chore(deps): update helm release rabbitmq to v16

Reviewed-on: #118

admin/hooks-1.32.sh

@@ -2,7 +2,13 @@
 
 # All things BEFORE the first controller / control plane upgrade
 pre_control_plane_upgrade_cluster() {
-  echo
+  if [ "$PLATFORM" != "gke" ];then
+    # patch multus DS to ONLY run pods on 1.31 controllers
+    kubectl patch ds kube-multus-ds -n kube-system -p '{"spec": {"template": {"spec": {"nodeSelector": {"node.kubernetes.io/kubezero.version": "v1.31.6"}}}}}' || true
+
+    # patch kube-proxy DS to ONLY run pods on 1.31 controllers
+    kubectl patch ds kube-proxy -n kube-system -p '{"spec": {"template": {"spec": {"nodeSelector": {"node.kubernetes.io/kubezero.version": "v1.31.6"}}}}}' || true
+  fi
 }
 
 
@@ -16,7 +22,20 @@ post_control_plane_upgrade_cluster() {
 pre_cluster_upgrade_final() {
   set +e
 
-  echo
+  if [ "$PLATFORM" != "gke" ];then
+    # cleanup multus
+    kubectl delete clusterrolebinding multus
+    kubectl delete clusterrole multus
+    kubectl delete serviceaccount multus -n kube-system
+    kubectl delete cm multus-cni-config -n kube-system
+    kubectl delete ds kube-multus-ds -n kube-system
+    kubectl delete NetworkAttachmentDefinition cilium
+    kubectl delete crd network-attachment-definitions.k8s.cni.cncf.io
+
+    # remove kube-proxy
+    kubectl -n kube-system delete ds kube-proxy
+    kubectl -n kube-system delete cm kube-proxy
+  fi
 
   set -e
 }

admin/kubezero.sh

@@ -63,7 +63,7 @@ render_kubeadm() {
 
   # Assemble kubeadm config
   cat /dev/null > ${HOSTFS}/etc/kubernetes/kubeadm.yaml
-  for f in Cluster KubeProxy Kubelet; do
+  for f in Cluster Kubelet; do
     # echo "---" >> /etc/kubernetes/kubeadm.yaml
     cat ${WORKDIR}/kubeadm/templates/${f}Configuration.yaml >> ${HOSTFS}/etc/kubernetes/kubeadm.yaml
   done
@@ -169,7 +169,7 @@ kubeadm_upgrade() {
   else
     pre_cluster_upgrade_final
 
-    _kubeadm upgrade apply phase addon all $KUBE_VERSION
+    _kubeadm upgrade apply phase addon coredns $KUBE_VERSION
 
     post_cluster_upgrade_final
 
@@ -239,7 +239,7 @@ control_plane_node() {
   if [[ "$CMD" =~ ^(join)$ ]]; then
     # Delete any former self in case forseti did not delete yet
     kubectl delete node ${NODENAME} --wait=true || true
-    # Wait for all pods to be deleted otherwise we end up with stale pods eg. kube-proxy and all goes to ....
+    # Wait for all pods to be deleted otherwise we end up with stale pods
     kubectl delete pods -n kube-system --field-selector spec.nodeName=${NODENAME}
 
     # get current running etcd pods for etcdctl commands
@@ -309,8 +309,9 @@ control_plane_node() {
   _kubeadm init phase mark-control-plane
   _kubeadm init phase kubelet-finalize all
 
+  # we skip kube-proxy
   if [[ "$CMD" =~ ^(bootstrap|restore)$ ]]; then
-    _kubeadm init phase addon all
+    _kubeadm init phase addon coredns
   fi
 
   post_kubeadm

admin/libhelm.sh

@@ -3,6 +3,7 @@
 # Simulate well-known CRDs being available
 API_VERSIONS="-a monitoring.coreos.com/v1 -a snapshot.storage.k8s.io/v1 -a policy/v1/PodDisruptionBudget -a apiregistration.k8s.io/v1"
 LOCAL_DEV=${LOCAL_DEV:-""}
+ENV_VALUES=""
 
 export HELM_SECRETS_BACKEND="vals"
 
@@ -80,15 +81,16 @@ function get_kubezero_secret() {
   get_secret_val kubezero kubezero-secrets "$1"
 }
 
-function ensure_kubezero_secret_key() {
-  local secret="$(kubectl get secret -n kubezero kubezero-secrets -o yaml)"
-  local key=""
-  local val=""
 
-  for key in $@; do
-    val=$(echo "$secret" | yq ".data.\"$key\"")
+function ensure_kubezero_secret_key() {
+  local secret="$(kubectl get secret -n $ns $secret -o yaml)"
+  local key
+  local val
+
+  for key in $1; do
+    val=$(echo $secret | yq ".data.\"$key\"")
     if [ "$val" == "null" ]; then
-      kubectl patch secret -n kubezero kubezero-secrets --patch="{\"data\": { \"$key\": \"\" }}"
+      set_kubezero_secret $key ""
     fi
   done
 }
@@ -210,7 +212,7 @@ for manifest in yaml.safe_load_all(sys.stdin):
 # helm template | kubectl apply -f -
 # confine to one namespace if possible
 function render() {
-  helm secrets --evaluate-templates template $(chart_location $chart) -n $namespace --name-template $module $targetRevision --skip-tests --skip-crds -f $WORKDIR/values.yaml $API_VERSIONS --kube-version $KUBE_VERSION $@ \
+  helm secrets --evaluate-templates template $(chart_location $chart) -n $namespace --name-template $module $targetRevision --skip-tests --skip-crds -f $WORKDIR/values.yaml $API_VERSIONS --kube-version $KUBE_VERSION $ENV_VALUES \
     | python3 -c '
 #!/usr/bin/python3
 import yaml

charts/kubeadm/README.md

@@ -47,7 +47,6 @@ Kubernetes: `>= 1.32.0-0`
 - https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3
 - https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/kubelet/config/v1beta1/types.go
 - https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/
-- https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
 
 - https://github.com/awslabs/amazon-eks-ami
 

charts/kubeadm/README.md.gotmpl

@@ -22,7 +22,6 @@
 - https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3
 - https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/kubelet/config/v1beta1/types.go
 - https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/
-- https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
 
 - https://github.com/awslabs/amazon-eks-ami
 

charts/kubeadm/create_audit_policy.sh

@@ -29,12 +29,6 @@ kind: Policy
 rules:
   # The following requests were manually identified as high-volume and low-risk,
   # so drop them.
-  - level: None
-    users: ["system:kube-proxy"]
-    verbs: ["watch"]
-    resources:
-      - group: "" # core
-        resources: ["endpoints", "services", "services/status"]
   - level: None
     # Ingress controller reads 'configmaps/ingress-uid' through the unsecured port.
     # TODO(#46983): Change this to the ingress controller service account.

charts/kubeadm/templates/ClusterConfiguration.yaml

@@ -6,6 +6,8 @@ featureGates:
   ControlPlaneKubeletLocalMode: true
   NodeLocalCRISocket: true
 controlPlaneEndpoint: {{ .Values.api.endpoint }}
+proxy:
+  disabled: true
 networking:
   podSubnet: 10.244.0.0/16
 etcd:

charts/kubeadm/templates/InitConfiguration.yaml

@@ -7,6 +7,8 @@ localAPIEndpoint:
 patches:
   directory: {{ . }}
 {{- end }}
+skipPhases:
+  - addon/kube-proxy
 nodeRegistration:
   criSocket: "unix:///run/containerd/containerd.sock"
   ignorePreflightErrors:

charts/kubeadm/templates/KubeProxyConfiguration.yaml

@@ -1,10 +0,0 @@
-apiVersion: kubeproxy.config.k8s.io/v1alpha1
-kind: KubeProxyConfiguration
-# kube-proxy doesnt really support setting dynamic bind-address via config, replaced by cilium long-term anyways
-metricsBindAddress: "0.0.0.0:10249"
-mode: "iptables"
-logging:
-  format: json
-iptables:
-  localhostNodePorts: false
-#nodePortAddresses: primary

charts/kubeadm/templates/apiserver/audit-policy.yaml

@@ -3,12 +3,6 @@ kind: Policy
 rules:
   # The following requests were manually identified as high-volume and low-risk,
   # so drop them.
-  - level: None
-    users: ["system:kube-proxy"]
-    verbs: ["watch"]
-    resources:
-      - group: "" # core
-        resources: ["endpoints", "services", "services/status"]
   - level: None
     # Ingress controller reads 'configmaps/ingress-uid' through the unsecured port.
     # TODO(#46983): Change this to the ingress controller service account.

charts/kubezero-argo/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: KubeZero Argo - Events, Workflow, CD
 name: kubezero-argo
-version: 0.3.4
+version: 0.4.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero-argo/README.md

@@ -1,6 +1,6 @@
 # kubezero-argo
 
-![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square)
 
 KubeZero Argo - Events, Workflow, CD
 
@@ -18,7 +18,7 @@ Kubernetes: `>= 1.30.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://argoproj.github.io/argo-helm | argo-cd | 7.9.0 |
+| https://argoproj.github.io/argo-helm | argo-cd | 8.0.9 |
 | https://argoproj.github.io/argo-helm | argo-events | 2.4.15 |
 | https://argoproj.github.io/argo-helm | argocd-image-updater | 0.12.1 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
@@ -28,17 +28,16 @@ Kubernetes: `>= 1.30.0-0`
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | argo-cd.configs.cm."application.instanceLabelKey" | string | `nil` |  |
-| argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation"` |  |
 | argo-cd.configs.cm."resource.customizations" | string | `"argoproj.io/Application:\n  health.lua: |\n    hs = {}\n    hs.status = \"Progressing\"\n    hs.message = \"\"\n    if obj.status ~= nil then\n      if obj.status.health ~= nil then\n        hs.status = obj.status.health.status\n        if obj.status.health.message ~= nil then\n          hs.message = obj.status.health.message\n        end\n      end\n    end\n    return hs\n"` |  |
+| argo-cd.configs.cm."server.rbac.log.enforce.enable" | string | `nil` |  |
 | argo-cd.configs.cm."timeout.reconciliation" | string | `"300s"` |  |
-| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.31 - Release notes"` |  |
+| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.32 - Release notes"` |  |
 | argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` |  |
 | argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` |  |
-| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.31"` |  |
+| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.32"` |  |
 | argo-cd.configs.cm.installationID | string | `"KubeZero-ArgoCD"` |  |
 | argo-cd.configs.cm.url | string | `"https://argocd.example.com"` |  |
 | argo-cd.configs.params."controller.diff.server.side" | string | `"true"` |  |
-| argo-cd.configs.params."controller.resource.health.persist" | string | `"false"` |  |
 | argo-cd.configs.params."controller.sync.timeout.seconds" | int | `1800` |  |
 | argo-cd.configs.params."server.enable.gzip" | bool | `true` |  |
 | argo-cd.configs.params."server.insecure" | bool | `true` |  |
@@ -54,7 +53,7 @@ Kubernetes: `>= 1.30.0-0`
 | argo-cd.dex.enabled | bool | `false` |  |
 | argo-cd.enabled | bool | `false` |  |
 | argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` |  |
-| argo-cd.global.image.tag | string | `"v2.14.9-1"` |  |
+| argo-cd.global.image.tag | string | `"v3.0.3"` |  |
 | argo-cd.global.logging.format | string | `"json"` |  |
 | argo-cd.global.networkPolicy.create | bool | `true` |  |
 | argo-cd.istio.enabled | bool | `false` |  |

charts/kubezero-argo/dashboards.yaml

@@ -4,6 +4,6 @@ condition: 'index .Values "argo-cd" "controller" "metrics" "enabled"'
 folder: KubeZero
 dashboards:
 - name: ArgoCD
-  url: https://grafana.com/api/dashboards/14584/revisions/1/download
+  url: https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json
   tags:
   - ArgoCD

charts/kubezero-argo/templates/argo-cd/kubezero-git-sync-app.yaml

@@ -25,9 +25,8 @@ spec:
     automated:
       prune: true
     syncOptions:
-      - ServerSideApply=true
       - ApplyOutOfSyncOnly=true
   info:
     - name: "Source:"
-      value: "https://git.zero-downtime.net/ZeroDownTime/KubeZero/src/branch/release/v1.31/"
+      value: "https://git.zero-downtime.net/ZeroDownTime/KubeZero/src/branch/release/v1.32/"
 {{- end }}

charts/kubezero-argo/values.yaml

@@ -38,7 +38,7 @@ argo-cd:
       format: json
     image:
       repository: public.ecr.aws/zero-downtime/zdt-argocd
-      tag: v2.14.9-1
+      tag: v3.0.3
     networkPolicy:
       create: true
 
@@ -49,8 +49,8 @@ argo-cd:
       .sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }
 
     cm:
-      ui.bannercontent: "KubeZero v1.31 - Release notes"
-      ui.bannerurl: "https://kubezero.com/releases/v1.31"
+      ui.bannercontent: "KubeZero v1.32 - Release notes"
+      ui.bannerurl: "https://kubezero.com/releases/v1.32"
       ui.bannerpermanent: "true"
       ui.bannerposition: "bottom"
 
@@ -59,9 +59,9 @@ argo-cd:
 
       timeout.reconciliation: 300s
 
-      application.resourceTrackingMethod: annotation
       installationID: "KubeZero-ArgoCD"
       application.instanceLabelKey: Null
+      server.rbac.log.enforce.enable: Null
 
       resource.customizations: |
         argoproj.io/Application:
@@ -89,7 +89,6 @@ argo-cd:
       extraHosts: "git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7UgK7Z4dDcuIW1uMOsuwhrqdkJCvYG/ZjHtLM7WaKFxVRnzNnNkQJNncWIGNDUQ1xxrbsoSNRZDtk0NlOjNtx2aApSWl4iWghkpXELvsZtOZ7I9FSC/E6ImLC3KWfK7P0mhZaF6kHPfpu8Y6pjUyLBTpV1AaVwr0I8onyqGazJOVotTFaBFEi/sT0O2FUk7agwZYfj61w3JGOy3c+fmBcK3lXf/QM90tosOpJNuJ7n5Vk5FDDLkl9rO4XR/+mXHFvITiWb8F5C50YAwjYcy36yWSSryUAAHAuqpgotwh65vSG6fZvFhmEwO2BrCkOV5+k8iRfhy/yZODJzZ5V/5cbMbdZrY6lm/p5/S1wv8BEyPekBGdseqQjEO0IQiQHcMrfgTrrQ7ndbZzVZRByZI+wbGFkBCzNSJcNsoiHjs2EblxYyuW0qUvvrBxLnySvaxyPm4BOukSAZAOEaUrajpQlnHdnY1CGcgbwxw0LNv3euKQ3tDJSUlKO0Wd8d85PRv1THW4Ui9Lhsmv+BPA2vJZDOkx/n0oyPFAB0oyd5JNM38eFxLCmPC2OE63gDP+WmzVO61YCVTnvhpQjEOLawEWVFsk0y25R5z5BboDqJaOFnZF6i517O96cn17z3Ls4hxw3+0rlKczYRoyfUHs7KQENa4mY8YlJweNTBgld//RMUQ=="
 
     params:
-      controller.resource.health.persist: "false"
       controller.diff.server.side: "true"
       controller.sync.timeout.seconds: 1800
 

charts/kubezero-ci/values.yaml

@@ -289,7 +289,7 @@ trivy:
   #tag: 0.57.0
   persistence:
     enabled: true
-    size: 1Gi
+    size: 2Gi
   rbac:
     create: false
 

charts/kubezero-mq/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     repository: https://nats-io.github.io/k8s/helm/charts/
     condition: nats.enabled
   - name: rabbitmq
-    version: 16.0.3
+    version: 16.0.4
     repository: https://charts.bitnami.com/bitnami
     condition: rabbitmq.enabled
 kubeVersion: ">= 1.26.0"

charts/kubezero-network/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-network
 description: KubeZero umbrella chart for all things network
 type: application
-version: 0.5.8
+version: 0.5.9
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -19,7 +19,7 @@ dependencies:
     version: 0.2.1
     repository: https://cdn.zero-downtime.net/charts/
   - name: cilium
-    version: 1.17.3
+    version: 1.17.4
     repository: https://helm.cilium.io/
     condition: cilium.enabled
   - name: metallb

charts/kubezero-network/README.md

@@ -1,6 +1,6 @@
 # kubezero-network
 
-![Version: 0.5.8](https://img.shields.io/badge/Version-0.5.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.5.9](https://img.shields.io/badge/Version-0.5.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero umbrella chart for all things network
 
@@ -20,7 +20,7 @@ Kubernetes: `>= 1.30.0-0`
 |------------|------|---------|
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
 | https://haproxytech.github.io/helm-charts | haproxy | 1.24.0 |
-| https://helm.cilium.io/ | cilium | 1.17.3 |
+| https://helm.cilium.io/ | cilium | 1.17.4 |
 | https://metallb.github.io/metallb | metallb | 0.14.9 |
 
 ## Values
@@ -45,6 +45,8 @@ Kubernetes: `>= 1.30.0-0`
 | cilium.hubble.ui.enabled | bool | `false` |  |
 | cilium.image.useDigest | bool | `false` |  |
 | cilium.ipam.operator.clusterPoolIPv4PodCIDRList[0] | string | `"10.240.0.0/16"` |  |
+| cilium.k8s.apiServerURLs | string | `""` |  |
+| cilium.kubeProxyReplacement | bool | `true` |  |
 | cilium.l7Proxy | bool | `false` |  |
 | cilium.operator.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` |  |
 | cilium.operator.prometheus.enabled | bool | `false` |  |

charts/kubezero-network/values.yaml

@@ -43,7 +43,8 @@ cilium:
     binPath: "/usr/libexec/cni"
     logFile: /var/log/cilium-cni.log
     #-- Ensure this is false if multus is enabled
-    exclusive: false
+    exclusive: true
+    iptablesRemoveAWSRules: false
 
   cluster:
     # This should match the second octet of clusterPoolIPv4PodCIDRList
@@ -63,6 +64,17 @@ cilium:
     enabled: false
   #rollOutCiliumPods: true
 
+  kubeProxyReplacement: true
+  dnsProxy:
+    enableTransparentMode: true
+
+  k8sServiceHost: ""
+  k8sServicePort: 6443
+# k8s:
+#   # This has to be set to the DNS name of all API servers
+#   # For example "https://192.168.0.1:6443 https://192.168.0.2:6443"
+#   apiServerURLs: ""
+
   cgroup:
     autoMount:
       enabled: false
@@ -91,9 +103,11 @@ cilium:
     - key: node-role.kubernetes.io/control-plane
       effect: NoSchedule
     # the operator removes the taints,
-    # so we need to break chicken egg on single controller
+    # so we need to break chicken egg
     - key: node.cilium.io/agent-not-ready
       effect: NoSchedule
+    - key: node.kubernetes.io/not-ready
+      effect: NoSchedule
 
     nodeSelector:
       node-role.kubernetes.io/control-plane: ""

charts/kubezero/templates/_app.tpl

@@ -9,8 +9,9 @@ metadata:
   namespace: argocd
   labels:
     {{- include "kubezero-lib.labels" . | nindent 4 }}
-  {{- with ( index .Values $name "annotations" ) }}
   annotations:
+    argocd.argoproj.io/sync-options: Replace=true
+    {{- with ( index .Values $name "annotations" ) }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
   {{- if not ( index .Values $name "retain" ) }}
@@ -38,7 +39,6 @@ spec:
     automated:
       prune: true
     syncOptions:
-      - ServerSideApply=true
       - CreateNamespace=true
       - ApplyOutOfSyncOnly=true
   info:

charts/kubezero/templates/network.yaml

@@ -1,6 +1,6 @@
 {{- define "network-values" }}
 multus:
-  enabled: true
+  enabled: false
   clusterNetwork: "cilium"
 
 # {{- if eq .Values.global.platform "aws" }}
@@ -15,6 +15,9 @@ cilium:
 # image:
 #   pullPolicy: Never
 # {{- end }}
+  k8sServiceHost: {{ .Values.global.apiServerUrl }}
+# k8s:
+#   apiServerURLs: "https://{{ .Values.global.apiServerUrl }}"
 
   cluster:
     name: {{ .Values.global.clusterName }}

charts/kubezero/templates/telemetry.yaml

@@ -61,8 +61,10 @@ opensearch:
   {{- toYaml . | nindent 2 }}
   {{- end }}
 
-  serviceMonitor:
-    enabled: {{ .Values.metrics.enabled }}
+# Disabled until upstream made up their mind
+# https://github.com/opensearch-project/technical-steering/issues/35
+# serviceMonitor:
+#   enabled: {{ .Values.metrics.enabled }}
 {{- end }}
 
 {{- if index .Values "telemetry" "opensearch-dashboards" }}
@@ -71,8 +73,10 @@ opensearch-dashboards:
   {{- toYaml . | nindent 2 }}
   {{- end }}
 
-  serviceMonitor:
-    enabled: {{ .Values.metrics.enabled }}
+# Disabled until upstream made up their mind
+# https://github.com/opensearch-project/technical-steering/issues/35
+# serviceMonitor:
+#   enabled: {{ .Values.metrics.enabled }}
 {{- end }}
 
 {{- end }}

charts/kubezero/values.yaml

@@ -1,5 +1,6 @@
 global:
   clusterName: zdt-trial-cluster
+  apiServerUrl: localhost:6443
 
   # platform: aws (kubeadm, default), gke, or nocloud
   platform: "aws"
@@ -32,7 +33,7 @@ addons:
 network:
   enabled: true
   retain: true
-  targetRevision: 0.5.8
+  targetRevision: 0.5.9
   cilium:
     cluster: {}
 
@@ -87,7 +88,7 @@ falco:
 telemetry:
   enabled: false
   namespace: telemetry
-  targetRevision: 0.4.1
+  targetRevision: 0.5.0
 
 operators:
   enabled: false
@@ -117,7 +118,7 @@ logging:
 argo:
   enabled: false
   namespace: argocd
-  targetRevision: 0.3.2
+  targetRevision: 0.4.0
   argo-cd:
     enabled: false
     istio: