diff --git a/charts/base-cluster/templates/_helmRelease.yaml b/charts/base-cluster/templates/_helmRelease.yaml index 6cc684d13..66b73bb8c 100644 --- a/charts/base-cluster/templates/_helmRelease.yaml +++ b/charts/base-cluster/templates/_helmRelease.yaml @@ -1,5 +1,5 @@ {{- define "base-cluster.helm.resourceWithDependencies" -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ .name }} diff --git a/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml b/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml index c840bba02..6aa566236 100644 --- a/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml +++ b/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.backup.backupStorageLocations (hasPrefix "4." (dig "spec" "chart" "spec" "version" "" (lookup "helm.toolkit.fluxcd.io/v2beta2" "HelmRelease" "backup" "velero"))) }} +{{- if and .Values.backup.backupStorageLocations (hasPrefix "4." (dig "spec" "chart" "spec" "version" "" (lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "backup" "velero"))) }} apiVersion: batch/v1 kind: Job metadata: diff --git a/charts/base-cluster/templates/backup/velero.yaml b/charts/base-cluster/templates/backup/velero.yaml index 57c938a53..179caf18a 100644 --- a/charts/base-cluster/templates/backup/velero.yaml +++ b/charts/base-cluster/templates/backup/velero.yaml @@ -1,5 +1,5 @@ {{- if .Values.backup.backupStorageLocations }} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: velero diff --git a/charts/base-cluster/templates/cert-manager/cert-manager.yaml b/charts/base-cluster/templates/cert-manager/cert-manager.yaml index 2768fadfd..0809b2315 100644 --- a/charts/base-cluster/templates/cert-manager/cert-manager.yaml +++ b/charts/base-cluster/templates/cert-manager/cert-manager.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager diff --git a/charts/base-cluster/templates/descheduler/descheduler.yaml b/charts/base-cluster/templates/descheduler/descheduler.yaml index 32058ab5a..5ca3e3943 100644 --- a/charts/base-cluster/templates/descheduler/descheduler.yaml +++ b/charts/base-cluster/templates/descheduler/descheduler.yaml @@ -3,7 +3,7 @@ {{- $versionMatrix := dict 18 "0.20.x" 19 "0.21.x" 20 "0.22.x" 21 "0.23.x" 22 "0.24.x" 23 "0.25.x" 24 "0.26.x" 25 "0.27.x" 26 "0.28.x" -}} {{- $latestVersion := .Values.global.helmRepositories.descheduler.charts.descheduler -}} {{- $selectedVersion := (hasKey $versionMatrix $kubeMinorVersion) | ternary (index $versionMatrix $kubeMinorVersion) $latestVersion -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: descheduler diff --git a/charts/base-cluster/templates/dns/external-dns.yaml b/charts/base-cluster/templates/dns/external-dns.yaml index 26eefd781..898f52f1d 100644 --- a/charts/base-cluster/templates/dns/external-dns.yaml +++ b/charts/base-cluster/templates/dns/external-dns.yaml @@ -1,6 +1,6 @@ {{- if .Values.dns.provider -}} {{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .) -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: external-dns diff --git a/charts/base-cluster/templates/flux/flux.yaml b/charts/base-cluster/templates/flux/flux.yaml index 2bf7bcccc..d627ee6bc 100644 --- a/charts/base-cluster/templates/flux/flux.yaml +++ b/charts/base-cluster/templates/flux/flux.yaml @@ -40,7 +40,7 @@ stringData: {{- end }} -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: {{ printf "%s-flux-%s" (include "common.names.fullname" $) $name }} @@ -67,7 +67,7 @@ spec: ref: {{- toYaml $ref | nindent 4 }} {{- end }} --- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: {{ printf "%s-flux-%s" (include "common.names.fullname" $) $name }} diff --git a/charts/base-cluster/templates/global/helmRepositories.yaml b/charts/base-cluster/templates/global/helmRepositories.yaml index fc645f138..1a070bdef 100644 --- a/charts/base-cluster/templates/global/helmRepositories.yaml +++ b/charts/base-cluster/templates/global/helmRepositories.yaml @@ -5,7 +5,7 @@ {{- end -}} {{- if $create -}} {{- if eq ($config.type | default "helm") "helm" }} -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: {{ $name | quote }} @@ -20,7 +20,7 @@ spec: --- {{ else -}} {{- range $chartName, $chartConfig := $config.charts -}} -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: {{ printf "%s-%s" $name $chartName | quote }} diff --git a/charts/base-cluster/templates/global/reflector.yaml b/charts/base-cluster/templates/global/reflector.yaml index fc6fe1d70..418f0d6b7 100644 --- a/charts/base-cluster/templates/global/reflector.yaml +++ b/charts/base-cluster/templates/global/reflector.yaml @@ -1,5 +1,5 @@ {{- if include "base-cluster.reflector.enabled" (dict "context" .) -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: reflector diff --git a/charts/base-cluster/templates/ingress/nginx.yaml b/charts/base-cluster/templates/ingress/nginx.yaml index 3bf82fbce..462265b89 100644 --- a/charts/base-cluster/templates/ingress/nginx.yaml +++ b/charts/base-cluster/templates/ingress/nginx.yaml @@ -1,5 +1,5 @@ {{ if .Values.ingress.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ingress-nginx diff --git a/charts/base-cluster/templates/kyverno/kyverno.yaml b/charts/base-cluster/templates/kyverno/kyverno.yaml index 7014f9728..5fab10f32 100644 --- a/charts/base-cluster/templates/kyverno/kyverno.yaml +++ b/charts/base-cluster/templates/kyverno/kyverno.yaml @@ -1,5 +1,5 @@ {{- if .Values.kyverno.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: kyverno diff --git a/charts/base-cluster/templates/kyverno/policies/kyverno-base-policies/kyverno-policies.yaml b/charts/base-cluster/templates/kyverno/policies/kyverno-base-policies/kyverno-policies.yaml index 1a0f0bec6..615242592 100644 --- a/charts/base-cluster/templates/kyverno/policies/kyverno-base-policies/kyverno-policies.yaml +++ b/charts/base-cluster/templates/kyverno/policies/kyverno-base-policies/kyverno-policies.yaml @@ -1,6 +1,6 @@ {{- if .Values.kyverno.enabled }} # https://github.com/kyverno/kyverno/tree/main/charts/kyverno-policies -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: kyverno-policies diff --git a/charts/base-cluster/templates/kyverno/policies/teuto-policies/restrict-automount-sa-token/_policy.yaml b/charts/base-cluster/templates/kyverno/policies/teuto-policies/restrict-automount-sa-token/_policy.yaml index 95955f0fd..3f327fd4f 100644 --- a/charts/base-cluster/templates/kyverno/policies/teuto-policies/restrict-automount-sa-token/_policy.yaml +++ b/charts/base-cluster/templates/kyverno/policies/teuto-policies/restrict-automount-sa-token/_policy.yaml @@ -25,9 +25,6 @@ spec: - Pod preconditions: any: - - key: {{ `{{ request.object.spec.serviceAccountName || '' }}` | quote }} - operator: Equals - value: "" - key: {{ `{{ request.object.spec.serviceAccountName || 'default' }}` | quote }} operator: Equals value: default @@ -36,4 +33,4 @@ spec: pattern: spec: automountServiceAccountToken: "false" -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/base-cluster/templates/kyverno/validation.tpl b/charts/base-cluster/templates/kyverno/validation.tpl index 9b223f302..aeced43e1 100644 --- a/charts/base-cluster/templates/kyverno/validation.tpl +++ b/charts/base-cluster/templates/kyverno/validation.tpl @@ -1,4 +1,4 @@ -{{- $existingKyverno := lookup "helm.toolkit.fluxcd.io/v2beta2" "HelmRelease" "kyverno" "kyverno" -}} +{{- $existingKyverno := lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "kyverno" "kyverno" -}} {{- $lastAttemptedRevision := dig "status" "lastAttemptedRevision" "" $existingKyverno }} {{- $lastAppliedRevision := dig "status" "lastAppliedRevision" "" $existingKyverno }} {{- if or $lastAppliedRevision $lastAttemptedRevision -}} diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml index 340c68265..41c69fd74 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml @@ -11,7 +11,7 @@ {{- $port := $backend.port -}} {{- $targetServiceName := printf "%s-%s" (include "common.names.dependency.fullname" (dict "chartName" "kube-prometheus-stack" "chartValues" (dict) "context" (dict "Release" (dict "Name" "kube-prometheus-stack")))) $host -}} {{- $ingress := include "base-cluster.monitoring.ingress.config" (dict "name" $host "context" $) | fromYaml -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cluster-{{ $host }}-oauth-proxy diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/prometheus-operator.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/prometheus-operator.yaml index 949255854..361bff68d 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/prometheus-operator.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/prometheus-operator.yaml @@ -1,5 +1,5 @@ {{- if .Values.monitoring.prometheus.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: kube-prometheus-stack @@ -21,15 +21,13 @@ spec: crds: CreateReplace postRenderers: - kustomize: - patchesStrategicMerge: - - apiVersion: apps/v1 - kind: Deployment - metadata: + patches: + - target: + kind: Deployment name: kube-prometheus-stack-grafana-image-renderer - namespace: monitoring - spec: - template: - spec: - automountServiceAccountToken: false + patch: |- + - op: add + path: /spec/template/spec/automountServiceAccountToken + value: false values: {{- include "base-cluster.prometheus.config" . | nindent 4 }} {{- end }} diff --git a/charts/base-cluster/templates/monitoring/loki/loki.yaml b/charts/base-cluster/templates/monitoring/loki/loki.yaml index 07bba4863..10ecb3ba4 100644 --- a/charts/base-cluster/templates/monitoring/loki/loki.yaml +++ b/charts/base-cluster/templates/monitoring/loki/loki.yaml @@ -1,5 +1,5 @@ {{- if and .Values.monitoring.prometheus.enabled .Values.monitoring.loki.enabled -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: loki diff --git a/charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml b/charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml index 17a74e289..86f0c1e88 100644 --- a/charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml +++ b/charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml @@ -1,5 +1,5 @@ {{- if .Values.monitoring.metricsServer.enabled -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: metrics-server diff --git a/charts/base-cluster/templates/monitoring/security/trivy.yaml b/charts/base-cluster/templates/monitoring/security/trivy.yaml index f124fb4dc..5dee7c1d3 100644 --- a/charts/base-cluster/templates/monitoring/security/trivy.yaml +++ b/charts/base-cluster/templates/monitoring/security/trivy.yaml @@ -1,5 +1,5 @@ {{- if .Values.monitoring.securityScanning.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: trivy diff --git a/charts/base-cluster/templates/monitoring/tracing/grafana-tempo.yaml b/charts/base-cluster/templates/monitoring/tracing/grafana-tempo.yaml index 734bac602..b665cf643 100644 --- a/charts/base-cluster/templates/monitoring/tracing/grafana-tempo.yaml +++ b/charts/base-cluster/templates/monitoring/tracing/grafana-tempo.yaml @@ -1,5 +1,5 @@ {{- if and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: grafana-tempo diff --git a/charts/base-cluster/templates/monitoring/tracing/opentelemetry-collector.yaml b/charts/base-cluster/templates/monitoring/tracing/opentelemetry-collector.yaml index ce9e780ca..8dec42525 100644 --- a/charts/base-cluster/templates/monitoring/tracing/opentelemetry-collector.yaml +++ b/charts/base-cluster/templates/monitoring/tracing/opentelemetry-collector.yaml @@ -1,5 +1,5 @@ {{- if and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: open-telemetry-collector diff --git a/charts/base-cluster/templates/nfs-server-provisioner/nfs-server-provisioner.yaml b/charts/base-cluster/templates/nfs-server-provisioner/nfs-server-provisioner.yaml index cb1ce237f..c8e920563 100644 --- a/charts/base-cluster/templates/nfs-server-provisioner/nfs-server-provisioner.yaml +++ b/charts/base-cluster/templates/nfs-server-provisioner/nfs-server-provisioner.yaml @@ -1,5 +1,5 @@ {{- if .Values.storage.readWriteMany.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: nfs-server-provisioner