s
-              EOF
-      restartPolicy: OnFailure
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ $fullName }}-wait
-  annotations:
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-2"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-rules:
-  - apiGroups:  ["*"]
-    resources:  ["pods"]
-    verbs:  ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ $fullName }}-wait
-  annotations:
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-2"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ $fullName }}-wait
-subjects:
-  - kind: ServiceAccount
-    name: {{ $fullName }}-wait
-    namespace: {{ .Release.Namespace }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ $fullName }}-wait
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-2"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-{{- end }}

charts/enterprise/metallb/templates/common.yaml

@@ -1,8 +1,8 @@
 {{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
+{{- include "tc.v1.common.loader.init" . }}
 
 {{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}
+{{ include "tc.v1.common.loader.apply" . }}
 
 {{- include "metallb.l2adv" . }}
 
@@ -13,5 +13,3 @@
 {{- include "metallb.comm" . }}
 
 {{- include "metallb.pool" . }}
-
-{{- include "metallb.wait" . }}

charts/enterprise/metallb/values.yaml

@@ -3,8 +3,20 @@ image:
   tag: latest@sha256:93878048bbc350e69bf246556ef3520f343487c7ffc40f0b0655ed8a360cb932
   pullPolicy: IfNotPresent
 
-controller:
-  enabled: false
+workload:
+  main:
+    enabled: false
+    podSpec:
+      containers:
+        main:
+          enabled: false
+          probes:
+            liveness:
+              enabled: false
+            readiness:
+              enabled: false
+            startup:
+              enabled: false
 
 service:
   main:
@@ -14,24 +26,9 @@ service:
         enabled: false
         port: 9999
 
-updateCRD: false
-
 portal:
-  enabled: false
-
-probes:
-  liveness:
+  open:
     enabled: false
-  readiness:
-    enabled: false
-  startup:
-    enabled: false
-
-configmap:
-  config:
-    enabled: true
-    data:
-      placeholderdata: "something"
 
 ipAddressPools: []
 #   - name: example

charts/enterprise/prometheus/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "2.42.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.24
   - condition: exporters.enabled,exporters.node-exporter.enabled
     name: node-exporter
     repository: https://charts.bitnami.com/bitnami
@@ -30,7 +30,7 @@ sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
 type: application
-version: 7.0.60
+version: 8.0.6
 annotations:
   truecharts.org/catagories: |
     - metrics

charts/enterprise/prometheus/templates/_helpers.tpl

@@ -1,46 +1,46 @@
 {{/* Name suffixed with operator */}}
 {{- define "kube-prometheus.fullname" -}}
-{{- printf "%s" (include "tc.common.names.fullname" . ) -}}
+{{- printf "%s" (include "tc.v1.common.lib.chart.names.fullname" . ) -}}
 {{- end }}
 
 {{/* Name suffixed with operator */}}
 {{- define "kube-prometheus.name" -}}
-{{- printf "%s" (include "tc.common.names.fullname" . ) -}}
+{{- printf "%s" (include "tc.v1.common.lib.chart.names.fullname" . ) -}}
 {{- end }}
 
 {{/* Name suffixed with operator */}}
 {{- define "kube-prometheus.operator.name" -}}
-{{- printf "%s-operator" (include "tc.common.names.fullname" . ) -}}
+{{- printf "%s-operator" (include "tc.v1.common.lib.chart.names.fullname" . ) -}}
 {{- end }}
 
 {{/* Name suffixed with prometheus */}}
 {{- define "kube-prometheus.prometheus.name" -}}
-{{- printf "%s-prometheus" (include "tc.common.names.fullname" . ) -}}
+{{- printf "%s-prometheus" (include "tc.v1.common.lib.chart.names.fullname" . ) -}}
 {{- end }}
 
 {{/* Name suffixed with alertmanager */}}
 {{- define "kube-prometheus.alertmanager.name" -}}
-{{- printf "%s-alertmanager" (include "tc.common.names.fullname" . ) -}}
+{{- printf "%s-alertmanager" (include "tc.v1.common.lib.chart.names.fullname" . ) -}}
 {{- end }}
 
 {{/* Name suffixed with thanos */}}
 {{- define "kube-prometheus.thanos.name" -}}
-{{- printf "%s-thanos" (include "tc.common.names.fullname" . ) -}}
+{{- printf "%s-thanos" (include "tc.v1.common.lib.chart.names.fullname" . ) -}}
 {{- end }}
 
 {{/* Fullname suffixed with operator */}}
 {{- define "kube-prometheus.operator.fullname" -}}
-{{- printf "%s-operator" (include "tc.common.names.fullname" . ) -}}
+{{- printf "%s-operator" (include "tc.v1.common.lib.chart.names.fullname" . ) -}}
 {{- end }}
 
 {{/* Fullname suffixed with prometheus */}}
 {{- define "kube-prometheus.prometheus.fullname" -}}
-{{- printf "%s-prometheus" (include "tc.common.names.fullname" . ) -}}
+{{- printf "%s-prometheus" (include "tc.v1.common.lib.chart.names.fullname" . ) -}}
 {{- end }}
 
 {{/* Fullname suffixed with alertmanager */}}
 {{- define "kube-prometheus.alertmanager.fullname" -}}
-{{- printf "%s-alertmanager" (include "tc.common.names.fullname" . ) -}}
+{{- printf "%s-alertmanager" (include "tc.v1.common.lib.chart.names.fullname" . ) -}}
 {{- end }}
 
 {{/* Fullname suffixed with thanos */}}
@@ -56,7 +56,10 @@
 Common Labels
 */}}
 {{- define "kube-prometheus.labels" -}}
-{{ include "tc.common.labels" . }}
+  {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}}
+  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
+    {{- . | nindent 0 }}
+  {{- end }}
 {{- if .Values.global.labels }}
 {{ toYaml .Values.global.labels }}
 {{- end }}
@@ -66,7 +69,10 @@ Common Labels
 Labels for operator
 */}}
 {{- define "kube-prometheus.operator.labels" -}}
-{{ include "tc.common.labels" . }}
+  {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}}
+  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
+    {{- . | nindent 0 }}
+  {{- end }}
 app.kubernetes.io/component: operator
 {{- end -}}
 
@@ -74,7 +80,10 @@ app.kubernetes.io/component: operator
 Labels for prometheus
 */}}
 {{- define "kube-prometheus.prometheus.labels" -}}
-{{ include "tc.common.labels" . }}
+  {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}}
+  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
+    {{- . | nindent 0 }}
+  {{- end }}
 app.kubernetes.io/component: prometheus
 {{- end -}}
 
@@ -82,7 +91,10 @@ app.kubernetes.io/component: prometheus
 Labels for alertmanager
 */}}
 {{- define "kube-prometheus.alertmanager.labels" -}}
-{{ include "tc.common.labels" . }}
+  {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}}
+  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
+    {{- . | nindent 0 }}
+  {{- end }}
 app.kubernetes.io/component: alertmanager
 {{- end -}}
 
@@ -90,7 +102,7 @@ app.kubernetes.io/component: alertmanager
 matchLabels for operator
 */}}
 {{- define "kube-prometheus.operator.matchLabels" -}}
-{{ include "tc.common.labels.selectorLabels" . }}
+{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}}
 app.kubernetes.io/component: operator
 {{- end -}}
 
@@ -98,7 +110,7 @@ app.kubernetes.io/component: operator
 matchLabels for prometheus
 */}}
 {{- define "kube-prometheus.prometheus.matchLabels" -}}
-{{ include "tc.common.labels.selectorLabels" . }}
+{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}}
 app.kubernetes.io/component: prometheus
 {{- end -}}
 
@@ -106,7 +118,7 @@ app.kubernetes.io/component: prometheus
 matchLabels for alertmanager
 */}}
 {{- define "kube-prometheus.alertmanager.matchLabels" -}}
-{{ include "tc.common.labels.selectorLabels" . }}
+{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}}
 app.kubernetes.io/component: alertmanager
 {{- end -}}
 

charts/enterprise/prometheus/templates/alertmanager/_alertmanager.tpl

@@ -27,10 +27,10 @@ spec:
   logLevel: {{ .Values.alertmanager.logLevel }}
   retention: {{ .Values.alertmanager.retention }}
   {{- if .Values.alertmanager.secrets }}
-  secrets: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }}
+  secrets: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.alertmanager.configMaps }}
-  configMaps: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }}
+  configMaps: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }}
   {{- end }}
   resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }}
   routePrefix: "{{ .Values.alertmanager.routePrefix }}"
@@ -38,7 +38,7 @@ spec:
   securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }}
   {{- end }}
   {{- if .Values.alertmanager.storageSpec }}
-  storage: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }}
+  storage: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }}
   {{- else }}
   {{- if .Values.alertmanager.persistence.enabled }}
   storage:
@@ -51,48 +51,39 @@ spec:
         resources:
           requests:
             storage: {{ .Values.alertmanager.persistence.size | quote }}
-        {{- include "tc.common.storage.storageClassName" (dict "persistence" .Values.alertmanager.persistence "global" $ ) | nindent 8 }}
+        {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" . "objectData" .Values.prometheus.persistence )) | trim }}
+        storageClassName: {{ . }}
+        {{- end }}
   {{- end }}
   {{- end }}
   {{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
   podMetadata:
     labels:
     {{- if .Values.alertmanager.podMetadata.labels }}
-    {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }}
+    {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }}
     {{- end }}
     {{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
     {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }}
     {{- end }}
     {{- if .Values.alertmanager.podMetadata.annotations }}
     annotations:
-    {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }}
+    {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }}
     {{- end }}
   {{- end }}
   {{- if .Values.alertmanager.affinity }}
-  affinity: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }}
-  {{- else }}
-  affinity:
-    {{- if not (empty .Values.alertmanager.podAffinityPreset) }}
-    podAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.alertmanager.podAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
-    {{- end }}
-    {{- if not (empty .Values.alertmanager.podAntiAffinityPreset) }}
-    podAntiAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.alertmanager.podAntiAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
-    {{- end }}
-    {{- if not (empty .Values.alertmanager.nodeAffinityPreset.values) }}
-    nodeAffinity: {{- include "tc.common.affinities.nodes" (dict "type" .Values.alertmanager.nodeAffinityPreset.type "key" .Values.alertmanager.nodeAffinityPreset.key "values" .Values.alertmanager.nodeAffinityPreset.values) | nindent 6 }}
-    {{- end }}
+  affinity: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.alertmanager.nodeSelector }}
-  nodeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }}
+  nodeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.alertmanager.tolerations }}
-  tolerations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }}
+  tolerations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.alertmanager.volumes }}
-  volumes: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }}
+  volumes: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.alertmanager.volumeMounts }}
-  volumeMounts: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }}
+  volumeMounts: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }}
   {{- end }}
 {{- include "kube-prometheus.imagePullSecrets" . | indent 2 }}
   {{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
@@ -164,7 +155,7 @@ spec:
       {{- end }}
     {{- end }}
     {{- if .Values.alertmanager.containers }}
-    {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }}
+    {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }}
     {{- end }}
   {{- end }}
   {{- if .Values.alertmanager.priorityClassName }}
@@ -174,10 +165,10 @@ spec:
   additionalPeers: {{ .Values.alertmanager.additionalPeers }}
   {{- end }}
   {{- if .Values.alertmanager.configNamespaceSelector }}
-  alertmanagerConfigNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }}
+  alertmanagerConfigNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.alertmanager.configSelector }}
-  alertmanagerConfigSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }}
+  alertmanagerConfigSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }}
   {{- end }}
 {{- end }}
 {{- end }}

charts/enterprise/prometheus/templates/alertmanager/serviceaccount.yaml

@@ -6,7 +6,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
   {{- if index .Values.alertmanager.serviceAccount "annotations" }}
-  annotations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }}
+  annotations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }}
   {{- end }}
 {{- include "kube-prometheus.imagePullSecrets" . }}
 {{- end }}

charts/enterprise/prometheus/templates/alertmanager/servicemonitor.yaml

@@ -18,7 +18,7 @@ spec:
       {{- end }}
       path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics
       {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.alertmanager.serviceMonitor.relabelings }}
       relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }}

charts/enterprise/prometheus/templates/common.yaml

@@ -1,5 +1,5 @@
 {{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
+{{- include "tc.v1.common.loader.init" . }}
 
 {{- include "prometheus.prometheus.prometheus" . }}
 {{- include "prometheus.prometheus.additionalprometheusrules" . }}
@@ -10,4 +10,4 @@
 
 
 {{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}
+{{ include "tc.v1.common.loader.apply" . }}

charts/enterprise/prometheus/templates/exporters/core-dns/servicemonitor.yaml

@@ -21,9 +21,9 @@ spec:
       {{- end }}
       bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
       {{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
       {{- end }}
       {{- if .Values.coreDns.serviceMonitor.relabelings }}
-      relabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }}
+      relabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }}
       {{- end }}
 {{- end }}

charts/enterprise/prometheus/templates/exporters/kube-apiserver/servicemonitor.yaml

@@ -27,7 +27,7 @@ spec:
       interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
       {{- end }}
       {{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
       relabelings: {{- toYaml .Values.kubeApiServer.serviceMonitor.relabelings | nindent 8 }}

charts/enterprise/prometheus/templates/exporters/kube-controller-manager/servicemonitor.yaml

@@ -32,9 +32,9 @@ spec:
         {{- end }}
       {{- end }}
       {{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
       {{- end }}
       {{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
-      relabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }}
+      relabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }}
       {{- end }}
 {{- end }}

charts/enterprise/prometheus/templates/exporters/kube-scheduler/servicemonitor.yaml

@@ -32,9 +32,9 @@ spec:
         {{- end}}
       {{- end}}
       {{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
       {{- end }}
       {{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }}
       {{- end }}
 {{- end }}

charts/enterprise/prometheus/templates/exporters/kubelet/servicemonitor.yaml

@@ -28,7 +28,7 @@ spec:
       interval: {{ .Values.kubelet.serviceMonitor.interval }}
       {{- end }}
       {{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.kubelet.serviceMonitor.relabelings }}
       relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
@@ -46,7 +46,7 @@ spec:
       interval: {{ .Values.kubelet.serviceMonitor.interval }}
       {{- end }}
       {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
       relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}
@@ -61,7 +61,7 @@ spec:
       interval: {{ .Values.kubelet.serviceMonitor.interval }}
       {{- end }}
       {{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.kubelet.serviceMonitor.relabelings }}
       relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
@@ -76,7 +76,7 @@ spec:
       interval: {{ .Values.kubelet.serviceMonitor.interval }}
       {{- end }}
       {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
       relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}

charts/enterprise/prometheus/templates/prometheus/_additionalScrapeJobs.tpl

@@ -8,6 +8,6 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
 data:
-  scrape-jobs.yaml: {{ include "tc.common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }}
+  scrape-jobs.yaml: {{ include "tc.v1.common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }}
 {{- end }}
 {{- end }}

charts/enterprise/prometheus/templates/prometheus/_prometheus.tpl

@@ -11,24 +11,24 @@ spec:
   replicas: {{ .Values.prometheus.replicaCount }}
   serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
   {{- if .Values.prometheus.serviceMonitorSelector }}
-  serviceMonitorSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }}
+  serviceMonitorSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }}
   {{- else }}
   serviceMonitorSelector: {}
   {{- end }}
   {{- if .Values.prometheus.podMonitorSelector }}
-  podMonitorSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }}
+  podMonitorSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }}
   {{- else }}
   podMonitorSelector: {}
   {{- end }}
   {{- if .Values.prometheus.probeSelector }}
-  probeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }}
+  probeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }}
   {{- else }}
   probeSelector: {}
   {{- end }}
   alerting:
     alertmanagers:
     {{- if .Values.prometheus.alertingEndpoints }}
-    {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }}
+    {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }}
     {{- else if .Values.alertmanager.enabled }}
       - namespace: {{ .Release.Namespace }}
         name: {{ template "kube-prometheus.alertmanager.fullname" . }}
@@ -41,7 +41,7 @@ spec:
   image: {{ template "kube-prometheus.prometheus.image" . }}
   {{- end }}
   {{- if .Values.prometheus.externalLabels }}
-  externalLabels: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }}
+  externalLabels: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.prometheusExternalLabelNameClear }}
   prometheusExternalLabelName: ""
@@ -93,47 +93,47 @@ spec:
   portName: "{{ .Values.prometheus.portName }}"
   routePrefix: "{{ .Values.prometheus.routePrefix }}"
   {{- if .Values.prometheus.secrets }}
-  secrets: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }}
+  secrets: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.configMaps }}
-  configMaps: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }}
+  configMaps: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.serviceMonitorNamespaceSelector }}
-  serviceMonitorNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }}
+  serviceMonitorNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }}
   {{- else }}
   serviceMonitorNamespaceSelector: {}
   {{- end }}
   {{- if .Values.prometheus.podMonitorNamespaceSelector }}
-  podMonitorNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }}
+  podMonitorNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }}
   {{- else }}
   podMonitorNamespaceSelector: {}
   {{- end }}
   {{- if .Values.prometheus.probeNamespaceSelector }}
-  probeNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }}
+  probeNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }}
   {{- else }}
   probeNamespaceSelector: {}
   {{- end }}
   {{- if .Values.prometheus.remoteRead }}
-  remoteRead: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }}
+  remoteRead: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.remoteWrite }}
-  remoteWrite: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }}
+  remoteWrite: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.podSecurityContext.enabled }}
   securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.ruleNamespaceSelector }}
-  ruleNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }}
+  ruleNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }}
   {{- else }}
   ruleNamespaceSelector: {}
   {{- end }}
   {{- if .Values.prometheus.ruleSelector }}
-  ruleSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }}
+  ruleSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }}
   {{- else }}
   ruleSelector: {}
   {{- end }}
   {{- if .Values.prometheus.storageSpec }}
-  storage: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }}
+  storage: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }}
   {{- else if .Values.prometheus.persistence.enabled }}
   storage:
     volumeClaimTemplate:
@@ -145,50 +145,41 @@ spec:
         resources:
           requests:
             storage: {{ .Values.prometheus.persistence.size | quote }}
-        {{- include "tc.common.storage.storageClassName" (dict "persistence" .Values.prometheus.persistence "global" $ ) | nindent 8 }}
+        {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" . "objectData" .Values.prometheus.persistence )) | trim }}
+        storageClassName: {{ . }}
+        {{- end }}
   {{- end }}
   {{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
   podMetadata:
     labels:
     {{- if .Values.prometheus.podMetadata.labels }}
-    {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }}
+    {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }}
     {{- end }}
     {{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
     {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }}
     {{- end }}
     {{- if .Values.prometheus.podMetadata.annotations }}
     annotations:
-    {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }}
+    {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }}
     {{- end }}
   {{- end }}
   {{- if .Values.prometheus.querySpec }}
-  query: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }}
+  query: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.affinity }}
-  affinity: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }}
-  {{- else }}
-  affinity:
-    {{- if not (empty .Values.prometheus.podAffinityPreset) }}
-    podAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.prometheus.podAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
-    {{- end }}
-    {{- if not (empty .Values.prometheus.podAntiAffinityPreset) }}
-    podAntiAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.prometheus.podAntiAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
-    {{- end }}
-    {{- if not (empty .Values.prometheus.nodeAffinityPreset.values) }}
-    nodeAffinity: {{- include "tc.common.affinities.nodes" (dict "type" .Values.prometheus.nodeAffinityPreset.type "key" .Values.prometheus.nodeAffinityPreset.key "values" .Values.prometheus.nodeAffinityPreset.values) | nindent 6 }}
-    {{- end }}
+  affinity: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.nodeSelector }}
-  nodeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }}
+  nodeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.tolerations }}
-  tolerations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }}
+  tolerations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.volumes }}
-  volumes: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }}
+  volumes: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }}
   {{- end }}
   {{- if .Values.prometheus.volumeMounts }}
-  volumeMounts: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }}
+  volumeMounts: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }}
   {{- end }}
   {{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }}
   additionalScrapeConfigs:
@@ -252,7 +243,7 @@ spec:
           subPath: prometheus-db
           {{- end }}
         {{- if .Values.prometheus.thanos.extraVolumeMounts }}
-        {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }}
+        {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }}
         {{- end }}
       {{- if .Values.prometheus.thanos.containerSecurityContext.enabled }}
       # yamllint disable rule:indentation
@@ -351,7 +342,7 @@ spec:
       {{- end }}
     {{- end }}
     {{- if .Values.prometheus.containers }}
-    {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }}
+    {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }}
     {{- end }}
   {{- end }}
   {{- if .Values.prometheus.priorityClassName }}

charts/enterprise/prometheus/templates/prometheus/_servicemonitor.tpl

@@ -20,7 +20,7 @@ spec:
       {{- end }}
       path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics
       {{- if .Values.prometheus.serviceMonitor.metricRelabelings }}
-      metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+      metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
       {{- end }}
       {{- if .Values.prometheus.serviceMonitor.relabelings }}
       relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }}

charts/enterprise/prometheus/templates/prometheus/serviceaccount.yaml

@@ -6,7 +6,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
   {{- if index .Values.prometheus.serviceAccount "annotations" }}
-  annotations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }}
+  annotations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }}
   {{- end }}
 {{- include "kube-prometheus.imagePullSecrets" . }}
 {{- end }}

charts/enterprise/prometheus/values.yaml

@@ -12,23 +12,34 @@ alertmanagerImage:
 
 global:
   labels: {}
-
-controller:
-  enabled: false
+workload:
+  main:
+    enabled: false
+    podSpec:
+      containers:
+        main:
+          enabled: false
+          probes:
+            liveness:
+              enabled: false
+            readiness:
+              enabled: false
+            startup:
+              enabled: false
 
 service:
   main:
-    selector:
+    selectorLabels:
       app.kubernetes.io/name: prometheus
       prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}'
     ports:
       main:
         port: 10086
         targetPort: 9090
-        protocol: HTTP
+        protocol: http
   alertmanager:
     enabled: true
-    selector:
+    selectorLabels:
       app.kubernetes.io/name: alertmanager
       alertmanager: '{{ template "kube-prometheus.alertmanager.fullname" . }}'
     ports:
@@ -36,10 +47,10 @@ service:
         enabled: true
         port: 10087
         targetPort: 9093
-        protocol: HTTP
+        protocol: http
   thanos:
     enabled: true
-    selector:
+    selectorLabels:
       app.kubernetes.io/name: prometheus
       prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}'
     ports:
@@ -47,7 +58,7 @@ service:
         enabled: true
         port: 10901
         targetPort: 10901
-        protocol: HTTP
+        protocol: http
 
 ingress:
   main:
@@ -67,10 +78,14 @@ env:
       name: prometheus-operator-config
       key: prometheus-config-reloader
 
-# -- Whether Role Based Access Control objects like roles and rolebindings should be created
+podOptions:
+  automountServiceAccountToken: true
+
 rbac:
   main:
     enabled: true
+    primary: true
+    clusterWide: true
     rules:
       - apiGroups:
           - apiextensions.k8s.io
@@ -168,6 +183,7 @@ rbac:
 serviceAccount:
   main:
     enabled: true
+    primary: true
 
 securityContext:
   readOnlyRootFilesystem: false
@@ -812,7 +828,7 @@ prometheus:
       ##   - name: http
       ##     port: 10902
       ##     targetPort: http
-      ##     protocol: TCP
+      ##     protocol: tcp
       ##
       extraPorts: []
   ## @param prometheus.portName Port name used for the pods and governing service. This defaults to web
@@ -1361,4 +1377,5 @@ kubeProxy:
   enabled: false
 
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/enterprise/traefik/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "2.9.8"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.24
 deprecated: false
 description: Traefik is a flexible reverse proxy and Ingress Provider.
 home: https://truecharts.org/charts/enterprise/traefik
@@ -24,7 +24,7 @@ sources:
   - https://github.com/traefik/traefik-helm-chart
   - https://traefik.io/
 type: application
-version: 16.0.16
+version: 17.0.7
 annotations:
   truecharts.org/catagories: |
     - network

charts/enterprise/traefik/questions.yaml

@@ -378,16 +378,16 @@ questions:
                 schema:
                   type: int
                   default: 568
-        - variable: runAsGroup
-          label: "runAsGroup"
-          description: "The groupID this App of the user running the application"
-          schema:
-            type: int
-            default: 568
+              - variable: runAsGroup
+                label: "runAsGroup"
+                description: "The groupID of the user running the application"
+                schema:
+                  type: int
+                  default: 568
 # Include{securityContextContainer}
 # Include{securityContextAdvanced}
 # Include{securityContextPod}
-             - variable: fsGroup
+              - variable: fsGroup
                 label: "fsGroup"
                 description: "The group that should own ALL storage."
                 schema:

charts/enterprise/traefik/templates/_args.tpl

@@ -16,8 +16,8 @@ args:
   {{- end }}
   {{- range $name, $config := $ports }}
   {{- if $config }}
-  {{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }}
-  {{- $_ := set $config "protocol" "TCP" }}
+  {{- if or ( eq $config.protocol "http" ) ( eq $config.protocol "https" ) ( eq $config.protocol "tcp" ) }}
+  {{- $_ := set $config "protocol" "tcp" }}
   {{- end }}
   - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
   {{- end }}
@@ -98,8 +98,8 @@ args:
   - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
   {{- end }}
   {{- end }}
-  {{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }}
-  {{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }}
+  {{- if or ( $config.tls ) ( eq $config.protocol "https" ) }}
+  {{- if or ( $config.tls.enabled ) ( eq $config.protocol "https" ) }}
   - "--entrypoints.{{ $entrypoint }}.http.tls=true"
   {{- if $config.tls.options }}
   - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"

charts/enterprise/traefik/templates/_helpers.tpl

@@ -5,7 +5,7 @@ service generated.
 Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
 */}}
 {{- define "providers.kubernetesIngress.publishedServicePath" -}}
-{{- $fullName := include "tc.common.names.fullname" . -}}
+{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
 {{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
 {{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
 {{- print $servicePath | trimSuffix "-" -}}

charts/enterprise/traefik/templates/_ingressclass.tpl

@@ -16,7 +16,7 @@ metadata:
   annotations:
     ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
   labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
+    {{- include "tc.v1.common.lib.metadata.allLabels" . | nindent 4 }}
   name: {{ .Release.Name }}
 spec:
   controller: traefik.io/ingress-controller

charts/enterprise/traefik/templates/_ingressroute.tpl

@@ -1,17 +1,26 @@
 {{/* Define the ingressRoute */}}
 {{- define "traefik.ingressRoute" -}}
 {{ if .Values.ingressRoute.dashboard.enabled }}
+
+{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels -}}
+{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}}
+
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: {{ include "tc.common.names.fullname" . }}-dashboard
-  annotations:
-  {{- with .Values.ingressRoute.dashboard.annotations }}
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
+  name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard
+  {{- $labels := (mustMerge ($ingressRouteLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
+  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
   labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
+    {{- . | nindent 4 }}
+  {{- end }}
+  {{- $annotations := (mustMerge ($ingressRouteAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
+  {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
+  annotations:
+    {{- . | nindent 4 }}
+  {{- end }}
+
 spec:
   entryPoints:
     - main

charts/enterprise/traefik/templates/common.yaml

@@ -1,18 +1,11 @@
 {{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
+{{- include "tc.v1.common.loader.init" . }}
 
-{{- if .Values.metrics }}
-{{- if .Values.metrics.prometheus }}
-{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/port" "9180" -}}
-{{- end }}
-{{- end }}
 
 {{- $newArgs :=  (include "traefik.args" . | fromYaml) }}
 {{- $_ := set .Values "newArgs" $newArgs -}}
-{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
-{{- $_ := set .Values "args" $mergedargs -}}
+{{- $mergedargs := concat $.Values.workload.main.podSpec.containers.main.args .Values.newArgs.args }}
+{{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}}
 
 {{- include "traefik.portalhook" . }}
 {{- include "traefik.tlsOptions" . }}
@@ -21,4 +14,4 @@
 
 
 {{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}
+{{ include "tc.v1.common.loader.apply" . }}

charts/enterprise/traefik/values.yaml

@@ -4,6 +4,50 @@ image:
   tag: 2.9.8@sha256:4a2d3dda380990d825532e661b42457fc9871061dbc22b310468616378214a2e
   pullPolicy: IfNotPresent
 
+workload:
+  main:
+    replicas: 2
+    strategy: RollingUpdate
+    podSpec:
+      containers:
+        main:
+          args: []
+          probes:
+            # -- Liveness probe configuration
+            # @default -- See below
+            liveness:
+              # -- sets the probe type when not using a custom probe
+              # @default -- "TCP"
+              type: tcp
+              # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+              # @default -- "/"
+              # path: "/ping"
+
+            # -- Redainess probe configuration
+            # @default -- See below
+            readiness:
+              # -- sets the probe type when not using a custom probe
+              # @default -- "TCP"
+              type: tcp
+              # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+              # @default -- "/"
+              # path: "/ping"
+
+            # -- Startup probe configuration
+            # @default -- See below
+            startup:
+              # -- sets the probe type when not using a custom probe
+              # @default -- "TCP"
+              type: tcp
+              # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+              # @default -- "/"
+              # path: "/ping"
+
+# -- Options for all pods
+# Can be overruled per pod
+podOptions:
+  automountServiceAccountToken: true
+
 # -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
 ingressClass:
   # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
@@ -20,12 +64,6 @@ ingressRoute:
     annotations: {}
     # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
     labels: {}
-
-podAnnotations:
-  prometheus.io/scrape: "true"
-  prometheus.io/path: "/metrics"
-  prometheus.io/port: "9180"
-
 #
 # -- Configure providers
 providers:
@@ -140,7 +178,7 @@ service:
       main:
         port: 9000
         targetPort: 9000
-        protocol: HTTP
+        protocol: http
         # -- Forwarded Headers should never be enabled on Main entrypoint
         forwardedHeaders:
           enabled: false
@@ -154,7 +192,7 @@ service:
       web:
         enabled: true
         port: 9080
-        protocol: HTTP
+        protocol: http
         redirectTo: websecure
         # Options: Empty, 0 (ingore), or positive int
         # redirectPort:
@@ -175,7 +213,7 @@ service:
       websecure:
         enabled: true
         port: 9443
-        protocol: HTTPS
+        protocol: https
         # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
         forwardedHeaders:
           enabled: false
@@ -193,7 +231,7 @@ service:
   #      tcpexample:
   #        enabled: true
   #        targetPort: 9443
-  #        protocol: TCP
+  #        protocol: tcp
   #        tls:
   #          enabled: false
   #          # this is the name of a TLSOption definition
@@ -212,51 +250,22 @@ service:
         enabled: true
         port: 9180
         targetPort: 9180
-        protocol: HTTP
+        protocol: http
         # -- Forwarded Headers should never be enabled on Metrics entrypoint
         forwardedHeaders:
           enabled: false
         # -- Proxy Protocol should never be enabled on Metrics entrypoint
         proxyProtocol:
           enabled: false
-  udp:
-    enabled: false
-
-# probes:
-#   # -- Liveness probe configuration
-#   # @default -- See below
-#   liveness:
-#     # -- sets the probe type when not using a custom probe
-#     # @default -- "TCP"
-#     type: HTTP
-#     # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
-#     # @default -- "/"
-#     path: "/ping"
-
-#   # -- Redainess probe configuration
-#   # @default -- See below
-#   readiness:
-#     # -- sets the probe type when not using a custom probe
-#     # @default -- "TCP"
-#     type: HTTP
-#     # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
-#     # @default -- "/"
-#     path: "/ping"
-
-#   # -- Startup probe configuration
-#   # @default -- See below
-#   startup:
-#     # -- sets the probe type when not using a custom probe
-#     # @default -- "TCP"
-#     type: HTTP
-#     # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
-#     # @default -- "/"
-#     path: "/ping"
+  # udp:
+  #   enabled: false
 
 # -- Whether Role Based Access Control objects like roles and rolebindings should be created
 rbac:
   main:
     enabled: true
+    primary: true
+    clusterWide: true
     rules:
       - apiGroups:
           - ""
@@ -306,6 +315,7 @@ rbac:
 serviceAccount:
   main:
     enabled: true
+    primary: true
 
 # -- SCALE Middleware Handlers
 middlewares:
@@ -404,4 +414,5 @@ persistence:
     type: emptyDir
 
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/enterprise/vaultwarden/Chart.yaml

@@ -3,14 +3,10 @@ appVersion: "1.27.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
-  - condition: postgresql.enabled
-    name: postgresql
-    repository: https://deps.truecharts.org/
-    version: 11.0.31
+    version: 12.2.24
 deprecated: false
 description: Unofficial Bitwarden compatible server written in Rust
-home: https://truecharts.org/charts/stable/vaultwarden
+home: https://truecharts.org/charts/enterprise/vaultwarden
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/vaultwarden.png
 keywords:
   - bitwarden
@@ -26,11 +22,10 @@ maintainers:
     url: https://truecharts.org
 name: vaultwarden
 sources:
-  - https://github.com/truecharts/charts/tree/master/charts/stable/vaultwarden
-  - https://hub.docker.com/r/vaultwarden/server
+  - https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden
   - https://github.com/dani-garcia/vaultwarden
 type: application
-version: 19.0.23
+version: 20.0.6
 annotations:
   truecharts.org/catagories: |
     - security

charts/enterprise/vaultwarden/LICENSE

@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor:             The TrueCharts Project, it's owner and it's contributors
+Licensed Work:        The TrueCharts "Cert-Manager" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+                      as it is directly sourced from a TrueCharts provided
+                      official repository, catalog or source. You may also make private
+                      modification to the directly sourced licenced work,
+                      when used in production.
+
+                      The following cases are, due to their nature, also
+                      defined as 'production use' and explicitly prohibited:
+                      - Bundling, including or displaying the licensed work
+                      with(in) another work intended for production use,
+                      with the apparent intend of facilitating and/or
+                      promoting production use by third parties in
+                      violation of this license.
+
+Change Date:          2050-01-01
+
+Change License:       3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+   or a license that is compatible with GPL Version 2.0 or a later version,
+   where “compatible” means that software provided under the Change License can
+   be included in a program with software provided under GPL Version 2.0 or a
+   later version. Licensor may specify additional Change Licenses without
+   limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+   impose any additional restriction on the right granted in this License, as
+   the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.