First draft of v1.25.8

2 months ago · af5db75461
parent f979c02fd7
commit af5db75461
63 changed files with 9911 additions and 228 deletions
--- a/12
+++ b/12
@ -1,9 +1,9 @@
-ARG ALPINE_VERSION=3.16
+ARG ALPINE_VERSION=3.17

 FROM alpine:${ALPINE_VERSION}

 ARG ALPINE_VERSION
-ARG KUBE_VERSION=1.24
+ARG KUBE_VERSION=1.25

 RUN cd /etc/apk/keys && \
    wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
@ -18,19 +18,19 @@ RUN cd /etc/apk/keys && \
      bash \
      python3 \
      py3-yaml \
+      restic \
+      helm \
      cri-tools@kubezero \
      kubeadm@kubezero~=${KUBE_VERSION} \
      kubectl@kubezero~=${KUBE_VERSION} \
      etcdhelper@kubezero \
-      etcd-ctl@edge-testing \
-      restic@edge-community \
-      helm@edge-community
+      etcd-ctl@edge-testing

 RUN helm repo add kubezero https://cdn.zero-downtime.net/charts && \
    mkdir -p /var/lib/kubezero

 ADD admin/kubezero.sh admin/libhelm.sh admin/migrate_argo_values.py /usr/bin
-ADD admin/libhelm.sh admin/v${KUBE_VERSION}/* /var/lib/kubezero
+ADD admin/libhelm.sh admin/pre-upgrade.sh /var/lib/kubezero

 ADD charts/kubeadm /charts/kubeadm
 ADD charts/kubezero /charts/kubezero
--- a/admin/migrate_argo_values.py
+++ b/admin/migrate_argo_values.py
@ -8,26 +8,17 @@ import yaml
 def migrate(values):
    """Actual changes here"""

-    # ClusterBackup is enabled on AWS anyways, same with cluster-autoscaler
-    if "aws" in values["global"]:
-        deleteKey(values["addons"], "clusterBackup")
-        deleteKey(values["addons"], "cluster-autoscaler")
-
-    # Remove calico and multus
-    deleteKey(values["network"], "calico")
-    deleteKey(values["network"], "multus")
-
-    # ArgoCD helm changes
-    if "argocd" in values:
-        if "server" in values["argocd"]:
-            if not "configs" in values["argocd"]:
-                values["argocd"]["configs"] = {}
-            if not "cm" in values["argocd"]["configs"]:
-                values["argocd"]["configs"]["cm"] = {}
-            values["argocd"]["configs"]["cm"]["url"] = values["argocd"]["server"]["config"][
-                "url"
-            ]
-            deleteKey(values["argocd"], "server")
+    # Move additional prometheus labels to better config tree
+    try:
+        labels = {}
+        for c in values["metrics"]['kube-prometheus-stack']["prometheus"]["prometheusSpec"]["additionalAlertRelabelConfigs"]:
+            labels[c["target_label"]] = c["replacement"]
+
+        values["metrics"]['kube-prometheus-stack']["prometheus"]["prometheusSpec"]["externalLabels"] = labels
+        deleteKey(values["metrics"]['kube-prometheus-stack']["prometheus"]["prometheusSpec"], "additionalAlertRelabelConfigs")
+        
+    except KeyError:
+        pass

    return values

--- a/admin/v1.24/pre-upgrade.sh
+++ b/admin/v1.24/pre-upgrade.sh
--- a/admin/upgrade_cluster.sh
+++ b/admin/upgrade_cluster.sh
@ -1,7 +1,7 @@
 #!/bin/bash -e

 #VERSION="latest"
-VERSION="v1.24"
+VERSION="v1.25"
 ARGO_APP=${1:-/tmp/new-kubezero-argoapp.yaml}

 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
@ -148,38 +148,27 @@ argo_used && disable_argo

 #all_nodes_upgrade ""

+# Cleanup
+# Remove calico CRDs
+kubectl delete -f https://git.zero-downtime.net/ZeroDownTime/kubezero/raw/tag/v1.23.11/charts/kubezero-network/charts/calico/crds/crds.yaml || true
+
+# delete old kubelet configs
+for cm in $(kubectl get cm -n kube-system --no-headers |  awk '{if ($1 ~ "kubelet-config-1*") print $1}'); do kubectl delete cm $cm -n kube-system; done
+for rb in $(kubectl get rolebindings -n kube-system --no-headers |  awk '{if ($1 ~ "kubelet-config-1*") print $1}'); do kubectl delete rolebindings $rb -n kube-system; done
+
 control_plane_upgrade kubeadm_upgrade

 echo "Adjust kubezero values as needed:"
 # shellcheck disable=SC2015
 argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system

-# Remove calico
-#kubectl delete deployment calico-kube-controllers -n kube-system || true
-#kubectl delete daemonset calico-node -n kube-system || true
-#kubectl delete network-attachment-definitions calico -n kube-system || true
-
-# Remove previous cilium config as the helm options are additive only -> fail
-kubectl delete configmap cilium-config -n kube-system || true
-
 control_plane_upgrade "apply_network, apply_addons, apply_storage"

-kubectl rollout restart daemonset/kube-multus-ds -n kube-system
-kubectl rollout restart daemonset/cilium -n kube-system
-
 echo "Checking that all pods in kube-system are running ..."
 waitSystemPodsRunning

 echo "Applying remaining KubeZero modules..."

