From c1a8df235aa8ed1d240a6ad0022762d93d2042b3 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Wed, 12 Apr 2023 16:13:01 +0000
Subject: [PATCH] Fixes, addons version bump

---
 admin/upgrade_cluster.sh                      |  2 +-
 charts/kubezero-addons/Chart.yaml             | 18 ++++++++---------
 charts/kubezero-addons/README.md              | 18 ++++++++---------
 .../Chart.yaml                                |  2 +-
 .../README.md                                 | 13 ++++++++++++
 .../templates/deployment.yaml                 | 14 ++++++++-----
 .../values.yaml                               | 13 +++++++++++-
 .../aws-node-termination-handler/Chart.yaml   |  4 ++--
 .../aws-node-termination-handler/README.md    | 14 ++++++-------
 .../templates/deployment.yaml                 |  8 --------
 .../templates/psp.yaml                        |  2 +-
 .../aws-node-termination-handler/values.yaml  | 14 ++++++-------
 charts/kubezero-addons/ruh.patch              | 20 +++++++------------
 charts/kubezero-addons/values.yaml            |  2 +-
 charts/kubezero-ci/README.md                  |  2 +-
 charts/kubezero-istio-gateway/README.md       |  6 +++---
 charts/kubezero-istio/README.md               |  6 +++---
 charts/kubezero-logging/README.md             | 13 ++++++------
 charts/kubezero-network/README.md             | 12 +++++------
 charts/kubezero-storage/README.md             |  6 +++---
 charts/kubezero/README.md                     | 20 +++++++++----------
 charts/kubezero/templates/storage.yaml        |  3 ++-
 charts/kubezero/values.yaml                   |  2 +-
 23 files changed, 115 insertions(+), 99 deletions(-)
 create mode 100644 charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/README.md

diff --git a/admin/upgrade_cluster.sh b/admin/upgrade_cluster.sh
index 4e518ac..020ce97 100755
--- a/admin/upgrade_cluster.sh
+++ b/admin/upgrade_cluster.sh
@@ -150,7 +150,7 @@ argo_used && disable_argo
 
 # Cleanup
 # Remove calico CRDs
-kubectl delete -f https://git.zero-downtime.net/ZeroDownTime/kubezero/raw/tag/v1.23.11/charts/kubezero-network/charts/calico/crds/crds.yaml || true
+kubectl delete -f https://git.zero-downtime.net/ZeroDownTime/kubezero/raw/tag/v1.23.11/charts/kubezero-network/charts/calico/crds/crds.yaml 2>/dev/null || true
 
 # delete old kubelet configs
 for cm in $(kubectl get cm -n kube-system --no-headers |  awk '{if ($1 ~ "kubelet-config-1*") print $1}'); do kubectl delete cm $cm -n kube-system; done
diff --git a/charts/kubezero-addons/Chart.yaml b/charts/kubezero-addons/Chart.yaml
index 158a281..0072e8a 100644
--- a/charts/kubezero-addons/Chart.yaml
+++ b/charts/kubezero-addons/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: kubezero-addons
 description: KubeZero umbrella chart for various optional cluster addons
 type: application
-version: 0.7.4
-appVersion: v1.24
+version: 0.7.5
+appVersion: v1.25
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -20,28 +20,28 @@ maintainers:
     email: stefan@zero-downtime.net
 dependencies:
   - name: external-dns
-    version: 1.11.0
+    version: 1.12.2
     repository: https://kubernetes-sigs.github.io/external-dns/
     condition: external-dns.enabled
   - name: cluster-autoscaler
-    version: 9.24.0
+    version: 9.28.0
     repository: https://kubernetes.github.io/autoscaler
     condition: cluster-autoscaler.enabled
   - name: nvidia-device-plugin
-    version: 0.13.0
+    version: 0.14.0
     # https://github.com/NVIDIA/k8s-device-plugin
     repository: https://nvidia.github.io/k8s-device-plugin
     condition: nvidia-device-plugin.enabled
   - name: sealed-secrets
-    version: 2.7.3
+    version: 2.8.1
     repository: https://bitnami-labs.github.io/sealed-secrets
     condition: sealed-secrets.enabled
   - name: aws-node-termination-handler
-    version: 0.20.1
+    version: 0.21.0
     # repository: https://aws.github.io/eks-charts
     condition: aws-node-termination-handler.enabled
   - name: aws-eks-asg-rolling-update-handler
-    version: 1.2.7
+    version: 1.3.0
     # repository: https://twin.github.io/helm-charts
     condition: aws-eks-asg-rolling-update-handler.enabled
-kubeVersion: ">= 1.24.0"
+kubeVersion: ">= 1.25.0"
diff --git a/charts/kubezero-addons/README.md b/charts/kubezero-addons/README.md
index 7f2a970..324a6c6 100644
--- a/charts/kubezero-addons/README.md
+++ b/charts/kubezero-addons/README.md
@@ -1,6 +1,6 @@
 # kubezero-addons
 
-![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square)
+![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.25](https://img.shields.io/badge/AppVersion-v1.25-informational?style=flat-square)
 
 KubeZero umbrella chart for various optional cluster addons
 
@@ -14,16 +14,16 @@ KubeZero umbrella chart for various optional cluster addons
 
 ## Requirements
 
-Kubernetes: `>= 1.24.0`
+Kubernetes: `>= 1.25.0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | aws-eks-asg-rolling-update-handler | 1.2.7 |
-|  | aws-node-termination-handler | 0.20.1 |
-| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.7.3 |
-| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 |
-| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.24.0 |
-| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.13.0 |
+|  | aws-eks-asg-rolling-update-handler | 1.3.0 |
+|  | aws-node-termination-handler | 0.21.0 |
+| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.8.1 |
+| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.12.2 |
+| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.28.0 |
+| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.14.0 |
 
 # MetalLB   
    
@@ -105,7 +105,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
 | cluster-autoscaler.enabled | bool | `false` |  |
 | cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` |  |
 | cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` |  |
-| cluster-autoscaler.image.tag | string | `"v1.24.0"` |  |
+| cluster-autoscaler.image.tag | string | `"v1.25.1"` |  |
 | cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` |  |
 | cluster-autoscaler.podDisruptionBudget | bool | `false` |  |
 | cluster-autoscaler.prometheusRule.enabled | bool | `false` |  |
diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml
index 91ce0de..e377626 100644
--- a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml
+++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml
@@ -5,4 +5,4 @@ home: https://github.com/TwiN/aws-eks-asg-rolling-update-handler
 maintainers:
 - name: TwiN
 name: aws-eks-asg-rolling-update-handler
-version: 1.2.7
+version: 1.3.0
diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/README.md b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/README.md
new file mode 100644
index 0000000..23bb5e3
--- /dev/null
+++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/README.md
@@ -0,0 +1,13 @@
+# aws-eks-asg-rolling-update-handler
+
+## Configuration
+The following table lists the configurable parameters of the aws-eks-asg-rolling-update-handler chart and their default values.
+| Parameters | Description | Required | Default     |
+|:-----------|:------------|:---------|:------------|
+| environmentVars  | environment variables for aws-eks-asg-rolling-update-handler container, available variables are listed [here](https://github.com/TwiN/aws-eks-asg-rolling-update-handler/blob/master/README.md#usage) | yes |`[{"name":"CLUSTER_NAME","value":"cluster-name"}]`|
+| replicaCount | Number of aws-eks-asg-rolling-update-handler replicas | yes |`1` |
+| image.repository | Image repository | yes |  `twinproduction/aws-eks-asg-rolling-update-handler` |
+| image.tag | image tag | yes | `v1.4.3` |
+| image.pullPolicy | Image pull policy | yes | `IfNotPresent` |
+| resources | CPU/memory resource requests/limits | no | `{}` |
+| podAnnotations | Annotations to add to the aws-eks-asg-rolling-update-handler pod configuration | no | `{}` |
diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml
index c4894cf..30343ec 100644
--- a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml
+++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml
@@ -15,6 +15,10 @@ spec:
     metadata:
       labels:
 {{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 8 }}
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
       automountServiceAccountToken: true
       serviceAccountName: {{ template "aws-eks-asg-rolling-update-handler.serviceAccountName" . }}
@@ -25,11 +29,11 @@ spec:
           image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
-            {{- toYaml .Values.environmentVars | nindent 12 }}
-          {{- with .Values.resources }}
+{{- toYaml .Values.environmentVars | nindent 12 }}
+{{- with .Values.resources }}
           resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
+{{- toYaml . | nindent 12 }}
+{{- end }}
           volumeMounts:
             - name: aws-token
               mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
@@ -52,5 +56,5 @@ spec:
       {{- end }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
-{{- toYaml . | nindent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml
index 8a5d57a..1c93f45 100644
--- a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml
+++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml
@@ -2,7 +2,7 @@ replicaCount: 1
 
 image:
   repository: twinproduction/aws-eks-asg-rolling-update-handler
-  tag: v1.4.3
+  tag: v1.7.0
   pullPolicy: IfNotPresent
 
 #imagePullSecrets:
@@ -22,6 +22,17 @@ environmentVars:
 #- name: ENVIRONMENT
 #  value: ""
 
+resources: {}
+  # limits:
+  #   cpu: 0.3
+  #   memory: 100Mi
+  # requests:
+  #   cpu: 0.1
+  #   memory: 50Mi
+podAnnotations: {}
+  # prometheus.io/port: "8080"
+  # prometheus.io/scrape: "true"
+
 serviceAccount:
   create: true
   #name: aws-eks-asg-rolling-update-handler
diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml b/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml
index 0ee89da..32d2ee9 100644
--- a/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml
+++ b/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.18.1
+appVersion: 1.19.0
 description: A Helm chart for the AWS Node Termination Handler.
 home: https://github.com/aws/eks-charts
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
@@ -22,4 +22,4 @@ sources:
 - https://github.com/aws/aws-node-termination-handler/
 - https://github.com/aws/eks-charts/
 type: application
-version: 0.20.1
+version: 0.21.0
diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/README.md b/charts/kubezero-addons/charts/aws-node-termination-handler/README.md
index 4b9c884..2fe7d39 100644
--- a/charts/kubezero-addons/charts/aws-node-termination-handler/README.md
+++ b/charts/kubezero-addons/charts/aws-node-termination-handler/README.md
@@ -56,7 +56,7 @@ The configuration in this table applies to all AWS Node Termination Handler mode
 | `serviceAccount.name`              | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template.                                                                                                                                                                                                                                                        | `nil`                                                 |
 | `serviceAccount.annotations`       | Annotations to add to the service account.                                                                                                                                                                                                                                                                                                                                             | `{}`                                                  |
 | `rbac.create`                      | If `true`, create the RBAC resources.                                                                                                                                                                                                                                                                                                                                                  | `true`                                                |
-| `rbac.pspEnabled`                  | If `true`, create a pod security policy resource.                                                                                                                                                                                                                                                                                                                                      | `true`                                                |
+| `rbac.pspEnabled`                  | If `true`, create a pod security policy resource. Note: `PodSecurityPolicy`s will not be created when Kubernetes version is 1.25 or later.                                                                                                                                                                                                                                                                                     | `true`                                                |
 | `customLabels`                     | Labels to add to all resource metadata.                                                                                                                                                                                                                                                                                                                                                | `{}`                                                  |
 | `podLabels`                        | Labels to add to the pod.                                                                                                                                                                                                                                                                                                                                                              | `{}`                                                  |
 | `podAnnotations`                   | Annotations to add to the pod.                                                                                                                                                                                                                                                                                                                                                         | `{}`                                                  |
@@ -123,7 +123,7 @@ The configuration in this table applies to AWS Node Termination Handler in queue
 The configuration in this table applies to AWS Node Termination Handler in IMDS mode.
 
 | Parameter                        | Description                                                                                                                                                                                                                                                   | Default                |
-| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
+| -------------------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|
 | `targetNodeOs`                   | Space separated list of node OS's to target (e.g. `"linux"`, `"windows"`, `"linux windows"`). Windows support is **EXPERIMENTAL**.                                                                                                                            | `"linux"`              |
 | `linuxPodLabels`                 | Labels to add to each Linux pod.                                                                                                                                                                                                                              | `{}`                   |
 | `windowsPodLabels`               | Labels to add to each Windows pod.                                                                                                                                                                                                                            | `{}`                   |
@@ -138,7 +138,7 @@ The configuration in this table applies to AWS Node Termination Handler in IMDS
 | `podMonitor.sampleLimit`         | Number of scraped samples accepted.                                                                                                                                                                                                                           | `5000`                 |
 | `useHostNetwork`                 | If `true`, enables `hostNetwork` for the Linux DaemonSet. NOTE: setting this to `false` may cause issues accessing IMDSv2 if your account is not configured with an IP hop count of 2 see [Metrics Endpoint Considerations](#metrics-endpoint-considerations) | `true`                 |
 | `dnsPolicy`                      | If specified, this overrides `linuxDnsPolicy` and `windowsDnsPolicy` with a single policy.                                                                                                                                                                    | `""`                   |
-| `dnsConfig`                      | If specified, this sets the dnsConfig: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config                                                                                                                                                                    | `{}`                   |
+| `dnsConfig`                      | If specified, this sets the dnsConfig: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config                                                                                                                                | `{}`                   |
 | `linuxDnsPolicy`                 | DNS policy for the Linux DaemonSet.                                                                                                                                                                                                                           | `""`                   |
 | `windowsDnsPolicy`               | DNS policy for the Windows DaemonSet.                                                                                                                                                                                                                         | `""`                   |
 | `daemonsetNodeSelector`          | Expressions to select a node by it's labels for DaemonSet pod assignment. For backwards compatibility the `nodeSelector` value has priority over this but shouldn't be used.                                                                                  | `{}`                   |
@@ -152,10 +152,10 @@ The configuration in this table applies to AWS Node Termination Handler in IMDS
 | `windowsTolerations`             | Override `daemonsetTolerations` for the Linux DaemonSet.                                                                                                                                                                                                      | `[]`                   |
 | `enableProbesServer`             | If `true`, start an http server exposing `/healthz` endpoint for probes.                                                                                                                                                                                      | `false`                |
 | `metadataTries`                  | The number of times to try requesting metadata.                                                                                                                                                                                                               | `3`                    |
-| `enableSpotInterruptionDraining` | If `true`, drain nodes when the spot interruption termination notice is received.                                                                                                                                                                             | `true`                 |
-| `enableScheduledEventDraining`   | If `true`, drain nodes before the maintenance window starts for an EC2 instance scheduled event. This is **EXPERIMENTAL**.                                                                                                                                    | `false`                |
-| `enableRebalanceMonitoring`      | If `true`, cordon nodes when the rebalance recommendation notice is received. If you'd like to drain the node in addition to cordoning, then also set `enableRebalanceDraining`.                                                                              | `false`                |
-| `enableRebalanceDraining`        | If `true`, drain nodes when the rebalance recommendation notice is received.                                                                                                                                                                                  | `false`                |
+| `enableSpotInterruptionDraining` | If `true`, drain nodes when the spot interruption termination notice is received. Only used in IMDS mode.                                                                                                                                                     | `true`                 |
+| `enableScheduledEventDraining`   | If `true`, drain nodes before the maintenance window starts for an EC2 instance scheduled event. Only used in IMDS mode.                                                                                                                                      | `true`                 |
+| `enableRebalanceMonitoring`      | If `true`, cordon nodes when the rebalance recommendation notice is received. If you'd like to drain the node in addition to cordoning, then also set `enableRebalanceDraining`. Only used in IMDS mode.                                                      | `false`                |
+| `enableRebalanceDraining`        | If `true`, drain nodes when the rebalance recommendation notice is received. Only used in IMDS mode.                                                                                                                                                          | `false`                |
 
 ### Testing Configuration
 
diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml b/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml
index 33f31bb..1c79b40 100644
--- a/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml
+++ b/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml
@@ -146,14 +146,6 @@ spec:
             - name: WEBHOOK_TEMPLATE
               value: {{ .Values.webhookTemplate | quote }}
             {{- end }}
-            - name: ENABLE_SPOT_INTERRUPTION_DRAINING
-              value: {{ .Values.enableSpotInterruptionDraining | quote }}
-            - name: ENABLE_SCHEDULED_EVENT_DRAINING
-              value: {{ .Values.enableScheduledEventDraining | quote }}
-            - name: ENABLE_REBALANCE_MONITORING
-              value: {{ .Values.enableRebalanceMonitoring | quote }}
-            - name: ENABLE_REBALANCE_DRAINING
-              value: {{ .Values.enableRebalanceDraining | quote }}
             - name: ENABLE_SQS_TERMINATION_DRAINING
               value: "true"
             {{- with .Values.awsRegion }}
diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/templates/psp.yaml b/charts/kubezero-addons/charts/aws-node-termination-handler/templates/psp.yaml
index 70c576e..c84d69f 100644
--- a/charts/kubezero-addons/charts/aws-node-termination-handler/templates/psp.yaml
+++ b/charts/kubezero-addons/charts/aws-node-termination-handler/templates/psp.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.rbac.pspEnabled }}
+{{- if and (.Values.rbac.pspEnabled) (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/values.yaml b/charts/kubezero-addons/charts/aws-node-termination-handler/values.yaml
index c965358..ea7b7f7 100644
--- a/charts/kubezero-addons/charts/aws-node-termination-handler/values.yaml
+++ b/charts/kubezero-addons/charts/aws-node-termination-handler/values.yaml
@@ -23,7 +23,7 @@ serviceAccount:
 rbac:
   # Specifies whether RBAC resources should be created
   create: true
-  # Specifies if PodSecurityPolicy resources should be created
+  # Specifies if PodSecurityPolicy resources should be created. PodSecurityPolicy will not be created when Kubernetes version is 1.25 or later.
   pspEnabled: true
 
 customLabels: {}
@@ -259,22 +259,22 @@ daemonsetTolerations:
 linuxTolerations: []
 windowsTolerations: []
 
-# If the probes server is running for the Daemonset
+# If the probes server is running.
 enableProbesServer: false
 
 # Total number of times to try making the metadata request before failing.
 metadataTries: 3
 
-# enableSpotInterruptionDraining If false, do not drain nodes when the spot interruption termination notice is received
+# enableSpotInterruptionDraining If false, do not drain nodes when the spot interruption termination notice is received. Only used in IMDS mode.
 enableSpotInterruptionDraining: true
 
-# enableScheduledEventDraining [EXPERIMENTAL] If true, drain nodes before the maintenance window starts for an EC2 instance scheduled event
-enableScheduledEventDraining: false
+# enableScheduledEventDraining If false, do not drain nodes before the maintenance window starts for an EC2 instance scheduled event. Only used in IMDS mode.
+enableScheduledEventDraining: true
 
-# enableRebalanceMonitoring If true, cordon nodes when the rebalance recommendation notice is received
+# enableRebalanceMonitoring If true, cordon nodes when the rebalance recommendation notice is received. Only used in IMDS mode.
 enableRebalanceMonitoring: false
 
-# enableRebalanceDraining If true, drain nodes when the rebalance recommendation notice is received
+# enableRebalanceDraining If true, drain nodes when the rebalance recommendation notice is received. Only used in IMDS mode.
 enableRebalanceDraining: false
 
 # ---------------------------------------------------------------------------------------------------------------------
diff --git a/charts/kubezero-addons/ruh.patch b/charts/kubezero-addons/ruh.patch
index b88c55f..21d24cb 100644
--- a/charts/kubezero-addons/ruh.patch
+++ b/charts/kubezero-addons/ruh.patch
@@ -1,16 +1,10 @@
 diff -tuNr charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml
---- charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml	2022-12-16 13:10:26.049272371 +0000
-+++ charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml	2022-12-16 15:56:00.880666339 +0000
-@@ -25,7 +25,31 @@
-           image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-           imagePullPolicy: {{ .Values.image.pullPolicy }}
-           env:
--{{- toYaml .Values.environmentVars | nindent 12 }}
-+            {{- toYaml .Values.environmentVars | nindent 12 }}
-+          {{- with .Values.resources }}
-+          resources:
-+            {{- toYaml . | nindent 12 }}
-+          {{- end }}
+--- charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml	2023-04-12 15:49:08.744242462 +0000
++++ charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml	2023-04-12 15:55:44.399489809 +0000
+@@ -34,6 +34,26 @@
+           resources:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
 +          volumeMounts:
 +            - name: aws-token
 +              mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
@@ -33,4 +27,4 @@ diff -tuNr charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.y
 +      {{- end }}
        {{- with .Values.imagePullSecrets }}
        imagePullSecrets:
- {{- toYaml . | nindent 8 }}
+         {{- toYaml . | nindent 8 }}
diff --git a/charts/kubezero-addons/values.yaml b/charts/kubezero-addons/values.yaml
index e80ed18..1e9646e 100644
--- a/charts/kubezero-addons/values.yaml
+++ b/charts/kubezero-addons/values.yaml
@@ -189,7 +189,7 @@ cluster-autoscaler:
   enabled: false
 
   image:
-    tag: v1.24.0
+    tag: v1.25.1
 
   autoDiscovery:
     clusterName: ""
diff --git a/charts/kubezero-ci/README.md b/charts/kubezero-ci/README.md
index 6cc2342..eee942a 100644
--- a/charts/kubezero-ci/README.md
+++ b/charts/kubezero-ci/README.md
@@ -132,7 +132,7 @@ Kubernetes: `>= 1.24.0`
 | jenkins.serviceAccountAgent.create | bool | `true` |  |
 | jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` |  |
 | trivy.enabled | bool | `false` |  |
-| trivy.image.tag | string | `"0.35.0"` |  |
+| trivy.image.tag | string | `"0.37.3"` |  |
 | trivy.persistence.enabled | bool | `true` |  |
 | trivy.persistence.size | string | `"1Gi"` |  |
 | trivy.rbac.create | bool | `false` |  |
diff --git a/charts/kubezero-istio-gateway/README.md b/charts/kubezero-istio-gateway/README.md
index 09aa7d3..da698ae 100644
--- a/charts/kubezero-istio-gateway/README.md
+++ b/charts/kubezero-istio-gateway/README.md
@@ -1,6 +1,6 @@
 # kubezero-istio-gateway
 
-![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.9.1](https://img.shields.io/badge/Version-0.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero Umbrella Chart for Istio gateways
 
@@ -20,8 +20,8 @@ Kubernetes: `>= 1.24.0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
-| https://istio-release.storage.googleapis.com/charts | gateway | 1.16.1 |
+| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
+| https://istio-release.storage.googleapis.com/charts | gateway | 1.16.3 |
 
 ## Values
 
diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md
index 088ce17..c968ac2 100644
--- a/charts/kubezero-istio/README.md
+++ b/charts/kubezero-istio/README.md
@@ -1,6 +1,6 @@
 # kubezero-istio
 
-![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.9.1](https://img.shields.io/badge/Version-0.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero Umbrella Chart for Istio
 
@@ -21,8 +21,8 @@ Kubernetes: `>= 1.24.0`
 | Repository | Name | Version |
 |------------|------|---------|
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
-| https://istio-release.storage.googleapis.com/charts | base | 1.16.1 |
-| https://istio-release.storage.googleapis.com/charts | istiod | 1.16.1 |
+| https://istio-release.storage.googleapis.com/charts | base | 1.16.3 |
+| https://istio-release.storage.googleapis.com/charts | istiod | 1.16.3 |
 | https://kiali.org/helm-charts | kiali-server | 1.60.0 |
 
 ## Values
diff --git a/charts/kubezero-logging/README.md b/charts/kubezero-logging/README.md
index b4f1f47..6c27eaf 100644
--- a/charts/kubezero-logging/README.md
+++ b/charts/kubezero-logging/README.md
@@ -1,6 +1,6 @@
 # kubezero-logging
 
-![Version: 0.8.4](https://img.shields.io/badge/Version-0.8.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square)
+![Version: 0.8.5](https://img.shields.io/badge/Version-0.8.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square)
 
 KubeZero Umbrella Chart for complete EFK stack
 
@@ -19,7 +19,7 @@ Kubernetes: `>= 1.24.0`
 | Repository | Name | Version |
 |------------|------|---------|
 |  | eck-operator | 2.4.0 |
-|  | fluent-bit | 0.20.6 |
+|  | fluent-bit | 0.24.0 |
 |  | fluentd | 0.3.9 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
 
@@ -72,9 +72,9 @@ Kubernetes: `>= 1.24.0`
 | fluent-bit.config.customParsers | string | `"[PARSER]\n    Name cri-log\n    Format regex\n    Regex ^(?<time>.+) (?<stream>stdout|stderr) (?<logtag>F|P) (?<log>.*)$\n    Time_Key    time\n    Time_Format %Y-%m-%dT%H:%M:%S.%L%z\n"` |  |
 | fluent-bit.config.filters | string | `"[FILTER]\n    Name parser\n    Match cri.*\n    Parser cri-log\n    Key_Name log\n\n[FILTER]\n    Name kubernetes\n    Match cri.*\n    Merge_Log On\n    Merge_Log_Key kube\n    Kube_Tag_Prefix cri.var.log.containers.\n    Keep_Log Off\n    K8S-Logging.Parser Off\n    K8S-Logging.Exclude Off\n    Kube_Meta_Cache_TTL 3600s\n    Buffer_Size 0\n    #Use_Kubelet true\n\n{{- if index .Values \"config\" \"extraRecords\" }}\n\n[FILTER]\n    Name record_modifier\n    Match cri.*\n    {{- range $k,$v := index .Values \"config\" \"extraRecords\" }}\n    Record {{ $k }} {{ $v }}\n    {{- end }}\n{{- end }}\n\n[FILTER]\n    Name rewrite_tag\n    Match cri.*\n    Emitter_Name kube_tag_rewriter\n    Rule $kubernetes['pod_id'] .* kube.$kubernetes['namespace_name'].$kubernetes['container_name'] false\n\n[FILTER]\n    Name    lua\n    Match   kube.*\n    script  /fluent-bit/scripts/kubezero.lua\n    call    nest_k8s_ns\n"` |  |
 | fluent-bit.config.flushInterval | int | `5` |  |
-| fluent-bit.config.input.memBufLimit | string | `"4MB"` |  |
-| fluent-bit.config.input.refreshInterval | int | `10` |  |
-| fluent-bit.config.inputs | string | `"[INPUT]\n    Name tail\n    Path /var/log/containers/*.log\n    multiline.parser cri\n    Tag cri.*\n    Skip_Long_Lines On\n    DB /var/log/flb_kube.db\n    DB.Sync Normal\n    DB.locking true\n    # Buffer_Max_Size 1M\n    {{- with .Values.config.input }}\n    Mem_Buf_Limit {{ default \"4MB\" .memBufLimit }}\n    Refresh_Interval {{ default 10 .refreshInterval }}\n    {{- end }}\n"` |  |
+| fluent-bit.config.input.memBufLimit | string | `"16MB"` |  |
+| fluent-bit.config.input.refreshInterval | int | `5` |  |
+| fluent-bit.config.inputs | string | `"[INPUT]\n    Name tail\n    Path /var/log/containers/*.log\n    # Exclude ourselves to current error spam, https://github.com/fluent/fluent-bit/issues/5769\n    Exclude_Path *logging-fluent-bit*\n    multiline.parser cri\n    Tag cri.*\n    Skip_Long_Lines On\n    Skip_Empty_Lines On\n    DB /var/log/flb_kube.db\n    DB.Sync Normal\n    DB.locking true\n    # Buffer_Max_Size 1M\n    {{- with .Values.config.input }}\n    Mem_Buf_Limit {{ default \"16MB\" .memBufLimit }}\n    Refresh_Interval {{ default 5 .refreshInterval }}\n    {{- end }}\n"` |  |
 | fluent-bit.config.logLevel | string | `"info"` |  |
 | fluent-bit.config.output.host | string | `"logging-fluentd"` |  |
 | fluent-bit.config.output.sharedKey | string | `"cloudbender"` |  |
@@ -90,13 +90,14 @@ Kubernetes: `>= 1.24.0`
 | fluent-bit.daemonSetVolumes[1].hostPath.path | string | `"/var/lib/containers/logs"` |  |
 | fluent-bit.daemonSetVolumes[1].name | string | `"newlog"` |  |
 | fluent-bit.enabled | bool | `false` |  |
-| fluent-bit.image.tag | string | `"1.9.8"` |  |
+| fluent-bit.image.tag | string | `"2.0.10"` |  |
 | fluent-bit.luaScripts."kubezero.lua" | string | `"function nest_k8s_ns(tag, timestamp, record)\n    if not record['kubernetes']['namespace_name'] then\n        return 0, 0, 0\n    end\n    new_record = {}\n    for key, val in pairs(record) do\n        if key == 'kube' then\n            new_record[key] = {}\n            new_record[key][record['kubernetes']['namespace_name']] = record[key]\n        else\n            new_record[key] = record[key]\n        end\n    end\n    return 1, timestamp, new_record\nend\n"` |  |
 | fluent-bit.resources.limits.memory | string | `"64Mi"` |  |
 | fluent-bit.resources.requests.cpu | string | `"20m"` |  |
 | fluent-bit.resources.requests.memory | string | `"32Mi"` |  |
 | fluent-bit.serviceMonitor.enabled | bool | `false` |  |
 | fluent-bit.serviceMonitor.selector.release | string | `"metrics"` |  |
+| fluent-bit.testFramework.enabled | bool | `false` |  |
 | fluent-bit.tolerations[0].effect | string | `"NoSchedule"` |  |
 | fluent-bit.tolerations[0].operator | string | `"Exists"` |  |
 | fluentd.dashboards.enabled | bool | `false` |  |
diff --git a/charts/kubezero-network/README.md b/charts/kubezero-network/README.md
index 8b2d601..c139bec 100644
--- a/charts/kubezero-network/README.md
+++ b/charts/kubezero-network/README.md
@@ -1,6 +1,6 @@
 # kubezero-network
 
-![Version: 0.4.2](https://img.shields.io/badge/Version-0.4.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.4.3](https://img.shields.io/badge/Version-0.4.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero umbrella chart for all things network
 
@@ -14,13 +14,13 @@ KubeZero umbrella chart for all things network
 
 ## Requirements
 
-Kubernetes: `>= 1.24.0`
+Kubernetes: `>= 1.25.0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
-| https://helm.cilium.io/ | cilium | 1.12.5 |
-| https://metallb.github.io/metallb | metallb | 0.13.7 |
+| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
+| https://helm.cilium.io/ | cilium | 1.13.1 |
+| https://metallb.github.io/metallb | metallb | 0.13.9 |
 
 ## Values
 
@@ -68,4 +68,4 @@ Kubernetes: `>= 1.24.0`
 | multus.defaultNetworks | list | `[]` |  |
 | multus.enabled | bool | `false` |  |
 | multus.readinessindicatorfile | string | `"/etc/cni/net.d/05-cilium.conf"` |  |
-| multus.tag | string | `"v3.9.2"` |  |
+| multus.tag | string | `"v3.9.3"` |  |
diff --git a/charts/kubezero-storage/README.md b/charts/kubezero-storage/README.md
index 6dba472..0ed02e6 100644
--- a/charts/kubezero-storage/README.md
+++ b/charts/kubezero-storage/README.md
@@ -18,12 +18,12 @@ Kubernetes: `>= 1.24.0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | aws-efs-csi-driver | 2.3.2 |
-|  | gemini | 1.0.0 |
+|  | aws-efs-csi-driver | 2.4.1 |
+|  | gemini | 2.0.0 |
 |  | lvm-localpv | 1.0.1 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
 | https://k8up-io.github.io/k8up | k8up | 4.2.0 |
-| https://kubernetes-sigs.github.io/aws-ebs-csi-driver | aws-ebs-csi-driver | 2.14.1 |
+| https://kubernetes-sigs.github.io/aws-ebs-csi-driver | aws-ebs-csi-driver | 2.17.2 |
 
 ## Values
 
diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md
index ce2b336..0170245 100644
--- a/charts/kubezero/README.md
+++ b/charts/kubezero/README.md
@@ -1,6 +1,6 @@
 # kubezero
 
-![Version: 1.24.9](https://img.shields.io/badge/Version-1.24.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 1.25.8](https://img.shields.io/badge/Version-1.25.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero - Root App of Apps chart
 
@@ -14,11 +14,11 @@ KubeZero - Root App of Apps chart
 
 ## Requirements
 
-Kubernetes: `>= 1.24.0`
+Kubernetes: `>= 1.25.0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://cdn.zero-downtime.net/charts | kubezero-lib | >= 0.1.5 |
+| https://cdn.zero-downtime.net/charts | kubezero-lib | >= 0.1.6 |
 
 ## Values
 
@@ -32,7 +32,7 @@ Kubernetes: `>= 1.24.0`
 | addons.external-dns.enabled | bool | `false` |  |
 | addons.forseti.enabled | bool | `false` |  |
 | addons.sealed-secrets.enabled | bool | `false` |  |
-| addons.targetRevision | string | `"0.7.4"` |  |
+| addons.targetRevision | string | `"0.7.5"` |  |
 | argocd.argocd-image-updater.enabled | bool | `false` |  |
 | argocd.enabled | bool | `false` |  |
 | argocd.istio.enabled | bool | `false` |  |
@@ -47,22 +47,22 @@ Kubernetes: `>= 1.24.0`
 | istio-ingress.enabled | bool | `false` |  |
 | istio-ingress.gateway.service | object | `{}` |  |
 | istio-ingress.namespace | string | `"istio-ingress"` |  |
-| istio-ingress.targetRevision | string | `"0.9.0"` |  |
+| istio-ingress.targetRevision | string | `"0.9.1"` |  |
 | istio-private-ingress.chart | string | `"kubezero-istio-gateway"` |  |
 | istio-private-ingress.enabled | bool | `false` |  |
 | istio-private-ingress.gateway.service | object | `{}` |  |
 | istio-private-ingress.namespace | string | `"istio-ingress"` |  |
-| istio-private-ingress.targetRevision | string | `"0.9.0"` |  |
+| istio-private-ingress.targetRevision | string | `"0.9.1"` |  |
 | istio.enabled | bool | `false` |  |
 | istio.namespace | string | `"istio-system"` |  |
-| istio.targetRevision | string | `"0.9.0"` |  |
+| istio.targetRevision | string | `"0.9.1"` |  |
 | kubezero.defaultTargetRevision | string | `"*"` |  |
 | kubezero.gitSync | object | `{}` |  |
 | kubezero.repoURL | string | `"https://cdn.zero-downtime.net/charts"` |  |
 | kubezero.server | string | `"https://kubernetes.default.svc"` |  |
 | logging.enabled | bool | `false` |  |
 | logging.namespace | string | `"logging"` |  |
-| logging.targetRevision | string | `"0.8.4"` |  |
+| logging.targetRevision | string | `"0.8.5"` |  |
 | metrics.enabled | bool | `false` |  |
 | metrics.istio.grafana | object | `{}` |  |
 | metrics.istio.prometheus | object | `{}` |  |
@@ -71,14 +71,14 @@ Kubernetes: `>= 1.24.0`
 | network.cilium.cluster | object | `{}` |  |
 | network.enabled | bool | `true` |  |
 | network.retain | bool | `true` |  |
-| network.targetRevision | string | `"0.4.2"` |  |
+| network.targetRevision | string | `"0.4.3"` |  |
 | storage.aws-ebs-csi-driver.enabled | bool | `false` |  |
 | storage.aws-efs-csi-driver.enabled | bool | `false` |  |
 | storage.enabled | bool | `false` |  |
 | storage.gemini.enabled | bool | `false` |  |
 | storage.k8up.enabled | bool | `false` |  |
 | storage.snapshotController.enabled | bool | `false` |  |
-| storage.targetRevision | string | `"0.8.0"` |  |
+| storage.targetRevision | string | `"0.8.1"` |  |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/kubezero/templates/storage.yaml b/charts/kubezero/templates/storage.yaml
index 60313da..dc56f8a 100644
--- a/charts/kubezero/templates/storage.yaml
+++ b/charts/kubezero/templates/storage.yaml
@@ -60,7 +60,8 @@ aws-efs-csi-driver:
 
     # The EFS controller steel needs hostnetwork and cannot update on single node control planes otherwise
     {{- if not .Values.global.highAvailable }}
-    updateStrategy: Recreate
+    updateStrategy:
+      type: Recreate
     {{- else }}
     affinity:
       podAntiAffinity:
diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml
index ef670c1..b94b056 100644
--- a/charts/kubezero/values.yaml
+++ b/charts/kubezero/values.yaml
@@ -10,7 +10,7 @@ global:
 
 addons:
   enabled: true
-  targetRevision: 0.7.4
+  targetRevision: 0.7.5
   external-dns:
     enabled: false
   forseti: