chore(deps): update kubezero-metrics-dependencies

Reviewed-on: #85

.yamllint

@@ -0,0 +1,17 @@
+---
+extends: default
+
+ignore: |
+  .yamllint
+
+rules:
+  truthy:
+    allowed-values: ['true', 'false']
+    check-keys: False
+    level: error
+  line-length: disable
+  document-start: disable
+  comments:
+    min-spaces-from-content: 1
+  braces:
+    max-spaces-inside: 2

admin/hooks-1.31.sh

@@ -1,56 +0,0 @@
-### v1.31
-
-# All things BEFORE the first controller / control plane upgrade
-pre_control_plane_upgrade_cluster() {
-  # add kubezero version label to existing controller nodes for aws-iam migration
-  for n in $(kubectl get nodes -l "node-role.kubernetes.io/control-plane=" | grep v1.30 | awk {'print $1}'); do
-    kubectl label node $n 'node.kubernetes.io/kubezero.version=v1.30.6' || true
-  done
-
-  # patch aws-iam-authenticator DS to NOT run pods on 1.31 controllers
-  kubectl patch ds aws-iam-authenticator -n kube-system -p '{"spec": {"template": {"spec": {"nodeSelector": {"node.kubernetes.io/kubezero.version": "v1.30.6"}}}}}' || true
-}
-
-
-# All things after the first controller / control plane upgrade
-post_control_plane_upgrade_cluster() {
-  # delete previous root app controlled by kubezero module
-  kubectl delete application kubezero-git-sync -n argocd || true
-
-  # only patch appproject to keep SyncWindow in place
-  kubectl patch appproject kubezero -n argocd --type json -p='[{"op": "remove", "path": "/metadata/labels"}]' || true
-  kubectl patch appproject kubezero -n argocd --type json -p='[{"op": "remove", "path": "/metadata/annotations"}]' || true
-}
-
-
-# All things AFTER all contollers are on the new version
-pre_cluster_upgrade_final() {
-  set +e
-
-  if [ "$PLATFORM" == "aws" ];then
-    # cleanup aws-iam-authenticator
-    kubectl delete clusterrolebinding aws-iam-authenticator
-    kubectl delete clusterrole aws-iam-authenticator
-    kubectl delete serviceaccount aws-iam-authenticator -n kube-system
-    kubectl delete cm aws-iam-authenticator -n kube-system
-    kubectl delete ds aws-iam-authenticator -n kube-system
-    kubectl delete IAMIdentityMapping kubezero-worker-nodes
-    kubectl delete IAMIdentityMapping kubernetes-admin
-    kubectl delete crd iamidentitymappings.iamauthenticator.k8s.aws
-    kubectl delete secret aws-iam-certs -n kube-system
-  fi
-
-  # Remove any helm hook related resources
-  kubectl delete rolebinding argo-argocd-redis-secret-init -n argocd
-  kubectl delete sa argo-argocd-redis-secret-init -n argocd
-  kubectl delete role argo-argocd-redis-secret-init -n argocd
-  kubectl delete job argo-argocd-redis-secret-init -n argocd
-
-  set -e
-}
-
-
-# Last call
-post_cluster_upgrade_final() {
-  echo
-}

admin/libhelm.sh

@@ -210,7 +210,7 @@ for manifest in yaml.safe_load_all(sys.stdin):
 # helm template | kubectl apply -f -
 # confine to one namespace if possible
 function render() {
-  helm secrets --evaluate-templates template $(chart_location $chart) -n $namespace --name-template $module $targetRevision --skip-tests --skip-crds -f $WORKDIR/values.yaml $API_VERSIONS --kube-version $KUBE_VERSION $@ \
+  helm secrets --evaluate-templates template $(chart_location $chart) -n $namespace --name-template $module $targetRevision --skip-tests --skip-crds -f $WORKDIR/values.yaml $API_VERSIONS --kube-version $KUBE_VERSION $ENV_VALUES \
     | python3 -c '
 #!/usr/bin/python3
 import yaml

admin/migrate_argo_values.py

@@ -8,18 +8,9 @@ import yaml
 def migrate(values):
     """Actual changes here"""
 
-    # migrate kubezero root app of apps to Argo chart
+    # 1.32
     try:
-        if values["kubezero"]:
-            try:
-                values["kubezero"].pop("syncPolicy")
-            except KeyError:
         pass
-            values["kubezero"]["gitSync"]["repoUrl"] = values["kubezero"]["gitSync"].pop("repoURL")
-
-            values["argo"]["argo-cd"]["kubezero"] = values["kubezero"]["gitSync"]
-
-            values.pop("kubezero")
     except KeyError:
         pass
 

admin/upgrade_cluster.sh

@@ -2,7 +2,7 @@
 set -eE
 set -o pipefail
 
-KUBE_VERSION=v1.31
+KUBE_VERSION=v1.32
 
 ARGO_APP=${1:-/tmp/new-kubezero-argoapp.yaml}
 
@@ -38,9 +38,6 @@ echo "Applying remaining KubeZero modules..."
 
 admin_job "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo"
 
-# we replace the project during v1.31 so disable again
-[ "$ARGOCD" == "true" ] && disable_argo
-
 # Final step is to commit the new argocd kubezero app
 kubectl get app kubezero -n argocd -o yaml | yq 'del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..)' > $ARGO_APP
 

charts/kubeadm/templates/patches/kube-apiserver0.yaml

@@ -4,5 +4,5 @@ spec:
   - name: kube-apiserver
     resources:
       requests:
-        cpu: 250m
-        memory: 1268Mi
+        cpu: 200m
+        memory: 1536Mi

charts/kubeadm/templates/patches/kube-controller-manager0.yaml

@@ -3,5 +3,5 @@ spec:
   - name: kube-controller-manager
     resources:
       requests:
-        cpu: 50m
-        memory: 192Mi
+        cpu: 30m
+        memory: 128Mi

charts/kubeadm/templates/patches/kube-scheduler0.yaml

@@ -3,5 +3,5 @@ spec:
   - name: kube-scheduler
     resources:
       requests:
-        cpu: 50m
-        memory: 96Mi
+        cpu: 30m
+        memory: 64Mi

charts/kubezero-argo/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: KubeZero Argo - Events, Workflow, CD
 name: kubezero-argo
-version: 0.3.3
+version: 0.4.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -22,7 +22,7 @@ dependencies:
     repository: https://argoproj.github.io/argo-helm
     condition: argo-events.enabled
   - name: argo-cd
-    version: 7.9.0
+    version: 8.0.9
     repository: https://argoproj.github.io/argo-helm
     condition: argo-cd.enabled
   - name: argocd-image-updater

charts/kubezero-argo/README.md

@@ -1,6 +1,6 @@
 # kubezero-argo
 
-![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square)
 
 KubeZero Argo - Events, Workflow, CD
 
@@ -18,7 +18,7 @@ Kubernetes: `>= 1.30.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://argoproj.github.io/argo-helm | argo-cd | 7.9.0 |
+| https://argoproj.github.io/argo-helm | argo-cd | 8.0.9 |
 | https://argoproj.github.io/argo-helm | argo-events | 2.4.15 |
 | https://argoproj.github.io/argo-helm | argocd-image-updater | 0.12.1 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
@@ -28,17 +28,16 @@ Kubernetes: `>= 1.30.0-0`
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | argo-cd.configs.cm."application.instanceLabelKey" | string | `nil` |  |
-| argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation"` |  |
 | argo-cd.configs.cm."resource.customizations" | string | `"argoproj.io/Application:\n  health.lua: |\n    hs = {}\n    hs.status = \"Progressing\"\n    hs.message = \"\"\n    if obj.status ~= nil then\n      if obj.status.health ~= nil then\n        hs.status = obj.status.health.status\n        if obj.status.health.message ~= nil then\n          hs.message = obj.status.health.message\n        end\n      end\n    end\n    return hs\n"` |  |
+| argo-cd.configs.cm."server.rbac.log.enforce.enable" | string | `nil` |  |
 | argo-cd.configs.cm."timeout.reconciliation" | string | `"300s"` |  |
-| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.31 - Release notes"` |  |
+| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.32 - Release notes"` |  |
 | argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` |  |
 | argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` |  |
-| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.31"` |  |
+| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.32"` |  |
 | argo-cd.configs.cm.installationID | string | `"KubeZero-ArgoCD"` |  |
 | argo-cd.configs.cm.url | string | `"https://argocd.example.com"` |  |
 | argo-cd.configs.params."controller.diff.server.side" | string | `"true"` |  |
-| argo-cd.configs.params."controller.resource.health.persist" | string | `"false"` |  |
 | argo-cd.configs.params."controller.sync.timeout.seconds" | int | `1800` |  |
 | argo-cd.configs.params."server.enable.gzip" | bool | `true` |  |
 | argo-cd.configs.params."server.insecure" | bool | `true` |  |
@@ -54,7 +53,7 @@ Kubernetes: `>= 1.30.0-0`
 | argo-cd.dex.enabled | bool | `false` |  |
 | argo-cd.enabled | bool | `false` |  |
 | argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` |  |
-| argo-cd.global.image.tag | string | `"v2.14.9-1"` |  |
+| argo-cd.global.image.tag | string | `"v3.0.3"` |  |
 | argo-cd.global.logging.format | string | `"json"` |  |
 | argo-cd.global.networkPolicy.create | bool | `true` |  |
 | argo-cd.istio.enabled | bool | `false` |  |

charts/kubezero-argo/dashboards.yaml

@@ -4,6 +4,6 @@ condition: 'index .Values "argo-cd" "controller" "metrics" "enabled"'
 folder: KubeZero
 dashboards:
 - name: ArgoCD
-  url: https://grafana.com/api/dashboards/14584/revisions/1/download
+  url: https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json
   tags:
   - ArgoCD

charts/kubezero-argo/templates/argo-cd/kubezero-git-sync-app.yaml

@@ -26,8 +26,8 @@ spec:
       prune: true
     syncOptions:
       - ServerSideApply=true
-      - ApplyOutOfSyncOnly=true
+    # - ApplyOutOfSyncOnly=true
   info:
     - name: "Source:"
-      value: "https://git.zero-downtime.net/ZeroDownTime/KubeZero/src/branch/release/v1.31/"
+      value: "https://git.zero-downtime.net/ZeroDownTime/KubeZero/src/branch/release/v1.32/"
 {{- end }}

charts/kubezero-argo/values.yaml

@@ -38,7 +38,7 @@ argo-cd:
       format: json
     image:
       repository: public.ecr.aws/zero-downtime/zdt-argocd
-      tag: v2.14.9-1
+      tag: v3.0.3
     networkPolicy:
       create: true
 
@@ -49,8 +49,8 @@ argo-cd:
       .sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }
 
     cm:
-      ui.bannercontent: "KubeZero v1.31 - Release notes"
-      ui.bannerurl: "https://kubezero.com/releases/v1.31"
+      ui.bannercontent: "KubeZero v1.32 - Release notes"
+      ui.bannerurl: "https://kubezero.com/releases/v1.32"
       ui.bannerpermanent: "true"
       ui.bannerposition: "bottom"
 
@@ -59,9 +59,9 @@ argo-cd:
 
       timeout.reconciliation: 300s
 
-      application.resourceTrackingMethod: annotation
       installationID: "KubeZero-ArgoCD"
       application.instanceLabelKey: Null
+      server.rbac.log.enforce.enable: Null
 
       resource.customizations: |
         argoproj.io/Application:
@@ -89,7 +89,6 @@ argo-cd:
       extraHosts: "git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7UgK7Z4dDcuIW1uMOsuwhrqdkJCvYG/ZjHtLM7WaKFxVRnzNnNkQJNncWIGNDUQ1xxrbsoSNRZDtk0NlOjNtx2aApSWl4iWghkpXELvsZtOZ7I9FSC/E6ImLC3KWfK7P0mhZaF6kHPfpu8Y6pjUyLBTpV1AaVwr0I8onyqGazJOVotTFaBFEi/sT0O2FUk7agwZYfj61w3JGOy3c+fmBcK3lXf/QM90tosOpJNuJ7n5Vk5FDDLkl9rO4XR/+mXHFvITiWb8F5C50YAwjYcy36yWSSryUAAHAuqpgotwh65vSG6fZvFhmEwO2BrCkOV5+k8iRfhy/yZODJzZ5V/5cbMbdZrY6lm/p5/S1wv8BEyPekBGdseqQjEO0IQiQHcMrfgTrrQ7ndbZzVZRByZI+wbGFkBCzNSJcNsoiHjs2EblxYyuW0qUvvrBxLnySvaxyPm4BOukSAZAOEaUrajpQlnHdnY1CGcgbwxw0LNv3euKQ3tDJSUlKO0Wd8d85PRv1THW4Ui9Lhsmv+BPA2vJZDOkx/n0oyPFAB0oyd5JNM38eFxLCmPC2OE63gDP+WmzVO61YCVTnvhpQjEOLawEWVFsk0y25R5z5BboDqJaOFnZF6i517O96cn17z3Ls4hxw3+0rlKczYRoyfUHs7KQENa4mY8YlJweNTBgld//RMUQ=="
 
     params:
-      controller.resource.health.persist: "false"
       controller.diff.server.side: "true"
       controller.sync.timeout.seconds: 1800
 

charts/kubezero-auth/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-auth
 description: KubeZero umbrella chart for all things Authentication and Identity management
 type: application
-version: 0.6.2
+version: 0.6.3
 appVersion: 26.0.5
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
@@ -18,6 +18,6 @@ dependencies:
     repository: https://cdn.zero-downtime.net/charts/
   - name: keycloak
     repository: "oci://registry-1.docker.io/bitnamicharts"
-    version: 24.6.1
+    version: 24.7.1
     condition: keycloak.enabled
 kubeVersion: ">= 1.30.0-0"

charts/kubezero-auth/README.md

@@ -1,6 +1,6 @@
 # kubezero-auth
 
-![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 26.0.5](https://img.shields.io/badge/AppVersion-26.0.5-informational?style=flat-square)
+![Version: 0.6.3](https://img.shields.io/badge/Version-0.6.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 26.0.5](https://img.shields.io/badge/AppVersion-26.0.5-informational?style=flat-square)
 
 KubeZero umbrella chart for all things Authentication and Identity management
 
@@ -19,7 +19,7 @@ Kubernetes: `>= 1.30.0-0`
 | Repository | Name | Version |
 |------------|------|---------|
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
-| oci://registry-1.docker.io/bitnamicharts | keycloak | 24.6.1 |
+| oci://registry-1.docker.io/bitnamicharts | keycloak | 24.7.1 |
 
 # Keycloak
    

charts/kubezero-ci/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-ci
 description: KubeZero umbrella chart for all things CI
 type: application
-version: 0.8.21
+version: 0.8.23
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -18,19 +18,19 @@ dependencies:
     version: 0.2.1
     repository: https://cdn.zero-downtime.net/charts/
   - name: gitea
-    version: 11.0.0
+    version: 12.0.0
     repository: https://dl.gitea.io/charts/
     condition: gitea.enabled
   - name: jenkins
-    version: 5.8.18
+    version: 5.8.48
     repository: https://charts.jenkins.io
     condition: jenkins.enabled
   - name: trivy
-    version: 0.12.0
+    version: 0.14.1
     repository: https://aquasecurity.github.io/helm-charts/
     condition: trivy.enabled
   - name: renovate
-    version: 39.200.0
+    version: 40.22.1
     repository: https://docs.renovatebot.com/helm-charts
     condition: renovate.enabled
 kubeVersion: ">= 1.25.0"

charts/kubezero-ci/README.md

@@ -1,6 +1,6 @@
 # kubezero-ci
 
-![Version: 0.8.21](https://img.shields.io/badge/Version-0.8.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.8.23](https://img.shields.io/badge/Version-0.8.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero umbrella chart for all things CI
 
@@ -18,11 +18,11 @@ Kubernetes: `>= 1.25.0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://aquasecurity.github.io/helm-charts/ | trivy | 0.12.0 |
+| https://aquasecurity.github.io/helm-charts/ | trivy | 0.14.1 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
-| https://charts.jenkins.io | jenkins | 5.8.18 |
-| https://dl.gitea.io/charts/ | gitea | 11.0.0 |
-| https://docs.renovatebot.com/helm-charts | renovate | 39.200.0 |
+| https://charts.jenkins.io | jenkins | 5.8.48 |
+| https://dl.gitea.io/charts/ | gitea | 12.0.0 |
+| https://docs.renovatebot.com/helm-charts | renovate | 40.22.1 |
 
 # Jenkins
 - default build retention 10 builds, 32days
@@ -68,7 +68,6 @@ Kubernetes: `>= 1.25.0`
 | gitea.gitea.metrics.enabled | bool | `false` |  |
 | gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` |  |
 | gitea.image.rootless | bool | `true` |  |
-| gitea.image.tag | string | `"1.23.5"` |  |
 | gitea.istio.blockApi | bool | `false` |  |
 | gitea.istio.enabled | bool | `false` |  |
 | gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` |  |

charts/kubezero-ci/charts/jenkins/CHANGELOG.md

@@ -5,13 +5,133 @@ The release numbering uses [semantic versioning](http://semver.org).
 
 Use the following links to reference issues, PRs, and commits prior to v2.6.0.
 
-* Issue:  `https://github.com/helm/charts/issues/[issue#]`
-* PR:     `https://github.com/helm/charts/pull/[pr#]`
-* Commit: `https://github.com/helm/charts/commit/[commit]/stable/jenkins`
+- Issue: `https://github.com/helm/charts/issues/[issue#]`
+- PR: `https://github.com/helm/charts/pull/[pr#]`
+- Commit: `https://github.com/helm/charts/commit/[commit]/stable/jenkins`
 
 The changelog until v1.5.7 was auto-generated based on git commits.
 Those entries include a reference to the git commit to be able to get more details.
 
+## 5.8.48
+
+Update `docker.io/bats/bats` to version `1.12.0`
+
+## 5.8.47
+
+Fix code styling for super-linter 7 upgrade
+
+## 5.8.46
+
+Update `kubernetes` to version `4340.v345364d31a_2a_`
+
+## 5.8.45
+
+Update `jenkins/inbound-agent` to version `3309.v27b_9314fd1a_4-2`
+
+## 5.8.44
+
+Fix the default value for `controller.sidecars.configAutoReload.env` (change from `{}` to `[]`) to address `coalesce.go:286: warning: cannot overwrite table with non table`.
+
+## 5.8.43
+
+Update `configuration-as-code` to version `1967.va_968e15fd05b_`
+
+## 5.8.42
+
+Update `kubernetes` to version `4336.v55d9a_494db_38`
+
+## 5.8.41
+
+Update `jenkins/inbound-agent` to version `3309.v27b_9314fd1a_4-1`
+
+## 5.8.40
+
+Update `kubernetes` to version `4334.v32b_f157682d6`
+
+## 5.8.39
+
+Update `configuration-as-code` to version `1963.v24e046127a_3f`
+
+## 5.8.38
+
+Update `jenkins/jenkins` to version `2.504.1-jdk21`
+
+## 5.8.37
+
+Update `jenkins/inbound-agent` to version `3307.v632ed11b_3a_c7-2`
+
+## 5.8.36
+
+Update `configuration-as-code` to version `1958.vddc0d369b_e16`
+
+## 5.8.35
+
+Support .Values.agent.garbageCollection also in secondary clouds
+
+## 5.8.34
+
+Added .Values.agent.instanceCap to limit number of agents of each type.
+
+## 5.8.33
+
+Update `configuration-as-code` to version `1953.v148f87d74b_1e`
+
+## 5.8.32
+
+Update `jenkins/jenkins` to version `2.492.3-jdk21`
+
+## 5.8.31
+
+Update `jenkins/jenkins` to version `2.492.3-jdk17`
+
+## 5.8.30
+
+Update `jenkins/inbound-agent` to version `3301.v4363ddcca_4e7-3`
+
+## 5.8.29
+
+Update `docker.io/kiwigrid/k8s-sidecar` to version `1.30.3`
+
+## 5.8.28
+
+Update `jenkins/inbound-agent` to version `3301.v4363ddcca_4e7-2`
+
+## 5.8.27
+
+Update `jenkins/inbound-agent` to version `3301.v4363ddcca_4e7-1`
+
+## 5.8.26
+
+Update `jenkins/inbound-agent` to version `3299.v0d0d06908537-2`
+
+## 5.8.25
+
+Fix indentation in `values.yaml`
+
+## 5.8.24
+
+Update `workflow-aggregator` to version `608.v67378e9d3db_1`
+
+## 5.8.23
+
+Update `configuration-as-code` to version `1947.v7d33fe23569c`
+
+## 5.8.22
+
+Update `jenkins/inbound-agent` to version `3299.v0d0d06908537-1`
+
+## 5.8.21
+
+Update `kubernetes` to version `4324.vfec199a_33512`
+
+## 5.8.20
+
+Update `jenkins/inbound-agent` to version `3291.vb_131b_dc231fa_-1`
+
+## 5.8.19
+
+Update `docker.io/kiwigrid/k8s-sidecar` to version `1.30.2`
+
 ## 5.8.18
 
 Update `jenkins/jenkins` to version `2.492.2-jdk17`
@@ -289,7 +409,6 @@ Update `kubernetes` to version `4265.v78b_d4a_1c864a_`
 
 Introduce capability of set skipTlsVerify and usageRestricted flags in additionalClouds
 
-
 ## 5.4.4
 
 Update CHANGELOG.md, README.md, and UPGRADING.md for linting
@@ -321,6 +440,7 @@ Update `kubernetes` to version `4253.v7700d91739e5`
 ## 5.3.4
 
 Update `jenkins/jenkins` to version `2.452.3-jdk17`
+
 ## 5.3.3
 
 Update `jenkins/inbound-agent` to version `3256.v88a_f6e922152-1`
@@ -501,7 +621,6 @@ Enable support for deleting plugin configuration files at startup.
 
 Fixed changelog entries for previous version bumps
 
-
 ## 5.0.14
 
 Update `jenkins/jenkins` to version `2.440.1-jdk17`
@@ -516,8 +635,8 @@ Fix controller.sidecars.additionalSidecarContainers renaming and add tests
 
 ## 5.0.11
 
-* Add controller.sidecars.configAutoReload.scheme to specify protocol scheme when connecting Jenkins configuration-as-code reload endpoint
-* Add controller.sidecars.configAutoReload.skipTlsVerify to force the k8s-sidecar container to skip TLS verification when connecting to an HTTPS Jenkins configuration-as-code reload endpoint
+- Add controller.sidecars.configAutoReload.scheme to specify protocol scheme when connecting Jenkins configuration-as-code reload endpoint
+- Add controller.sidecars.configAutoReload.skipTlsVerify to force the k8s-sidecar container to skip TLS verification when connecting to an HTTPS Jenkins configuration-as-code reload endpoint
 
 ## 5.0.10
 
@@ -557,8 +676,8 @@ Update `docker.io/bats/bats` to version `v1.10.0`
 
 ## 5.0.0
 
-  > [!CAUTION]
-  > Several fields have been renamed or removed. See [UPGRADING.md](./UPGRADING.md#to-500)
+> [!CAUTION]
+> Several fields have been renamed or removed. See [UPGRADING.md](./UPGRADING.md#to-500)
 
 The Helm Chart is now updated automatically via [Renovate](https://docs.renovatebot.com/)
 
@@ -571,7 +690,7 @@ Update Jenkins image and appVersion to jenkins lts release version 2.426.3
 Add support for [generic ephemeral storage](https://github.com/jenkinsci/kubernetes-plugin/pull/1489) in `agent.volumes` and `agents.workspaceVolume`.
 
 | plugin     | old version         | new version        |
-|------------|---------------------|--------------------|
+| ---------- | ------------------- | ------------------ |
 | kubernetes | 4029.v5712230ccb_f8 | 4174.v4230d0ccd951 |
 
 ## 4.11.2
@@ -594,8 +713,8 @@ Bumped Jenkins inbound agent from 3107.v665000b_51092-15 to 3192.v713e3b_039fb_e
 
 Update Jenkins image and appVersion to jenkins lts release version 2.426.2
 
-
 Notes about [Artifact Hub](https://artifacthub.io/packages/helm/jenkinsci/jenkins?modal=changelog) changelog processing:
+
 - Remove empty lines
 - Keep only ASCII characters (no emojis)
 - One change per line
@@ -691,7 +810,6 @@ Added `.Values.controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey` to all
 
 Update Jenkins image and appVersion to jenkins lts release version 2.414.1
 
-
 ## 4.5.0
 
 Added `.Values.persistence.dataSource` to allow cloning home PVC from existing dataSource.
@@ -700,7 +818,6 @@ Added `.Values.persistence.dataSource` to allow cloning home PVC from existing d
 
 Update Jenkins image and appVersion to jenkins lts release version 2.401.3
 
-
 ## 4.4.1
 
 Added `.Values.agent.jnlpregistry` to allow agents to be configured with private registry.
@@ -709,7 +826,6 @@ Added `.Values.agent.jnlpregistry` to allow agents to be configured with private
 
 Add config keys for liveness probes on agent containers.
 
-
 ## 4.3.30
 
 Update Jenkins version in controller test matching LTS version
@@ -718,7 +834,6 @@ Update Jenkins version in controller test matching LTS version
 
 Update Jenkins image and appVersion to jenkins lts release version 2.401.2
 
-
 ## 4.3.28
 
 Allow the kubernetes API server URL to be configurable.
@@ -734,8 +849,8 @@ Fix various typos in the chart documentation.
 ## 4.3.25
 
 | plugin                | old version          | new version           |
-|-----------------------|----------------------|-----------------------|
-| kubernetes            | 3900.va_dce992317b_4 | 3937.vd7b_82db_e347b_ |
+| --------------------- | -------------------- | --------------------- |
+| kubernetes            | 3900.va_dce992317b_4 | 3937.vd7b*82db_e347b* |
 | configuration-as-code | 1625.v27444588cc3d   | 1647.ve39ca_b_829b_42 |
 | git                   | 5.0.0                | 5.1.0                 |
 | ldap                  | 671.v2a_9192a_7419d  | 682.v7b_544c9d1512    |
@@ -744,46 +859,38 @@ Fix various typos in the chart documentation.
 
 Update Jenkins image and appVersion to jenkins lts release version 2.401.1
 
-
 ## 4.3.23
 
 Update Jenkins image and appVersion to jenkins lts release version 2.387.3
 
-
 ## 4.3.22
 
-
 Bump chart version.
 
 ## 4.3.21
 
-
 Document building charts for weekly releases.
 
 ## 4.3.20
 
-
 Enhance repository appearance and miscellaneous cleanup.
 
 ## 4.3.19
 
-
 Comply with superlinter rules and address ShellCheck issues.
 
 ## 4.3.18
 
-
 Bump kiwigrid/k8s-sidecar from 1.15.0 to 1.23.1.
 
 ## 4.3.17
 
-
 Bump jenkins/inbound-agent from 4.11.2-4 to 3107.v665000b_51092-5.
 
 ## 4.3.16
 
-
 Update bundled plugins:
+
 - [ldap](https://plugins.jenkins.io/ldap/): From 2.5 to 671.v2a_9192a_7419d
 - [kubernetes](https://plugins.jenkins.io/kubernetes/): From 3734.v562b_b_a_627ea_c to 3900.va_dce992317b_4
 - [workflow-aggregator](https://plugins.jenkins.io/workflow-aggregator/): From 590.v6a_d052e5a_a_b_5 to 590.v6a_d052e5a_a_b_5
@@ -791,29 +898,24 @@ Update bundled plugins:
 
 ## 4.3.15
 
-
 Update bats from 1.2.1 to 1.9.0.
 
 ## 4.3.14
 
-
 Update various GH actions, typo fixes, and miscellaneous chores.
 
 ## 4.3.13
 
-
 Bump helm-unittest from 0.2.8 to 0.2.11.
 
 ## 4.3.12
 
-
 Update wording in values.yml.
 
 ## 4.3.11
 
 Update Jenkins image and appVersion to jenkins lts release version 2.387.2
 
-
 ## 4.3.10
 
 Correct incorrect env var definition
@@ -845,7 +947,6 @@ Added `.Values.helmtest.bats.image` and `.Values.helmtest.bats.image` to allow u
 
 Update Jenkins image and appVersion to jenkins lts release version 2.375.3
 
-
 ## 4.3.3
 
 Removed hardcoding of chart version in tests to make maintenance easier
@@ -855,7 +956,6 @@ Removed hardcoding of chart version in tests to make maintenance easier
 Added `.Values.serviceAccount.extraLabels` on Service Account
 Added `.Values.serviceAccountAgent.extraLabels` on Agent's Service Account
 
-
 ## 4.3.0
 
 Moved use of `.Values.containerEnv` within `jenkins` Container to top of `env` block to allow for subsequent Environment Variables to reference these additional ones.
@@ -864,7 +964,6 @@ Moved use of `.Values.containerEnv` within `jenkins` Container to top of `env` b
 
 Update Jenkins image and appVersion to jenkins lts release version 2.375.2
 
-
 ## 4.2.20
 
 Fixed the `controller.prometheus.metricRelabelings` being unable to convert the value to the ServiceMonitor.
@@ -883,7 +982,6 @@ Added option to set secretEnvVars.
 
 Update Jenkins image and appVersion to jenkins lts release version 2.375.1
 
-
 ## 4.2.16
 
 Fixed chart notes not rendering Jenkins URL with prefix when `controller.jenkinsUriPrefix` is set.
@@ -906,43 +1004,49 @@ Adding `tpl` to `controller.additionalExistingSecrets`
 
 Update Jenkins image and appVersion to jenkins lts release version 2.361.3
 
-
 ## 4.2.11
 
 Update default plugin versions
 
 | plugin                | old version         | new version            |
-|-----------------------|-----------------------|------------------------|
+| --------------------- | ------------------- | ---------------------- |
 | kubernetes            | 3706.vdfb_d599579f3 | 3734.v562b_b_a_627ea_c |
 | git                   | 4.11.5              | 4.13.0                 |
 | configuration-as-code | 1512.vb_79d418d5fc8 | 1569.vb_72405b_80249   |
 
 ## 4.2.10
+
 Fix grammar and typos
 
 ## 4.2.9
+
 Update Jenkins image and appVersion to jenkins lts release version 2.361.2
 
 ## 4.2.8
+
 Modify the condition to trigger copying jenkins_config files when configAutoReload option is disabled during Jenkins initialization
 
 ## 4.2.7
+
 Support for remote URL for configuration
 
 ## 4.2.6
+
 Add option to set hostnetwork for agents
 
 ## 4.2.5
+
 Add an extra optional argument to extraPorts in order to specify targetPort
 
 ## 4.2.4
+
 Remove k8s capibility requirements when setting priority class for controller
 
 ## 4.2.3 Update plugin versions
 
 | plugin                | old version           | new version           |
 | --------------------- | --------------------- | --------------------- |
-| kubernetes            | 3600.v144b_cd192ca_a_ | 3706.vdfb_d599579f3   |
+| kubernetes            | 3600.v144b*cd192ca_a* | 3706.vdfb_d599579f3   |
 | workflow-aggregator   | 581.v0c46fa_697ffd    | 590.v6a_d052e5a_a_b_5 |
 | configuration-as-code | 1429.v09b_044a_c93de  | 1512.vb_79d418d5fc8   |
 | git                   | 4.11.3                | 4.11.5                |
@@ -966,17 +1070,14 @@ Add option to provide additional containers to agents
 
 Update Jenkins image and appVersion to jenkins lts release version 2.361.1
 
-
 ## 4.1.17
 
 Update Jenkins casc default settings to allow `security` configs to be provided
 
-
 ## 4.1.16
 
 Update Jenkins image and appVersion to jenkins lts release version 2.346.3
 
-
 ## 4.1.15
 
 `projectNamingStrategy` is configurable in default config.
@@ -989,7 +1090,6 @@ If `installPlugins` is disabled, don't create unused plugins volume.
 
 Update Jenkins image and appVersion to jenkins lts release version 2.346.2
 
-
 ## 4.1.12
 
 If keystore is defined, it is now also made available in the initContainer.
@@ -1002,7 +1102,6 @@ JCasC ConfigMaps now generate their name from the `jenkins.casc.configName` help
 
 Update Jenkins image and appVersion to jenkins lts release version 2.346.1
 
-
 ## 4.1.9
 
 Allow setting `imagePullSecret` for backup job via `backup.imagePullSecretName`
@@ -1024,12 +1123,15 @@ project adminSecret, additionalSecrets and additionalExistingSecrets instead of
 Update readme to fix `JAVA_OPTS` name.
 
 ## 4.1.4
+
 Update plugins
 
 ## 4.1.3
+
 Update jenkins-controller-statefulset projected volumes definition
 
 ## 4.1.1
+
 Added 'controller.prometheus.metricRelabelings' to allow relabling and dropping unused prometheus metrics
 
 ## 4.1.0
@@ -1063,7 +1165,7 @@ Update Jenkins image and appVersion to jenkins lts release version 2.332.2
 ## 3.11.9 Bump configuration-as-code plugin version
 
 | plugin                | old version | new version        |
-| --------------------- | ----------- | ----------- |
+| --------------------- | ----------- | ------------------ |
 | configuration-as-code | 1.51        | 1414.v878271fc496f |
 
 ## 3.11.8
@@ -1078,7 +1180,6 @@ Removed Configuration as Code `remotingSecurity` section for Jenkins 2.326 or ne
 
 Update Jenkins image and appVersion to jenkins lts release version 2.332.1
 
-
 ## 3.11.5
 
 Change Backup Role name function call to match the RoleDef function call in the Backup RoleBinding
@@ -1087,7 +1188,6 @@ Change Backup Role name function call to match the RoleDef function call in the
 
 Update Jenkins image and appVersion to jenkins lts release version 2.319.3
 
-
 ## 3.11.3
 
 Update kiwigrid/k8s-sidecar:1.15.0
@@ -1101,13 +1201,12 @@ Improve example for workspaceVolume. Clarify that this is not a list.
 
 Update configuration-as-code plugin to 1.55.1
 
-
 ## 3.11.0
 
 Update default plugin versions
 
 | plugin     | old version | new version |
-| --------------------- | ----------- | ----------- |
+| ---------- | ----------- | ----------- |
 | kubernetes | 1.31.1      | 1.31.3      |
 | git        | 4.10.1      | 4.10.2      |
 
@@ -1115,7 +1214,6 @@ Update default plugin versions
 
 Update Jenkins image and appVersion to jenkins lts release version 2.319.2
 
-
 ## 3.10.2
 
 Fix definition of startupProbe when deploying on a Kubernetes cluster < 1.16
@@ -1147,9 +1245,9 @@ Fix config reload request URL when httpsKeystore in use
 Update Jenkins image and appVersion to jenkins lts release version 2.319.1
 Update following plugins:
 
-* kubernetes:1.30.11
-* git:4.10.0
-* configuration-as-code:1.54
+- kubernetes:1.30.11
+- git:4.10.0
+- configuration-as-code:1.54
 
 ## 3.9.1
 
@@ -1215,33 +1313,39 @@ Fix httpsKeyStore mount when `controller.httpsKeyStore.enable` is `true`
 
 Update Jenkins image and appVersion to jenkins lts release version 2.303.2
 
-
 ## 3.6.0
+
 Support custom agent pod labels
 
 ## 3.5.20
+
 Disallow ingress on port 50000 when agent listener is disabled
 
 ## 3.5.19
+
 Add support for specifying termination-log behaviour for Jenkins controller
 
 ## 3.5.18
+
 Add support for creating a Pod Disruption Budget for Jenkins controller
 
 ## 3.5.17
+
 Update workdingDir to `/home/jenkins/agent`
 
 ## 3.5.16
+
 Update location of icon (wiki.jenkins.io is down)
 
 ## 3.5.15
+
 Add support for adding labels to the Jenkins home Persistent Volume Claim (pvc)
 
 ## 3.5.14
 
-* Updated versions of default plugins
-* Use verbose logging during plugin installation
-* download the latest version of all plugin dependencies (Fixes #442)
+- Updated versions of default plugins
+- Use verbose logging during plugin installation
+- download the latest version of all plugin dependencies (Fixes #442)
 
 ## 3.5.13
 
@@ -1263,7 +1367,6 @@ Fixed `controller.customJenkinsLabels` not getting templated into the controller
 
 Update Jenkins image and appVersion to jenkins lts release version 2.289.3
 
-
 ## 3.5.8
 
 Add parameter `backup.serviceAccount.create` to disable service account creation for backup service and `backup.serviceAccount.name` to allow change of the SA name.
@@ -1294,6 +1397,7 @@ Update Jenkins image and appVersion to jenkins lts release version 2.289.2
 Enable setting `controller.installLatestSpecifiedPlugins` to set whether to download the latest dependencies of any plugin that is requested to have the latest version.
 
 ## 3.5.1
+
 Fix activeDeadlineSeconds wrong type bug in jenkins-backup-cronjob template
 
 ## 3.5.0
@@ -1317,43 +1421,56 @@ Make `controller.ingress.resourceRootUrl` compatible with API version networking
 Update Jenkins image and appVersion to jenkins lts release version 2.289.1
 
 ## 3.3.21
+
 `persistence.mounts` additionally mount to init container to allow custom CA certificate keystore
 
 ## 3.3.18
+
 Added `controller.overrideArgs` so any cli argument can be passed to the WAR.
 
 ## 3.3.17
+
 Correct docs on disabling plugin installation
 
 ## 3.3.16
+
 Support generating `SecretClaim` resources in order to read secrets from HashiCorp Vault into Kubernetes using `kube-vault-controller`.
 
 ## 3.3.15
+
 Prevent `controller.httpsKeyStore` from improperly being quoted, leading to an invalid location on disk
 
 ## 3.3.14
+
 Correct docs on disabling plugin installation
 
 ## 3.3.13
+
 Update plugins
 
 ## 3.3.12
+
 Add `controller.additionalExistingSecrets` property
 
 ## 3.3.11
+
 Add support for disabling the Agent listener service via `controller.agentListenerEnabled`.
 
 ## 3.3.10
+
 Update Jenkins image and appVersion to jenkins lts release version 2.277.4
 
 ## 3.3.9
-* Change helper template so user defined `agent.jenkinsUrl` value will always be used, if set
-* Simplify logic for `jenkinsUrl` and `jenkinsTunnel` generation: always use fully qualified address
+
+- Change helper template so user defined `agent.jenkinsUrl` value will always be used, if set
+- Simplify logic for `jenkinsUrl` and `jenkinsTunnel` generation: always use fully qualified address
 
 ## 3.3.8
+
 Update Jenkins image and appVersion to jenkins lts release version 2.277.3
 
 ## 3.3.7
+
 fix controller-ingress line feed bug
 
 ## 3.3.6
@@ -1369,7 +1486,6 @@ Use tpl function for environment vars. Fixes [https://github.com/jenkinsci/helm-
 
 Update Jenkins image and appVersion to jenkins lts release version 2.277.2
 
-
 ## 3.3.3
 
 Enable setting `controller.installLatestPlugins` to set whether to download the minimum required version of all dependencies.
@@ -1395,6 +1511,7 @@ Add missing `controller.jenkinsUrlProtocol` property
 Add additional metadata `artifacthub.io/images` for artifacthub
 
 ## 3.2.4
+
 Update Jenkins image and appVersion to jenkins lts release version 2.277.1
 Update Git plugin version to v4.6.0
 Update kubernetes plugin version to v1.29.2
@@ -1477,8 +1594,8 @@ Update Jenkins image and appVersion to jenkins lts release version 2.263.2
 
 ## 3.1.0
 
-* Added `.Values.controller.podSecurityContextOverride` and `.Values.backup.podSecurityContextOverride`.
-* Added simple default values tests for `jenkins-backup-cronjob.yaml`.
+- Added `.Values.controller.podSecurityContextOverride` and `.Values.backup.podSecurityContextOverride`.
+- Added simple default values tests for `jenkins-backup-cronjob.yaml`.
 
 ## 3.0.14
 
@@ -1506,11 +1623,11 @@ Added support for backing up to Azure Blob Storage.
 
 ## 3.0.8
 
-* Typo in documentation
+- Typo in documentation
 
 ## 3.0.7
 
-* Add support for setting default agent workspaceVolume
+- Add support for setting default agent workspaceVolume
 
 ## 3.0.6
 
@@ -1518,47 +1635,47 @@ Use 2.263.1 image
 
 ## 3.0.5
 
-* Update appVersion to reflect new jenkins lts release version 2.263.1
+- Update appVersion to reflect new jenkins lts release version 2.263.1
 
 ## 3.0.4
 
-* Fix documentation for additional secret mounts
+- Fix documentation for additional secret mounts
 
 ## 3.0.3
 
-* Update `README.md` with explanation on how to mount additional secrets
+- Update `README.md` with explanation on how to mount additional secrets
 
 ## 3.0.2
 
-* Fix `.Values.controller.tolerations` and `.Values.controller.nodeSelector` variable names in templates\jenkins-backup-cronjob.yaml
+- Fix `.Values.controller.tolerations` and `.Values.controller.nodeSelector` variable names in templates\jenkins-backup-cronjob.yaml
 
 ## 3.0.1
 
-* added 'runAsNonroot' to security context
+- added 'runAsNonroot' to security context
 
 ## 3.0.0
 
-* Chart uses StatefulSet instead of Deployment
-* XML configuration was removed in favor of JCasC
-* chart migrated to helm 3.0.0 (apiVersion v2)
-* offending terms have been removed
-* values have been renamed and re-ordered to make it easier to use
-* already deprecated items have been removed
-* componentName for the controller is now `jenkins-controller`
-* componentName for the agent is now `jenkins-agent`
-* container names are now
-  * `init` for the init container which downloads Jenkins plugins
-  * `jenkins` for the Jenkins controller
-  * `config-reload` for the sidecar container which automatically reloads JCasC
-* Updated UI tests to use official `bats/bats` image instead of `dduportal/bats`
+- Chart uses StatefulSet instead of Deployment
+- XML configuration was removed in favor of JCasC
+- chart migrated to helm 3.0.0 (apiVersion v2)
+- offending terms have been removed
+- values have been renamed and re-ordered to make it easier to use
+- already deprecated items have been removed
+- componentName for the controller is now `jenkins-controller`
+- componentName for the agent is now `jenkins-agent`
+- container names are now
+  - `init` for the init container which downloads Jenkins plugins
+  - `jenkins` for the Jenkins controller
+  - `config-reload` for the sidecar container which automatically reloads JCasC
+- Updated UI tests to use official `bats/bats` image instead of `dduportal/bats`
 
 For migration instructions from previous versions and additional information check README.md.
 
 ## 2.19.0
 
-* Use lts version 2.249.3
-* Update kubernetes, workflow-aggregator, git and configuration-as-code plugins.
-* Fail apply_config.sh script if an error occurs.
+- Use lts version 2.249.3
+- Update kubernetes, workflow-aggregator, git and configuration-as-code plugins.
+- Fail apply_config.sh script if an error occurs.
 
 ## 2.18.2
 
@@ -1958,7 +2075,7 @@ Update docs for Helm 3
 Make `jenkins-home` attachable to Azure Disks without pvc
 
 ```yaml
- volumes:
+volumes:
   - name: jenkins-home
     azureDisk:
       kind: Managed
@@ -1987,6 +2104,7 @@ Scriptapprovals are overwritten when overwriteConfig is enabled
 Added documentation for `persistence.storageClass`.
 
 ## 1.9.9
+
 Make `master.deploymentAnnotation` configurable.
 
 ## 1.9.8
@@ -1996,7 +2114,7 @@ Make `agent.slaveConnectTimeout` configurable: by increasing this value Jenkins
 ## 1.9.7 Update plugin versions
 
 | plugin                | old version | new version |
-|-----------------------|-------------|-------------|
+| --------------------- | ----------- | ----------- |
 | kubernetes            | 1.18.2      | 1.21.2      |
 | workflow-job          | 2.33        | 2.36        |
 | credentials-binding   | 1.19        | 1.20        |
@@ -2016,7 +2134,7 @@ Enables jenkins to use keystore inorder to have native ssl support #17790 <https
 Google application credentials are kept in a file, which has to be mounted to a pod. You can set `gcpcredentials` in `existingSecret` as follows:
 
 ```yaml
- existingSecret:
+existingSecret:
   jenkins-service-account:
     gcpcredentials: application_default_credentials.json
 ```
@@ -2437,7 +2555,7 @@ commit: b02ae3f48
 ### Breaking changes
 
 - values have been renamed to follow helm chart best practices for naming conventions so
-  that all variables start with a lowercase letter and words are separated with camelcase
+  that all variables start with a lowercase letter and words are separated with camelCase
   <https://helm.sh/docs/chart_best_practices/#naming-conventions>
 - all resources are now using recommended standard labels
   <https://helm.sh/docs/chart_best_practices/#standard-labels>

charts/kubezero-ci/charts/jenkins/Chart.yaml

@@ -1,14 +1,14 @@
 annotations:
   artifacthub.io/category: integration-delivery
   artifacthub.io/changes: |
-    - Update `jenkins/jenkins` to version `2.492.2-jdk17`
+    - Update `docker.io/bats/bats` to version `1.12.0`
   artifacthub.io/images: |
     - name: jenkins
-      image: docker.io/jenkins/jenkins:2.492.2-jdk17
+      image: docker.io/jenkins/jenkins:2.504.1-jdk21
     - name: k8s-sidecar
-      image: docker.io/kiwigrid/k8s-sidecar:1.30.1
+      image: docker.io/kiwigrid/k8s-sidecar:1.30.3
     - name: inbound-agent
-      image: jenkins/inbound-agent:3283.v92c105e0f819-9
+      image: jenkins/inbound-agent:3309.v27b_9314fd1a_4-2
   artifacthub.io/license: Apache-2.0
   artifacthub.io/links: |
     - name: Chart Source
@@ -18,7 +18,7 @@ annotations:
     - name: support
       url: https://github.com/jenkinsci/helm-charts/issues
 apiVersion: v2
-appVersion: 2.492.2
+appVersion: 2.504.1
 description: 'Jenkins - Build great things at any scale! As the leading open source
   automation server, Jenkins provides over 2000 plugins to support building, deploying
   and automating any project. '
@@ -46,4 +46,4 @@ sources:
 - https://github.com/maorfr/kube-tasks
 - https://github.com/jenkinsci/configuration-as-code-plugin
 type: application
-version: 5.8.18
+version: 5.8.48

charts/kubezero-ci/charts/jenkins/README.md

@@ -295,27 +295,36 @@ This option requires installation of the [OWASP Markup Formatter Plugin (antisam
 This plugin is **not** installed by default but may be added to `controller.additionalPlugins`.
 
 ### Change max connections to Kubernetes API
+
 When using agents with containers other than JNLP, The kubernetes plugin will communicate with those containers using the Kubernetes API. this changes the maximum concurrent connections
+
 ```yaml
 agent:
   maxRequestsPerHostStr: "32"
 ```
+
 This will change the configuration of the kubernetes "cloud" (as called by jenkins) that is created automatically as part of this helm chart.
 
 ### Change container cleanup timeout API
+
 For tasks that use very large images, this timeout can be increased to avoid early termination of the task while the Kubernetes pod is still deploying.
+
 ```yaml
 agent:
   retentionTimeout: "32"
 ```
+
 This will change the configuration of the kubernetes "cloud" (as called by jenkins) that is created automatically as part of this helm chart.
 
 ### Change seconds to wait for pod to be running
+
 This will change how long Jenkins will wait (seconds) for pod to be in running state.
+
 ```yaml
 agent:
   waitForPodSec: "32"
 ```
+
 This will change the configuration of the kubernetes "cloud" (as called by jenkins) that is created automatically as part of this helm chart.
 
 ### Mounting Volumes into Agent Pods
@@ -380,7 +389,7 @@ See additional `persistence` values using [configuration commands](#configuratio
 2. Create the PersistentVolumeClaim
 3. [Install](#install-chart) the chart, setting `persistence.existingClaim` to `PVC_NAME`
 
-#### Long Volume Attach/Mount Times
+#### Long Volume Attach-/Mount Times
 
 Certain volume type and filesystem format combinations may experience long
 attach/mount times, [10 or more minutes][K8S_VOLUME_TIMEOUT], when using
@@ -424,6 +433,7 @@ A common use case might be identity provider credentials if using an external LD
 The secret may then be referenced in JCasC configuration (see [JCasC configuration](#configuration-as-code)).
 
 `values.yaml` controller section, referencing mounted secrets:
+
 ```yaml
 controller:
   # the 'name' and 'keyName' are concatenated with a '-' in between, so for example:
@@ -481,6 +491,7 @@ It's possible for this chart to generate `SecretClaim` resources in order to aut
 These `Secrets` can then be referenced in the same manner as Additional Secrets above.
 
 This can be achieved by defining required Secret Claims within `controller.secretClaims`, as follows:
+
 ```yaml
 controller:
   secretClaims:
@@ -662,13 +673,14 @@ and `https-jks-password` (or override the key name using `jenkinsHttpsJksPasswor
 controller:
   httpsKeyStore:
     enable: true
-       jenkinsHttpsJksSecretName: ''
+    jenkinsHttpsJksSecretName: ""
     httpPort: 8081
     path: "/var/jenkins_keystore"
     fileName: "keystore.jks"
     password: "changeit"
-       jenkinsKeyStoreBase64Encoded: ''
+    jenkinsKeyStoreBase64Encoded: ""
 ```
+
 ### AWS Security Group Policies
 
 To create SecurityGroupPolicies set `awsSecurityGroupPolicies.enabled` to true and add your policies. Each policy requires a `name`, array of `securityGroupIds` and a `podSelector`. Example:

charts/kubezero-ci/charts/jenkins/UPGRADING.md

@@ -1,6 +1,7 @@
 # Upgrade Notes
 
 ## To 5.0.0
+
 - `controller.image`, `controller.tag`, and `controller.tagLabel` have been removed. If you want to overwrite the image you now need to configure any or all of:
   - `controller.image.registry`
   - `controller.image.repository`
@@ -31,38 +32,40 @@
 - `backup.*` was unmaintained and has thus been removed. See the following page for alternatives: [Kubernetes Backup and Migrations](https://nubenetes.com/kubernetes-backup-migrations/).
 
 ## To 4.0.0
+
 Removes automatic `remotingSecurity` setting when using a container tag older than `2.326` (introduced in [`3.11.7`](./CHANGELOG.md#3117)). If you're using a version older than `2.326`, you should explicitly set `.controller.legacyRemotingSecurityEnabled` to `true`.
 
 ## To 3.0.0
 
-* Check `securityRealm` and `authorizationStrategy` and adjust it.
+- Check `securityRealm` and `authorizationStrategy` and adjust it.
   Otherwise, your configured users and permissions will be overridden.
-* You need to use helm version 3 as the `Chart.yaml` uses `apiVersion: v2`.
-* All XML configuration options have been removed.
+- You need to use helm version 3 as the `Chart.yaml` uses `apiVersion: v2`.
+- All XML configuration options have been removed.
   In case those are still in use you need to migrate to configuration as code.
   Upgrade guide to 2.0.0 contains pointers how to do that.
-* Jenkins is now using a `StatefulSet` instead of a `Deployment`
-* terminology has been adjusted that's also reflected in values.yaml
+- Jenkins is now using a `StatefulSet` instead of a `Deployment`
+- terminology has been adjusted that's also reflected in values.yaml
   The following values from `values.yaml` have been renamed:
 
-  * `master` => `controller`
-  * `master.useSecurity` => `controller.adminSecret`
-  * `master.slaveListenerPort` => `controller.agentListenerPort`
-  * `master.slaveHostPort` => `controller.agentListenerHostPort`
-  * `master.slaveKubernetesNamespace` => `agent.namespace`
-  * `master.slaveDefaultsProviderTemplate` => `agent.defaultsProviderTemplate`
-  * `master.slaveJenkinsUrl` => `agent.jenkinsUrl`
-  * `master.slaveJenkinsTunnel` => `agent.jenkinsTunnel`
-  * `master.slaveConnectTimeout` => `agent.kubernetesConnectTimeout`
-  * `master.slaveReadTimeout` => `agent.kubernetesReadTimeout`
-  * `master.slaveListenerServiceAnnotations` => `controller.agentListenerServiceAnnotations`
-  * `master.slaveListenerServiceType` => `controller.agentListenerServiceType`
-  * `master.slaveListenerLoadBalancerIP` => `controller.agentListenerLoadBalancerIP`
-  * `agent.slaveConnectTimeout` => `agent.connectTimeout`
-* Removed values:
+  - `master` => `controller`
+  - `master.useSecurity` => `controller.adminSecret`
+  - `master.slaveListenerPort` => `controller.agentListenerPort`
+  - `master.slaveHostPort` => `controller.agentListenerHostPort`
+  - `master.slaveKubernetesNamespace` => `agent.namespace`
+  - `master.slaveDefaultsProviderTemplate` => `agent.defaultsProviderTemplate`
+  - `master.slaveJenkinsUrl` => `agent.jenkinsUrl`
+  - `master.slaveJenkinsTunnel` => `agent.jenkinsTunnel`
+  - `master.slaveConnectTimeout` => `agent.kubernetesConnectTimeout`
+  - `master.slaveReadTimeout` => `agent.kubernetesReadTimeout`
+  - `master.slaveListenerServiceAnnotations` => `controller.agentListenerServiceAnnotations`
+  - `master.slaveListenerServiceType` => `controller.agentListenerServiceType`
+  - `master.slaveListenerLoadBalancerIP` => `controller.agentListenerLoadBalancerIP`
+  - `agent.slaveConnectTimeout` => `agent.connectTimeout`
 
-  * `master.imageTag`: use `controller.image` and `controller.tag` instead
-  * `slave.imageTag`: use `agent.image` and `agent.tag` instead
+- Removed values:
+
+  - `master.imageTag`: use `controller.image` and `controller.tag` instead
+  - `slave.imageTag`: use `agent.image` and `agent.tag` instead
 
 ## To 2.0.0
 
@@ -135,7 +138,7 @@ So think of the list below more as a general guideline of what should be done.
 
 Breaking changes:
 
-- Values have been renamed to follow [helm recommended naming conventions](https://helm.sh/docs/chart_best_practices/#naming-conventions) so that all variables start with a lowercase letter and words are separated with camelcase
+- Values have been renamed to follow [helm recommended naming conventions](https://helm.sh/docs/chart_best_practices/#naming-conventions) so that all variables start with a lowercase letter and words are separated with camelCase
 - All resources are now using [helm recommended standard labels](https://helm.sh/docs/chart_best_practices/#standard-labels)
 
 As a result of the label changes also the selectors of the deployment have been updated.

charts/kubezero-ci/charts/jenkins/VALUES.md

@@ -8,314 +8,315 @@ The following tables list the configurable parameters of the Jenkins chart and t
 
 | Key | Type | Description | Default |
 |:----|:-----|:---------|:------------|
-| [additionalAgents](./values.yaml#L1199) | object | Configure additional | `{}` |
-| [additionalClouds](./values.yaml#L1224) | object |  | `{}` |
-| [agent.TTYEnabled](./values.yaml#L1105) | bool | Allocate pseudo tty to the side container | `false` |
-| [agent.additionalContainers](./values.yaml#L1152) | list | Add additional containers to the agents | `[]` |
-| [agent.alwaysPullImage](./values.yaml#L998) | bool | Always pull agent container image before build | `false` |
-| [agent.annotations](./values.yaml#L1148) | object | Annotations to apply to the pod | `{}` |
-| [agent.args](./values.yaml#L1099) | string | Arguments passed to command to execute | `"${computer.jnlpmac} ${computer.name}"` |
-| [agent.command](./values.yaml#L1097) | string | Command to execute when side container starts | `nil` |
-| [agent.componentName](./values.yaml#L966) | string |  | `"jenkins-agent"` |
-| [agent.connectTimeout](./values.yaml#L1146) | int | Timeout in seconds for an agent to be online | `100` |
-| [agent.containerCap](./values.yaml#L1107) | int | Max number of agents to launch | `10` |
-| [agent.customJenkinsLabels](./values.yaml#L963) | list | Append Jenkins labels to the agent | `[]` |
-| [agent.defaultsProviderTemplate](./values.yaml#L917) | string | The name of the pod template to use for providing default values | `""` |
-| [agent.directConnection](./values.yaml#L969) | bool |  | `false` |
-| [agent.disableDefaultAgent](./values.yaml#L1170) | bool | Disable the default Jenkins Agent configuration | `false` |
-| [agent.enabled](./values.yaml#L915) | bool | Enable Kubernetes plugin jnlp-agent podTemplate | `true` |
-| [agent.envVars](./values.yaml#L1080) | list | Environment variables for the agent Pod | `[]` |
-| [agent.garbageCollection.enabled](./values.yaml#L1114) | bool | When enabled, Jenkins will periodically check for orphan pods that have not been touched for the given timeout period and delete them. | `false` |
-| [agent.garbageCollection.namespaces](./values.yaml#L1116) | string | Namespaces to look at for garbage collection, in addition to the default namespace defined for the cloud. One namespace per line. | `""` |
-| [agent.garbageCollection.timeout](./values.yaml#L1121) | int | Timeout value for orphaned pods | `300` |
-| [agent.hostNetworking](./values.yaml#L977) | bool | Enables the agent to use the host network | `false` |
-| [agent.idleMinutes](./values.yaml#L1124) | int | Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it | `0` |
-| [agent.image.repository](./values.yaml#L956) | string | Repository to pull the agent jnlp image from | `"jenkins/inbound-agent"` |
-| [agent.image.tag](./values.yaml#L958) | string | Tag of the image to pull | `"3283.v92c105e0f819-9"` |
-| [agent.imagePullSecretName](./values.yaml#L965) | string | Name of the secret to be used to pull the image | `nil` |
-| [agent.inheritYamlMergeStrategy](./values.yaml#L1144) | bool | Controls whether the defined yaml merge strategy will be inherited if another defined pod template is configured to inherit from the current one | `false` |
-| [agent.jenkinsTunnel](./values.yaml#L933) | string | Overrides the Kubernetes Jenkins tunnel | `nil` |
-| [agent.jenkinsUrl](./values.yaml#L929) | string | Overrides the Kubernetes Jenkins URL | `nil` |
-| [agent.jnlpregistry](./values.yaml#L953) | string | Custom registry used to pull the agent jnlp image from | `nil` |
-| [agent.kubernetesConnectTimeout](./values.yaml#L939) | int | The connection timeout in seconds for connections to Kubernetes API. The minimum value is 5 | `5` |
-| [agent.kubernetesReadTimeout](./values.yaml#L941) | int | The read timeout in seconds for connections to Kubernetes API. The minimum value is 15 | `15` |
-| [agent.livenessProbe](./values.yaml#L988) | object |  | `{}` |
-| [agent.maxRequestsPerHostStr](./values.yaml#L943) | string | The maximum concurrent connections to Kubernetes API | `"32"` |
-| [agent.namespace](./values.yaml#L949) | string | Namespace in which the Kubernetes agents should be launched | `nil` |
-| [agent.nodeSelector](./values.yaml#L1091) | object | Node labels for pod assignment | `{}` |
-| [agent.nodeUsageMode](./values.yaml#L961) | string |  | `"NORMAL"` |
-| [agent.podLabels](./values.yaml#L951) | object | Custom Pod labels (an object with `label-key: label-value` pairs) | `{}` |
-| [agent.podName](./values.yaml#L1109) | string | Agent Pod base name | `"default"` |
-| [agent.podRetention](./values.yaml#L1007) | string |  | `"Never"` |
-| [agent.podTemplates](./values.yaml#L1180) | object | Configures extra pod templates for the default kubernetes cloud | `{}` |
-| [agent.privileged](./values.yaml#L971) | bool | Agent privileged container | `false` |
-| [agent.resources](./values.yaml#L979) | object | Resources allocation (Requests and Limits) | `{"limits":{"cpu":"512m","memory":"512Mi"},"requests":{"cpu":"512m","memory":"512Mi"}}` |
-| [agent.restrictedPssSecurityContext](./values.yaml#L1004) | bool | Set a restricted securityContext on jnlp containers | `false` |
-| [agent.retentionTimeout](./values.yaml#L945) | int | Time in minutes after which the Kubernetes cloud plugin will clean up an idle worker that has not already terminated | `5` |
-| [agent.runAsGroup](./values.yaml#L975) | string | Configure container group | `nil` |
-| [agent.runAsUser](./values.yaml#L973) | string | Configure container user | `nil` |
-| [agent.secretEnvVars](./values.yaml#L1084) | list | Mount a secret as environment variable | `[]` |
-| [agent.serviceAccount](./values.yaml#L925) | string | Override the default service account | `serviceAccountAgent.name` if `agent.useDefaultServiceAccount` is `true` |
-| [agent.showRawYaml](./values.yaml#L1011) | bool |  | `true` |
-| [agent.sideContainerName](./values.yaml#L1101) | string | Side container name | `"jnlp"` |
-| [agent.skipTlsVerify](./values.yaml#L935) | bool | Disables the verification of the controller certificate on remote connection. This flag correspond to the "Disable https certificate check" flag in kubernetes plugin UI | `false` |
-| [agent.usageRestricted](./values.yaml#L937) | bool | Enable the possibility to restrict the usage of this agent to specific folder. This flag correspond to the "Restrict pipeline support to authorized folders" flag in kubernetes plugin UI | `false` |
-| [agent.useDefaultServiceAccount](./values.yaml#L921) | bool | Use `serviceAccountAgent.name` as the default value for defaults template `serviceAccount` | `true` |
-| [agent.volumes](./values.yaml#L1018) | list | Additional volumes | `[]` |
-| [agent.waitForPodSec](./values.yaml#L947) | int | Seconds to wait for pod to be running | `600` |
-| [agent.websocket](./values.yaml#L968) | bool | Enables agent communication via websockets | `false` |
-| [agent.workingDir](./values.yaml#L960) | string | Configure working directory for default agent | `"/home/jenkins/agent"` |
-| [agent.workspaceVolume](./values.yaml#L1053) | object | Workspace volume (defaults to EmptyDir) | `{}` |
-| [agent.yamlMergeStrategy](./values.yaml#L1142) | string | Defines how the raw yaml field gets merged with yaml definitions from inherited pod templates. Possible values: "merge" or "override" | `"override"` |
-| [agent.yamlTemplate](./values.yaml#L1131) | string | The raw yaml of a Pod API Object to merge into the agent spec | `""` |
-| [awsSecurityGroupPolicies.enabled](./values.yaml#L1356) | bool |  | `false` |
-| [awsSecurityGroupPolicies.policies[0].name](./values.yaml#L1358) | string |  | `""` |
-| [awsSecurityGroupPolicies.policies[0].podSelector](./values.yaml#L1360) | object |  | `{}` |
-| [awsSecurityGroupPolicies.policies[0].securityGroupIds](./values.yaml#L1359) | list |  | `[]` |
-| [checkDeprecation](./values.yaml#L1353) | bool | Checks if any deprecated values are used | `true` |
+| [additionalAgents](./values.yaml#L1202) | object | Configure additional | `{}` |
+| [additionalClouds](./values.yaml#L1227) | object |  | `{}` |
+| [agent.TTYEnabled](./values.yaml#L1107) | bool | Allocate pseudo tty to the side container | `false` |
+| [agent.additionalContainers](./values.yaml#L1155) | list | Add additional containers to the agents | `[]` |
+| [agent.alwaysPullImage](./values.yaml#L1000) | bool | Always pull agent container image before build | `false` |
+| [agent.annotations](./values.yaml#L1151) | object | Annotations to apply to the pod | `{}` |
+| [agent.args](./values.yaml#L1101) | string | Arguments passed to command to execute | `"${computer.jnlpmac} ${computer.name}"` |
+| [agent.command](./values.yaml#L1099) | string | Command to execute when side container starts | `nil` |
+| [agent.componentName](./values.yaml#L968) | string |  | `"jenkins-agent"` |
+| [agent.connectTimeout](./values.yaml#L1149) | int | Timeout in seconds for an agent to be online | `100` |
+| [agent.containerCap](./values.yaml#L1109) | int | Max number of agents to launch for a whole cluster. | `10` |
+| [agent.customJenkinsLabels](./values.yaml#L965) | list | Append Jenkins labels to the agent | `[]` |
+| [agent.defaultsProviderTemplate](./values.yaml#L919) | string | The name of the pod template to use for providing default values | `""` |
+| [agent.directConnection](./values.yaml#L971) | bool |  | `false` |
+| [agent.disableDefaultAgent](./values.yaml#L1173) | bool | Disable the default Jenkins Agent configuration | `false` |
+| [agent.enabled](./values.yaml#L917) | bool | Enable Kubernetes plugin jnlp-agent podTemplate | `true` |
+| [agent.envVars](./values.yaml#L1082) | list | Environment variables for the agent Pod | `[]` |
+| [agent.garbageCollection.enabled](./values.yaml#L1118) | bool | When enabled, Jenkins will periodically check for orphan pods that have not been touched for the given timeout period and delete them. | `false` |
+| [agent.garbageCollection.namespaces](./values.yaml#L1120) | string | Namespaces to look at for garbage collection, in addition to the default namespace defined for the cloud. One namespace per line. | `""` |
+| [agent.garbageCollection.timeout](./values.yaml#L1125) | int | Timeout value for orphaned pods | `300` |
+| [agent.hostNetworking](./values.yaml#L979) | bool | Enables the agent to use the host network | `false` |
+| [agent.idleMinutes](./values.yaml#L1128) | int | Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it | `0` |
+| [agent.image.repository](./values.yaml#L958) | string | Repository to pull the agent jnlp image from | `"jenkins/inbound-agent"` |
+| [agent.image.tag](./values.yaml#L960) | string | Tag of the image to pull | `"3309.v27b_9314fd1a_4-2"` |
+| [agent.imagePullSecretName](./values.yaml#L967) | string | Name of the secret to be used to pull the image | `nil` |
+| [agent.inheritYamlMergeStrategy](./values.yaml#L1147) | bool | Controls whether the defined yaml merge strategy will be inherited if another defined pod template is configured to inherit from the current one | `false` |
+| [agent.instanceCap](./values.yaml#L1111) | int | Max number of agents to launch for this type of agent | `2147483647` |
+| [agent.jenkinsTunnel](./values.yaml#L935) | string | Overrides the Kubernetes Jenkins tunnel | `nil` |
+| [agent.jenkinsUrl](./values.yaml#L931) | string | Overrides the Kubernetes Jenkins URL | `nil` |
+| [agent.jnlpregistry](./values.yaml#L955) | string | Custom registry used to pull the agent jnlp image from | `nil` |
+| [agent.kubernetesConnectTimeout](./values.yaml#L941) | int | The connection timeout in seconds for connections to Kubernetes API. The minimum value is 5 | `5` |
+| [agent.kubernetesReadTimeout](./values.yaml#L943) | int | The read timeout in seconds for connections to Kubernetes API. The minimum value is 15 | `15` |
+| [agent.livenessProbe](./values.yaml#L990) | object |  | `{}` |
+| [agent.maxRequestsPerHostStr](./values.yaml#L945) | string | The maximum concurrent connections to Kubernetes API | `"32"` |
+| [agent.namespace](./values.yaml#L951) | string | Namespace in which the Kubernetes agents should be launched | `nil` |
+| [agent.nodeSelector](./values.yaml#L1093) | object | Node labels for pod assignment | `{}` |
+| [agent.nodeUsageMode](./values.yaml#L963) | string |  | `"NORMAL"` |
+| [agent.podLabels](./values.yaml#L953) | object | Custom Pod labels (an object with `label-key: label-value` pairs) | `{}` |
+| [agent.podName](./values.yaml#L1113) | string | Agent Pod base name | `"default"` |
+| [agent.podRetention](./values.yaml#L1009) | string |  | `"Never"` |
+| [agent.podTemplates](./values.yaml#L1183) | object | Configures extra pod templates for the default kubernetes cloud | `{}` |
+| [agent.privileged](./values.yaml#L973) | bool | Agent privileged container | `false` |
+| [agent.resources](./values.yaml#L981) | object | Resources allocation (Requests and Limits) | `{"limits":{"cpu":"512m","memory":"512Mi"},"requests":{"cpu":"512m","memory":"512Mi"}}` |
+| [agent.restrictedPssSecurityContext](./values.yaml#L1006) | bool | Set a restricted securityContext on jnlp containers | `false` |
+| [agent.retentionTimeout](./values.yaml#L947) | int | Time in minutes after which the Kubernetes cloud plugin will clean up an idle worker that has not already terminated | `5` |
+| [agent.runAsGroup](./values.yaml#L977) | string | Configure container group | `nil` |
+| [agent.runAsUser](./values.yaml#L975) | string | Configure container user | `nil` |
+| [agent.secretEnvVars](./values.yaml#L1086) | list | Mount a secret as environment variable | `[]` |
+| [agent.serviceAccount](./values.yaml#L927) | string | Override the default service account | `serviceAccountAgent.name` if `agent.useDefaultServiceAccount` is `true` |
+| [agent.showRawYaml](./values.yaml#L1013) | bool |  | `true` |
+| [agent.sideContainerName](./values.yaml#L1103) | string | Side container name | `"jnlp"` |
+| [agent.skipTlsVerify](./values.yaml#L937) | bool | Disables the verification of the controller certificate on remote connection. This flag correspond to the "Disable https certificate check" flag in kubernetes plugin UI | `false` |
+| [agent.usageRestricted](./values.yaml#L939) | bool | Enable the possibility to restrict the usage of this agent to specific folder. This flag correspond to the "Restrict pipeline support to authorized folders" flag in kubernetes plugin UI | `false` |
+| [agent.useDefaultServiceAccount](./values.yaml#L923) | bool | Use `serviceAccountAgent.name` as the default value for defaults template `serviceAccount` | `true` |
+| [agent.volumes](./values.yaml#L1020) | list | Additional volumes | `[]` |
+| [agent.waitForPodSec](./values.yaml#L949) | int | Seconds to wait for pod to be running | `600` |
+| [agent.websocket](./values.yaml#L970) | bool | Enables agent communication via websockets | `false` |
+| [agent.workingDir](./values.yaml#L962) | string | Configure working directory for default agent | `"/home/jenkins/agent"` |
+| [agent.workspaceVolume](./values.yaml#L1055) | object | Workspace volume (defaults to EmptyDir) | `{}` |
+| [agent.yamlMergeStrategy](./values.yaml#L1145) | string | Defines how the raw yaml field gets merged with yaml definitions from inherited pod templates. Possible values: "merge" or "override" | `"override"` |
+| [agent.yamlTemplate](./values.yaml#L1134) | string | The raw yaml of a Pod API Object to merge into the agent spec | `""` |
+| [awsSecurityGroupPolicies.enabled](./values.yaml#L1360) | bool |  | `false` |
+| [awsSecurityGroupPolicies.policies[0].name](./values.yaml#L1362) | string |  | `""` |
+| [awsSecurityGroupPolicies.policies[0].podSelector](./values.yaml#L1364) | object |  | `{}` |
+| [awsSecurityGroupPolicies.policies[0].securityGroupIds](./values.yaml#L1363) | list |  | `[]` |
+| [checkDeprecation](./values.yaml#L1357) | bool | Checks if any deprecated values are used | `true` |
 | [clusterZone](./values.yaml#L21) | string | Override the cluster name for FQDN resolving | `"cluster.local"` |
-| [controller.JCasC.authorizationStrategy](./values.yaml#L543) | string | Jenkins Config as Code Authorization Strategy-section | `"loggedInUsersCanDoAnything:\n  allowAnonymousRead: false"` |
-| [controller.JCasC.configMapAnnotations](./values.yaml#L548) | object | Annotations for the JCasC ConfigMap | `{}` |
-| [controller.JCasC.configScripts](./values.yaml#L517) | object | List of Jenkins Config as Code scripts | `{}` |
-| [controller.JCasC.configUrls](./values.yaml#L514) | list | Remote URLs for configuration files. | `[]` |
-| [controller.JCasC.defaultConfig](./values.yaml#L508) | bool | Enables default Jenkins configuration via configuration as code plugin | `true` |
-| [controller.JCasC.overwriteConfiguration](./values.yaml#L512) | bool | Whether Jenkins Config as Code should overwrite any existing configuration | `false` |
-| [controller.JCasC.security](./values.yaml#L524) | object | Jenkins Config as Code security-section | `{"apiToken":{"creationOfLegacyTokenEnabled":false,"tokenGenerationOnCreationEnabled":false,"usageStatisticsEnabled":true}}` |
-| [controller.JCasC.securityRealm](./values.yaml#L532) | string | Jenkins Config as Code Security Realm-section | `"local:\n  allowsSignup: false\n  enableCaptcha: false\n  users:\n  - id: \"${chart-admin-username}\"\n    name: \"Jenkins Admin\"\n    password: \"${chart-admin-password}\""` |
-| [controller.additionalExistingSecrets](./values.yaml#L469) | list | List of additional existing secrets to mount | `[]` |
-| [controller.additionalPlugins](./values.yaml#L419) | list | List of plugins to install in addition to those listed in controller.installPlugins | `[]` |
-| [controller.additionalSecrets](./values.yaml#L478) | list | List of additional secrets to create and mount | `[]` |
-| [controller.admin.createSecret](./values.yaml#L91) | bool | Create secret for admin user | `true` |
-| [controller.admin.existingSecret](./values.yaml#L94) | string | The name of an existing secret containing the admin credentials | `""` |
-| [controller.admin.password](./values.yaml#L81) | string | Admin password created as a secret if `controller.admin.createSecret` is true | `<random password>` |
-| [controller.admin.passwordKey](./values.yaml#L86) | string | The key in the existing admin secret containing the password | `"jenkins-admin-password"` |
-| [controller.admin.userKey](./values.yaml#L84) | string | The key in the existing admin secret containing the username | `"jenkins-admin-user"` |
-| [controller.admin.username](./values.yaml#L78) | string | Admin username created as a secret if `controller.admin.createSecret` is true | `"admin"` |
-| [controller.affinity](./values.yaml#L670) | object | Affinity settings | `{}` |
-| [controller.agentListenerEnabled](./values.yaml#L328) | bool | Create Agent listener service | `true` |
-| [controller.agentListenerExternalTrafficPolicy](./values.yaml#L338) | string | Traffic Policy of for the agentListener service | `nil` |
-| [controller.agentListenerHostPort](./values.yaml#L332) | string | Host port to listen for agents | `nil` |
-| [controller.agentListenerLoadBalancerIP](./values.yaml#L368) | string | Static IP for the agentListener LoadBalancer | `nil` |
-| [controller.agentListenerLoadBalancerSourceRanges](./values.yaml#L340) | list | Allowed inbound IP for the agentListener service | `["0.0.0.0/0"]` |
-| [controller.agentListenerNodePort](./values.yaml#L334) | string | Node port to listen for agents | `nil` |
-| [controller.agentListenerPort](./values.yaml#L330) | int | Listening port for agents | `50000` |
-| [controller.agentListenerServiceAnnotations](./values.yaml#L363) | object | Annotations for the agentListener service | `{}` |
-| [controller.agentListenerServiceType](./values.yaml#L360) | string | Defines how to expose the agentListener service | `"ClusterIP"` |
-| [controller.backendconfig.annotations](./values.yaml#L773) | object | backendconfig annotations | `{}` |
-| [controller.backendconfig.apiVersion](./values.yaml#L767) | string | backendconfig API version | `"extensions/v1beta1"` |
-| [controller.backendconfig.enabled](./values.yaml#L765) | bool | Enables backendconfig | `false` |
-| [controller.backendconfig.labels](./values.yaml#L771) | object | backendconfig labels | `{}` |
-| [controller.backendconfig.name](./values.yaml#L769) | string | backendconfig name | `nil` |
-| [controller.backendconfig.spec](./values.yaml#L775) | object | backendconfig spec | `{}` |
-| [controller.cloudName](./values.yaml#L497) | string | Name of default cloud configuration. | `"kubernetes"` |
-| [controller.clusterIp](./values.yaml#L223) | string | k8s service clusterIP. Only used if serviceType is ClusterIP | `nil` |
+| [controller.JCasC.authorizationStrategy](./values.yaml#L542) | string | Jenkins Config as Code Authorization Strategy-section | `"loggedInUsersCanDoAnything:\n  allowAnonymousRead: false"` |
+| [controller.JCasC.configMapAnnotations](./values.yaml#L547) | object | Annotations for the JCasC ConfigMap | `{}` |
+| [controller.JCasC.configScripts](./values.yaml#L516) | object | List of Jenkins Config as Code scripts | `{}` |
+| [controller.JCasC.configUrls](./values.yaml#L513) | list | Remote URLs for configuration files. | `[]` |
+| [controller.JCasC.defaultConfig](./values.yaml#L507) | bool | Enables default Jenkins configuration via configuration as code plugin | `true` |
+| [controller.JCasC.overwriteConfiguration](./values.yaml#L511) | bool | Whether Jenkins Config as Code should overwrite any existing configuration | `false` |
+| [controller.JCasC.security](./values.yaml#L523) | object | Jenkins Config as Code security-section | `{"apiToken":{"creationOfLegacyTokenEnabled":false,"tokenGenerationOnCreationEnabled":false,"usageStatisticsEnabled":true}}` |
+| [controller.JCasC.securityRealm](./values.yaml#L531) | string | Jenkins Config as Code Security Realm-section | `"local:\n  allowsSignup: false\n  enableCaptcha: false\n  users:\n  - id: \"${chart-admin-username}\"\n    name: \"Jenkins Admin\"\n    password: \"${chart-admin-password}\""` |
+| [controller.additionalExistingSecrets](./values.yaml#L468) | list | List of additional existing secrets to mount | `[]` |
+| [controller.additionalPlugins](./values.yaml#L418) | list | List of plugins to install in addition to those listed in controller.installPlugins | `[]` |
+| [controller.additionalSecrets](./values.yaml#L477) | list | List of additional secrets to create and mount | `[]` |
+| [controller.admin.createSecret](./values.yaml#L90) | bool | Create secret for admin user | `true` |
+| [controller.admin.existingSecret](./values.yaml#L93) | string | The name of an existing secret containing the admin credentials | `""` |
+| [controller.admin.password](./values.yaml#L80) | string | Admin password created as a secret if `controller.admin.createSecret` is true | `<random password>` |
+| [controller.admin.passwordKey](./values.yaml#L85) | string | The key in the existing admin secret containing the password | `"jenkins-admin-password"` |
+| [controller.admin.userKey](./values.yaml#L83) | string | The key in the existing admin secret containing the username | `"jenkins-admin-user"` |
+| [controller.admin.username](./values.yaml#L77) | string | Admin username created as a secret if `controller.admin.createSecret` is true | `"admin"` |
+| [controller.affinity](./values.yaml#L671) | object | Affinity settings | `{}` |
+| [controller.agentListenerEnabled](./values.yaml#L327) | bool | Create Agent listener service | `true` |
+| [controller.agentListenerExternalTrafficPolicy](./values.yaml#L337) | string | Traffic Policy of for the agentListener service | `nil` |
+| [controller.agentListenerHostPort](./values.yaml#L331) | string | Host port to listen for agents | `nil` |
+| [controller.agentListenerLoadBalancerIP](./values.yaml#L367) | string | Static IP for the agentListener LoadBalancer | `nil` |
+| [controller.agentListenerLoadBalancerSourceRanges](./values.yaml#L339) | list | Allowed inbound IP for the agentListener service | `["0.0.0.0/0"]` |
+| [controller.agentListenerNodePort](./values.yaml#L333) | string | Node port to listen for agents | `nil` |
+| [controller.agentListenerPort](./values.yaml#L329) | int | Listening port for agents | `50000` |
+| [controller.agentListenerServiceAnnotations](./values.yaml#L362) | object | Annotations for the agentListener service | `{}` |
+| [controller.agentListenerServiceType](./values.yaml#L359) | string | Defines how to expose the agentListener service | `"ClusterIP"` |
+| [controller.backendconfig.annotations](./values.yaml#L775) | object | backendconfig annotations | `{}` |
+| [controller.backendconfig.apiVersion](./values.yaml#L769) | string | backendconfig API version | `"extensions/v1beta1"` |
+| [controller.backendconfig.enabled](./values.yaml#L767) | bool | Enables backendconfig | `false` |
+| [controller.backendconfig.labels](./values.yaml#L773) | object | backendconfig labels | `{}` |
+| [controller.backendconfig.name](./values.yaml#L771) | string | backendconfig name | `nil` |
+| [controller.backendconfig.spec](./values.yaml#L777) | object | backendconfig spec | `{}` |
+| [controller.cloudName](./values.yaml#L496) | string | Name of default cloud configuration. | `"kubernetes"` |
+| [controller.clusterIp](./values.yaml#L222) | string | k8s service clusterIP. Only used if serviceType is ClusterIP | `nil` |
 | [controller.componentName](./values.yaml#L34) | string | Used for label app.kubernetes.io/component | `"jenkins-controller"` |
-| [controller.containerEnv](./values.yaml#L156) | list | Environment variables for Jenkins Container | `[]` |
-| [controller.containerEnvFrom](./values.yaml#L153) | list | Environment variable sources for Jenkins Container | `[]` |
-| [controller.containerSecurityContext](./values.yaml#L211) | object | Allow controlling the securityContext for the jenkins container | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":1000}` |
-| [controller.csrf.defaultCrumbIssuer.enabled](./values.yaml#L349) | bool | Enable the default CSRF Crumb issuer | `true` |
-| [controller.csrf.defaultCrumbIssuer.proxyCompatability](./values.yaml#L351) | bool | Enable proxy compatibility | `true` |
-| [controller.customInitContainers](./values.yaml#L551) | list | Custom init-container specification in raw-yaml format | `[]` |
+| [controller.containerEnv](./values.yaml#L155) | list | Environment variables for Jenkins Container | `[]` |
+| [controller.containerEnvFrom](./values.yaml#L152) | list | Environment variable sources for Jenkins Container | `[]` |
+| [controller.containerSecurityContext](./values.yaml#L210) | object | Allow controlling the securityContext for the jenkins container | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":1000}` |
+| [controller.csrf.defaultCrumbIssuer.enabled](./values.yaml#L348) | bool | Enable the default CSRF Crumb issuer | `true` |
+| [controller.csrf.defaultCrumbIssuer.proxyCompatability](./values.yaml#L350) | bool | Enable proxy compatibility | `true` |
+| [controller.customInitContainers](./values.yaml#L550) | list | Custom init-container specification in raw-yaml format | `[]` |
 | [controller.customJenkinsLabels](./values.yaml#L68) | list | Append Jenkins labels to the controller | `[]` |
 | [controller.disableRememberMe](./values.yaml#L59) | bool | Disable use of remember me | `false` |
-| [controller.disabledAgentProtocols](./values.yaml#L343) | list | Disabled agent protocols | `["JNLP-connect","JNLP2-connect"]` |
-| [controller.enableRawHtmlMarkupFormatter](./values.yaml#L439) | bool | Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter) | `false` |
-| [controller.enableServiceLinks](./values.yaml#L130) | bool |  | `false` |
+| [controller.disabledAgentProtocols](./values.yaml#L342) | list | Disabled agent protocols | `["JNLP-connect","JNLP2-connect"]` |
+| [controller.enableRawHtmlMarkupFormatter](./values.yaml#L438) | bool | Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter) | `false` |
+| [controller.enableServiceLinks](./values.yaml#L129) | bool |  | `false` |
 | [controller.executorMode](./values.yaml#L65) | string | Sets the executor mode of the Jenkins node. Possible values are "NORMAL" or "EXCLUSIVE" | `"NORMAL"` |
-| [controller.existingSecret](./values.yaml#L466) | string |  | `nil` |
-| [controller.extraPorts](./values.yaml#L398) | list | Optionally configure other ports to expose in the controller container | `[]` |
-| [controller.fsGroup](./values.yaml#L192) | int | Deprecated in favor of `controller.podSecurityContextOverride`. uid that will be used for persistent volume. | `1000` |
-| [controller.googlePodMonitor.enabled](./values.yaml#L836) | bool |  | `false` |
-| [controller.googlePodMonitor.scrapeEndpoint](./values.yaml#L841) | string |  | `"/prometheus"` |
-| [controller.googlePodMonitor.scrapeInterval](./values.yaml#L839) | string |  | `"60s"` |
-| [controller.healthProbes](./values.yaml#L258) | bool | Enable Kubernetes Probes configuration configured in `controller.probes` | `true` |
-| [controller.hostAliases](./values.yaml#L789) | list | Allows for adding entries to Pod /etc/hosts | `[]` |
+| [controller.existingSecret](./values.yaml#L465) | string |  | `nil` |
+| [controller.extraPorts](./values.yaml#L397) | list | Optionally configure other ports to expose in the controller container | `[]` |
+| [controller.fsGroup](./values.yaml#L191) | int | Deprecated in favor of `controller.podSecurityContextOverride`. uid that will be used for persistent volume. | `1000` |
+| [controller.googlePodMonitor.enabled](./values.yaml#L838) | bool |  | `false` |
+| [controller.googlePodMonitor.scrapeEndpoint](./values.yaml#L843) | string |  | `"/prometheus"` |
+| [controller.googlePodMonitor.scrapeInterval](./values.yaml#L841) | string |  | `"60s"` |
+| [controller.healthProbes](./values.yaml#L257) | bool | Enable Kubernetes Probes configuration configured in `controller.probes` | `true` |
+| [controller.hostAliases](./values.yaml#L791) | list | Allows for adding entries to Pod /etc/hosts | `[]` |
 | [controller.hostNetworking](./values.yaml#L70) | bool |  | `false` |
-| [controller.httpsKeyStore.disableSecretMount](./values.yaml#L857) | bool |  | `false` |
-| [controller.httpsKeyStore.enable](./values.yaml#L848) | bool | Enables HTTPS keystore on jenkins controller | `false` |
-| [controller.httpsKeyStore.fileName](./values.yaml#L865) | string | Jenkins keystore filename which will appear under controller.httpsKeyStore.path | `"keystore.jks"` |
-| [controller.httpsKeyStore.httpPort](./values.yaml#L861) | int | HTTP Port that Jenkins should listen to along with HTTPS, it also serves as the liveness and readiness probes port. | `8081` |
-| [controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey](./values.yaml#L856) | string | Name of the key in the secret that contains the JKS password | `"https-jks-password"` |
-| [controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName](./values.yaml#L854) | string | Name of the secret that contains the JKS password, if it is not in the same secret as the JKS file | `""` |
-| [controller.httpsKeyStore.jenkinsHttpsJksSecretKey](./values.yaml#L852) | string | Name of the key in the secret that already has ssl keystore | `"jenkins-jks-file"` |
-| [controller.httpsKeyStore.jenkinsHttpsJksSecretName](./values.yaml#L850) | string | Name of the secret that already has ssl keystore | `""` |
-| [controller.httpsKeyStore.jenkinsKeyStoreBase64Encoded](./values.yaml#L870) | string | Base64 encoded Keystore content. Keystore must be converted to base64 then being pasted here | `nil` |
-| [controller.httpsKeyStore.password](./values.yaml#L867) | string | Jenkins keystore password | `"password"` |
-| [controller.httpsKeyStore.path](./values.yaml#L863) | string | Path of HTTPS keystore file | `"/var/jenkins_keystore"` |
+| [controller.httpsKeyStore.disableSecretMount](./values.yaml#L859) | bool |  | `false` |
+| [controller.httpsKeyStore.enable](./values.yaml#L850) | bool | Enables HTTPS keystore on jenkins controller | `false` |
+| [controller.httpsKeyStore.fileName](./values.yaml#L867) | string | Jenkins keystore filename which will appear under controller.httpsKeyStore.path | `"keystore.jks"` |
+| [controller.httpsKeyStore.httpPort](./values.yaml#L863) | int | HTTP Port that Jenkins should listen to along with HTTPS, it also serves as the liveness and readiness probes port. | `8081` |
+| [controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey](./values.yaml#L858) | string | Name of the key in the secret that contains the JKS password | `"https-jks-password"` |
+| [controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName](./values.yaml#L856) | string | Name of the secret that contains the JKS password, if it is not in the same secret as the JKS file | `""` |
+| [controller.httpsKeyStore.jenkinsHttpsJksSecretKey](./values.yaml#L854) | string | Name of the key in the secret that already has ssl keystore | `"jenkins-jks-file"` |
+| [controller.httpsKeyStore.jenkinsHttpsJksSecretName](./values.yaml#L852) | string | Name of the secret that already has ssl keystore | `""` |
+| [controller.httpsKeyStore.jenkinsKeyStoreBase64Encoded](./values.yaml#L872) | string | Base64 encoded Keystore content. Keystore must be converted to base64 then being pasted here | `nil` |
+| [controller.httpsKeyStore.password](./values.yaml#L869) | string | Jenkins keystore password | `"password"` |
+| [controller.httpsKeyStore.path](./values.yaml#L865) | string | Path of HTTPS keystore file | `"/var/jenkins_keystore"` |
 | [controller.image.pullPolicy](./values.yaml#L47) | string | Controller image pull policy | `"Always"` |
 | [controller.image.registry](./values.yaml#L37) | string | Controller image registry | `"docker.io"` |
 | [controller.image.repository](./values.yaml#L39) | string | Controller image repository | `"jenkins/jenkins"` |
-| [controller.image.tag](./values.yaml#L42) | string | Controller image tag override; i.e., tag: "2.440.1-jdk17" | `nil` |
-| [controller.image.tagLabel](./values.yaml#L45) | string | Controller image tag label | `"jdk17"` |
+| [controller.image.tag](./values.yaml#L42) | string | Controller image tag override; i.e., tag: "2.440.1-jdk21" | `nil` |
+| [controller.image.tagLabel](./values.yaml#L45) | string | Controller image tag label | `"jdk21"` |
 | [controller.imagePullSecretName](./values.yaml#L49) | string | Controller image pull secret | `nil` |
-| [controller.ingress.annotations](./values.yaml#L712) | object | Ingress annotations | `{}` |
-| [controller.ingress.apiVersion](./values.yaml#L708) | string | Ingress API version | `"extensions/v1beta1"` |
-| [controller.ingress.enabled](./values.yaml#L691) | bool | Enables ingress | `false` |
-| [controller.ingress.hostName](./values.yaml#L725) | string | Ingress hostname | `nil` |
-| [controller.ingress.labels](./values.yaml#L710) | object | Ingress labels | `{}` |
-| [controller.ingress.path](./values.yaml#L721) | string | Ingress path | `nil` |
-| [controller.ingress.paths](./values.yaml#L695) | list | Override for the default Ingress paths | `[]` |
-| [controller.ingress.resourceRootUrl](./values.yaml#L727) | string | Hostname to serve assets from | `nil` |
-| [controller.ingress.tls](./values.yaml#L729) | list | Ingress TLS configuration | `[]` |
-| [controller.initConfigMap](./values.yaml#L456) | string | Name of the existing ConfigMap that contains init scripts | `nil` |
-| [controller.initContainerEnv](./values.yaml#L147) | list | Environment variables for Init Container | `[]` |
-| [controller.initContainerEnvFrom](./values.yaml#L143) | list | Environment variable sources for Init Container | `[]` |
-| [controller.initContainerResources](./values.yaml#L134) | object | Resources allocation (Requests and Limits) for Init Container | `{}` |
-| [controller.initScripts](./values.yaml#L452) | object | Map of groovy init scripts to be executed during Jenkins controller start | `{}` |
-| [controller.initializeOnce](./values.yaml#L424) | bool | Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true` | `false` |
-| [controller.installLatestPlugins](./values.yaml#L413) | bool | Download the minimum required version or latest version of all dependencies | `true` |
-| [controller.installLatestSpecifiedPlugins](./values.yaml#L416) | bool | Set to true to download the latest version of any plugin that is requested to have the latest version | `false` |
-| [controller.installPlugins](./values.yaml#L405) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4314.v5b_846cf499eb_","workflow-aggregator:600.vb_57cdd26fdd7","git:5.7.0","configuration-as-code:1932.v75cb_b_f1b_698d"]` |
-| [controller.javaOpts](./values.yaml#L162) | string | Append to `JAVA_OPTS` env var | `nil` |
-| [controller.jenkinsAdminEmail](./values.yaml#L96) | string | Email address for the administrator of the Jenkins instance | `nil` |
-| [controller.jenkinsHome](./values.yaml#L101) | string | Custom Jenkins home path | `"/var/jenkins_home"` |
-| [controller.jenkinsOpts](./values.yaml#L164) | string | Append to `JENKINS_OPTS` env var | `nil` |
-| [controller.jenkinsRef](./values.yaml#L106) | string | Custom Jenkins reference path | `"/usr/share/jenkins/ref"` |
-| [controller.jenkinsUriPrefix](./values.yaml#L179) | string | Root URI Jenkins will be served on | `nil` |
-| [controller.jenkinsUrl](./values.yaml#L174) | string | Set Jenkins URL if you are not using the ingress definitions provided by the chart | `nil` |
-| [controller.jenkinsUrlProtocol](./values.yaml#L171) | string | Set protocol for Jenkins URL; `https` if `controller.ingress.tls`, `http` otherwise | `nil` |
-| [controller.jenkinsWar](./values.yaml#L109) | string |  | `"/usr/share/jenkins/jenkins.war"` |
-| [controller.jmxPort](./values.yaml#L395) | string | Open a port, for JMX stats | `nil` |
-| [controller.legacyRemotingSecurityEnabled](./values.yaml#L371) | bool | Whether legacy remoting security should be enabled | `false` |
+| [controller.ingress.annotations](./values.yaml#L713) | object | Ingress annotations | `{}` |
+| [controller.ingress.apiVersion](./values.yaml#L709) | string | Ingress API version | `"extensions/v1beta1"` |
+| [controller.ingress.enabled](./values.yaml#L692) | bool | Enables ingress | `false` |
+| [controller.ingress.hostName](./values.yaml#L727) | string | Ingress hostname | `nil` |
+| [controller.ingress.labels](./values.yaml#L711) | object | Ingress labels | `{}` |
+| [controller.ingress.path](./values.yaml#L723) | string | Ingress path | `nil` |
+| [controller.ingress.paths](./values.yaml#L696) | list | Override for the default Ingress paths | `[]` |
+| [controller.ingress.resourceRootUrl](./values.yaml#L729) | string | Hostname to serve assets from | `nil` |
+| [controller.ingress.tls](./values.yaml#L731) | list | Ingress TLS configuration | `[]` |
+| [controller.initConfigMap](./values.yaml#L455) | string | Name of the existing ConfigMap that contains init scripts | `nil` |
+| [controller.initContainerEnv](./values.yaml#L146) | list | Environment variables for Init Container | `[]` |
+| [controller.initContainerEnvFrom](./values.yaml#L142) | list | Environment variable sources for Init Container | `[]` |
+| [controller.initContainerResources](./values.yaml#L133) | object | Resources allocation (Requests and Limits) for Init Container | `{}` |
+| [controller.initScripts](./values.yaml#L451) | object | Map of groovy init scripts to be executed during Jenkins controller start | `{}` |
+| [controller.initializeOnce](./values.yaml#L423) | bool | Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true` | `false` |
+| [controller.installLatestPlugins](./values.yaml#L412) | bool | Download the minimum required version or latest version of all dependencies | `true` |
+| [controller.installLatestSpecifiedPlugins](./values.yaml#L415) | bool | Set to true to download the latest version of any plugin that is requested to have the latest version | `false` |
+| [controller.installPlugins](./values.yaml#L404) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4340.v345364d31a_2a_","workflow-aggregator:608.v67378e9d3db_1","git:5.7.0","configuration-as-code:1967.va_968e15fd05b_"]` |
+| [controller.javaOpts](./values.yaml#L161) | string | Append to `JAVA_OPTS` env var | `nil` |
+| [controller.jenkinsAdminEmail](./values.yaml#L95) | string | Email address for the administrator of the Jenkins instance | `nil` |
+| [controller.jenkinsHome](./values.yaml#L100) | string | Custom Jenkins home path | `"/var/jenkins_home"` |
+| [controller.jenkinsOpts](./values.yaml#L163) | string | Append to `JENKINS_OPTS` env var | `nil` |
+| [controller.jenkinsRef](./values.yaml#L105) | string | Custom Jenkins reference path | `"/usr/share/jenkins/ref"` |
+| [controller.jenkinsUriPrefix](./values.yaml#L178) | string | Root URI Jenkins will be served on | `nil` |
+| [controller.jenkinsUrl](./values.yaml#L173) | string | Set Jenkins URL if you are not using the ingress definitions provided by the chart | `nil` |
+| [controller.jenkinsUrlProtocol](./values.yaml#L170) | string | Set protocol for Jenkins URL; `https` if `controller.ingress.tls`, `http` otherwise | `nil` |
+| [controller.jenkinsWar](./values.yaml#L108) | string |  | `"/usr/share/jenkins/jenkins.war"` |
+| [controller.jmxPort](./values.yaml#L394) | string | Open a port, for JMX stats | `nil` |
+| [controller.legacyRemotingSecurityEnabled](./values.yaml#L370) | bool | Whether legacy remoting security should be enabled | `false` |
 | [controller.lifecycle](./values.yaml#L51) | object | Lifecycle specification for controller-container | `{}` |
-| [controller.loadBalancerIP](./values.yaml#L386) | string | Optionally assign a known public LB IP | `nil` |
-| [controller.loadBalancerSourceRanges](./values.yaml#L382) | list | Allowed inbound IP addresses | `["0.0.0.0/0"]` |
-| [controller.markupFormatter](./values.yaml#L443) | string | Yaml of the markup formatter to use | `"plainText"` |
-| [controller.nodePort](./values.yaml#L229) | string | k8s node port. Only used if serviceType is NodePort | `nil` |
-| [controller.nodeSelector](./values.yaml#L657) | object | Node labels for pod assignment | `{}` |
+| [controller.loadBalancerIP](./values.yaml#L385) | string | Optionally assign a known public LB IP | `nil` |
+| [controller.loadBalancerSourceRanges](./values.yaml#L381) | list | Allowed inbound IP addresses | `["0.0.0.0/0"]` |
+| [controller.markupFormatter](./values.yaml#L442) | string | Yaml of the markup formatter to use | `"plainText"` |
+| [controller.nodePort](./values.yaml#L228) | string | k8s node port. Only used if serviceType is NodePort | `nil` |
+| [controller.nodeSelector](./values.yaml#L658) | object | Node labels for pod assignment | `{}` |
 | [controller.numExecutors](./values.yaml#L62) | int | Set Number of executors | `0` |
-| [controller.overwritePlugins](./values.yaml#L428) | bool | Overwrite installed plugins on start | `false` |
-| [controller.overwritePluginsFromImage](./values.yaml#L432) | bool | Overwrite plugins that are already installed in the controller image | `true` |
-| [controller.podAnnotations](./values.yaml#L678) | object | Annotations for controller pod | `{}` |
-| [controller.podDisruptionBudget.annotations](./values.yaml#L322) | object |  | `{}` |
-| [controller.podDisruptionBudget.apiVersion](./values.yaml#L320) | string | Policy API version | `"policy/v1beta1"` |
-| [controller.podDisruptionBudget.enabled](./values.yaml#L315) | bool | Enable Kubernetes Pod Disruption Budget configuration | `false` |
-| [controller.podDisruptionBudget.labels](./values.yaml#L323) | object |  | `{}` |
-| [controller.podDisruptionBudget.maxUnavailable](./values.yaml#L325) | string | Number of pods that can be unavailable. Either an absolute number or a percentage | `"0"` |
-| [controller.podLabels](./values.yaml#L251) | object | Custom Pod labels (an object with `label-key: label-value` pairs) | `{}` |
-| [controller.podSecurityContextOverride](./values.yaml#L208) | string | Completely overwrites the contents of the pod security context, ignoring the values provided for `runAsUser`, `fsGroup`, and `securityContextCapabilities` | `nil` |
-| [controller.priorityClassName](./values.yaml#L675) | string | The name of a `priorityClass` to apply to the controller pod | `nil` |
-| [controller.probes.livenessProbe.failureThreshold](./values.yaml#L276) | int | Set the failure threshold for the liveness probe | `5` |
-| [controller.probes.livenessProbe.httpGet.path](./values.yaml#L279) | string | Set the Pod's HTTP path for the liveness probe | `"{{ default \"\" .Values.controller.jenkinsUriPrefix }}/login"` |
-| [controller.probes.livenessProbe.httpGet.port](./values.yaml#L281) | string | Set the Pod's HTTP port to use for the liveness probe | `"http"` |
-| [controller.probes.livenessProbe.initialDelaySeconds](./values.yaml#L290) | string | Set the initial delay for the liveness probe in seconds | `nil` |
-| [controller.probes.livenessProbe.periodSeconds](./values.yaml#L283) | int | Set the time interval between two liveness probes executions in seconds | `10` |
-| [controller.probes.livenessProbe.timeoutSeconds](./values.yaml#L285) | int | Set the timeout for the liveness probe in seconds | `5` |
-| [controller.probes.readinessProbe.failureThreshold](./values.yaml#L294) | int | Set the failure threshold for the readiness probe | `3` |
-| [controller.probes.readinessProbe.httpGet.path](./values.yaml#L297) | string | Set the Pod's HTTP path for the liveness probe | `"{{ default \"\" .Values.controller.jenkinsUriPrefix }}/login"` |
-| [controller.probes.readinessProbe.httpGet.port](./values.yaml#L299) | string | Set the Pod's HTTP port to use for the readiness probe | `"http"` |
-| [controller.probes.readinessProbe.initialDelaySeconds](./values.yaml#L308) | string | Set the initial delay for the readiness probe in seconds | `nil` |
-| [controller.probes.readinessProbe.periodSeconds](./values.yaml#L301) | int | Set the time interval between two readiness probes executions in seconds | `10` |
-| [controller.probes.readinessProbe.timeoutSeconds](./values.yaml#L303) | int | Set the timeout for the readiness probe in seconds | `5` |
-| [controller.probes.startupProbe.failureThreshold](./values.yaml#L263) | int | Set the failure threshold for the startup probe | `12` |
-| [controller.probes.startupProbe.httpGet.path](./values.yaml#L266) | string | Set the Pod's HTTP path for the startup probe | `"{{ default \"\" .Values.controller.jenkinsUriPrefix }}/login"` |
-| [controller.probes.startupProbe.httpGet.port](./values.yaml#L268) | string | Set the Pod's HTTP port to use for the startup probe | `"http"` |
-| [controller.probes.startupProbe.periodSeconds](./values.yaml#L270) | int | Set the time interval between two startup probes executions in seconds | `10` |
-| [controller.probes.startupProbe.timeoutSeconds](./values.yaml#L272) | int | Set the timeout for the startup probe in seconds | `5` |
-| [controller.projectNamingStrategy](./values.yaml#L435) | string |  | `"standard"` |
-| [controller.prometheus.alertingRulesAdditionalLabels](./values.yaml#L822) | object | Additional labels to add to the PrometheusRule object | `{}` |
-| [controller.prometheus.alertingrules](./values.yaml#L820) | list | Array of prometheus alerting rules | `[]` |
-| [controller.prometheus.enabled](./values.yaml#L805) | bool | Enables prometheus service monitor | `false` |
-| [controller.prometheus.metricRelabelings](./values.yaml#L832) | list |  | `[]` |
-| [controller.prometheus.prometheusRuleNamespace](./values.yaml#L824) | string | Set a custom namespace where to deploy PrometheusRule resource | `""` |
-| [controller.prometheus.relabelings](./values.yaml#L830) | list |  | `[]` |
-| [controller.prometheus.scrapeEndpoint](./values.yaml#L815) | string | The endpoint prometheus should get metrics from | `"/prometheus"` |
-| [controller.prometheus.scrapeInterval](./values.yaml#L811) | string | How often prometheus should scrape metrics | `"60s"` |
-| [controller.prometheus.serviceMonitorAdditionalLabels](./values.yaml#L807) | object | Additional labels to add to the service monitor object | `{}` |
-| [controller.prometheus.serviceMonitorNamespace](./values.yaml#L809) | string | Set a custom namespace where to deploy ServiceMonitor resource | `nil` |
-| [controller.publishNotReadyAddresses](./values.yaml#L237) | string |  | `nil` |
-| [controller.resources](./values.yaml#L115) | object | Resource allocation (Requests and Limits) | `{"limits":{"cpu":"2000m","memory":"4096Mi"},"requests":{"cpu":"50m","memory":"256Mi"}}` |
-| [controller.route.annotations](./values.yaml#L784) | object | Route annotations | `{}` |
-| [controller.route.enabled](./values.yaml#L780) | bool | Enables openshift route | `false` |
-| [controller.route.labels](./values.yaml#L782) | object | Route labels | `{}` |
-| [controller.route.path](./values.yaml#L786) | string | Route path | `nil` |
-| [controller.runAsUser](./values.yaml#L189) | int | Deprecated in favor of `controller.podSecurityContextOverride`. uid that jenkins runs with. | `1000` |
-| [controller.schedulerName](./values.yaml#L653) | string | Name of the Kubernetes scheduler to use | `""` |
-| [controller.scriptApproval](./values.yaml#L447) | list | List of groovy functions to approve | `[]` |
-| [controller.secondaryingress.annotations](./values.yaml#L747) | object |  | `{}` |
-| [controller.secondaryingress.apiVersion](./values.yaml#L745) | string |  | `"extensions/v1beta1"` |
-| [controller.secondaryingress.enabled](./values.yaml#L739) | bool |  | `false` |
-| [controller.secondaryingress.hostName](./values.yaml#L754) | string |  | `nil` |
-| [controller.secondaryingress.labels](./values.yaml#L746) | object |  | `{}` |
-| [controller.secondaryingress.paths](./values.yaml#L742) | list |  | `[]` |
-| [controller.secondaryingress.tls](./values.yaml#L755) | string |  | `nil` |
-| [controller.secretClaims](./values.yaml#L490) | list | List of `SecretClaim` resources to create | `[]` |
-| [controller.securityContextCapabilities](./values.yaml#L198) | object |  | `{}` |
-| [controller.serviceAnnotations](./values.yaml#L240) | object | Jenkins controller service annotations | `{}` |
-| [controller.serviceExternalTrafficPolicy](./values.yaml#L233) | string |  | `nil` |
-| [controller.serviceLabels](./values.yaml#L246) | object | Labels for the Jenkins controller-service | `{}` |
-| [controller.servicePort](./values.yaml#L225) | int | k8s service port | `8080` |
-| [controller.serviceType](./values.yaml#L220) | string | k8s service type | `"ClusterIP"` |
-| [controller.shareProcessNamespace](./values.yaml#L124) | bool |  | `false` |
-| [controller.sidecars.additionalSidecarContainers](./values.yaml#L635) | list | Configures additional sidecar container(s) for the Jenkins controller | `[]` |
+| [controller.overwritePlugins](./values.yaml#L427) | bool | Overwrite installed plugins on start | `false` |
+| [controller.overwritePluginsFromImage](./values.yaml#L431) | bool | Overwrite plugins that are already installed in the controller image | `true` |
+| [controller.podAnnotations](./values.yaml#L679) | object | Annotations for controller pod | `{}` |
+| [controller.podDisruptionBudget.annotations](./values.yaml#L321) | object |  | `{}` |
+| [controller.podDisruptionBudget.apiVersion](./values.yaml#L319) | string | Policy API version | `"policy/v1beta1"` |
+| [controller.podDisruptionBudget.enabled](./values.yaml#L314) | bool | Enable Kubernetes Pod Disruption Budget configuration | `false` |
+| [controller.podDisruptionBudget.labels](./values.yaml#L322) | object |  | `{}` |
+| [controller.podDisruptionBudget.maxUnavailable](./values.yaml#L324) | string | Number of pods that can be unavailable. Either an absolute number or a percentage | `"0"` |
+| [controller.podLabels](./values.yaml#L250) | object | Custom Pod labels (an object with `label-key: label-value` pairs) | `{}` |
+| [controller.podSecurityContextOverride](./values.yaml#L207) | string | Completely overwrites the contents of the pod security context, ignoring the values provided for `runAsUser`, `fsGroup`, and `securityContextCapabilities` | `nil` |
+| [controller.priorityClassName](./values.yaml#L676) | string | The name of a `priorityClass` to apply to the controller pod | `nil` |
+| [controller.probes.livenessProbe.failureThreshold](./values.yaml#L275) | int | Set the failure threshold for the liveness probe | `5` |
+| [controller.probes.livenessProbe.httpGet.path](./values.yaml#L278) | string | Set the Pod's HTTP path for the liveness probe | `"{{ default \"\" .Values.controller.jenkinsUriPrefix }}/login"` |
+| [controller.probes.livenessProbe.httpGet.port](./values.yaml#L280) | string | Set the Pod's HTTP port to use for the liveness probe | `"http"` |
+| [controller.probes.livenessProbe.initialDelaySeconds](./values.yaml#L289) | string | Set the initial delay for the liveness probe in seconds | `nil` |
+| [controller.probes.livenessProbe.periodSeconds](./values.yaml#L282) | int | Set the time interval between two liveness probes executions in seconds | `10` |
+| [controller.probes.livenessProbe.timeoutSeconds](./values.yaml#L284) | int | Set the timeout for the liveness probe in seconds | `5` |
+| [controller.probes.readinessProbe.failureThreshold](./values.yaml#L293) | int | Set the failure threshold for the readiness probe | `3` |
+| [controller.probes.readinessProbe.httpGet.path](./values.yaml#L296) | string | Set the Pod's HTTP path for the liveness probe | `"{{ default \"\" .Values.controller.jenkinsUriPrefix }}/login"` |
+| [controller.probes.readinessProbe.httpGet.port](./values.yaml#L298) | string | Set the Pod's HTTP port to use for the readiness probe | `"http"` |
+| [controller.probes.readinessProbe.initialDelaySeconds](./values.yaml#L307) | string | Set the initial delay for the readiness probe in seconds | `nil` |
+| [controller.probes.readinessProbe.periodSeconds](./values.yaml#L300) | int | Set the time interval between two readiness probes executions in seconds | `10` |
+| [controller.probes.readinessProbe.timeoutSeconds](./values.yaml#L302) | int | Set the timeout for the readiness probe in seconds | `5` |
+| [controller.probes.startupProbe.failureThreshold](./values.yaml#L262) | int | Set the failure threshold for the startup probe | `12` |
+| [controller.probes.startupProbe.httpGet.path](./values.yaml#L265) | string | Set the Pod's HTTP path for the startup probe | `"{{ default \"\" .Values.controller.jenkinsUriPrefix }}/login"` |
+| [controller.probes.startupProbe.httpGet.port](./values.yaml#L267) | string | Set the Pod's HTTP port to use for the startup probe | `"http"` |
+| [controller.probes.startupProbe.periodSeconds](./values.yaml#L269) | int | Set the time interval between two startup probes executions in seconds | `10` |
+| [controller.probes.startupProbe.timeoutSeconds](./values.yaml#L271) | int | Set the timeout for the startup probe in seconds | `5` |
+| [controller.projectNamingStrategy](./values.yaml#L434) | string |  | `"standard"` |
+| [controller.prometheus.alertingRulesAdditionalLabels](./values.yaml#L824) | object | Additional labels to add to the PrometheusRule object | `{}` |
+| [controller.prometheus.alertingrules](./values.yaml#L822) | list | Array of prometheus alerting rules | `[]` |
+| [controller.prometheus.enabled](./values.yaml#L807) | bool | Enables prometheus service monitor | `false` |
+| [controller.prometheus.metricRelabelings](./values.yaml#L834) | list |  | `[]` |
+| [controller.prometheus.prometheusRuleNamespace](./values.yaml#L826) | string | Set a custom namespace where to deploy PrometheusRule resource | `""` |
+| [controller.prometheus.relabelings](./values.yaml#L832) | list |  | `[]` |
+| [controller.prometheus.scrapeEndpoint](./values.yaml#L817) | string | The endpoint prometheus should get metrics from | `"/prometheus"` |
+| [controller.prometheus.scrapeInterval](./values.yaml#L813) | string | How often prometheus should scrape metrics | `"60s"` |
+| [controller.prometheus.serviceMonitorAdditionalLabels](./values.yaml#L809) | object | Additional labels to add to the service monitor object | `{}` |
+| [controller.prometheus.serviceMonitorNamespace](./values.yaml#L811) | string | Set a custom namespace where to deploy ServiceMonitor resource | `nil` |
+| [controller.publishNotReadyAddresses](./values.yaml#L236) | string |  | `nil` |
+| [controller.resources](./values.yaml#L114) | object | Resource allocation (Requests and Limits) | `{"limits":{"cpu":"2000m","memory":"4096Mi"},"requests":{"cpu":"50m","memory":"256Mi"}}` |
+| [controller.route.annotations](./values.yaml#L786) | object | Route annotations | `{}` |
+| [controller.route.enabled](./values.yaml#L782) | bool | Enables openshift route | `false` |
+| [controller.route.labels](./values.yaml#L784) | object | Route labels | `{}` |
+| [controller.route.path](./values.yaml#L788) | string | Route path | `nil` |
+| [controller.runAsUser](./values.yaml#L188) | int | Deprecated in favor of `controller.podSecurityContextOverride`. uid that jenkins runs with. | `1000` |
+| [controller.schedulerName](./values.yaml#L654) | string | Name of the Kubernetes scheduler to use | `""` |
+| [controller.scriptApproval](./values.yaml#L446) | list | List of groovy functions to approve | `[]` |
+| [controller.secondaryingress.annotations](./values.yaml#L749) | object |  | `{}` |
+| [controller.secondaryingress.apiVersion](./values.yaml#L747) | string |  | `"extensions/v1beta1"` |
+| [controller.secondaryingress.enabled](./values.yaml#L741) | bool |  | `false` |
+| [controller.secondaryingress.hostName](./values.yaml#L756) | string |  | `nil` |
+| [controller.secondaryingress.labels](./values.yaml#L748) | object |  | `{}` |
+| [controller.secondaryingress.paths](./values.yaml#L744) | list |  | `[]` |
+| [controller.secondaryingress.tls](./values.yaml#L757) | string |  | `nil` |
+| [controller.secretClaims](./values.yaml#L489) | list | List of `SecretClaim` resources to create | `[]` |
+| [controller.securityContextCapabilities](./values.yaml#L197) | object |  | `{}` |
+| [controller.serviceAnnotations](./values.yaml#L239) | object | Jenkins controller service annotations | `{}` |
+| [controller.serviceExternalTrafficPolicy](./values.yaml#L232) | string |  | `nil` |
+| [controller.serviceLabels](./values.yaml#L245) | object | Labels for the Jenkins controller-service | `{}` |
+| [controller.servicePort](./values.yaml#L224) | int | k8s service port | `8080` |
+| [controller.serviceType](./values.yaml#L219) | string | k8s service type | `"ClusterIP"` |
+| [controller.shareProcessNamespace](./values.yaml#L123) | bool |  | `false` |
+| [controller.sidecars.additionalSidecarContainers](./values.yaml#L636) | list | Configures additional sidecar container(s) for the Jenkins controller | `[]` |
 | [controller.sidecars.configAutoReload.additionalVolumeMounts](./values.yaml#L581) | list | Enables additional volume mounts for the config auto-reload container | `[]` |
-| [controller.sidecars.configAutoReload.containerSecurityContext](./values.yaml#L630) | object | Enable container security context | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true}` |
-| [controller.sidecars.configAutoReload.enabled](./values.yaml#L564) | bool | Enables Jenkins Config as Code auto-reload | `true` |
-| [controller.sidecars.configAutoReload.env](./values.yaml#L612) | object | Environment variables for the Jenkins Config as Code auto-reload container | `{}` |
-| [controller.sidecars.configAutoReload.envFrom](./values.yaml#L610) | list | Environment variable sources for the Jenkins Config as Code auto-reload container | `[]` |
-| [controller.sidecars.configAutoReload.folder](./values.yaml#L623) | string |  | `"/var/jenkins_home/casc_configs"` |
-| [controller.sidecars.configAutoReload.image.registry](./values.yaml#L567) | string | Registry for the image that triggers the reload | `"docker.io"` |
-| [controller.sidecars.configAutoReload.image.repository](./values.yaml#L569) | string | Repository of the image that triggers the reload | `"kiwigrid/k8s-sidecar"` |
-| [controller.sidecars.configAutoReload.image.tag](./values.yaml#L571) | string | Tag for the image that triggers the reload | `"1.30.1"` |
-| [controller.sidecars.configAutoReload.imagePullPolicy](./values.yaml#L572) | string |  | `"IfNotPresent"` |
-| [controller.sidecars.configAutoReload.logging](./values.yaml#L587) | object | Config auto-reload logging settings | `{"configuration":{"backupCount":3,"formatter":"JSON","logLevel":"INFO","logToConsole":true,"logToFile":false,"maxBytes":1024,"override":false}}` |
-| [controller.sidecars.configAutoReload.logging.configuration.override](./values.yaml#L591) | bool | Enables custom log config utilizing using the settings below. | `false` |
-| [controller.sidecars.configAutoReload.reqRetryConnect](./values.yaml#L605) | int | How many connection-related errors to retry on | `10` |
-| [controller.sidecars.configAutoReload.resources](./values.yaml#L573) | object |  | `{}` |
-| [controller.sidecars.configAutoReload.scheme](./values.yaml#L600) | string | The scheme to use when connecting to the Jenkins configuration as code endpoint | `"http"` |
-| [controller.sidecars.configAutoReload.skipTlsVerify](./values.yaml#L602) | bool | Skip TLS verification when connecting to the Jenkins configuration as code endpoint | `false` |
-| [controller.sidecars.configAutoReload.sleepTime](./values.yaml#L607) | string | How many seconds to wait before updating config-maps/secrets (sets METHOD=SLEEP on the sidecar) | `nil` |
-| [controller.sidecars.configAutoReload.sshTcpPort](./values.yaml#L621) | int |  | `1044` |
-| [controller.statefulSetAnnotations](./values.yaml#L680) | object | Annotations for controller StatefulSet | `{}` |
-| [controller.statefulSetLabels](./values.yaml#L242) | object | Jenkins controller custom labels for the StatefulSet | `{}` |
-| [controller.targetPort](./values.yaml#L227) | int | k8s target port | `8080` |
-| [controller.terminationGracePeriodSeconds](./values.yaml#L663) | string | Set TerminationGracePeriodSeconds | `nil` |
-| [controller.terminationMessagePath](./values.yaml#L665) | string | Set the termination message path | `nil` |
-| [controller.terminationMessagePolicy](./values.yaml#L667) | string | Set the termination message policy | `nil` |
-| [controller.testEnabled](./values.yaml#L844) | bool | Can be used to disable rendering controller test resources when using helm template | `true` |
-| [controller.tolerations](./values.yaml#L661) | list | Toleration labels for pod assignment | `[]` |
-| [controller.topologySpreadConstraints](./values.yaml#L687) | object | Topology spread constraints | `{}` |
-| [controller.updateStrategy](./values.yaml#L684) | object | Update strategy for StatefulSet | `{}` |
-| [controller.usePodSecurityContext](./values.yaml#L182) | bool | Enable pod security context (must be `true` if podSecurityContextOverride, runAsUser or fsGroup are set) | `true` |
+| [controller.sidecars.configAutoReload.containerSecurityContext](./values.yaml#L631) | object | Enable container security context | `{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true}` |
+| [controller.sidecars.configAutoReload.enabled](./values.yaml#L563) | bool | Enable Jenkins Config as Code auto-reload | `true` |
+| [controller.sidecars.configAutoReload.env](./values.yaml#L613) | list | Environment variables for the Jenkins Config as Code auto-reload container | `[]` |
+| [controller.sidecars.configAutoReload.envFrom](./values.yaml#L611) | list | Environment variable sources for the Jenkins Config as Code auto-reload container | `[]` |
+| [controller.sidecars.configAutoReload.folder](./values.yaml#L624) | string |  | `"/var/jenkins_home/casc_configs"` |
+| [controller.sidecars.configAutoReload.image.registry](./values.yaml#L566) | string | Registry for the image that triggers the reload | `"docker.io"` |
+| [controller.sidecars.configAutoReload.image.repository](./values.yaml#L568) | string | Repository of the image that triggers the reload | `"kiwigrid/k8s-sidecar"` |
+| [controller.sidecars.configAutoReload.image.tag](./values.yaml#L570) | string | Tag for the image that triggers the reload | `"1.30.3"` |
+| [controller.sidecars.configAutoReload.imagePullPolicy](./values.yaml#L571) | string |  | `"IfNotPresent"` |
+| [controller.sidecars.configAutoReload.logging](./values.yaml#L588) | object | Config auto-reload logging settings | `{"configuration":{"backupCount":3,"formatter":"JSON","logLevel":"INFO","logToConsole":true,"logToFile":false,"maxBytes":1024,"override":false}}` |
+| [controller.sidecars.configAutoReload.logging.configuration.override](./values.yaml#L592) | bool | Enables custom log config utilizing using the settings below. | `false` |
+| [controller.sidecars.configAutoReload.reqRetryConnect](./values.yaml#L606) | int | How many connection-related errors to retry on | `10` |
+| [controller.sidecars.configAutoReload.resources](./values.yaml#L572) | object |  | `{}` |
+| [controller.sidecars.configAutoReload.scheme](./values.yaml#L601) | string | The scheme to use when connecting to the Jenkins configuration as code endpoint | `"http"` |
+| [controller.sidecars.configAutoReload.skipTlsVerify](./values.yaml#L603) | bool | Skip TLS verification when connecting to the Jenkins configuration as code endpoint | `false` |
+| [controller.sidecars.configAutoReload.sleepTime](./values.yaml#L608) | string | How many seconds to wait before updating config-maps/secrets (sets METHOD=SLEEP on the sidecar) | `nil` |
+| [controller.sidecars.configAutoReload.sshTcpPort](./values.yaml#L622) | int |  | `1044` |
+| [controller.statefulSetAnnotations](./values.yaml#L681) | object | Annotations for controller StatefulSet | `{}` |
+| [controller.statefulSetLabels](./values.yaml#L241) | object | Jenkins controller custom labels for the StatefulSet | `{}` |
+| [controller.targetPort](./values.yaml#L226) | int | k8s target port | `8080` |
+| [controller.terminationGracePeriodSeconds](./values.yaml#L664) | string | Set TerminationGracePeriodSeconds | `nil` |
+| [controller.terminationMessagePath](./values.yaml#L666) | string | Set the termination message path | `nil` |
+| [controller.terminationMessagePolicy](./values.yaml#L668) | string | Set the termination message policy | `nil` |
+| [controller.testEnabled](./values.yaml#L846) | bool | Can be used to disable rendering controller test resources when using helm template | `true` |
+| [controller.tolerations](./values.yaml#L662) | list | Toleration labels for pod assignment | `[]` |
+| [controller.topologySpreadConstraints](./values.yaml#L688) | object | Topology spread constraints | `{}` |
+| [controller.updateStrategy](./values.yaml#L685) | object | Update strategy for StatefulSet | `{}` |
+| [controller.usePodSecurityContext](./values.yaml#L181) | bool | Enable pod security context (must be `true` if podSecurityContextOverride, runAsUser or fsGroup are set) | `true` |
 | [credentialsId](./values.yaml#L27) | string | The Jenkins credentials to access the Kubernetes API server. For the default cluster it is not needed. | `nil` |
 | [fullnameOverride](./values.yaml#L13) | string | Override the full resource names | `jenkins-(release-name)` or `jenkins` if the release-name is `jenkins` |
-| [helmtest.bats.image.registry](./values.yaml#L1369) | string | Registry of the image used to test the framework | `"docker.io"` |
-| [helmtest.bats.image.repository](./values.yaml#L1371) | string | Repository of the image used to test the framework | `"bats/bats"` |
-| [helmtest.bats.image.tag](./values.yaml#L1373) | string | Tag of the image to test the framework | `"1.11.1"` |
+| [helmtest.bats.image.registry](./values.yaml#L1373) | string | Registry of the image used to test the framework | `"docker.io"` |
+| [helmtest.bats.image.repository](./values.yaml#L1375) | string | Repository of the image used to test the framework | `"bats/bats"` |
+| [helmtest.bats.image.tag](./values.yaml#L1377) | string | Tag of the image to test the framework | `"1.12.0"` |
 | [kubernetesURL](./values.yaml#L24) | string | The URL of the Kubernetes API server | `"https://kubernetes.default"` |
 | [nameOverride](./values.yaml#L10) | string | Override the resource name prefix | `Chart.Name` |
 | [namespaceOverride](./values.yaml#L16) | string | Override the deployment namespace | `Release.Namespace` |
-| [networkPolicy.apiVersion](./values.yaml#L1293) | string | NetworkPolicy ApiVersion | `"networking.k8s.io/v1"` |
-| [networkPolicy.enabled](./values.yaml#L1288) | bool | Enable the creation of NetworkPolicy resources | `false` |
-| [networkPolicy.externalAgents.except](./values.yaml#L1307) | list | A list of IP sub-ranges to be excluded from the allowlisted IP range | `[]` |
-| [networkPolicy.externalAgents.ipCIDR](./values.yaml#L1305) | string | The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16 | `nil` |
-| [networkPolicy.internalAgents.allowed](./values.yaml#L1297) | bool | Allow internal agents (from the same cluster) to connect to controller. Agent pods will be filtered based on PodLabels | `true` |
-| [networkPolicy.internalAgents.namespaceLabels](./values.yaml#L1301) | object | A map of labels (keys/values) that agents namespaces must have to be able to connect to controller | `{}` |
-| [networkPolicy.internalAgents.podLabels](./values.yaml#L1299) | object | A map of labels (keys/values) that agent pods must have to be able to connect to controller | `{}` |
-| [persistence.accessMode](./values.yaml#L1263) | string | The PVC access mode | `"ReadWriteOnce"` |
-| [persistence.annotations](./values.yaml#L1259) | object | Annotations for the PVC | `{}` |
-| [persistence.dataSource](./values.yaml#L1269) | object | Existing data source to clone PVC from | `{}` |
-| [persistence.enabled](./values.yaml#L1243) | bool | Enable the use of a Jenkins PVC | `true` |
-| [persistence.existingClaim](./values.yaml#L1249) | string | Provide the name of a PVC | `nil` |
-| [persistence.labels](./values.yaml#L1261) | object | Labels for the PVC | `{}` |
-| [persistence.mounts](./values.yaml#L1281) | list | Additional mounts | `[]` |
-| [persistence.size](./values.yaml#L1265) | string | The size of the PVC | `"8Gi"` |
-| [persistence.storageClass](./values.yaml#L1257) | string | Storage class for the PVC | `nil` |
-| [persistence.subPath](./values.yaml#L1274) | string | SubPath for jenkins-home mount | `nil` |
-| [persistence.volumes](./values.yaml#L1276) | list | Additional volumes | `[]` |
-| [rbac.create](./values.yaml#L1313) | bool | Whether RBAC resources are created | `true` |
-| [rbac.readSecrets](./values.yaml#L1315) | bool | Whether the Jenkins service account should be able to read Kubernetes secrets | `false` |
-| [rbac.useOpenShiftNonRootSCC](./values.yaml#L1317) | bool | Whether the Jenkins service account should be able to use the OpenShift "nonroot" Security Context Constraints | `false` |
+| [networkPolicy.apiVersion](./values.yaml#L1296) | string | NetworkPolicy ApiVersion | `"networking.k8s.io/v1"` |
+| [networkPolicy.enabled](./values.yaml#L1291) | bool | Enable the creation of NetworkPolicy resources | `false` |
+| [networkPolicy.externalAgents.except](./values.yaml#L1311) | list | A list of IP sub-ranges to be excluded from the allowlisted IP range | `[]` |
+| [networkPolicy.externalAgents.ipCIDR](./values.yaml#L1309) | string | The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16 | `nil` |
+| [networkPolicy.internalAgents.allowed](./values.yaml#L1300) | bool | Allow internal agents (from the same cluster) to connect to controller. Agent pods will be filtered based on PodLabels | `true` |
+| [networkPolicy.internalAgents.namespaceLabels](./values.yaml#L1304) | object | A map of labels (keys/values) that agents namespaces must have to be able to connect to controller | `{}` |
+| [networkPolicy.internalAgents.podLabels](./values.yaml#L1302) | object | A map of labels (keys/values) that agent pods must have to be able to connect to controller | `{}` |
+| [persistence.accessMode](./values.yaml#L1266) | string | The PVC access mode | `"ReadWriteOnce"` |
+| [persistence.annotations](./values.yaml#L1262) | object | Annotations for the PVC | `{}` |
+| [persistence.dataSource](./values.yaml#L1272) | object | Existing data source to clone PVC from | `{}` |
+| [persistence.enabled](./values.yaml#L1246) | bool | Enable the use of a Jenkins PVC | `true` |
+| [persistence.existingClaim](./values.yaml#L1252) | string | Provide the name of a PVC | `nil` |
+| [persistence.labels](./values.yaml#L1264) | object | Labels for the PVC | `{}` |
+| [persistence.mounts](./values.yaml#L1284) | list | Additional mounts | `[]` |
+| [persistence.size](./values.yaml#L1268) | string | The size of the PVC | `"8Gi"` |
+| [persistence.storageClass](./values.yaml#L1260) | string | Storage class for the PVC | `nil` |
+| [persistence.subPath](./values.yaml#L1277) | string | SubPath for jenkins-home mount | `nil` |
+| [persistence.volumes](./values.yaml#L1279) | list | Additional volumes | `[]` |
+| [rbac.create](./values.yaml#L1318) | bool | Whether RBAC resources are created | `true` |
+| [rbac.readSecrets](./values.yaml#L1320) | bool | Whether the Jenkins service account should be able to read Kubernetes secrets | `false` |
+| [rbac.useOpenShiftNonRootSCC](./values.yaml#L1322) | bool | Whether the Jenkins service account should be able to use the OpenShift "nonroot" Security Context Constraints | `false` |
 | [renderHelmLabels](./values.yaml#L30) | bool | Enables rendering of the helm.sh/chart label to the annotations | `true` |
-| [serviceAccount.annotations](./values.yaml#L1327) | object | Configures annotations for the ServiceAccount | `{}` |
-| [serviceAccount.automountServiceAccountToken](./values.yaml#L1333) | bool | Auto-mount ServiceAccount token | `true` |
-| [serviceAccount.create](./values.yaml#L1321) | bool | Configures if a ServiceAccount with this name should be created | `true` |
-| [serviceAccount.extraLabels](./values.yaml#L1329) | object | Configures extra labels for the ServiceAccount | `{}` |
-| [serviceAccount.imagePullSecretName](./values.yaml#L1331) | string | Controller ServiceAccount image pull secret | `nil` |
-| [serviceAccount.name](./values.yaml#L1325) | string |  | `nil` |
-| [serviceAccountAgent.annotations](./values.yaml#L1344) | object | Configures annotations for the agent ServiceAccount | `{}` |
-| [serviceAccountAgent.automountServiceAccountToken](./values.yaml#L1350) | bool | Auto-mount ServiceAccount token | `true` |
-| [serviceAccountAgent.create](./values.yaml#L1338) | bool | Configures if an agent ServiceAccount should be created | `false` |
-| [serviceAccountAgent.extraLabels](./values.yaml#L1346) | object | Configures extra labels for the agent ServiceAccount | `{}` |
-| [serviceAccountAgent.imagePullSecretName](./values.yaml#L1348) | string | Agent ServiceAccount image pull secret | `nil` |
-| [serviceAccountAgent.name](./values.yaml#L1342) | string | The name of the agent ServiceAccount to be used by access-controlled resources | `nil` |
+| [serviceAccount.annotations](./values.yaml#L1332) | object | Configures annotations for the ServiceAccount | `{}` |
+| [serviceAccount.automountServiceAccountToken](./values.yaml#L1338) | bool | Auto-mount ServiceAccount token | `true` |
+| [serviceAccount.create](./values.yaml#L1326) | bool | Configures if a ServiceAccount with this name should be created | `true` |
+| [serviceAccount.extraLabels](./values.yaml#L1334) | object | Configures extra labels for the ServiceAccount | `{}` |
+| [serviceAccount.imagePullSecretName](./values.yaml#L1336) | string | Controller ServiceAccount image pull secret | `nil` |
+| [serviceAccount.name](./values.yaml#L1330) | string |  | `nil` |
+| [serviceAccountAgent.annotations](./values.yaml#L1348) | object | Configures annotations for the agent ServiceAccount | `{}` |
+| [serviceAccountAgent.automountServiceAccountToken](./values.yaml#L1354) | bool | Auto-mount ServiceAccount token | `true` |
+| [serviceAccountAgent.create](./values.yaml#L1342) | bool | Configures if an agent ServiceAccount should be created | `false` |
+| [serviceAccountAgent.extraLabels](./values.yaml#L1350) | object | Configures extra labels for the agent ServiceAccount | `{}` |
+| [serviceAccountAgent.imagePullSecretName](./values.yaml#L1352) | string | Agent ServiceAccount image pull secret | `nil` |
+| [serviceAccountAgent.name](./values.yaml#L1346) | string | The name of the agent ServiceAccount to be used by access-controlled resources | `nil` |

charts/kubezero-ci/charts/jenkins/templates/_helpers.tpl

@@ -234,6 +234,14 @@ jenkins:
       {{- with $newRoot}}
   - kubernetes:
       containerCapStr: "{{ .Values.agent.containerCap }}"
+      {{- if .Values.agent.garbageCollection.enabled }}
+      garbageCollection:
+        {{- if .Values.agent.garbageCollection.namespaces }}
+        namespaces: |-
+          {{- .Values.agent.garbageCollection.namespaces | nindent 10 }}
+        {{- end }}
+        timeout: "{{ .Values.agent.garbageCollection.timeout }}"
+      {{- end }}
       {{- if .Values.agent.jnlpregistry }}
       jnlpregistry: "{{ .Values.agent.jnlpregistry }}"
       {{- end }}
@@ -463,7 +471,7 @@ Returns kubernetes pod template configuration as code
   {{- end }}
 {{- end }}
   idleMinutes: {{ .Values.agent.idleMinutes }}
-  instanceCap: 2147483647
+  instanceCap: {{ int .Values.agent.instanceCap }}
   {{- if .Values.agent.hostNetworking }}
   hostNetwork: {{ .Values.agent.hostNetworking }}
   {{- end }}

charts/kubezero-ci/charts/jenkins/values.yaml

@@ -38,11 +38,11 @@ controller:
     # -- Controller image repository
     repository: "jenkins/jenkins"
 
-    # -- Controller image tag override; i.e., tag: "2.440.1-jdk17"
+    # -- Controller image tag override; i.e., tag: "2.440.1-jdk21"
     tag:
 
     # -- Controller image tag label
-    tagLabel: jdk17
+    tagLabel: jdk21
     # -- Controller image pull policy
     pullPolicy: "Always"
   # -- Controller image pull secret
@@ -73,7 +73,6 @@ controller:
   # If you disable the non-Jenkins identity store and instead use the Jenkins internal one,
   # you should revert controller.admin.username to your preferred admin user:
   admin:
-
     # -- Admin username created as a secret if `controller.admin.createSecret` is true
     username: "admin"
     # -- Admin password created as a secret if `controller.admin.createSecret` is true
@@ -403,10 +402,10 @@ controller:
   # Plugins will be installed during Jenkins controller start
   # -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false`
   installPlugins:
-    - kubernetes:4314.v5b_846cf499eb_
-    - workflow-aggregator:600.vb_57cdd26fdd7
+    - kubernetes:4340.v345364d31a_2a_
+    - workflow-aggregator:608.v67378e9d3db_1
     - git:5.7.0
-    - configuration-as-code:1932.v75cb_b_f1b_698d
+    - configuration-as-code:1967.va_968e15fd05b_
 
   # If set to false, Jenkins will download the minimum required version of all dependencies.
   # -- Download the minimum required version or latest version of all dependencies
@@ -560,7 +559,7 @@ controller:
       # If false or not-specified, JCasC changes will cause a reboot and will only be applied at the subsequent start-up.
       # Auto-reload uses the http://<jenkins_url>/reload-configuration-as-code endpoint to reapply config when changes to
       # the configScripts are detected.
-      # -- Enables Jenkins Config as Code auto-reload
+      # -- Enable Jenkins Config as Code auto-reload
       enabled: true
       image:
         # -- Registry for the image that triggers the reload
@@ -568,9 +567,10 @@ controller:
         # -- Repository of the image that triggers the reload
         repository: kiwigrid/k8s-sidecar
         # -- Tag for the image that triggers the reload
-        tag: 1.30.1
+        tag: 1.30.3
       imagePullPolicy: IfNotPresent
-      resources: {}
+      resources:
+        {}
         #   limits:
         #     cpu: 100m
         #     memory: 100Mi
@@ -578,7 +578,8 @@ controller:
         #     cpu: 50m
         #     memory: 50Mi
       # -- Enables additional volume mounts for the config auto-reload container
-      additionalVolumeMounts: []
+      additionalVolumeMounts:
+        []
         #   - name: auto-reload-config
         #     mountPath: /var/config/logger
         #   - name: auto-reload-logs
@@ -609,7 +610,7 @@ controller:
       # -- Environment variable sources for the Jenkins Config as Code auto-reload container
       envFrom: []
       # -- Environment variables for the Jenkins Config as Code auto-reload container
-      env: {}
+      env: []
       #   - name: REQ_TIMEOUT
       #     value: "30"
 
@@ -709,7 +710,8 @@ controller:
     # -- Ingress labels
     labels: {}
     # -- Ingress annotations
-    annotations: {}
+    annotations:
+      {}
       # kubernetes.io/ingress.class: nginx
       # kubernetes.io/tls-acme: "true"
     # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
@@ -955,7 +957,7 @@ agent:
     # -- Repository to pull the agent jnlp image from
     repository: "jenkins/inbound-agent"
     # -- Tag of the image to pull
-    tag: "3283.v92c105e0f819-9"
+    tag: "3309.v27b_9314fd1a_4-2"
   # -- Configure working directory for default agent
   workingDir: "/home/jenkins/agent"
   nodeUsageMode: "NORMAL"
@@ -986,12 +988,12 @@ agent:
       memory: "512Mi"
       # ephemeralStorage:
   livenessProbe: {}
-#    execArgs: "cat /tmp/healthy"
-#    failureThreshold: 3
-#    initialDelaySeconds: 0
-#    periodSeconds: 10
-#    successThreshold: 1
-#    timeoutSeconds: 1
+  #  execArgs: "cat /tmp/healthy"
+  #  failureThreshold: 3
+  #  initialDelaySeconds: 0
+  #  periodSeconds: 10
+  #  successThreshold: 1
+  #  timeoutSeconds: 1
 
   # You may want to change this to true while testing a new image
   # -- Always pull agent container image before build
@@ -1103,8 +1105,10 @@ agent:
   # Doesn't allocate pseudo TTY by default
   # -- Allocate pseudo tty to the side container
   TTYEnabled: false
-  # -- Max number of agents to launch
+  # -- Max number of agents to launch for a whole cluster.
   containerCap: 10
+  # -- Max number of agents to launch for this type of agent
+  instanceCap: 2147483647
   # -- Agent Pod base name
   podName: "default"
 
@@ -1123,7 +1127,6 @@ agent:
   # -- Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it
   idleMinutes: 0
 
-
   # The raw yaml of a Pod API Object, for example, this allows usage of toleration for agent pods.
   # https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates
   # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
@@ -1298,13 +1301,15 @@ networkPolicy:
     # -- A map of labels (keys/values) that agent pods must have to be able to connect to controller
     podLabels: {}
     # -- A map of labels (keys/values) that agents namespaces must have to be able to connect to controller
-    namespaceLabels: {}
+    namespaceLabels:
+      {}
       # project: myproject
   externalAgents:
     # -- The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16
     ipCIDR:
     # -- A list of IP sub-ranges to be excluded from the allowlisted IP range
-    except: []
+    except:
+      []
       # - 172.17.1.0/24
 
 ## Install Default RBAC roles and bindings
@@ -1332,7 +1337,6 @@ serviceAccount:
   # -- Auto-mount ServiceAccount token
   automountServiceAccountToken: true
 
-
 serviceAccountAgent:
   # -- Configures if an agent ServiceAccount should be created
   create: false
@@ -1370,4 +1374,4 @@ helmtest:
       # -- Repository of the image used to test the framework
       repository: "bats/bats"
       # -- Tag of the image to test the framework
-      tag: "1.11.1"
+      tag: "1.12.0"

charts/kubezero-ci/values.yaml

@@ -2,7 +2,7 @@ gitea:
   enabled: false
 
   image:
-    tag: 1.23.5
+    # tag: 1.23.5
     rootless: true
 
   repliaCount: 1
@@ -76,7 +76,9 @@ gitea:
       ssh.minimum_key_sizes:
         RSA: 2047
 
-  redis-cluster:
+  valkey:
+    enabled: false
+  valkey-cluster:
     enabled: false
   postgresql-ha:
     enabled: false
@@ -188,7 +190,7 @@ jenkins:
   agent:
     image:
       repository: public.ecr.aws/zero-downtime/jenkins-podman
-      tag: v0.7.0
+      tag: v0.7.1
     #alwaysPullImage: true
     podRetention: "Default"
     showRawYaml: false

charts/kubezero-istio-gateway/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio-gateway
 description: KubeZero Umbrella Chart for Istio gateways
 type: application
-version: 0.24.3
+version: 0.24.6
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -17,6 +17,6 @@ dependencies:
     version: 0.2.1
     repository: https://cdn.zero-downtime.net/charts/
   - name: gateway
-    version: 1.24.3
+    version: 1.24.6
     repository: https://istio-release.storage.googleapis.com/charts
 kubeVersion: ">= 1.30.0-0"

charts/kubezero-istio-gateway/README.md

@@ -1,6 +1,6 @@
 # kubezero-istio-gateway
 
-![Version: 0.24.3](https://img.shields.io/badge/Version-0.24.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.24.6](https://img.shields.io/badge/Version-0.24.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero Umbrella Chart for Istio gateways
 
@@ -21,7 +21,7 @@ Kubernetes: `>= 1.30.0-0`
 | Repository | Name | Version |
 |------------|------|---------|
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
-| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.3 |
+| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.6 |
 
 ## Values
 

charts/kubezero-istio-gateway/charts/gateway/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.24.3
+appVersion: 1.24.6
 description: Helm chart for deploying Istio gateways
 icon: https://istio.io/latest/favicons/android-192x192.png
 keywords:
@@ -9,4 +9,4 @@ name: gateway
 sources:
 - https://github.com/istio/istio
 type: application
-version: 1.24.3
+version: 1.24.6

charts/kubezero-istio-gateway/templates/envoyfilter-grpcweb.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.httpFilter.grpcWeb }}
+# Inserts the grpcWeb filter into the http_connection mangager chain before the CORS filter
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-grpcweb
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{ include "kubezero-lib.labels" . | nindent 4 }}
+spec:
+  workloadSelector:
+    labels:
+      {{- include "gatewaySelectorLabels" . | nindent 6 }}
+  configPatches:
+  - applyTo: HTTP_FILTER
+    match:
+      context: GATEWAY
+      listener:
+        filterChain:
+          filter:
+            name: envoy.filters.network.http_connection_manager
+            subFilter:
+              name: envoy.filters.http.cors
+    patch:
+      operation: INSERT_BEFORE
+      value:
+        name: envoy.filters.http.grpc_web
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
+{{- end }}

charts/kubezero-istio-gateway/templates/envoyfilter-listener.yaml

@@ -1,7 +1,7 @@
 apiVersion: networking.istio.io/v1alpha3
 kind: EnvoyFilter
 metadata:
-  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-proxy-protocol
+  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-listener
   namespace: {{ .Release.Namespace }}
   labels:
     {{ include "kubezero-lib.labels" . | nindent 4 }}
@@ -10,23 +10,19 @@ spec:
     labels:
       {{- include "gatewaySelectorLabels" . | nindent 6 }}
   configPatches:
-  - applyTo: LISTENER
+  - applyTo: LISTENER_FILTER
+    match:
+      context: GATEWAY
+      listener:
+        portNumber: 8443
+        listenerFilter: "envoy.filters.listener.tls_inspector"
     patch:
-      operation: MERGE
+      operation: REPLACE
       value:
-        listener_filters:
-        {{- if .Values.proxyProtocol }}
-        - name: envoy.filters.listener.proxy_protocol
-          typed_config:
-            "@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
-          filter_disabled:
-            destination_port_range:
-              start: 1025
-              end: 1026
-        {{- end }}
-        - name: envoy.filters.listener.tls_inspector
+         name: envoy.filters.listener.tls_inspector
          typed_config:
            "@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
+           "initialReadBufferSize": 512
          filter_disabled:
            destination_port_range:
              start: 1025

charts/kubezero-istio-gateway/templates/envoyfilter-proxyprotocol.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.proxyProtocol }}
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-proxy-protocol
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{ include "kubezero-lib.labels" . | nindent 4 }}
+spec:
+  workloadSelector:
+    labels:
+      {{- include "gatewaySelectorLabels" . | nindent 6 }}
+  configPatches:
+  - applyTo: LISTENER_FILTER
+    match:
+      context: GATEWAY
+    patch:
+      operation: INSERT_FIRST
+      value:
+        name: envoy.filters.listener.proxy_protocol
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
+        filter_disabled:
+          destination_port_range:
+            start: 1025
+            end: 1026
+{{- end }}

charts/kubezero-istio-gateway/values.yaml

@@ -44,3 +44,6 @@ hardening:
   rejectUnderscoresHeaders: true
   unescapeSlashes: true
   preserveExternalRequestId: false
+
+httpFilter:
+  grpcWeb: false

charts/kubezero-istio/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio
 description: KubeZero Umbrella Chart for Istio
 type: application
-version: 0.24.3
+version: 0.24.6
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -20,10 +20,10 @@ dependencies:
     repository: https://cdn.zero-downtime.net/charts/
     condition: envoy-ratelimit.enabled
   - name: base
-    version: 1.24.3
+    version: 1.24.6
     repository: https://istio-release.storage.googleapis.com/charts
   - name: istiod
-    version: 1.24.3
+    version: 1.24.6
     repository: https://istio-release.storage.googleapis.com/charts
   - name: kiali-server
     version: "2.6.0"

charts/kubezero-istio/README.md

@@ -1,6 +1,6 @@
 # kubezero-istio
 
-![Version: 0.24.3](https://img.shields.io/badge/Version-0.24.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.24.6](https://img.shields.io/badge/Version-0.24.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero Umbrella Chart for Istio
 
@@ -22,8 +22,8 @@ Kubernetes: `>= 1.30.0-0`
 |------------|------|---------|
 | https://cdn.zero-downtime.net/charts/ | envoy-ratelimit | 0.1.2 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
-| https://istio-release.storage.googleapis.com/charts | base | 1.24.3 |
-| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.3 |
+| https://istio-release.storage.googleapis.com/charts | base | 1.24.6 |
+| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.6 |
 | https://kiali.org/helm-charts | kiali-server | 2.6.0 |
 
 ## Values

charts/kubezero-metrics/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
     repository: https://prometheus-community.github.io/helm-charts
     condition: prometheus-adapter.enabled
   - name: prometheus-pushgateway
-    version: 3.2.0
+    version: 3.3.0
     repository: https://prometheus-community.github.io/helm-charts
     condition: prometheus-pushgateway.enabled
 kubeVersion: ">= 1.30.0-0"

charts/kubezero-operators/Chart.yaml

@@ -2,13 +2,12 @@ apiVersion: v2
 name: kubezero-operators
 description: Various operators supported by KubeZero
 type: application
-version: 0.2.0
+version: 0.2.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
   - kubezero
   - operators
-  - opensearch
   - postgres
   - kafka
   - rabbitmq
@@ -19,24 +18,20 @@ dependencies:
   - name: kubezero-lib
     version: 0.2.1
     repository: https://cdn.zero-downtime.net/charts/
-  - name: opensearch-operator
-    version: 2.7.0
-    repository: https://opensearch-project.github.io/opensearch-k8s-operator/
-    condition: opensearch-operator.enabled
   - name: eck-operator
-    version: 2.16.1
+    version: 3.0.0
     repository: https://helm.elastic.co
     condition: eck-operator.enabled
   - name: cloudnative-pg
-    version: 0.23.0
+    version: 0.23.2
     repository: https://cloudnative-pg.github.io/charts
     condition: cloudnative-pg.enabled
   - name: strimzi-kafka-operator
-    version: 0.45.0
+    version: 0.46.0
     repository: "oci://quay.io/strimzi-helm"
     condition: strimzi-kafka-operator.enabled
   - name: rabbitmq-cluster-operator
-    version: 4.4.3
+    version: 4.4.11
     repository: https://charts.bitnami.com/bitnami
     condition: rabbitmq-cluster-operator.enabled
 kubeVersion: ">= 1.30.0-0"

charts/kubezero-operators/README.md

@@ -1,6 +1,6 @@
 # kubezero-operators
 
-![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 Various operators supported by KubeZero
 
@@ -18,12 +18,11 @@ Kubernetes: `>= 1.30.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
-| https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 4.4.3 |
-| https://cloudnative-pg.github.io/charts | cloudnative-pg | 0.23.0 |
-| https://helm.elastic.co | eck-operator | 2.16.1 |
-| https://opensearch-project.github.io/opensearch-k8s-operator/ | opensearch-operator | 2.7.0 |
-| oci://quay.io/strimzi-helm | strimzi-kafka-operator | 0.45.0 |
+| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
+| https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 4.4.11 |
+| https://cloudnative-pg.github.io/charts | cloudnative-pg | 0.23.2 |
+| https://helm.elastic.co | eck-operator | 3.0.0 |
+| oci://quay.io/strimzi-helm | strimzi-kafka-operator | 0.46.0 |
 
 ## Values
 
@@ -34,11 +33,6 @@ Kubernetes: `>= 1.30.0-0`
 | cloudnative-pg.monitoring.podMonitorEnabled | bool | `false` |  |
 | eck-operator.enabled | bool | `false` |  |
 | eck-operator.installCRDs | bool | `false` |  |
-| opensearch-operator.enabled | bool | `false` |  |
-| opensearch-operator.fullnameOverride | string | `"opensearch-operator"` |  |
-| opensearch-operator.kubeRbacProxy.enable | bool | `false` |  |
-| opensearch-operator.manager.extraEnv[0].name | string | `"SKIP_INIT_CONTAINER"` |  |
-| opensearch-operator.manager.extraEnv[0].value | string | `"true"` |  |
 | rabbitmq-cluster-operator.clusterOperator.metrics.enabled | bool | `false` |  |
 | rabbitmq-cluster-operator.clusterOperator.metrics.serviceMonitor.enabled | bool | `true` |  |
 | rabbitmq-cluster-operator.enabled | bool | `false` |  |
@@ -53,4 +47,4 @@ Kubernetes: `>= 1.30.0-0`
 | strimzi-kafka-operator.watchAnyNamespace | bool | `true` |  |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.8.1](https://github.com/norwoodj/helm-docs/releases/v1.8.1)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/kubezero-operators/charts/eck-operator/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 2.16.1
+appVersion: 3.0.0
 description: Elastic Cloud on Kubernetes (ECK) operator
 home: https://github.com/elastic/cloud-on-k8s
 icon: https://helm.elastic.co/icons/eck.png
@@ -18,4 +18,4 @@ maintainers:
     name: Elastic
 name: eck-operator
 type: application
-version: 2.16.1
+version: 3.0.0

charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml

@@ -4,14 +4,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: agents.agent.k8s.elastic.co
 spec:
   group: agent.k8s.elastic.co
@@ -638,7 +638,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -1137,14 +1137,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: apmservers.apm.k8s.elastic.co
 spec:
   group: apm.k8s.elastic.co
@@ -1589,7 +1589,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -2217,7 +2217,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -2372,14 +2372,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: beats.beat.k8s.elastic.co
 spec:
   group: beat.k8s.elastic.co
@@ -2854,14 +2854,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: elasticmapsservers.maps.k8s.elastic.co
 spec:
   group: maps.k8s.elastic.co
@@ -3318,7 +3318,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -3459,14 +3459,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: elasticsearchautoscalers.autoscaling.k8s.elastic.co
 spec:
   group: autoscaling.k8s.elastic.co
@@ -3818,14 +3818,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: elasticsearches.elasticsearch.k8s.elastic.co
 spec:
   group: elasticsearch.k8s.elastic.co
@@ -4267,7 +4267,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -5332,7 +5332,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -6036,7 +6036,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -6619,14 +6619,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: enterprisesearches.enterprisesearch.k8s.elastic.co
 spec:
   group: enterprisesearch.k8s.elastic.co
@@ -7082,7 +7082,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -7661,7 +7661,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -7788,14 +7788,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: kibanas.kibana.k8s.elastic.co
 spec:
   group: kibana.k8s.elastic.co
@@ -8270,7 +8270,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -8959,7 +8959,7 @@ spec:
                               not set, the implementation will apply its default routing strategy. If set
                               to "PreferClose", implementations should prioritize endpoints that are
                               topologically close (e.g., same zone).
-                              This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                              This is a beta field and requires enabling ServiceTrafficDistribution feature.
                             type: string
                           type:
                             description: |-
@@ -9103,14 +9103,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: logstashes.logstash.k8s.elastic.co
 spec:
   group: logstash.k8s.elastic.co
@@ -9749,7 +9749,7 @@ spec:
                                 not set, the implementation will apply its default routing strategy. If set
                                 to "PreferClose", implementations should prioritize endpoints that are
                                 topologically close (e.g., same zone).
-                                This is an alpha field and requires enabling ServiceTrafficDistribution feature.
+                                This is a beta field and requires enabling ServiceTrafficDistribution feature.
                               type: string
                             type:
                               description: |-
@@ -10228,18 +10228,15 @@ spec:
                                   persistent volume is being resized.
                                 type: string
                               status:
+                                description: |-
+                                  Status is the status of the condition.
+                                  Can be True, False, Unknown.
+                                  More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required
                                 type: string
                               type:
                                 description: |-
-                                  PersistentVolumeClaimConditionType defines the condition of PV claim.
-                                  Valid values are:
-                                    - "Resizing", "FileSystemResizePending"
-
-                                  If RecoverVolumeExpansionFailure feature gate is enabled, then following additional values can be expected:
-                                    - "ControllerResizeError", "NodeResizeError"
-
-                                  If VolumeAttributesClass feature gate is enabled, then following additional values can be expected:
-                                    - "ModifyVolumeError", "ModifyingVolume"
+                                  Type is the type of the condition.
+                                  More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about
                                 type: string
                             required:
                             - status
@@ -10350,14 +10347,14 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.17.2
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/instance: 'logging'
     app.kubernetes.io/managed-by: 'Helm'
     app.kubernetes.io/name: 'eck-operator-crds'
-    app.kubernetes.io/version: '2.16.1'
-    helm.sh/chart: 'eck-operator-crds-2.16.1'
+    app.kubernetes.io/version: '3.0.0'
+    helm.sh/chart: 'eck-operator-crds-3.0.0'
   name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co
 spec:
   group: stackconfigpolicy.k8s.elastic.co

charts/kubezero-operators/charts/eck-operator/templates/_helpers.tpl

@@ -48,9 +48,9 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 Selector labels
 */}}
 {{- define "eck-operator.selectorLabels" -}}
-{{- if .Values.global.manifestGen }}
+{{- if .Values.global.manifestGen -}}
 control-plane: elastic-operator
-{{- else }}
+{{- else -}}
 app.kubernetes.io/name: {{ include "eck-operator.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}

charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml

@@ -138,8 +138,16 @@ spec:
         {{- end }}
       {{- if .Values.hostNetwork }}
       hostNetwork: true
+      {{- end }}
+      {{- if .Values.dnsPolicy }}
+      dnsPolicy: {{ .Values.dnsPolicy }}
+      {{- else if .Values.hostNetwork }}
       dnsPolicy: ClusterFirstWithHostNet
       {{- end }}
+      {{- with .Values.dnsConfig }}
+      dnsConfig:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/kubezero-operators/charts/eck-operator/values.yaml

@@ -148,9 +148,26 @@ webhook:
 
 # hostNetwork allows a Pod to use the Node network namespace.
 # This is required to allow for communication with the kube API when using some alternate CNIs in conjunction with webhook enabled.
+# If hostNetwork is enabled, dnsPolicy defaults to ClusterFirstWithHostNet unless explicitly set.
 # CAUTION: Proceed at your own risk. This setting has security concerns such as allowing malicious users to access workloads running on the host.
 hostNetwork: false
 
+# dnsPolicy defines the DNS policy for the operator pod.
+# Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy for more details.
+dnsPolicy: ""
+
+# dnsConfig defines the DNS configuration for the operator pod.
+# Check https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config for more details.
+# dnsConfig:
+#   nameservers:
+#     - 169.254.20.10
+#   searches:
+#     - svc.cluster.local
+#   options:
+#     - name: ndots
+#       value: "2"
+dnsConfig: {}
+
 softMultiTenancy:
   # enabled determines whether the operator is installed with soft multi-tenancy extensions.
   # This requires network policies to be enabled on the Kubernetes cluster.

charts/kubezero-operators/templates/cloudnative-pg/ClusterImageCatalog-bookworm.yaml

@@ -1,4 +1,3 @@
-{{- if index .Values "cloudnative-pg" "enabled" }}
 apiVersion: postgresql.cnpg.io/v1
 kind: ClusterImageCatalog
 metadata:
@@ -6,13 +5,12 @@ metadata:
 spec:
   images:
     - major: 13
-      image: ghcr.io/cloudnative-pg/postgresql:13.18-34-bookworm@sha256:79ffc8faf88cbaf768791a23f15031cc400778321378237ead6cb77e8cfcf192
+      image: ghcr.io/cloudnative-pg/postgresql:13.21-1-bookworm@sha256:189ae9e434654d224a3573beffa3552c67f50e344debfe14be7ad92245be8589
     - major: 14
-      image: ghcr.io/cloudnative-pg/postgresql:14.15-34-bookworm@sha256:95b3f1a94c3d6755128a57e335d35ff196597078e09b93438009b8a9dcb2d409
+      image: ghcr.io/cloudnative-pg/postgresql:14.18-1-bookworm@sha256:26bca18fee9dc5a0d7bfafddd5b9cc69600b4c14a430f2e8785eb2fc8a802ed2
     - major: 15
-      image: ghcr.io/cloudnative-pg/postgresql:15.10-34-bookworm@sha256:4e8945ec4d6b744aa612f80c6b80cc525eafb411e44527c81f249fda35363765
+      image: ghcr.io/cloudnative-pg/postgresql:15.13-1-bookworm@sha256:32312ca4300023b15d260adb9b25ef2ea8c061e3218e788fe5de84eac08a3033
     - major: 16
-      image: ghcr.io/cloudnative-pg/postgresql:16.6-33-bookworm@sha256:7dfda49485274b61ada9bb347caffac01dee442ffd119eb19317a2692347657b
+      image: ghcr.io/cloudnative-pg/postgresql:16.9-1-bookworm@sha256:cf533c5f141b13a327d4678f49a1ace3bd5475f847e08d33b33255fde85717dc
     - major: 17
-      image: ghcr.io/cloudnative-pg/postgresql:17.2-33-bookworm@sha256:52b78e8e4a297e268be168c7e107a2117072dc38f4a11d9d056ff0cc13d4007f
-{{- end }}
+      image: ghcr.io/cloudnative-pg/postgresql:17.5-1-bookworm@sha256:c860bf22cc86b8033c0aa77299e6c8df41cddf4a884b72115153aeb2f4574e94

charts/kubezero-operators/templates/strimzi/grafana-dashboards.yaml

@@ -11,5 +11,5 @@ metadata:
     k8s-sidecar-target-directory: Operators
 binaryData:
   strimzi-kafka-operator.json.gz:
-    H4sIAAAAAAAC/+1dW3PbuBV+96/g8KETzzhbUbIcb2f2wXE2u2ljx2M76bSJRwORkIQ1SXBBMLbiqr+9B+ANvElyZMdy57zYIkACONfvI0CQdzuWZY9Ggv6ZMEFj+2/WZyixrDv9F+rkPKJQak8FmZCQ2Ht5BfNai0MS6PN/q1d8pSJmPFR1r37a/2lo64rFXnt3EQmpX+8slkQ2e7pQpUsb84gkMU+ES+stRoIHVM5oEjfbPSvr7j9UyQIaU8FoS8OXZV3aMPy9UmfZJAw5SANqUpZIe7J9FsvCLmX/UDNOmC/fKZU6e2WpIW1VCuMcGpKxr+qlSKhRPmNeSylzeXjMfS5Ug2I6Ji96e1bfceDPcLhnObtm07mUR6Us1l+sI58KWRlCaZx4NuZEeHZWt9D/r3YyjdvUY7I2WnvCYpf4/6JEgPWFPOGhnEF9T1eCT0azS859yaKiUJvFGejfPguvtaunWtcGbHF9l/s+iWKqrpwQPy5UslrFMAbmnfHSiql2a5a6geP+vlFwmw83O56r41wtVQ8rLjOGf1WUgVKmVMaG25iOs56TwFmCTt5pdz6yi+JF9svojEltHfs4iSUPrHOatmyoIze24DftwbRaoxNGfe+YhxM2rWrVoxOS+LKq69R82mPNQigOuHZxW84g382478W2ccKiIn9AooiF06oe67rUZ/KoGrXVLol0le3tMPH9ioYLPccgQevFSnn0VtXZp389shv1i1rJot58ofs4oi4jfrUJ8/KriuyGfjp1SMYx9xNJazJBoqZRU2lWm25yK0HEUBq2Kecr8RPVm1LeKmGXdSAgkJc0f9jbWabZq04nSUKmzRPykBphYoQxB+yDfJDC61UjnjtzxUEtV6xKFU57qugXhwG5fQOBdsZZqOPF6RVNtHpwqryTzNpaQKNLnWe7Kv+AXMAm87yaJJKb1RzgL0zhQVXP4PgbJHFihoeyWOLSD62hZUP+d5s+ZvsklqdcnqpI6/RtnUvUxXY132lfiPN032pLCImbMwp5KpTHMxJOaR0csoDtEvwG/OA9mfNEZnjWsFnkJ1MWfqrTpYfO7fQ20mERJ8GLWAoWfGNAA7PMfXfNQu+XL/Y/yOSafLEXu9VrJ1xATst5zqhGdFLPCyUVoM+3xJU6/pxNkEWPwzo+b4GUuJP+IaasxpQeIgoiSoko++shijNESEFI2QBSPgJkbAGsqGEgqiCqIKo8Kqocrocqwx6iCqLKBqhyySPmbgGs6HHECCwILAgsGwHLYAWwOP0171ccRBZElg2QBZJuSF25BdiSjQTBBcEFweVxweVgTXA5QHBBcNkAXE6YEOAF5JqK/hYgTDocS4/H6iPQINAg0Dwq0PTXXMd3cCEfgeaBgGbbcAZRBlEGUeaHzpXtd6DMAFEGUWYDlHkNHjqlWwAw6UAQWhBaEFp+7ExZB7QM9xFaEFo2X4bhYnsWYjjeuyDAIMD84BmyLoDB55IRYDYBmHM6Jj4J3W24fSnGcl+A2Y59q686phd6W7hx9Zy6PHSZz7K919u8bzUiPpWSvnQh/GPmdiO6q3fjNhsityx+zYVHxQUEeDOmi5OOqfJn6v2bCr7sNDNxagBvOek9GVO/kYWyyjOfuDSA3lqyiD5pTMSRz6Zhdk6vVu0JcnMh56ktfRY2YHrCfP9DRFwm5xUXLLO7p3J0R4JPYwCS2VvRok+ViOmUhl67ipQTFVvR2+u/sm+NPNwC+pBeIOnodB93mEPJ/k4ZLeJ+ATiqkAi75dR/Mk/O6mlKBaYCzQv2TSljWGc8AEb0DVNpdJxkXdx1MbGs66VSaZTJUdoOKVCIBsuCTLFMbEiFLmTxadtQpoInUZoJGooPTHsvHWTJEXM/u+tqjE8m3cyzGqHV9xC0UnGkqhtRVVCWkA/LVQ9rQHi4AgcPO97fcLicjhY5pZ0JVv3CY3Hkk4KB6jeGVE6IzAw75lIBQ+UEFYXv8y4NrlbVWZnJKqPKXS8AOGO1dpX+m/cM28AEWegKSmJqUMIKCxjFiQv8MJ4k/khy4OufndnV7q41nlsvFGd8cH6Ymvxt0c6dpqaLxUbU5qIQwqqyHCuiwpqBxppsR9ZfUIOkB0kPkh4kPUh6kPS0kp7DNUnPz0h6tpz0TAjzqfeMCc9bLQCSHSQ7SHaQ7CDZQbLz0GSn8bhLB9sZOsh2tpzt+Ny9ftZsp0ZzbpgEliOt9yAXch7kPMh5kPMg50HO8+CrWs5BxwzPK+Q8W855nvFalnrXP87tIM9BnoM8B3kO8pzHX8jq5DkHyHO2nOcALWDcY6DzZ0x5zgohkPUg60HWg6wHWc//O+t54tWsFsqjEon6auGHbAyNjUXpelcfOdG2bG6rUiEvEfoX0Bqo8OJRQG4fggk1txU+BUc6ATwOksCqSm2p0d+fHK25eU4lkUfYNNfv2tj68/Jdc8WmdABbNgG6KJ/864tdTE5xopoCS8YDzmN86nOtzerPEG3uCwgQ1UAUVqPCTteY0235VLRxgPR7teP5KQlok26Uidz+9TZiYm4pHFhOPCLBI+WHdE1lpiPQ0i5RpHJSDUJH8buY29+n00dQixqSdcmtVD1PqhnF9U/zGF9LNzv10u8gFKuT2rAjqa1YK1IA/jslnjbQ4+wfL8ATMN16EbBQg6LrQ/KiYs9SiXPPyreKj9SnjYHXu3TXKqDWLTPuiCoXSIFWw4wkQTQK4t1ugNXJrgagcFkoGx9hXoq6dVj9PjgN8pvFCrip8osZm8hmhQE6ufuXtYKEcSppZtkOE6Q+rlhgAvd/9K0Cmur4u144orCExAVRkTw1wLye1/O8n75j4RwCpHZCWtGWBdIa7SLqbQtLbpLasnOLnFxMSajuUteTkN6CL3r0dZqGWgaos3EDLdvuwz16u7KZXiPRfcpyzH6jJguS5q14+pKXWsSYn6EtwbpqtsaNe0ldBkuFE1T10y1dLkQFwpYIZB+nP6325N8qnX1aHKyWsw4ana+yuVT/13G6ZjjnfFenmC1+T8Rg0PGiiMMtfFHE3z+d4MshcKIVJ1pxohUnWp/7RKtH3fFc0geeb311zyfpBh1TPv0ezqY+7WzqH1+DUUADLuajBFjSSDvLnave3QapS/zy3y82lIuX6p6eSC7+I9V3H8vD7BbxZUYsiwr1brH0PjNv6gesRRd9bTjZCgzIOtFKsT7GRoDi6jOSIiRFSIqQFD1vUhT8YDp0uC4dws2UT0yHgLtQzYmm7igiwHyK1WSofRha9HkY5I/oPVdu9NtxdXoReRHyIuRFyIuQF+FehHtSo8aTeZ3cCB+821pu5PIklMiOSnZ0rBSyBj3ayRpR3ahcpU4a9FJhADtmNCCliQf6+TiwrPEBk/SN/llP9kWqV7toVtIgUtBmJPvU2Uu3ML8OkQiRuvyd6cRUfcKy8TSbhvjaVC8L9Ur+ke+3fEXBzzmN4XlGdRoLzcvCdL3bfnMxOjv/cPLr5e+/fryofHqiyAZmkNt/JjRdho7aXNtQuFMpndLbGu+y42sWfRT+xTx02z4OkdnWkGrHdBOVKxepMZixcm9PUnYEgX7z0pnlFpQ8K7Mrl0H0XBuPcOWjH+V+bsa5PTTotNMzDgbmgVMmNHto/HbMg0HPrJmVv/vGb8dLJb7KZVBRaVhlZS9mwwdmw2Yv/X3zwJiTfeWZ483HUlHfN5VMc6uaW611uFgfsvSTxd3XIuI0Ntk3lF7rXdm6iZ3F/wDuyXP7T6AAAA==
+    H4sIAAAAAAAC/+1dW3PbuBV+96/g8KETzzhbUbIcb2f2wXE2u2ljx2M76bSJRwORkIQ1SXBBMLbiqr+9B+ANvElyZMdy57zYIkACONfvI0CQdzuWZY9Ggv6ZMEFj+2/WZyixrDv9F+rkPKJQak8FmZCQ2Ht5BfNai0MS6PN/q1d8pSJmPFR1r37a/2lo64rFXnt3EQmpX+8slkQ2e7pQpUsb84gkMU+ES+stRoIHVM5oEjfbPSvr7j9UyQIaU8FoS8OXZV3aMPy9UmfZJAw5SANqUpZIe7J9FsvCLmX/UDNOmC/fKZU6e2WpIW1VCuMcGpKxr+qlSKhRPmNeSylzeXjMfS5Ug2I6Ji96e1bfceDPcLhnObtm07mUR6Us1l+sI58KWRlCaZx4NuZEeHZWt9D/r3YyjdvUY7I2WnvCYpf4/6JEgPWFPOGhnEF9T1eCT0azS859yaKiUJvFGejfPguvtaunWtcGbHF9l/s+iWKqrpwQPy5UslrFMAbmnfHSiql2a5a6geP+vlFwmw83O56r41wtVQ8rLjOGf1WUgVKmVMaG25iOs56TwFmCTt5pdz6yi+JF9svojEltHfs4iSUPrHOatmyoIze24DftwbRaoxNGfe+YhxM2rWrVoxOS+LKq69R82mPNQigOuHZxW84g382478W2ccKiIn9AooiF06oe67rUZ/KoGrXVLol0le3tMPH9ioYLPccgQevFSnn0VtXZp389shv1i1rJot58ofs4oi4jfrUJ8/KriuyGfjp1SMYx9xNJazJBoqZRU2lWm25yK0HEUBq2Kecr8RPVm1LeKmGXdSAgkJc0f9jbWabZq04nSUKmzRPykBphYoQxB+yDfJDC61UjnjtzxUEtV6xKFU57qugXhwG5fQOBdsZZqOPF6RVNtHpwqryTzNpaQKNLnWe7Kv+AXMAm87yaJJKb1RzgL0zhQVXP4PgbJHFihoeyWOLSD62hZUP+d5s+ZvsklqdcnqpI6/RtnUvUxXY132lfiPN032pLCImbMwp5KpTHMxJOaR0csoDtEvwG/OA9mfNEZnjWsFnkJ1MWfqrTpYfO7fQ20mERJ8GLWAoWfGNAA7PMfXfNQu+XL/Y/yOSafLEXu9VrJ1xATst5zqhGdFLPCyUVoM+3xJU6/pxNkEWPwzo+b4GUuJP+IaasxpQeIgoiSoko++shijNESEFI2QBSPgJkbAGsqGEgqiCqIKo8Kqocrocqwx6iCqLKBqhyySPmbgGs6HHECCwILAgsGwHLYAWwOP0171ccRBZElg2QBZJuSF25BdiSjQTBBcEFweVxweVgTXA5QHBBcNkAXE6YEOAF5JqK/hYgTDocS4/H6iPQINAg0Dwq0PTXXMd3cCEfgWYToDkFUc4497cAZNRQLDUWxBfEF8SXHztLtt+BLwPEF8SXDfDlNXjolG4BuqQDQWhBaEFo+bFzZB3QMtxHaEFo2XwBhovtWYLh+OgYAgwCzA+eG+sCGHwiGQFmE4A5p2Pik9DdhtuXYiz3BZjt2LH6qmN6obeFW1bPqctDl/ks23W9zTtWI+JTKelLF8I/Zm43ort6H26zIXLL4tdceFRcQIA3Y7o46Zgqf6bev6ngy04zE6cG8JaT3pMx9RtZKKs884lLA+itJYvok8ZEHPlsGmbn9GrVniA3F3Ke2tJnYQOmJ8z3P0TEZXJeccEyu3sqR3ck+DQGIJm9FS36VImYTmnotatIOVGxCb29/iv71sjDLaAP6QWSjk73cYc5lOzvlNEi7heAowqJsFtO/Sfz5KyeplRgKtC8YN+UMoZ1xgNgRN8wlUbHSdbFXRcTy7peKpVGmRyl7ZAChWiwLMgUy8SGVOhCFp+2DWUqeBKlmaCh+MC099JBlhwx97O7rsb4ZNLNPKsRWn0DQSsVR6q6EVUFZQn5sFz1sAaEhytw8LDjzQ2Hy+lokVPamWDVLzwWRz4pGKh+V0jlhMjMsGMuFTBUTlBR+D7v0uBqVZ2Vmawyqtz1AoAzVmtX6b95z7ANTJCFrqAkpgYlrLCAUZy4wA/jSeKPJAe+/tmZXe3uWuO59UJxxgfnh6nJ3xbt3GlqulhsRG0uCiGsKsuxIiqsGWisyXZk/dU0SHqQ9CDpQdKDpAdJTyvpOVyT9PyMpGfLSc+EMJ96z5jwvNUCINlBsoNkB8kOkh0kOw9NdhqPu3SwnaGDbGfL2Y7P3etnzXZqNOeGSWA50noPciHnQc6DnAc5D3Ie5DwPvqrlHHTM8LxCzrPlnOcZr2Wpt/zj3A7yHOQ5yHOQ5yDPefyFrE6ec4A8Z8t5DtACxj0GOn/GlOesEAJZD7IeZD3IepD1/L+znidezWqhPCqRqO8VfsjG0NhYlK539ZETbcvmtioV8hKhfwGtgQovHgXk9iGYUHNb4VNwpBPA4yAJrKrUlhr9/cnRmpvnVBJ5hE1z/a6NrT8v3zVXbEoHsGUToIvyyb+72MXkFCeqKbBkPOA8xkc+19qs/gzR5r6AAFENRGE1Kux0jTndlk9FGwdIv1Q7np+SgDbpRpnI7V9vIybmlsKB5cQjEjxSfkjXVGY6Ai3tEkUqJ9UgdBS/i7n9fTp9BLWoIVmX3ErV86SaUVz/NI/xtXSzUy/9DkKxOqkNO5LairUiBeC/U+JpAz3O/vECPAHTrRcBCzUouj4kLyr2LJU496x8q/hIfdQYeL1Ld60Cat0y446ocoEUaDXMSBJEoyDe7QZYnexqAAqXhbLx+eWlqFuH1e+D0yC/WayAmyq/mLGJbFYYoJO7f1krSBinkmaW7TBB6uOKBSZw/0ffKqCpjr/rhSMKS0hcEBXJUwPM63k9z/vpOxbOIUBqJ6QVbVkgrdEuot62sOQmqS07t8jJxZSE6i51PQnpLfiiR1+naahlgDobN9Cy7T7co7crm+k1Et2nLMfsN2qyIGneiqcvealFjPkB2hKsq2Zr3LiX1GWwVDhBVT/d0uVCVCBsiUD2cfrTak/+rdLZp8XBajnroNH5KptL9X8dp2uGc853dYrZ4vdEDAYdL4o43MIXRfz90wm+HAInWnGiFSdacaL1uU+0etQdzyV94PnWV/d8km7QMeXT7+Fs6tPOpv7xNRgFNOBiPkqAJY20s9y56t1tkLrEL//9YkO5eKnu6Ynk4j9SffGxPMxuEV9mxLKoUO8WS+8z86Z+wFp00deGk63AgKwTrRTrY2wEKK4+IylCUoSkCEnR8yZFwQ+mQ4fr0iHcTPnEdAi4C9WcaOqOIgLMp1hNhtqHoUWfh0H+iN5z5Ua/HVenF5EXIS9CXoS8CHkR7kW4JzVqPJnXyY3wwbut5UYuT0KJ7KhkR8dKIWvQo52sEdWNylXqpEEvFQawY0YDUpp4oJ+PA8saHzBJ3+if9WRfpHq1i2YlDSIFbUayT529dAvz6xCJEKnL35lOTNVHkhtPs2mIr031slCv5B/5fstXFPyc0xieZ1SnsdC8LEzXu+03F6Oz8w8nv17+/uvHi8qnJ4psYAa5/WdC02XoqM21DYU7ldIpva3xLju+ZtFH4V/MQ7ft4xCZbQ2pdkw3UblykRqDGSv39iRlRxDoNy+dWW5BybMyu3IZRM+18QhXPvpR7udmnNtDg047PeNgYB44ZUKzh8ZvxzwY9MyaWfm7b/x2vFTiq1wGFZWGVVb2YjZ8YDZs9tLfNw+MOdlXnjnefCwV9X1TyTS3qrnVWoeL9SFLP1ncfS0iTmOTfUPptd6VrZvYWfwPzVSNtEmgAAA=
 {{- end }}

charts/kubezero-operators/values.yaml

@@ -1,18 +1,3 @@
-opensearch-operator:
-  enabled: false
-
-  # otherwise service names will be >63 chars
-  fullnameOverride: opensearch-operator
-
-  # not needed for now
-  kubeRbacProxy:
-    enable: false
-
-  manager:
-    extraEnv:
-      - name: SKIP_INIT_CONTAINER
-        value: "true"
-
 eck-operator:
   enabled: false
   installCRDs: false

charts/kubezero-telemetry/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-telemetry
 description: KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
 type: application
-version: 0.4.1
+version: 0.5.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -19,23 +19,31 @@ dependencies:
     version: 0.2.1
     repository: https://cdn.zero-downtime.net/charts/
   - name: opentelemetry-collector
-    version: 0.108.0
+    version: 0.125.0
     repository: https://open-telemetry.github.io/opentelemetry-helm-charts
     condition: opentelemetry-collector.enabled
+  - name: opensearch
+    version: 3.0.0
+    repository: https://opensearch-project.github.io/helm-charts/
+    condition: opensearch.enabled
+  - name: opensearch-dashboards
+    version: 3.0.0
+    repository: https://opensearch-project.github.io/helm-charts/
+    condition: opensearch-dashboards.enabled
   - name: data-prepper
-    version: 0.1.0
+    version: 0.3.1
     repository: https://opensearch-project.github.io/helm-charts/
     condition: data-prepper.enabled
   - name: jaeger
-    version: 3.3.1
+    version: 3.4.1
     repository: https://jaegertracing.github.io/helm-charts
     condition: jaeger.enabled
   - name: fluentd
-    version: 0.5.2
+    version: 0.5.3
     repository: https://fluent.github.io/helm-charts
     condition: fluentd.enabled
   - name: fluent-bit
-    version: 0.47.10
+    version: 0.49.0
     repository: https://fluent.github.io/helm-charts
     condition: fluent-bit.enabled
-kubeVersion: ">= 1.26.0"
+kubeVersion: ">= 1.30.0-0"

charts/kubezero-telemetry/README.md

@@ -1,6 +1,6 @@
 # kubezero-telemetry
 
-![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.4.2](https://img.shields.io/badge/Version-0.4.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
 
@@ -14,16 +14,18 @@ KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
 
 ## Requirements
 
-Kubernetes: `>= 1.26.0`
+Kubernetes: `>= 1.30.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
-| https://fluent.github.io/helm-charts | fluent-bit | 0.47.10 |
-| https://fluent.github.io/helm-charts | fluentd | 0.5.2 |
-| https://jaegertracing.github.io/helm-charts | jaeger | 3.3.1 |
-| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.108.0 |
-| https://opensearch-project.github.io/helm-charts/ | data-prepper | 0.1.0 |
+| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
+| https://fluent.github.io/helm-charts | fluent-bit | 0.49.0 |
+| https://fluent.github.io/helm-charts | fluentd | 0.5.3 |
+| https://jaegertracing.github.io/helm-charts | jaeger | 3.4.1 |
+| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.125.0 |
+| https://opensearch-project.github.io/helm-charts/ | data-prepper | 0.3.1 |
+| https://opensearch-project.github.io/helm-charts/ | opensearch | 3.0.0 |
+| https://opensearch-project.github.io/helm-charts/ | opensearch-dashboards | 3.0.0 |
 
 ## Values
 
@@ -135,7 +137,7 @@ Kubernetes: `>= 1.26.0`
 | fluentd.service.ports[1].containerPort | int | `9880` |  |
 | fluentd.service.ports[1].name | string | `"http-fluentd"` |  |
 | fluentd.service.ports[1].protocol | string | `"TCP"` |  |
-| fluentd.source.sharedKey | string | `"secretref+k8s://v1/Secret/kubezero/kubezero-secrets/telemetry.fluentd.source.sharedKey"` |  |
+| fluentd.source.sharedKey | string | `"secretref+k8s://v1/Secret/kubezero/kubezero-secrets/telemetry.fluentd.source.sharedKey?inCluster"` |  |
 | fluentd.volumeMounts[0].mountPath | string | `"/run/pki"` |  |
 | fluentd.volumeMounts[0].name | string | `"trust-store"` |  |
 | fluentd.volumeMounts[0].readOnly | bool | `true` |  |
@@ -167,13 +169,27 @@ Kubernetes: `>= 1.26.0`
 | jaeger.storage.elasticsearch.user | string | `"admin"` |  |
 | jaeger.storage.type | string | `"elasticsearch"` |  |
 | metrics.enabled | bool | `false` |  |
-| opensearch.dashboard.enabled | bool | `false` |  |
-| opensearch.dashboard.istio.enabled | bool | `false` |  |
-| opensearch.dashboard.istio.gateway | string | `"istio-ingress/private-ingressgateway"` |  |
-| opensearch.dashboard.istio.url | string | `"telemetry-dashboard.example.com"` |  |
-| opensearch.nodeSets | list | `[]` |  |
-| opensearch.prometheus | bool | `false` |  |
-| opensearch.version | string | `"2.17.0"` |  |
+| opensearch-dashboards.enabled | bool | `false` |  |
+| opensearch-dashboards.istio.enabled | bool | `false` |  |
+| opensearch-dashboards.istio.gateway | string | `"istio-ingress/private-ingressgateway"` |  |
+| opensearch-dashboards.istio.url | string | `"telemetry-dashboard.example.com"` |  |
+| opensearch-dashboards.resources.limits.cpu | string | `nil` |  |
+| opensearch-dashboards.resources.limits.memory | string | `"512M"` |  |
+| opensearch-dashboards.resources.requests.cpu | string | `"100m"` |  |
+| opensearch-dashboards.resources.requests.memory | string | `"512M"` |  |
+| opensearch-dashboards.serviceMonitor.enabled | bool | `false` |  |
+| opensearch-dashboards.serviceMonitor.interval | string | `"30s"` |  |
+| opensearch.config."opensearch.yml" | string | `"cluster.name: opensearch-cluster\nnetwork.host: 0.0.0.0\ndiscovery.type: single-node\n"` |  |
+| opensearch.enabled | bool | `false` |  |
+| opensearch.maxUnavailable | int | `0` |  |
+| opensearch.opensearchJavaOpts | string | `"-Xmx1024M -Xms1024M"` |  |
+| opensearch.persistence.size | string | `"8Gi"` |  |
+| opensearch.resources.limits.memory | string | `"2Gi"` |  |
+| opensearch.resources.requests.cpu | string | `"500m"` |  |
+| opensearch.resources.requests.memory | string | `"2Gi"` |  |
+| opensearch.serviceMonitor.enabled | bool | `false` |  |
+| opensearch.serviceMonitor.interval | string | `"30s"` |  |
+| opensearch.singleNode | bool | `true` |  |
 | opentelemetry-collector.config.exporters.otlp/data-prepper.endpoint | string | `"telemetry-data-prepper:21890"` |  |
 | opentelemetry-collector.config.exporters.otlp/data-prepper.tls.insecure | bool | `true` |  |
 | opentelemetry-collector.config.exporters.otlp/jaeger.endpoint | string | `"telemetry-jaeger-collector:4317"` |  |

charts/kubezero-telemetry/charts/fluentd/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v1.16.2
+appVersion: v1.17.1
 description: A Helm chart for Kubernetes
 home: https://www.fluentd.org/
 icon: https://www.fluentd.org/images/miscellany/fluentd-logo_2x.png
@@ -12,4 +12,4 @@ name: fluentd
 sources:
 - https://github.com/fluent/fluentd/
 - https://github.com/fluent/fluentd-kubernetes-daemonset
-version: 0.5.2
+version: 0.5.3

charts/kubezero-telemetry/charts/fluentd/templates/_pod.tpl

@@ -1,5 +1,5 @@
 {{- define "fluentd.pod" -}}
-{{- $defaultTag := printf "%s-debian-%s-1.0" (.Chart.AppVersion) (.Values.variant) -}}
+{{- $defaultTag := printf "%s-debian-%s-1.2" (.Chart.AppVersion) (.Values.variant) -}}
 {{- with .Values.imagePullSecrets }}
 imagePullSecrets:
   {{- toYaml . | nindent 2 }}

charts/kubezero-telemetry/charts/opentelemetry-collector/.helmignore

@@ -21,7 +21,7 @@
 .idea/
 *.tmproj
 .vscode/
-
+examples/
 # Ignore unittest
 tests/
 */__snapshot__/*

charts/kubezero-telemetry/charts/opentelemetry-collector/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.111.0
+appVersion: 0.126.0
 description: OpenTelemetry Collector Helm chart for Kubernetes
 home: https://opentelemetry.io/
 icon: https://opentelemetry.io/img/logos/opentelemetry-logo-nav.png
@@ -12,4 +12,4 @@ sources:
 - https://github.com/open-telemetry/opentelemetry-collector
 - https://github.com/open-telemetry/opentelemetry-collector-contrib
 type: application
-version: 0.108.0
+version: 0.125.0

charts/kubezero-telemetry/charts/opentelemetry-collector/README.md

@@ -19,7 +19,7 @@ helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm
 To install the chart with the release name my-opentelemetry-collector, run the following command:
 
 ```console
-helm install my-opentelemetry-collector open-telemetry/opentelemetry-collector --set mode=<value> --set image.repository="otel/opentelemetry-collector-k8s" --set command.name="otelcol-k8s"
+helm install my-opentelemetry-collector open-telemetry/opentelemetry-collector --set mode=<value> --set image.repository="ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s" --set command.name="otelcol-k8s"
 ```
 
 Where the `mode` value needs to be set to one of `daemonset`, `deployment` or `statefulset`.
@@ -35,7 +35,7 @@ See [UPGRADING.md](UPGRADING.md).
 OpenTelemetry Collector recommends to bind receivers' servers to addresses that limit connections to authorized users.
 For this reason, by default the chart binds all the Collector's endpoints to the pod's IP.
 
-More info is available in the [Security Best Practices docummentation](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks)
+More info is available in the [Security Best Practices documentation](https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks)
 
 Some care must be taken when using `hostNetwork: true`, as then OpenTelemetry Collector will listen on all the addresses in the host network namespace.
 
@@ -106,6 +106,29 @@ to read the files where Kubernetes container runtime writes all containers' cons
 
 #### :warning: Warning: Risk of looping the exported logs back into the receiver, causing "log explosion"
 
+#### Log collection for a subset of pods or containers
+
+The `logsCollection` preset will by default ingest the logs of all kubernetes containers.
+This is achieved by using an include path of `/var/log/pods/*/*/*.log` for the `filelog`receiver.
+
+To limit the import to a certain subset of pods or containers, the `filelog`
+receivers `include` list can be overwritten by supplying explicit configuration.
+
+E.g. The following configuration would only import logs for pods within the namespace: `example-namespace`:
+
+```yaml
+mode: daemonset
+
+presets:
+  logsCollection:
+    enabled: true
+config:
+  receivers:
+    filelog:
+      include:
+        - /var/log/pods/example-namespace_*/*/*.log
+```
+
 The container logs pipeline uses the `debug` exporter by default.
 Paired with the default `filelog` receiver that receives all containers' console output,
 it is easy to accidentally feed the exported logs back into the receiver.
@@ -149,6 +172,10 @@ This feature is disabled by default. It has the following requirements:
 
 - It requires the [Kubernetes Attributes processor](https://opentelemetry.io/docs/kubernetes/collector/components/#kubernetes-attributes-processor) to be included in the collector, such as [k8s](https://github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol-k8s) version of the collector image.
 
+#### :memo: Note: Changing or supplementing `k8sattributes` scopes
+
+In order to minimize the collector's privileges, the [Kubernetes RBAC Rules](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) that are applied to the collector as part of this chart are the minimum required for the `presets.kubernetesAttributes` preset to work. If additional configuration scopes are desired outside of the preset you must apply the corresponding RBAC rules to grant the collector access.
+
 To enable this feature, set the  `presets.kubernetesAttributes.enabled` property to `true`.
 Here is an example `values.yaml`:
 

charts/kubezero-telemetry/charts/opentelemetry-collector/UPGRADING.md

@@ -4,6 +4,14 @@ These upgrade guidelines only contain instructions for version upgrades which re
 If the version you want to upgrade to is not listed here, then there is nothing to do for you.
 Just upgrade and enjoy.
 
+## 0.121.0 to 0.122.0
+
+In the v0.123.1 Collector release we stopped pushing images to Dockerhub due to how their new rate limit changes affected our CI. If you're using `otel/opentelemetry-collector-k8s` for the image you should switch to `ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s`. See https://github.com/open-telemetry/community/issues/2641 for more details.
+
+## 0.110.0 to 0.110.1 or 0.110.2
+
+We broke the selector labels in `0.110.0`, which causes `helm upgrades` to fail. Do not attempt to upgrade from `0.110.0` to either `0.110.1` or `0.110.2`. Go straight to `0.110.3` instead.
+
 ## 0.97.2 to 0.98.0
 
 > [!WARNING]

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/GOMEMLIMIT-values.yaml

@@ -1,7 +1,7 @@
 mode: deployment
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/clusterrole-values.yaml

@@ -1,7 +1,7 @@
 mode: daemonset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/config-override-values.yaml

@@ -1,7 +1,7 @@
 mode: daemonset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/daemonset-values.yaml

@@ -1,7 +1,7 @@
 mode: daemonset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/deployment-values.yaml

@@ -4,7 +4,7 @@ global:
 mode: deployment
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"
@@ -19,6 +19,10 @@ resources:
 podLabels:
   testLabel: "{{ .Values.global.test }}"
 
+additionalLabels:
+  testLabel: "{{ .Values.global.test }}"
+  someLabel: "someValue"
+
 ingress:
   enabled: true
   hosts:

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/disabling-protocols-values.yaml

@@ -1,7 +1,7 @@
 mode: deployment
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/hpa-deployment-values.yaml

@@ -1,7 +1,7 @@
 mode: deployment
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/hpa-statefulset-values.yaml

@@ -1,7 +1,7 @@
 mode: statefulset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/internalTelemetryViaOTLP-values.yaml

@@ -0,0 +1,21 @@
+mode: deployment
+
+image:
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
+
+resources:
+  limits:
+    cpu: 100m
+    memory: 200M
+
+internalTelemetryViaOTLP:
+  endpoint: "http://localhost:4318"
+  headers:
+    - name: "x-opentelemetry-customer"
+      value: "a value"
+  traces:
+    enabled: true
+  metrics:
+    enabled: true
+  logs:
+    enabled: true

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/multiple-ingress-values.yaml

@@ -1,7 +1,7 @@
 mode: deployment
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/networkpolicy-override-values.yaml

@@ -1,7 +1,7 @@
 mode: daemonset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/networkpolicy-values.yaml

@@ -1,7 +1,7 @@
 mode: deployment
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/old-metrics-env-values.yaml

@@ -0,0 +1,15 @@
+mode: deployment
+
+image:
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
+
+resources:
+  limits:
+    cpu: 100m
+    memory: 200M
+
+config:
+  service:
+    telemetry:
+      metrics:
+        address: ${env:MY_POD_IP}:8888

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/old-metrics-url-values.yaml

@@ -0,0 +1,17 @@
+mode: deployment
+
+image:
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
+
+resources:
+  limits:
+    cpu: 100m
+    memory: 200M
+
+config:
+  service:
+    telemetry:
+      metrics:
+        address: 0.0.0.0:8888
+      resource:
+        "k8s.namespace.name": "default"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/preset-clustermetrics-values.yaml

@@ -1,7 +1,7 @@
 mode: deployment
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/preset-hostmetrics-values.yaml

@@ -1,7 +1,7 @@
 mode: daemonset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/preset-k8sevents-values.yaml

@@ -1,7 +1,7 @@
 mode: deployment
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/preset-kubeletmetrics-values.yaml

@@ -1,7 +1,7 @@
 mode: daemonset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/preset-kubernetesattributes-values.yaml

@@ -1,7 +1,7 @@
 mode: daemonset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/preset-logscollection-values.yaml

@@ -1,7 +1,7 @@
 mode: daemonset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/probes-values.yaml

@@ -1,7 +1,7 @@
 mode: daemonset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/ci/statefulset-values.yaml

@@ -1,7 +1,7 @@
 mode: statefulset
 
 image:
-  repository: "otel/opentelemetry-collector-k8s"
+  repository: "ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-k8s"
 
 command:
   name: "otelcol-k8s"

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/README.md

@@ -1,17 +0,0 @@
-# Examples of chart configuration
-
-Here is a collection of common configurations for the OpenTelemetry collector. Each folder contains an example `values.yaml` and the resulting configurations that are generated by the opentelemetry-collector helm charts.
-
-- [Daemonset only](daemonset-only)
-- [Deployment only](deployment-only)
-- [Daemonset and deployment](daemonset-and-deployment)
-- [Log collection, including collector logs](daemonset-collector-logs)
-- [Add component (hostmetrics)](daemonset-hostmetrics)
-
-The manifests are rendered using the `helm template` command and the specific example folder's values.yaml.
-
-Examples are generated by (from root of the repo):
-
-```sh
-make generate-examples CHARTS=opentelemetry-collector
-```

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/alternate-config/rendered/clusterrole.yaml

@@ -1,41 +0,0 @@
----
-# Source: opentelemetry-collector/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: example-opentelemetry-collector
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-rules:
-  - apiGroups: [""]
-    resources: ["pods", "namespaces"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups: ["apps"]
-    resources: ["replicasets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["extensions"]
-    resources: ["replicasets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events", "namespaces", "namespaces/status", "nodes", "nodes/spec", "pods", "pods/status", "replicationcontrollers", "replicationcontrollers/status", "resourcequotas", "services" ]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["apps"]
-    resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["extensions"]
-    resources: ["daemonsets", "deployments", "replicasets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["batch"]
-    resources: ["jobs", "cronjobs"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["autoscaling"]
-    resources: ["horizontalpodautoscalers"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["events.k8s.io"]
-    resources: ["events"]
-    verbs: ["watch", "list"]

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/alternate-config/rendered/clusterrolebinding.yaml

@@ -1,21 +0,0 @@
----
-# Source: opentelemetry-collector/templates/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: example-opentelemetry-collector
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: example-opentelemetry-collector
-subjects:
-- kind: ServiceAccount
-  name: example-opentelemetry-collector
-  namespace: default

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/alternate-config/rendered/configmap.yaml

@@ -1,68 +0,0 @@
----
-# Source: opentelemetry-collector/templates/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-data:
-  relay: |
-    exporters:
-      debug: {}
-    processors:
-      k8sattributes:
-        extract:
-          metadata:
-          - k8s.namespace.name
-          - k8s.deployment.name
-          - k8s.statefulset.name
-          - k8s.daemonset.name
-          - k8s.cronjob.name
-          - k8s.job.name
-          - k8s.node.name
-          - k8s.pod.name
-          - k8s.pod.uid
-          - k8s.pod.start_time
-        passthrough: false
-        pod_association:
-        - sources:
-          - from: resource_attribute
-            name: k8s.pod.ip
-        - sources:
-          - from: resource_attribute
-            name: k8s.pod.uid
-        - sources:
-          - from: connection
-    receivers:
-      k8s_cluster:
-        collection_interval: 10s
-      k8sobjects:
-        objects:
-        - exclude_watch_type:
-          - DELETED
-          group: events.k8s.io
-          mode: watch
-          name: events
-    service:
-      pipelines:
-        logs:
-          exporters:
-          - debug
-          processors:
-          - k8sattributes
-          receivers:
-          - k8sobjects
-        metrics:
-          exporters:
-          - debug
-          processors:
-          - k8sattributes
-          receivers:
-          - k8s_cluster

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/alternate-config/rendered/deployment.yaml

@@ -1,100 +0,0 @@
----
-# Source: opentelemetry-collector/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-spec:
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: opentelemetry-collector
-      app.kubernetes.io/instance: example
-      component: standalone-collector
-  strategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      annotations:
-        checksum/config: 360fc84164ca26f5a57ecb44cbcec02ca473b09fc86dba876f71c9fa3617f656
-        
-      labels:
-        app.kubernetes.io/name: opentelemetry-collector
-        app.kubernetes.io/instance: example
-        component: standalone-collector
-        
-    spec:
-      
-      serviceAccountName: example-opentelemetry-collector
-      securityContext:
-        {}
-      containers:
-        - name: opentelemetry-collector
-          command:
-            - /otelcol-k8s
-          args:
-            - --config=/conf/relay.yaml
-          securityContext:
-            {}
-          image: "otel/opentelemetry-collector-k8s:0.111.0"
-          imagePullPolicy: IfNotPresent
-          ports:
-            
-            - name: jaeger-compact
-              containerPort: 6831
-              protocol: UDP
-            - name: jaeger-grpc
-              containerPort: 14250
-              protocol: TCP
-            - name: jaeger-thrift
-              containerPort: 14268
-              protocol: TCP
-            - name: otlp
-              containerPort: 4317
-              protocol: TCP
-            - name: otlp-http
-              containerPort: 4318
-              protocol: TCP
-            - name: zipkin
-              containerPort: 9411
-              protocol: TCP
-          env:
-            - name: MY_POD_IP
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: status.podIP
-            - name: GOMEMLIMIT
-              value: "3276MiB"
-          livenessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          resources:
-            limits:
-              cpu: 2
-              memory: 4Gi
-          volumeMounts:
-            - mountPath: /conf
-              name: opentelemetry-collector-configmap
-      volumes:
-        - name: opentelemetry-collector-configmap
-          configMap:
-            name: example-opentelemetry-collector
-            items:
-              - key: relay
-                path: relay.yaml
-      hostNetwork: false

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/alternate-config/rendered/service.yaml

@@ -1,49 +0,0 @@
----
-# Source: opentelemetry-collector/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-    component: standalone-collector
-spec:
-  type: ClusterIP
-  ports:
-    
-    - name: jaeger-compact
-      port: 6831
-      targetPort: 6831
-      protocol: UDP
-    - name: jaeger-grpc
-      port: 14250
-      targetPort: 14250
-      protocol: TCP
-    - name: jaeger-thrift
-      port: 14268
-      targetPort: 14268
-      protocol: TCP
-    - name: otlp
-      port: 4317
-      targetPort: 4317
-      protocol: TCP
-      appProtocol: grpc
-    - name: otlp-http
-      port: 4318
-      targetPort: 4318
-      protocol: TCP
-    - name: zipkin
-      port: 9411
-      targetPort: 9411
-      protocol: TCP
-  selector:
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    component: standalone-collector
-  internalTrafficPolicy: Cluster

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/alternate-config/rendered/serviceaccount.yaml

@@ -1,13 +0,0 @@
----
-# Source: opentelemetry-collector/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/alternate-config/values.yaml

@@ -1,34 +0,0 @@
-mode: deployment
-
-image:
-  repository: "otel/opentelemetry-collector-k8s"
-
-command:
-  name: "otelcol-k8s"
-
-replicaCount: 1
-
-resources:
-  limits:
-    cpu: 2
-    memory: 4Gi
-
-presets:
-  clusterMetrics:
-    enabled: true
-  kubernetesAttributes:
-    enabled: true
-  kubernetesEvents:
-    enabled: true
-
-alternateConfig:
-  exporters:
-    debug: {}
-  service:
-    pipelines:
-      logs:
-        exporters:
-          - debug
-      metrics:
-        exporters: 
-          - debug

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-and-deployment/daemonset-values.yaml

@@ -1,34 +0,0 @@
-mode: daemonset
-
-image:
-  repository: "otel/opentelemetry-collector-k8s"
-
-command:
-  name: "otelcol-k8s"
-
-config:
-  exporters:
-    otlp:
-      endpoint: example-opentelemetry-collector:4317
-      tls:
-        insecure: true
-  service:
-    pipelines:
-      logs:
-        exporters:
-         - otlp
-         - debug
-      metrics:
-        exporters:
-         - otlp
-         - debug
-      traces:
-        exporters:
-         - otlp
-         - debug
-
-resources:
-  limits:
-    cpu: 100m
-    memory: 200M
-

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-and-deployment/deployment-values.yaml

@@ -1,13 +0,0 @@
-mode: deployment
-
-image:
-  repository: "otel/opentelemetry-collector-k8s"
-
-command:
-  name: "otelcol-k8s"
-
-resources:
-  limits:
-    cpu: 100m
-    memory: 200M
-

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/configmap-agent.yaml

@@ -1,93 +0,0 @@
----
-# Source: opentelemetry-collector/templates/configmap-agent.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: example-opentelemetry-collector-agent
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-data:
-  relay: |
-    exporters:
-      debug: {}
-      otlp:
-        endpoint: example-opentelemetry-collector:4317
-        tls:
-          insecure: true
-    extensions:
-      health_check:
-        endpoint: ${env:MY_POD_IP}:13133
-    processors:
-      batch: {}
-      memory_limiter:
-        check_interval: 5s
-        limit_percentage: 80
-        spike_limit_percentage: 25
-    receivers:
-      jaeger:
-        protocols:
-          grpc:
-            endpoint: ${env:MY_POD_IP}:14250
-          thrift_compact:
-            endpoint: ${env:MY_POD_IP}:6831
-          thrift_http:
-            endpoint: ${env:MY_POD_IP}:14268
-      otlp:
-        protocols:
-          grpc:
-            endpoint: ${env:MY_POD_IP}:4317
-          http:
-            endpoint: ${env:MY_POD_IP}:4318
-      prometheus:
-        config:
-          scrape_configs:
-          - job_name: opentelemetry-collector
-            scrape_interval: 10s
-            static_configs:
-            - targets:
-              - ${env:MY_POD_IP}:8888
-      zipkin:
-        endpoint: ${env:MY_POD_IP}:9411
-    service:
-      extensions:
-      - health_check
-      pipelines:
-        logs:
-          exporters:
-          - otlp
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-        metrics:
-          exporters:
-          - otlp
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-          - prometheus
-        traces:
-          exporters:
-          - otlp
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-          - jaeger
-          - zipkin
-      telemetry:
-        metrics:
-          address: ${env:MY_POD_IP}:8888

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/configmap.yaml

@@ -1,86 +0,0 @@
----
-# Source: opentelemetry-collector/templates/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-data:
-  relay: |
-    exporters:
-      debug: {}
-    extensions:
-      health_check:
-        endpoint: ${env:MY_POD_IP}:13133
-    processors:
-      batch: {}
-      memory_limiter:
-        check_interval: 5s
-        limit_percentage: 80
-        spike_limit_percentage: 25
-    receivers:
-      jaeger:
-        protocols:
-          grpc:
-            endpoint: ${env:MY_POD_IP}:14250
-          thrift_compact:
-            endpoint: ${env:MY_POD_IP}:6831
-          thrift_http:
-            endpoint: ${env:MY_POD_IP}:14268
-      otlp:
-        protocols:
-          grpc:
-            endpoint: ${env:MY_POD_IP}:4317
-          http:
-            endpoint: ${env:MY_POD_IP}:4318
-      prometheus:
-        config:
-          scrape_configs:
-          - job_name: opentelemetry-collector
-            scrape_interval: 10s
-            static_configs:
-            - targets:
-              - ${env:MY_POD_IP}:8888
-      zipkin:
-        endpoint: ${env:MY_POD_IP}:9411
-    service:
-      extensions:
-      - health_check
-      pipelines:
-        logs:
-          exporters:
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-        metrics:
-          exporters:
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-          - prometheus
-        traces:
-          exporters:
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-          - jaeger
-          - zipkin
-      telemetry:
-        metrics:
-          address: ${env:MY_POD_IP}:8888

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/daemonset.yaml

@@ -1,104 +0,0 @@
----
-# Source: opentelemetry-collector/templates/daemonset.yaml
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: example-opentelemetry-collector-agent
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: opentelemetry-collector
-      app.kubernetes.io/instance: example
-      component: agent-collector
-  updateStrategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      annotations:
-        checksum/config: a2d0d31bd929305e52879f78f502d56ad49d9ef9396838490646e9034d2243de
-        
-      labels:
-        app.kubernetes.io/name: opentelemetry-collector
-        app.kubernetes.io/instance: example
-        component: agent-collector
-        
-    spec:
-      
-      serviceAccountName: example-opentelemetry-collector
-      securityContext:
-        {}
-      containers:
-        - name: opentelemetry-collector
-          command:
-            - /otelcol-k8s
-          args:
-            - --config=/conf/relay.yaml
-          securityContext:
-            {}
-          image: "otel/opentelemetry-collector-k8s:0.111.0"
-          imagePullPolicy: IfNotPresent
-          ports:
-            
-            - name: jaeger-compact
-              containerPort: 6831
-              protocol: UDP
-              hostPort: 6831
-            - name: jaeger-grpc
-              containerPort: 14250
-              protocol: TCP
-              hostPort: 14250
-            - name: jaeger-thrift
-              containerPort: 14268
-              protocol: TCP
-              hostPort: 14268
-            - name: otlp
-              containerPort: 4317
-              protocol: TCP
-              hostPort: 4317
-            - name: otlp-http
-              containerPort: 4318
-              protocol: TCP
-              hostPort: 4318
-            - name: zipkin
-              containerPort: 9411
-              protocol: TCP
-              hostPort: 9411
-          env:
-            - name: MY_POD_IP
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: status.podIP
-            - name: GOMEMLIMIT
-              value: "152MiB"
-          livenessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          resources:
-            limits:
-              cpu: 100m
-              memory: 200M
-          volumeMounts:
-            - mountPath: /conf
-              name: opentelemetry-collector-configmap
-      volumes:
-        - name: opentelemetry-collector-configmap
-          configMap:
-            name: example-opentelemetry-collector-agent
-            items:
-              - key: relay
-                path: relay.yaml
-      hostNetwork: false

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/deployment.yaml

@@ -1,100 +0,0 @@
----
-# Source: opentelemetry-collector/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-spec:
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: opentelemetry-collector
-      app.kubernetes.io/instance: example
-      component: standalone-collector
-  strategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      annotations:
-        checksum/config: f67e5b63bd16a7b09fc73afd9b6d71dfbeeb2afc8471c0b0f005233ef45df91d
-        
-      labels:
-        app.kubernetes.io/name: opentelemetry-collector
-        app.kubernetes.io/instance: example
-        component: standalone-collector
-        
-    spec:
-      
-      serviceAccountName: example-opentelemetry-collector
-      securityContext:
-        {}
-      containers:
-        - name: opentelemetry-collector
-          command:
-            - /otelcol-k8s
-          args:
-            - --config=/conf/relay.yaml
-          securityContext:
-            {}
-          image: "otel/opentelemetry-collector-k8s:0.111.0"
-          imagePullPolicy: IfNotPresent
-          ports:
-            
-            - name: jaeger-compact
-              containerPort: 6831
-              protocol: UDP
-            - name: jaeger-grpc
-              containerPort: 14250
-              protocol: TCP
-            - name: jaeger-thrift
-              containerPort: 14268
-              protocol: TCP
-            - name: otlp
-              containerPort: 4317
-              protocol: TCP
-            - name: otlp-http
-              containerPort: 4318
-              protocol: TCP
-            - name: zipkin
-              containerPort: 9411
-              protocol: TCP
-          env:
-            - name: MY_POD_IP
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: status.podIP
-            - name: GOMEMLIMIT
-              value: "152MiB"
-          livenessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          resources:
-            limits:
-              cpu: 100m
-              memory: 200M
-          volumeMounts:
-            - mountPath: /conf
-              name: opentelemetry-collector-configmap
-      volumes:
-        - name: opentelemetry-collector-configmap
-          configMap:
-            name: example-opentelemetry-collector
-            items:
-              - key: relay
-                path: relay.yaml
-      hostNetwork: false

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/service.yaml

@@ -1,49 +0,0 @@
----
-# Source: opentelemetry-collector/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-    component: standalone-collector
-spec:
-  type: ClusterIP
-  ports:
-    
-    - name: jaeger-compact
-      port: 6831
-      targetPort: 6831
-      protocol: UDP
-    - name: jaeger-grpc
-      port: 14250
-      targetPort: 14250
-      protocol: TCP
-    - name: jaeger-thrift
-      port: 14268
-      targetPort: 14268
-      protocol: TCP
-    - name: otlp
-      port: 4317
-      targetPort: 4317
-      protocol: TCP
-      appProtocol: grpc
-    - name: otlp-http
-      port: 4318
-      targetPort: 4318
-      protocol: TCP
-    - name: zipkin
-      port: 9411
-      targetPort: 9411
-      protocol: TCP
-  selector:
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    component: standalone-collector
-  internalTrafficPolicy: Cluster

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-and-deployment/rendered/serviceaccount.yaml

@@ -1,13 +0,0 @@
----
-# Source: opentelemetry-collector/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/configmap-agent.yaml

@@ -1,100 +0,0 @@
----
-# Source: opentelemetry-collector/templates/configmap-agent.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: example-opentelemetry-collector-agent
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-data:
-  relay: |
-    exporters:
-      debug: {}
-    extensions:
-      health_check:
-        endpoint: ${env:MY_POD_IP}:13133
-    processors:
-      batch: {}
-      memory_limiter:
-        check_interval: 5s
-        limit_percentage: 80
-        spike_limit_percentage: 25
-    receivers:
-      filelog:
-        exclude: []
-        include:
-        - /var/log/pods/*/*/*.log
-        include_file_name: false
-        include_file_path: true
-        operators:
-        - id: container-parser
-          max_log_size: 102400
-          type: container
-        retry_on_failure:
-          enabled: true
-        start_at: end
-      jaeger:
-        protocols:
-          grpc:
-            endpoint: ${env:MY_POD_IP}:14250
-          thrift_compact:
-            endpoint: ${env:MY_POD_IP}:6831
-          thrift_http:
-            endpoint: ${env:MY_POD_IP}:14268
-      otlp:
-        protocols:
-          grpc:
-            endpoint: ${env:MY_POD_IP}:4317
-          http:
-            endpoint: ${env:MY_POD_IP}:4318
-      prometheus:
-        config:
-          scrape_configs:
-          - job_name: opentelemetry-collector
-            scrape_interval: 10s
-            static_configs:
-            - targets:
-              - ${env:MY_POD_IP}:8888
-      zipkin:
-        endpoint: ${env:MY_POD_IP}:9411
-    service:
-      extensions:
-      - health_check
-      pipelines:
-        logs:
-          exporters:
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-          - filelog
-        metrics:
-          exporters:
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-          - prometheus
-        traces:
-          exporters:
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-          - jaeger
-          - zipkin
-      telemetry:
-        metrics:
-          address: ${env:MY_POD_IP}:8888

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/daemonset.yaml

@@ -1,110 +0,0 @@
----
-# Source: opentelemetry-collector/templates/daemonset.yaml
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: example-opentelemetry-collector-agent
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: opentelemetry-collector
-      app.kubernetes.io/instance: example
-      component: agent-collector
-  updateStrategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      annotations:
-        checksum/config: 5237e54a1cdaad762876da10a5bab6f686506211aaa2c70b901a74fec8b82140
-        
-      labels:
-        app.kubernetes.io/name: opentelemetry-collector
-        app.kubernetes.io/instance: example
-        component: agent-collector
-        
-    spec:
-      
-      serviceAccountName: example-opentelemetry-collector
-      securityContext:
-        {}
-      containers:
-        - name: opentelemetry-collector
-          command:
-            - /otelcol-k8s
-          args:
-            - --config=/conf/relay.yaml
-          securityContext:
-            {}
-          image: "otel/opentelemetry-collector-k8s:0.111.0"
-          imagePullPolicy: IfNotPresent
-          ports:
-            
-            - name: jaeger-compact
-              containerPort: 6831
-              protocol: UDP
-              hostPort: 6831
-            - name: jaeger-grpc
-              containerPort: 14250
-              protocol: TCP
-              hostPort: 14250
-            - name: jaeger-thrift
-              containerPort: 14268
-              protocol: TCP
-              hostPort: 14268
-            - name: otlp
-              containerPort: 4317
-              protocol: TCP
-              hostPort: 4317
-            - name: otlp-http
-              containerPort: 4318
-              protocol: TCP
-              hostPort: 4318
-            - name: zipkin
-              containerPort: 9411
-              protocol: TCP
-              hostPort: 9411
-          env:
-            - name: MY_POD_IP
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: status.podIP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          volumeMounts:
-            - mountPath: /conf
-              name: opentelemetry-collector-configmap
-            - name: varlogpods
-              mountPath: /var/log/pods
-              readOnly: true
-            - name: varlibdockercontainers
-              mountPath: /var/lib/docker/containers
-              readOnly: true
-      volumes:
-        - name: opentelemetry-collector-configmap
-          configMap:
-            name: example-opentelemetry-collector-agent
-            items:
-              - key: relay
-                path: relay.yaml
-        - name: varlogpods
-          hostPath:
-            path: /var/log/pods
-        - name: varlibdockercontainers
-          hostPath:
-            path: /var/lib/docker/containers
-      hostNetwork: false

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-collector-logs/rendered/serviceaccount.yaml

@@ -1,13 +0,0 @@
----
-# Source: opentelemetry-collector/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-collector-logs/values.yaml

@@ -1,12 +0,0 @@
-mode: daemonset
-
-image:
-  repository: "otel/opentelemetry-collector-k8s"
-
-command:
-  name: "otelcol-k8s"
-
-presets:
-  logsCollection:
-    enabled: true
-    includeCollectorLogs: true

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/configmap-agent.yaml

@@ -1,133 +0,0 @@
----
-# Source: opentelemetry-collector/templates/configmap-agent.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: example-opentelemetry-collector-agent
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-data:
-  relay: |
-    exporters:
-      debug: {}
-    extensions:
-      health_check:
-        endpoint: ${env:MY_POD_IP}:13133
-    processors:
-      batch: {}
-      memory_limiter:
-        check_interval: 5s
-        limit_percentage: 80
-        spike_limit_percentage: 25
-    receivers:
-      hostmetrics:
-        collection_interval: 10s
-        root_path: /hostfs
-        scrapers:
-          cpu: null
-          disk: null
-          filesystem:
-            exclude_fs_types:
-              fs_types:
-              - autofs
-              - binfmt_misc
-              - bpf
-              - cgroup2
-              - configfs
-              - debugfs
-              - devpts
-              - devtmpfs
-              - fusectl
-              - hugetlbfs
-              - iso9660
-              - mqueue
-              - nsfs
-              - overlay
-              - proc
-              - procfs
-              - pstore
-              - rpc_pipefs
-              - securityfs
-              - selinuxfs
-              - squashfs
-              - sysfs
-              - tracefs
-              match_type: strict
-            exclude_mount_points:
-              match_type: regexp
-              mount_points:
-              - /dev/*
-              - /proc/*
-              - /sys/*
-              - /run/k3s/containerd/*
-              - /var/lib/docker/*
-              - /var/lib/kubelet/*
-              - /snap/*
-          load: null
-          memory: null
-          network: null
-      jaeger:
-        protocols:
-          grpc:
-            endpoint: ${env:MY_POD_IP}:14250
-          thrift_compact:
-            endpoint: ${env:MY_POD_IP}:6831
-          thrift_http:
-            endpoint: ${env:MY_POD_IP}:14268
-      otlp:
-        protocols:
-          grpc:
-            endpoint: ${env:MY_POD_IP}:4317
-          http:
-            endpoint: ${env:MY_POD_IP}:4318
-      prometheus:
-        config:
-          scrape_configs:
-          - job_name: opentelemetry-collector
-            scrape_interval: 10s
-            static_configs:
-            - targets:
-              - ${env:MY_POD_IP}:8888
-      zipkin:
-        endpoint: ${env:MY_POD_IP}:9411
-    service:
-      extensions:
-      - health_check
-      pipelines:
-        logs:
-          exporters:
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-        metrics:
-          exporters:
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-          - prometheus
-          - hostmetrics
-        traces:
-          exporters:
-          - debug
-          processors:
-          - memory_limiter
-          - batch
-          receivers:
-          - otlp
-          - jaeger
-          - zipkin
-      telemetry:
-        metrics:
-          address: ${env:MY_POD_IP}:8888

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/daemonset.yaml

@@ -1,105 +0,0 @@
----
-# Source: opentelemetry-collector/templates/daemonset.yaml
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: example-opentelemetry-collector-agent
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm
-    
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: opentelemetry-collector
-      app.kubernetes.io/instance: example
-      component: agent-collector
-  updateStrategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      annotations:
-        checksum/config: 98dea268c8a8fe987e082a4e85801387f2b60fefc281f9b1edd1080f0af62574
-        
-      labels:
-        app.kubernetes.io/name: opentelemetry-collector
-        app.kubernetes.io/instance: example
-        component: agent-collector
-        
-    spec:
-      
-      serviceAccountName: example-opentelemetry-collector
-      securityContext:
-        {}
-      containers:
-        - name: opentelemetry-collector
-          command:
-            - /otelcol-k8s
-          args:
-            - --config=/conf/relay.yaml
-          securityContext:
-            {}
-          image: "otel/opentelemetry-collector-k8s:0.111.0"
-          imagePullPolicy: IfNotPresent
-          ports:
-            
-            - name: jaeger-compact
-              containerPort: 6831
-              protocol: UDP
-              hostPort: 6831
-            - name: jaeger-grpc
-              containerPort: 14250
-              protocol: TCP
-              hostPort: 14250
-            - name: jaeger-thrift
-              containerPort: 14268
-              protocol: TCP
-              hostPort: 14268
-            - name: otlp
-              containerPort: 4317
-              protocol: TCP
-              hostPort: 4317
-            - name: otlp-http
-              containerPort: 4318
-              protocol: TCP
-              hostPort: 4318
-            - name: zipkin
-              containerPort: 9411
-              protocol: TCP
-              hostPort: 9411
-          env:
-            - name: MY_POD_IP
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: status.podIP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 13133
-          volumeMounts:
-            - mountPath: /conf
-              name: opentelemetry-collector-configmap
-            - name: hostfs
-              mountPath: /hostfs
-              readOnly: true
-              mountPropagation: HostToContainer
-      volumes:
-        - name: opentelemetry-collector-configmap
-          configMap:
-            name: example-opentelemetry-collector-agent
-            items:
-              - key: relay
-                path: relay.yaml
-        - name: hostfs
-          hostPath:
-            path: /
-      hostNetwork: false

charts/kubezero-telemetry/charts/opentelemetry-collector/examples/daemonset-hostmetrics/rendered/serviceaccount.yaml

@@ -1,13 +0,0 @@
----
-# Source: opentelemetry-collector/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: example-opentelemetry-collector
-  namespace: default
-  labels:
-    helm.sh/chart: opentelemetry-collector-0.108.0
-    app.kubernetes.io/name: opentelemetry-collector
-    app.kubernetes.io/instance: example
-    app.kubernetes.io/version: "0.111.0"
-    app.kubernetes.io/managed-by: Helm