-# delete argocd deployments as various immutable things changed, also redis restart fails otherwise
-kubectl delete deployment argocd-redis -n argocd || true
-kubectl delete deployment argocd-repo-server -n argocd || true
-kubectl delete statefulset argocd-application-controller -n argocd || true
-
-# Delete prometheus-push gateway due to label changes
-kubectl delete deploy -l app=prometheus-pushgateway -n monitoring || true
-
 control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd"

 # Final step is to commit the new argocd kubezero app
--- a/charts/kubeadm/Chart.yaml
+++ b/charts/kubeadm/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubeadm
 description: KubeZero Kubeadm cluster config
 type: application
-version: 1.24.9
+version: 1.25.8
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -11,4 +11,4 @@ keywords:
 maintainers:
  - name: Stefan Reimer
    email: stefan@zero-downtime.net
-kubeVersion: ">= 1.24.0"
+kubeVersion: ">= 1.25.0"
--- a/charts/kubeadm/README.md
+++ b/charts/kubeadm/README.md
@ -1,6 +1,6 @@
 # kubeadm

-![Version: 1.24.9](https://img.shields.io/badge/Version-1.24.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 1.25.8](https://img.shields.io/badge/Version-1.25.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

 KubeZero Kubeadm cluster config

@ -14,7 +14,7 @@ KubeZero Kubeadm cluster config

 ## Requirements

-Kubernetes: `>= 1.24.0`
+Kubernetes: `>= 1.25.0`

 ## Values

--- a/charts/kubeadm/templates/_helpers.tpl
+++ b/charts/kubeadm/templates/_helpers.tpl
@ -1,6 +1,6 @@
 {{- /* Feature gates for all control plane components */ -}}
 {{- define "kubeadm.featuregates" }}
-{{- $gates := list "CustomCPUCFSQuotaPeriod" "CronJobTimeZone" "NodeOutOfServiceVolumeDetach" }}
+{{- $gates := list "CustomCPUCFSQuotaPeriod" "NodeOutOfServiceVolumeDetach" }}
 {{- if eq .return "csv" }}
 {{- range $key := $gates }}
 {{- $key }}=true,
--- a/charts/kubeadm/templates/patches/coredns0.yaml
+++ b/charts/kubeadm/templates/patches/coredns0.yaml
@ -12,13 +12,3 @@ spec:
            memory: 128Mi
      nodeSelector:
        node-role.kubernetes.io/control-plane: ""
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - labelSelector:
-              matchExpressions:
-              - key: k8s-app
-                operator: In
-                values:
-                - kube-dns
-            topologyKey: "kubernetes.io/hostname"
--- a/charts/kubezero-addons/Chart.yaml
+++ b/charts/kubezero-addons/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-addons
 description: KubeZero umbrella chart for various optional cluster addons
 type: application
-version: 0.7.3
+version: 0.7.4
 appVersion: v1.24
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
@ -24,7 +24,7 @@ dependencies:
    repository: https://kubernetes-sigs.github.io/external-dns/
    condition: external-dns.enabled
  - name: cluster-autoscaler
-    version: 9.21.0
+    version: 9.24.0
    repository: https://kubernetes.github.io/autoscaler
    condition: cluster-autoscaler.enabled
  - name: nvidia-device-plugin
@ -33,7 +33,7 @@ dependencies:
    repository: https://nvidia.github.io/k8s-device-plugin
    condition: nvidia-device-plugin.enabled
  - name: sealed-secrets
-    version: 2.7.1
+    version: 2.7.3
    repository: https://bitnami-labs.github.io/sealed-secrets
    condition: sealed-secrets.enabled
  - name: aws-node-termination-handler
--- a/charts/kubezero-addons/README.md
+++ b/charts/kubezero-addons/README.md
@ -1,6 +1,6 @@
 # kubezero-addons

-![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square)
+![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square)

 KubeZero umbrella chart for various optional cluster addons

@ -20,9 +20,9 @@ Kubernetes: `>= 1.24.0`
 |------------|------|---------|
 |  | aws-eks-asg-rolling-update-handler | 1.2.7 |
 |  | aws-node-termination-handler | 0.20.1 |
-| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.7.1 |
+| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.7.3 |
 | https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 |
-| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.21.0 |
+| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.24.0 |
 | https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.13.0 |

 # MetalLB   
@ -105,6 +105,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
 | cluster-autoscaler.enabled | bool | `false` |  |
 | cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` |  |
 | cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` |  |
+| cluster-autoscaler.image.tag | string | `"v1.24.0"` |  |
 | cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` |  |
 | cluster-autoscaler.podDisruptionBudget | bool | `false` |  |
 | cluster-autoscaler.prometheusRule.enabled | bool | `false` |  |
@ -139,6 +140,10 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
 | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key | string | `"node.kubernetes.io/instance-type"` |  |
 | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` |  |
 | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] | string | `"g5.xlarge"` |  |
+| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[10] | string | `"g4dn.4xlarge"` |  |
+| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[11] | string | `"g4dn.8xlarge"` |  |
+| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[12] | string | `"g4dn.12xlarge"` |  |
+| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[13] | string | `"g4dn.16xlarge"` |  |
 | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[1] | string | `"g5.2xlarge"` |  |
 | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[2] | string | `"g5.4xlarge"` |  |
 | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[3] | string | `"g5.8xlarge"` |  |
@ -146,6 +151,8 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
 | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[5] | string | `"g5.16xlarge"` |  |
 | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[6] | string | `"g5.24xlarge"` |  |
 | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[7] | string | `"g5.48xlarge"` |  |
+| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[8] | string | `"g4dn.xlarge"` |  |
+| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[9] | string | `"g4dn.2xlarge"` |  |
 | nvidia-device-plugin.enabled | bool | `false` |  |
 | nvidia-device-plugin.tolerations[0].effect | string | `"NoSchedule"` |  |
 | nvidia-device-plugin.tolerations[0].key | string | `"nvidia.com/gpu"` |  |
@ -155,7 +162,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
 | nvidia-device-plugin.tolerations[1].operator | string | `"Exists"` |  |
 | sealed-secrets.enabled | bool | `false` |  |
 | sealed-secrets.fullnameOverride | string | `"sealed-secrets-controller"` |  |
-| sealed-secrets.keyrenewperiod | int | `0` |  |
+| sealed-secrets.keyrenewperiod | string | `"0"` |  |
 | sealed-secrets.metrics.serviceMonitor.enabled | bool | `false` |  |
 | sealed-secrets.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` |  |
 | sealed-secrets.resources.limits.memory | string | `"128Mi"` |  |
--- a/charts/kubezero-addons/values.yaml
+++ b/charts/kubezero-addons/values.yaml
@ -31,7 +31,7 @@ sealed-secrets:
  fullnameOverride: sealed-secrets-controller

  # Disable auto keyrotation for now
-  keyrenewperiod: 0
+  keyrenewperiod: "0"

  resources:
    requests:
@ -179,10 +179,18 @@ nvidia-device-plugin:
                  - g5.24xlarge
                  - g5.48xlarge
                  - g4dn.xlarge
+                  - g4dn.2xlarge
+                  - g4dn.4xlarge
+                  - g4dn.8xlarge
+                  - g4dn.12xlarge
+                  - g4dn.16xlarge

 cluster-autoscaler:
  enabled: false

+  image:
+    tag: v1.24.0
+
  autoDiscovery:
    clusterName: ""
  awsRegion: "us-west-2"
--- a/charts/kubezero-argocd/values.yaml
+++ b/charts/kubezero-argocd/values.yaml
@ -68,16 +68,16 @@ argo-cd:
      createSecret: false

    knownHosts:
-     data:
-       ssh_known_hosts: |
-         bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
-         github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
-         github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
-         github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
-         gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
-         gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
-         gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
-         git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==
+      data:
+        ssh_known_hosts: |
+          bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
+          github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+          github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+          github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+          gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
+          gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
+          gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
+          git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==

    params:
      controller.status.processors: "10"
--- a/charts/kubezero-ci/Chart.yaml
+++ b/charts/kubezero-ci/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-ci
 description: KubeZero umbrella chart for all things CI
 type: application
-version: 0.5.25
+version: 0.6.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -22,16 +22,15 @@ dependencies:
    repository: https://gocd.github.io/helm-chart
    condition: gocd.enabled
  - name: gitea
-    version: 6.0.5
+    version: 7.0.4
    repository: https://dl.gitea.io/charts/
    condition: gitea.enabled
  - name: jenkins
-    version: 4.2.20
+    version: 4.3.2
    repository: https://charts.jenkins.io
    condition: jenkins.enabled
  - name: trivy
-    version: 0.4.17
+    version: 0.6.0
    repository: https://aquasecurity.github.io/helm-charts/
    condition: trivy.enabled
-
-kubeVersion: ">= 1.20.0"
+kubeVersion: ">= 1.24.0"
--- a/charts/kubezero-ci/README.md
+++ b/charts/kubezero-ci/README.md
@ -1,6 +1,6 @@
 # kubezero-ci

-![Version: 0.5.24](https://img.shields.io/badge/Version-0.5.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

 KubeZero umbrella chart for all things CI

@ -14,14 +14,14 @@ KubeZero umbrella chart for all things CI

 ## Requirements

-Kubernetes: `>= 1.20.0`
+Kubernetes: `>= 1.24.0`

 | Repository | Name | Version |
 |------------|------|---------|
-| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 |
+| https://aquasecurity.github.io/helm-charts/ | trivy | 0.6.0 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
-| https://charts.jenkins.io | jenkins | 4.2.17 |
-| https://dl.gitea.io/charts/ | gitea | 6.0.5 |
+| https://charts.jenkins.io | jenkins | 4.3.2 |
+| https://dl.gitea.io/charts/ | gitea | 7.0.4 |
 | https://gocd.github.io/helm-chart | gocd | 1.40.8 |

 # Jenkins
@ -82,6 +82,10 @@ Kubernetes: `>= 1.20.0`
 | jenkins.agent.image | string | `"public.ecr.aws/zero-downtime/jenkins-podman"` |  |
 | jenkins.agent.podName | string | `"podman-aws"` |  |
 | jenkins.agent.podRetention | string | `"Default"` |  |
+| jenkins.agent.resources.limits.cpu | string | `""` |  |
+| jenkins.agent.resources.limits.memory | string | `""` |  |
+| jenkins.agent.resources.requests.cpu | string | `""` |  |
+| jenkins.agent.resources.requests.memory | string | `""` |  |
 | jenkins.agent.showRawYaml | bool | `false` |  |
 | jenkins.agent.tag | string | `"v0.4.1"` |  |
 | jenkins.agent.yamlMergeStrategy | string | `"merge"` |  |
@ -92,18 +96,18 @@ Kubernetes: `>= 1.20.0`
 | jenkins.controller.initContainerResources.limits.memory | string | `"1024Mi"` |  |
 | jenkins.controller.initContainerResources.requests.cpu | string | `"50m"` |  |
 | jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` |  |
-| jenkins.controller.installPlugins[0] | string | `"kubernetes:3743.v1fa_4c724c3b_7"` |  |
+| jenkins.controller.installPlugins[0] | string | `"kubernetes:3883.v4d70a_a_a_df034"` |  |
 | jenkins.controller.installPlugins[10] | string | `"build-discarder:139.v05696a_7fe240"` |  |
-| jenkins.controller.installPlugins[11] | string | `"dark-theme:262.v0202a_4c8fb_6a"` |  |
-| jenkins.controller.installPlugins[12] | string | `"kubernetes-credentials-provider:1.206.v7ce2cf7b_0c8b"` |  |
+| jenkins.controller.installPlugins[11] | string | `"dark-theme:302.vf069cb_e01486"` |  |
+| jenkins.controller.installPlugins[12] | string | `"kubernetes-credentials-provider:1.209.v862c6e5fb_1ef"` |  |
 | jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` |  |
-| jenkins.controller.installPlugins[2] | string | `"git:4.14.3"` |  |
+| jenkins.controller.installPlugins[2] | string | `"git:5.0.0"` |  |
 | jenkins.controller.installPlugins[3] | string | `"basic-branch-build-strategies:71.vc1421f89888e"` |  |
-| jenkins.controller.installPlugins[4] | string | `"pipeline-graph-view:144.vf3924feb_7e35"` |  |
-| jenkins.controller.installPlugins[5] | string | `"pipeline-stage-view:2.28"` |  |
+| jenkins.controller.installPlugins[4] | string | `"pipeline-graph-view:154.v52138b_cb_557e"` |  |
+| jenkins.controller.installPlugins[5] | string | `"pipeline-stage-view:2.31"` |  |
 | jenkins.controller.installPlugins[6] | string | `"configuration-as-code:1569.vb_72405b_80249"` |  |
 | jenkins.controller.installPlugins[7] | string | `"antisamy-markup-formatter:155.v795fb_8702324"` |  |
-| jenkins.controller.installPlugins[8] | string | `"prometheus:2.0.11"` |  |
+| jenkins.controller.installPlugins[8] | string | `"prometheus:2.1.1"` |  |
 | jenkins.controller.installPlugins[9] | string | `"htmlpublisher:1.31"` |  |
 | jenkins.controller.javaOpts | string | `"-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""` |  |
 | jenkins.controller.jenkinsOpts | string | `"--sessionTimeout=180 --sessionEviction=3600"` |  |
--- a/charts/kubezero-ci/values.yaml
+++ b/charts/kubezero-ci/values.yaml
@ -121,19 +121,19 @@ jenkins:
                      numToKeepStr: "10"

    installPlugins:
-      - kubernetes:3802.vb_b_600831fcb_3
+      - kubernetes:3883.v4d70a_a_a_df034
      - workflow-aggregator:581.v0c46fa_697ffd
      - git:5.0.0
      - basic-branch-build-strategies:71.vc1421f89888e
-      - pipeline-graph-view:144.vf3924feb_7e35
-      - pipeline-stage-view:2.28
+      - pipeline-graph-view:154.v52138b_cb_557e
+      - pipeline-stage-view:2.31
      - configuration-as-code:1569.vb_72405b_80249
      - antisamy-markup-formatter:155.v795fb_8702324
-      - prometheus:2.1.0
+      - prometheus:2.1.1
      - htmlpublisher:1.31
      - build-discarder:139.v05696a_7fe240
-      - dark-theme:262.v0202a_4c8fb_6a
-      - kubernetes-credentials-provider:1.208.v128ee9800c04
+      - dark-theme:302.vf069cb_e01486
+      - kubernetes-credentials-provider:1.209.v862c6e5fb_1ef

  serviceAccountAgent:
    create: true
@ -231,7 +231,7 @@ jenkins:
 trivy:
  enabled: false
  image:
-    tag: 0.35.0
+    tag: 0.37.3
  persistence:
    enabled: true
    size: 1Gi
--- a/charts/kubezero-istio-gateway/Chart.yaml
+++ b/charts/kubezero-istio-gateway/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio-gateway
 description: KubeZero Umbrella Chart for Istio gateways
 type: application
-version: 0.9.0
+version: 0.9.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -14,9 +14,9 @@ maintainers:
    email: stefan@zero-downtime.net
 dependencies:
  - name: kubezero-lib
-    version: ">= 0.1.5"
+    version: ">= 0.1.6"
    repository: https://cdn.zero-downtime.net/charts/
  - name: gateway
-    version: 1.16.1
+    version: 1.16.3
    repository: https://istio-release.storage.googleapis.com/charts
 kubeVersion: ">= 1.24.0"
--- a/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml
+++ b/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.16.1
+appVersion: 1.16.3
 description: Helm chart for deploying Istio gateways
 icon: https://istio.io/latest/favicons/android-192x192.png
 keywords:
@ -9,4 +9,4 @@ name: gateway
 sources:
 - http://github.com/istio/istio
 type: application
-version: 1.16.1
+version: 1.16.3
--- a/charts/kubezero-istio/Chart.yaml
+++ b/charts/kubezero-istio/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio
 description: KubeZero Umbrella Chart for Istio
 type: application
-version: 0.9.0
+version: 0.9.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -16,10 +16,10 @@ dependencies:
    version: ">= 0.1.6"
    repository: https://cdn.zero-downtime.net/charts/
  - name: base
-    version: 1.16.1
+    version: 1.16.3
    repository: https://istio-release.storage.googleapis.com/charts
  - name: istiod
-    version: 1.16.1
+    version: 1.16.3
    repository: https://istio-release.storage.googleapis.com/charts
  - name: kiali-server
    version: "1.60.0"
--- a/charts/kubezero-logging/Chart.yaml
+++ b/charts/kubezero-logging/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-logging
 description: KubeZero Umbrella Chart for complete EFK stack
 type: application
-version: 0.8.4
+version: 0.8.5
 appVersion: 1.6.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
@ -27,6 +27,6 @@ dependencies:
    version: 0.3.9
    condition: fluentd.enabled
  - name: fluent-bit
-    version: 0.20.6
+    version: 0.24.0
    condition: fluent-bit.enabled
 kubeVersion: ">= 1.24.0"
--- a/charts/kubezero-logging/charts/fluent-bit/Chart.yaml
+++ b/charts/kubezero-logging/charts/fluent-bit/Chart.yaml
@ -1,13 +1,13 @@
 annotations:
  artifacthub.io/changes: |
    - kind: changed
-      description: "Additional upstream config option added"
+      description: "Updated Fluent Bit image to v2.0.9."
 apiVersion: v1
-appVersion: 1.9.7
+appVersion: 2.0.9
 description: Fast and lightweight log processor and forwarder or Linux, OSX and BSD
  family operating systems.
 home: https://fluentbit.io/
-icon: https://fluentbit.io/assets/img/logo1-default.png
+icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/fluentd/fluentbit/icon/fluentbit-icon-color.svg
 keywords:
 - logging
 - fluent-bit
@ -24,4 +24,4 @@ maintainers:
 name: fluent-bit
 sources:
 - https://github.com/fluent/fluent-bit/
-version: 0.20.6
+version: 0.24.0
--- a/charts/kubezero-logging/charts/fluent-bit/README.md
+++ b/charts/kubezero-logging/charts/fluent-bit/README.md
@ -31,7 +31,7 @@ First, you should add your Lua scripts to `luaScripts` in values.yaml, for examp

 ```yaml
 luaScripts:
- filter_example.lua: |
+  filter_example.lua: |
    function filter_name(tag, timestamp, record)
        -- put your lua code here.
    end
--- a/charts/kubezero-logging/charts/fluent-bit/templates/_pod.tpl
+++ b/charts/kubezero-logging/charts/fluent-bit/templates/_pod.tpl
@ -11,6 +11,9 @@ priorityClassName: {{ .Values.priorityClassName }}
 securityContext:
  {{- toYaml . | nindent 2 }}
 {{- end }}
+{{- with .Values.terminationGracePeriodSeconds }}
+terminationGracePeriodSeconds: {{ . }}
+{{- end }}
 hostNetwork: {{ .Values.hostNetwork }}
 dnsPolicy: {{ .Values.dnsPolicy }}
 {{- with .Values.dnsConfig }}
--- a/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml
+++ b/charts/kubezero-logging/charts/fluent-bit/templates/clusterrole.yaml
@ -19,7 +19,7 @@ rules:
      - get
      - list
      - watch
-  {{- if .Values.podSecurityPolicy.create }}
+  {{- if and .Values.podSecurityPolicy.create (semverCompare "<=1.25-0" .Capabilities.KubeVersion.GitVersion) }}
  - apiGroups:
      - policy
    resources:
--- a/charts/kubezero-logging/charts/fluent-bit/templates/daemonset.yaml
+++ b/charts/kubezero-logging/charts/fluent-bit/templates/daemonset.yaml
@ -20,6 +20,9 @@ spec:
  updateStrategy:
    {{- toYaml . | nindent 4 }}
  {{- end }}
+  {{- with .Values.minReadySeconds }}
+  minReadySeconds: {{ . }}
+  {{- end }}
  template:
    metadata:
      annotations:
--- a/charts/kubezero-logging/charts/fluent-bit/templates/deployment.yaml
+++ b/charts/kubezero-logging/charts/fluent-bit/templates/deployment.yaml
@ -23,6 +23,9 @@ spec:
  selector:
    matchLabels:
      {{- include "fluent-bit.selectorLabels" . | nindent 6 }}
+  {{- with .Values.minReadySeconds }}
+  minReadySeconds: {{ . }}
+  {{- end }}
  template:
    metadata:
      annotations:
--- a/charts/kubezero-logging/charts/fluent-bit/templates/psp.yaml
+++ b/charts/kubezero-logging/charts/fluent-bit/templates/psp.yaml
@ -1,4 +1,4 @@
-{{- if .Values.podSecurityPolicy.create }}
+{{- if and .Values.podSecurityPolicy.create (semverCompare "<=1.25-0" .Capabilities.KubeVersion.GitVersion) -}}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
--- a/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml
+++ b/charts/kubezero-logging/charts/fluent-bit/templates/service.yaml
@ -16,6 +16,15 @@ spec:
  {{- if and (eq .Values.service.type "ClusterIP") (.Values.service.clusterIP) }}
  clusterIP: {{ .Values.service.clusterIP }}
  {{- end }}
+  {{- if (eq .Values.service.type "LoadBalancer")}}
+  {{- with .Values.service.loadBalancerClass}}
+  loadBalancerClass: {{ . }}
+  {{- end }}
+  {{- with .Values.service.loadBalancerSourceRanges}}
+  loadBalancerSourceRanges:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- end }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: http
--- a/charts/kubezero-logging/charts/fluent-bit/templates/servicemonitor.yaml
+++ b/charts/kubezero-logging/charts/fluent-bit/templates/servicemonitor.yaml
@ -36,6 +36,16 @@ spec:
      relabelings:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- if .Values.serviceMonitor.scheme }}
+      scheme: {{ .Values.serviceMonitor.scheme }}
+      {{- end }}
+      {{- if .Values.serviceMonitor.tlsConfig }}
+      tlsConfig:
+        {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 8 }}
+      {{- end }}
+    {{- with .Values.serviceMonitor.additionalEndpoints }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
  namespaceSelector:
    matchNames:
      - {{ .Release.Namespace }}
--- a/charts/kubezero-logging/charts/fluent-bit/templates/vpa.yaml
+++ b/charts/kubezero-logging/charts/fluent-bit/templates/vpa.yaml
@ -0,0 +1,38 @@
+{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1/VerticalPodAutoscaler") .Values.autoscaling.vpa.enabled }}
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: {{ include "fluent-bit.fullname" . }}
+  labels:
+    {{- include "fluent-bit.labels" . | nindent 4 }}
+  {{- with .Values.autoscaling.vpa.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  resourcePolicy:
+    containerPolicies:
+    - containerName: {{ .Chart.Name }}
+      {{- with .Values.autoscaling.vpa.controlledResources }}
+      controlledResources: 
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.autoscaling.vpa.maxAllowed }}
+      maxAllowed:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.autoscaling.vpa.minAllowed }}
+      minAllowed:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+  targetRef:
+    apiVersion: apps/v1
+    kind: {{ .Values.kind }}
+    name: {{ include "fluent-bit.fullname" . }}
+  {{- if .Values.autoscaling.vpa.updatePolicy }}
+  updatePolicy:
+    {{- with .Values.autoscaling.vpa.updatePolicy.updateMode }}
+    updateMode: {{ . }}
+    {{- end }}
+  {{- end }}
+{{- end }}
--- a/charts/kubezero-logging/charts/fluent-bit/values.yaml
+++ b/charts/kubezero-logging/charts/fluent-bit/values.yaml
@ -13,7 +13,7 @@ image:
  pullPolicy: Always

 testFramework:
-  enabled: false
+  enabled: true
  image:
    repository: busybox
    pullPolicy: Always
@ -32,6 +32,11 @@ rbac:
  create: true
  nodeAccess: false

+# Configure podsecuritypolicy
+# Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+# from Kubernetes 1.25, PSP is deprecated
+# See: https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes
+# We automatically disable PSP if Kubernetes version is 1.25 or higher
 podSecurityPolicy:
  create: false
  annotations: {}
@ -78,6 +83,8 @@ securityContext: {}
 service:
  type: ClusterIP
  port: 2020
+  loadBalancerClass:
+  loadBalancerSourceRanges: []
  labels: {}
  # nodePort: 30020
  # clusterIP: 172.16.10.1
@ -111,6 +118,35 @@ serviceMonitor:
 #      targetLabel: nodename
 #      replacement: $1
 #      action: replace
+#  scheme: ""
+#  tlsConfig: {}
+
+  ## Beare in mind if youn want to collec metrics from a different port
+  ## you will need to configure the new ports on the extraPorts property.
+  additionalEndpoints: []
+  # - port: metrics
+  #   path: /metrics
+  #   interval: 10s
+  #   scrapeTimeout: 10s
+  #   scheme: ""
+  #   tlsConfig: {}
+  #   # metric relabel configs to apply to samples before ingestion.
+  #   #
+  #   metricRelabelings:
+  #     - sourceLabels: [__meta_kubernetes_service_label_cluster]
+  #       targetLabel: cluster
+  #       regex: (.*)
+  #       replacement: ${1}
+  #       action: replace
+  #   # relabel configs to apply to samples after ingestion.
+  #   #
+  #   relabelings:
+  #     - sourceLabels: [__meta_kubernetes_pod_node_name]
+  #       separator: ;
+  #       regex: ^(.*)$
+  #       targetLabel: nodename
+  #       replacement: $1
+  #       action: replace

 prometheusRule:
  enabled: false
@ -177,6 +213,28 @@ ingress:

 ## only available if kind is Deployment
 autoscaling:
+  vpa:
+    enabled: false
+
+    annotations: {}
+
+    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
+    controlledResources: []
+
+    # Define the max allowed resources for the pod
+    maxAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+    # Define the min allowed resources for the pod
+    minAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+
+    updatePolicy:
+      # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
+      # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
+      updateMode: Auto
+
  enabled: false
  minReplicas: 1
  maxReplicas: 3
@ -222,6 +280,14 @@ podAnnotations: {}

 podLabels: {}

+## How long (in seconds) a pods needs to be stable before progressing the deployment
+##
+minReadySeconds:
+
+## How long (in seconds) a pod may take to exit (useful with lifecycle hooks to ensure lb deregistration is done)
+##
+terminationGracePeriodSeconds:
+
 priorityClassName: ""

 env: []
@ -274,7 +340,7 @@ networkPolicy:

 luaScripts: {}

-## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/configuration-file
+## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file
 config:
  service: |
    [SERVICE]
@ -332,15 +398,8 @@ config:
        Retry_Limit False

  ## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/upstream-servers
+  ## This configuration is deprecated, please use `extraFiles` instead.
  upstream: {}
-#      upstream.conf: |
-#        [UPSTREAM]
-#            upstream1
-#
-#        [NODE]
-#            name       node-1
-#            host       127.0.0.1
-#            port       43000

  ## https://docs.fluentbit.io/manual/pipeline/parsers
  customParsers: |
@ -354,6 +413,14 @@ config:
  # This allows adding more files with arbitary filenames to /fluent-bit/etc by providing key/value pairs.
  # The key becomes the filename, the value becomes the file content.
  extraFiles: {}
+#     upstream.conf: |
+#       [UPSTREAM]
+#           upstream1
+#
+#       [NODE]
+#           name       node-1
+#           host       127.0.0.1
+#           port       43000
 #     example.conf: |
 #       [OUTPUT]
 #           Name example
--- a/charts/kubezero-logging/fluent-bit.patch
+++ b/charts/kubezero-logging/fluent-bit.patch
@ -1,24 +0,0 @@
-diff -tubr charts/fluent-bit/templates/tests/test-connection.yaml charts/fluent-bit.zdt/templates/tests/test-connection.yaml
--- charts/fluent-bit/templates/tests/test-connection.yaml	2021-06-22 12:25:10.000000000 +0200
-+++ charts/fluent-bit.zdt/templates/tests/test-connection.yaml	2021-05-17 12:09:02.724057438 +0200
-@@ -1,3 +1,4 @@
-+{{- if .Values.testFramework.enabled }}
- apiVersion: v1
- kind: Pod
- metadata:
-@@ -18,3 +19,4 @@
-     {{- toYaml . | nindent 4 }}
-   {{- end }}
-   restartPolicy: Never
-+{{- end }}
-diff -tubr charts/fluent-bit/values.yaml charts/fluent-bit.zdt/values.yaml
--- charts/fluent-bit/values.yaml	2021-06-22 12:25:10.000000000 +0200
-+++ charts/fluent-bit.zdt/values.yaml	2021-07-19 10:23:01.383398153 +0200
-@@ -12,6 +12,7 @@
-   # tag:
- 
- testFramework:
-+  enabled: false
-   image:
-     repository: busybox
-     pullPolicy: Always
--- a/charts/kubezero-logging/update.sh
+++ b/charts/kubezero-logging/update.sh
@ -19,7 +19,7 @@ yq eval -Mi 'del(.dependencies)' charts/eck-operator/Chart.yaml
 rm -rf charts/fluent-bit
 curl -L -s -o - https://github.com/fluent/helm-charts/releases/download/fluent-bit-${FLUENT_BIT_VERSION}/fluent-bit-${FLUENT_BIT_VERSION}.tgz | tar xfz - -C charts

-patch -i fluent-bit.patch -p0 --no-backup-if-mismatch
+# patch -i fluent-bit.patch -p0 --no-backup-if-mismatch


 # FluentD
--- a/charts/kubezero-logging/values.yaml
+++ b/charts/kubezero-logging/values.yaml
@ -246,7 +246,10 @@ fluent-bit:

  image:
    #repository: public.ecr.aws/zero-downtime/fluent-bit
-    tag: 1.9.8
+    tag: 2.0.10
+
+  testFramework:
+    enabled: false

  serviceMonitor:
    enabled: false
@ -276,8 +279,8 @@ fluent-bit:
      tls: false

    input:
-      memBufLimit: 4MB
-      refreshInterval: 10
+      memBufLimit: 16MB
+      refreshInterval: 5

    logLevel: info
    flushInterval: 5
@ -300,16 +303,19 @@ fluent-bit:
      [INPUT]
          Name tail
          Path /var/log/containers/*.log
+          # Exclude ourselves to current error spam, https://github.com/fluent/fluent-bit/issues/5769
+          Exclude_Path *logging-fluent-bit*
          multiline.parser cri
          Tag cri.*
          Skip_Long_Lines On
+          Skip_Empty_Lines On
          DB /var/log/flb_kube.db
          DB.Sync Normal
          DB.locking true
          # Buffer_Max_Size 1M
          {{- with .Values.config.input }}
-          Mem_Buf_Limit {{ default "4MB" .memBufLimit }}
-          Refresh_Interval {{ default 10 .refreshInterval }}
+          Mem_Buf_Limit {{ default "16MB" .memBufLimit }}
+          Refresh_Interval {{ default 5 .refreshInterval }}
          {{- end }}

    filters: |
--- a/charts/kubezero-mq/Chart.yaml
+++ b/charts/kubezero-mq/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-mq
 description: KubeZero umbrella chart for MQ systems like NATS, RabbitMQ
 type: application
-version: 0.3.4
+version: 0.3.5
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
--- a/charts/kubezero-mq/README.md
+++ b/charts/kubezero-mq/README.md
@ -1,6 +1,6 @@
 # kubezero-mq

-![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

 KubeZero umbrella chart for MQ systems like NATS, RabbitMQ

@ -20,7 +20,7 @@ Kubernetes: `>= 1.20.0`
 |------------|------|---------|
 |  | nats | 0.8.4 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
-| https://charts.bitnami.com/bitnami | rabbitmq | 11.1.5 |
+| https://charts.bitnami.com/bitnami | rabbitmq | 11.3.2 |
 | https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 3.1.4 |

 ## Values
@ -52,8 +52,10 @@ Kubernetes: `>= 1.20.0`
 | rabbitmq.clustering.forceBoot | bool | `false` |  |
 | rabbitmq.enabled | bool | `false` |  |
 | rabbitmq.hosts | list | `[]` | hostnames of rabbitmq services, used for Istio and TLS |
+| rabbitmq.istio.amqp | bool | `false` |  |
 | rabbitmq.istio.enabled | bool | `false` |  |
 | rabbitmq.istio.gateway | string | `"istio-ingress/private-ingressgateway"` |  |
+| rabbitmq.istio.mqtt | bool | `false` |  |
 | rabbitmq.istio.mqtts | bool | `false` |  |
 | rabbitmq.metrics.enabled | bool | `false` |  |
 | rabbitmq.metrics.serviceMonitor.enabled | bool | `true` |  |
--- a/charts/kubezero-mq/templates/rabbitmq/istio-service.yaml
+++ b/charts/kubezero-mq/templates/rabbitmq/istio-service.yaml
@ -25,6 +25,15 @@ spec:
        host: rabbitmq
        port:
          number: 5672
+  {{- if .Values.rabbitmq.istio.amqp }}
+  - match:
+    - port: 5672
+    route:
+    - destination:
+        host: rabbitmq
+        port:
+          number: 5672
+  {{- end }}
  {{- if .Values.rabbitmq.istio.mqtts }}
  - match:
    - port: 8883
--- a/charts/kubezero-mq/values.yaml
+++ b/charts/kubezero-mq/values.yaml
@ -56,6 +56,7 @@ rabbitmq:
  istio:
    enabled: false
    gateway: istio-ingress/private-ingressgateway
+    amqp: false
    mqtt: false
    mqtts: false

--- a/charts/kubezero-network/Chart.yaml
+++ b/charts/kubezero-network/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-network
 description: KubeZero umbrella chart for all things network
 type: application
-version: 0.4.2
+version: 0.4.3
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -16,14 +16,14 @@ maintainers:
    email: stefan@zero-downtime.net
 dependencies:
  - name: kubezero-lib
-    version: ">= 0.1.5"
+    version: ">= 0.1.6"
    repository: https://cdn.zero-downtime.net/charts/
  - name: cilium
-    version: 1.12.5
+    version: 1.13.1
    repository: https://helm.cilium.io/
    condition: cilium.enabled
  - name: metallb
-    version: 0.13.7
+    version: 0.13.9
    repository: https://metallb.github.io/metallb
    condition: metallb.enabled
-kubeVersion: ">= 1.24.0"
+kubeVersion: ">= 1.25.0"
--- a/charts/kubezero-network/values.yaml
+++ b/charts/kubezero-network/values.yaml
@ -18,7 +18,7 @@ metallb:

 multus:
  enabled: false
-  tag: "v3.9.2"
+  tag: "v3.9.3"

  clusterNetwork: "cilium"
  defaultNetworks: []
--- a/charts/kubezero-storage/Chart.yaml
+++ b/charts/kubezero-storage/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-storage
 description: KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini
 type: application
-version: 0.7.5
+version: 0.8.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -20,19 +20,23 @@ dependencies:
    version: ">= 0.1.6"
    repository: https://cdn.zero-downtime.net/charts/
  - name: lvm-localpv
-    version: 1.0.0
+    version: 1.0.1
    condition: lvm-localpv.enabled
    # we patch: repository: https://openebs.github.io/lvm-localpv
-  - name: gemini
-    version: 1.0.0
-    condition: gemini.enabled
-    # repository: https://charts.fairwinds.com/stable
  - name: aws-ebs-csi-driver
-    version: 2.14.1
+    version: 2.17.2
    condition: aws-ebs-csi-driver.enabled
    repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
  - name: aws-efs-csi-driver
-    version: 2.3.2
+    version: 2.4.1
    condition: aws-efs-csi-driver.enabled
    # repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
+  - name: gemini
+    version: 2.0.0
+    condition: gemini.enabled
+    # repository: https://charts.fairwinds.com/stable
+  - name: k8up
+    version: 4.2.0
+    condition: k8up.enabled
+    repository: https://k8up-io.github.io/k8up
 kubeVersion: ">= 1.24.0"
--- a/charts/kubezero-storage/README.md
+++ b/charts/kubezero-storage/README.md
@ -1,6 +1,6 @@
 # kubezero-storage

-![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

 KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini

@ -20,8 +20,9 @@ Kubernetes: `>= 1.24.0`
 |------------|------|---------|
 |  | aws-efs-csi-driver | 2.3.2 |
 |  | gemini | 1.0.0 |
-|  | lvm-localpv | 1.0.0 |
+|  | lvm-localpv | 1.0.1 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
+| https://k8up-io.github.io/k8up | k8up | 4.2.0 |
 | https://kubernetes-sigs.github.io/aws-ebs-csi-driver | aws-ebs-csi-driver | 2.14.1 |

 ## Values
@ -102,6 +103,18 @@ Kubernetes: `>= 1.24.0`
 | gemini.resources.limits.memory | string | `"128Mi"` |  |
 | gemini.resources.requests.cpu | string | `"20m"` |  |
 | gemini.resources.requests.memory | string | `"32Mi"` |  |
+| k8up.enabled | bool | `false` |  |
+| k8up.k8up.enableLeaderElection | bool | `false` |  |
+| k8up.metrics.serviceMonitor.enabled | bool | `true` |  |
+| k8up.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` |  |
+| k8up.replicaCount | int | `1` |  |
+| k8up.resources.limits.memory | string | `"256Mi"` |  |
+| k8up.resources.requests.cpu | string | `"20m"` |  |
+| k8up.resources.requests.memory | string | `"32Mi"` |  |
+| k8up.tolerations[0].effect | string | `"NoSchedule"` |  |
+| k8up.tolerations[0].key | string | `"node-role.kubernetes.io/master"` |  |
+| k8up.tolerations[1].effect | string | `"NoSchedule"` |  |
+| k8up.tolerations[1].key | string | `"node-role.kubernetes.io/control-plane"` |  |
 | lvm-localpv.analytics.enabled | bool | `false` |  |
 | lvm-localpv.enabled | bool | `false` |  |
 | lvm-localpv.lvmController.logLevel | int | `2` |  |
--- a/charts/kubezero-storage/charts/aws-efs-csi-driver/CHANGELOG.md
+++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/CHANGELOG.md
@ -1,4 +1,25 @@
 # Helm chart
+# v2.4.1
+* Bump app/driver version to `v1.5.4`
+# v2.4.0
+* Bump app/driver version to `v1.5.3`
+# v2.3.9
+* Bump app/driver version to `v1.5.2`
+# v2.3.8
+* Bump app/driver version to `v1.5.1`
+# v2.3.7
+* Bump app/driver version to `v1.5.0`
+# v2.3.6
+* Bump app/driver version to `v1.4.9`
+# v2.3.5
+* Bump app/driver version to `v1.4.8`
+
+# v2.3.4
+* Bump app/driver version to `v1.4.7`
+
+# v2.3.3
+* Bump app/driver version to `v1.4.6`
+
 # v2.3.2
 * Bump app/driver version to `v1.4.5`

--- a/charts/kubezero-storage/charts/aws-efs-csi-driver/Chart.yaml
+++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.4.5
+appVersion: 1.5.4
 description: A Helm chart for AWS EFS CSI Driver
 home: https://github.com/kubernetes-sigs/aws-efs-csi-driver
 keywords:
@ -15,4 +15,4 @@ maintainers:
 name: aws-efs-csi-driver
 sources:
 - https://github.com/kubernetes-sigs/aws-efs-csi-driver
-version: 2.3.2
+version: 2.4.1
--- a/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-deployment.yaml
+++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/controller-deployment.yaml
@ -15,7 +15,7 @@ spec:
      app.kubernetes.io/instance: {{ .Release.Name }}
  {{- with .Values.controller.updateStrategy }}
  strategy:
-    type: {{ . }}
+    {{ toYaml . | nindent 4 }}
  {{- end }}
  template:
    metadata:
--- a/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/node-daemonset.yaml
+++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/templates/node-daemonset.yaml
@ -11,6 +11,10 @@ spec:
      app: efs-csi-node
      app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
+  {{- with .Values.node.updateStrategy }}
+  updateStrategy:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
  template:
    metadata:
      labels:
--- a/charts/kubezero-storage/charts/aws-efs-csi-driver/values.yaml
+++ b/charts/kubezero-storage/charts/aws-efs-csi-driver/values.yaml
@ -11,26 +11,26 @@ useFIPS: false

 image:
  repository: amazon/aws-efs-csi-driver
-  tag: "v1.4.5"
+  tag: "v1.5.4"
  pullPolicy: IfNotPresent

 sidecars:
  livenessProbe:
    image:
      repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
-      tag: v2.2.0-eks-1-18-13
+      tag: v2.8.0-eks-1-25-latest
      pullPolicy: IfNotPresent
    resources: {}
  nodeDriverRegistrar:
    image:
      repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
-      tag: v2.1.0-eks-1-18-13
+      tag: v2.6.2-eks-1-25-latest
      pullPolicy: IfNotPresent
    resources: {}
  csiProvisioner:
    image:
      repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
-      tag: v2.1.1-eks-1-18-13
+      tag: v3.3.0-eks-1-25-latest
      pullPolicy: IfNotPresent
    resources: {}

@ -68,6 +68,7 @@ controller:
    #   cpu: 100m
    #   memory: 128Mi
  nodeSelector: {}
+  updateStrategy: {}
  tolerations: []
  affinity: {}
  # Specifies whether a service account should be created
@ -112,6 +113,10 @@ node:
    #   cpu: 100m
    #   memory: 128Mi
  nodeSelector: {}
+  updateStrategy: {}
+    # Override default strategy (RollingUpdate) to speed up deployment.
+    # This can be useful if helm timeouts are observed.
+    # type: OnDelete
  tolerations:
    - operator: Exists
  # Specifies whether a service account should be created
--- a/charts/kubezero-storage/charts/gemini/Chart.yaml
+++ b/charts/kubezero-storage/charts/gemini/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v1
-appVersion: "1.0"
+appVersion: "2.0"
 description: Automated backup and restore of PersistentVolumes using the VolumeSnapshot
  API
 maintainers:
 - email: robertb@fairwinds.com
  name: rbren
 name: gemini
-version: 1.0.0
+version: 2.0.0
--- a/charts/kubezero-storage/charts/gemini/README.md
+++ b/charts/kubezero-storage/charts/gemini/README.md
@ -16,12 +16,22 @@ See the [Gemini README](https://github.com/FairwindsOps/gemini) for more informa
 ## Installation
 ```bash
 helm repo add fairwinds-stable https://charts.fairwinds.com/stable
-helm install gemini fairwinds-stable/gemini --namespace gemini
+helm install gemini fairwinds-stable/gemini --namespace gemini --create-namespace
 ```
 ## Requirements

 Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/)