argo-cd upgrade v2.13.2 --> v3.0.5

2025-06-01 14:34:19 -04:00 · 2025-06-01 14:34:19 -04:00 · cf9eada196
commit cf9eada196
parent f37e839267
32 changed files with 3106 additions and 151 deletions
--- a/manifests/argo-cd/Chart.lock
+++ b/manifests/argo-cd/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
  repository: https://dandydeveloper.github.io/charts/
-  version: 4.29.4
+  version: 4.33.7
-digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7
+digest: sha256:a3eba6bba484e9fbfaca33e7f1ea3e6daed74014df7e7b077c496c2201b01996
-generated: "2024-11-13T09:07:36.494128+09:00"
+generated: "2025-05-25T11:18:29.356017-05:00"
--- a/manifests/argo-cd/Chart.yaml
+++ b/manifests/argo-cd/Chart.yaml
@ -1,17 +1,17 @@
 annotations:
  artifacthub.io/changes: |
    - kind: added
-      description: Added functionality to en/disable argocd-ssh-known-hosts-cm
+      description: Added hydrator.enabled parameter to support the hydrator feature
  artifacthub.io/signKey: |
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
 apiVersion: v2
-appVersion: v2.13.2
+appVersion: v3.0.5
 dependencies:
 - condition: redis-ha.enabled
  name: redis-ha
  repository: https://dandydeveloper.github.io/charts/
-  version: 4.29.4
+  version: 4.33.7
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool
  for Kubernetes.
 home: https://github.com/argoproj/argo-helm
@ -28,4 +28,4 @@ name: argo-cd
 sources:
 - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
 - https://github.com/argoproj/argo-cd
-version: 7.7.11
+version: 8.0.14
--- a/manifests/argo-cd/README.md
+++ b/manifests/argo-cd/README.md
@ -191,7 +191,7 @@ server:
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/backend-protocol: HTTP
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/ssl-redirect: '443'
    aws:
      serviceType: ClusterIP # <- Used with target-type: ip
@ -278,6 +278,42 @@ For full list of changes please check ArtifactHub [changelog].
 Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
 ### 8.0.0
 In this release we upgrade the Helm chart to deploy the next major version of Argo CD (v3.0.0).
 Please carefully read at least those resources:
 - [v2.14 to 3.0 upgrade instructions]
 - [Argo CD v3.0 Release Blog Post]
 ### 7.9.0
 Chart versions from >= 7.7.2 and < 7.9.0 are using a Redis version which is no longer using an open source version of Redis.
 Thus we downgraded Redis to latest available 7.2 (from 7.4) to be in-line with upstream manifests and fully honor
 [CNCF Allowlist License Policy].
 **Users using redis-ha may encounter issues** which can be resolved by either deleting all redis-ha pods after the
 deployment/upgrade:
 ```bash
 kubectl delete pods -l app=redis-ha
 ```
 Or alternatively by temporary switching to a single redis installation, then back to HA.
 1. Evaluate current chart version in use
   ```bash
   $ helm ls
   NAME  	NAMESPACE	REVISION	UPDATED                              	STATUS  	CHART         	APP VERSION
   argocd	argocd   	3       	2025-04-29 00:07:43.099922 +0200 CEST	deployed	argo-cd-7.8.28	v2.14.11
   ```
 2. Switch to single redis
   ```bash
   helm upgrade argocd argo/argo-cd --version <your current chart version> --reuse-values --set redis-ha.enabled=false
   ```
 3. Upgrade to chart version 7.9 or newer and re-enable redis HA again
   ```bash
   helm upgrade argocd argo/argo-cd --version 7.9.0 --reuse-values --set redis-ha.enabled=true
   ```
 ### 7.0.0
 We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`.
@ -312,7 +348,7 @@ This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr
 Upstream steps in the [FAQ] are not enough, since we chose a different approach.
 (We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.)
-Steps to roteate the secret when using the helm chart (bold step is additional to upstream):
+Steps to rotate the secret when using the helm chart (bold step is additional to upstream):
 * Delete `argocd-redis` secret in the namespace where Argo CD is installed.
  ```bash
  kubectl delete secret argocd-redis -n <argocd namespace>
@ -685,6 +721,8 @@ NAME: my-release
 ## Global Configs
 NOTE: Any values you put under `.Values.configs.cm` are passed to argocd-cm ConfigMap.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. |
@ -708,7 +746,7 @@ NAME: my-release
 | global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` |
 | global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components |
 | global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic |
-| global.nodeSelector | object | `{}` | Default node selector for all components |
+| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components |
 | global.podAnnotations | object | `{}` | Annotations for the all deployed pods |
 | global.podLabels | object | `{}` | Labels for the all deployed pods |
 | global.priorityClassName | string | `""` | Default priority class for all components |
@ -726,7 +764,17 @@ NAME: my-release
 | configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] |
 | configs.cm."admin.enabled" | bool | `true` | Enable local admin user |
 | configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning |
 | configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) |
 | configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI |
 | configs.cm."resource.customizations.ignoreResourceUpdates.ConfigMap" | string | See [values.yaml] | Ignore the cluster-autoscaler status |
 | configs.cm."resource.customizations.ignoreResourceUpdates.Endpoints" | string | See [values.yaml] | Ignores update if Endpoints is not excluded globally |
 | configs.cm."resource.customizations.ignoreResourceUpdates.all" | string | See [values.yaml] | Ignoring status for all resources. An update will still be sent if the status update causes the health to change. |
 | configs.cm."resource.customizations.ignoreResourceUpdates.apps_ReplicaSet" | string | See [values.yaml] | Ignore the common scaling annotations |
 | configs.cm."resource.customizations.ignoreResourceUpdates.argoproj.io_Application" | string | See [values.yaml] | Some Application fields are generated and not related to the application updates itself |
 | configs.cm."resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout" | string | See [values.yaml] | Ignore Argo Rollouts generated fields |
 | configs.cm."resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler" | string | See [values.yaml] | Legacy annotations used on HPA autoscaling/v1 |
 | configs.cm."resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice" | string | See [values.yaml] | Ignores update if EndpointSlice is not excluded globally |
 | configs.cm."resource.exclusions" | string | See [values.yaml] | Resource Exclusion/Inclusion |
 | configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement |
 | configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge |
 | configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache |
@ -749,6 +797,8 @@ NAME: my-release
 | configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. |
 | configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts |
 | configs.params."controller.status.processors" | int | `20` | Number of application status processors |
 | configs.params."controller.sync.timeout.seconds" | int | `0` | Specifies the timeout after which a sync would be terminated. 0 means no timeout |
 | configs.params."hydrator.enabled" | bool | `false` | Enable the hydrator feature (hydrator is in Alpha phase) |
 | configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") |
 | configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. |
 | configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / |
@ -789,6 +839,7 @@ NAME: my-release
 | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. |
 | configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap |
 | configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories |
 | configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. |
 ## Argo CD Controller
@ -1168,7 +1219,7 @@ NAME: my-release
 | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod |
 | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy |
 | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository |
-| dex.image.tag | string | `"v2.41.1"` | Dex image tag |
+| dex.image.tag | string | `"v2.43.1"` | Dex image tag |
 | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
 | dex.initContainers | list | `[]` | Init containers to add to the dex pod |
 | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy |
@ -1184,8 +1235,6 @@ NAME: my-release
 | dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
 | dex.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
 | dex.logFormat | string | `""` (defaults to global.logging.format) | Dex log format. Either `text` or `json` |
 | dex.logLevel | string | `""` (defaults to global.logging.level) | Dex log level. One of: `debug`, `info`, `warn`, `error` |
 | dex.metrics.enabled | bool | `false` | Deploy metrics service |
 | dex.metrics.service.annotations | object | `{}` | Metrics service annotations |
 | dex.metrics.service.labels | object | `{}` | Metrics service labels |
@ -1258,8 +1307,8 @@ NAME: my-release
 | redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
 | redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter |
 | redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter |
-| redis.exporter.image.repository | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
+| redis.exporter.image.repository | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter |
-| redis.exporter.image.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
+| redis.exporter.image.tag | string | `"v1.73.0"` | Tag to use for the redis-exporter |
 | redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter |
 | redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated |
@ -1276,8 +1325,8 @@ NAME: my-release
 | redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server |
 | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod |
 | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy |
-| redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
+| redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository |
-| redis.image.tag | string | `"7.4.1-alpine"` | Redis tag |
+| redis.image.tag | string | `"7.2.8-alpine"` | Redis tag |
 | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
 | redis.initContainers | list | `[]` | Init containers to add to the redis pod |
 | redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server |
@ -1351,19 +1400,20 @@ The main options are listed here:
 | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment |
 | redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. |
 | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar |
-| redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter |
+| redis-ha.exporter.image | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter |
-| redis-ha.exporter.tag | string | `"1.58.0"` | Tag to use for the redis-exporter |
+| redis-ha.exporter.tag | string | `"v1.69.0"` | Tag to use for the redis-exporter |
 | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. |
 | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. |
 | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context |
 | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy |
 | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. |
 | redis-ha.haproxy.image.repository | string | `"ecr-public.aws.com/docker/library/haproxy"` | HAProxy Image Repository |
 | redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. |
 | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping |
 | redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. |
 | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. |
-| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository |
+| redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository |
-| redis-ha.image.tag | string | `"7.4.1-alpine"` | Redis tag |
+| redis-ha.image.tag | string | `"7.2.8-alpine"` | Redis tag |
 | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes |
 | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) |
 | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""`  is disabled |
@ -1565,8 +1615,6 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
 | notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
 | notifications.logFormat | string | `""` (defaults to global.logging.format) | Notifications controller log format. Either `text` or `json` |
 | notifications.logLevel | string | `""` (defaults to global.logging.level) | Notifications controller log level. One of: `debug`, `info`, `warn`, `error` |
 | notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server |
 | notifications.metrics.port | int | `9001` | Metrics port |
 | notifications.metrics.service.annotations | object | `{}` | Metrics service annotations |
@ -1619,30 +1667,89 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller |
 | notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent |
 ## Commit server (Manifest Hydrator)
 The Argo CD Commit Server provides push access to git repositories for hydrated manifests.
 To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator].
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
 | commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. |
 | commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context |
 | commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment |
 | commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment |
 | commitServer.dnsConfig | object | `{}` | [DNS configuration] |
 | commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods |
 | commitServer.enabled | bool | `false` | Enable commit server |
 | commitServer.extraArgs | list | `[]` | commit server command line flags |
 | commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server |
 | commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server |
 | commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) |
 | commitServer.extraVolumes | list | `[]` | List of extra volumes to add |
 | commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server |
 | commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server |
 | commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server |
 | commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server |
 | commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated |
 | commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] |
 | commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out |
 | commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server |
 | commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations |
 | commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
 | commitServer.metrics.service.labels | object | `{}` | Metrics service labels |
 | commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name |
 | commitServer.metrics.service.servicePort | int | `8087` | Metrics service port |
 | commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
 | commitServer.name | string | `"commit-server"` | Commit server name |
 | commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
 | commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods |
 | commitServer.podLabels | object | `{}` | Labels for the commit server pods |
 | commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods |
 | commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server |
 | commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
 | commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated |
 | commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
 | commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
 | commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. |
 | commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server |
 | commitServer.service.annotations | object | `{}` | commit server service annotations |
 | commitServer.service.labels | object | `{}` | commit server service labels |
 | commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
 | commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
 | commitServer.serviceAccount.create | bool | `true` | Create commit server service account |
 | commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account |
 | commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name |
 | commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
 | commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
 | commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
 [Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
-[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
-[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
+[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom
 [CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
 [changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
 [Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/
 [DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
 [external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
 [FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/
-[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
+[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
 [declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
 [gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
 [GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
 [HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
 [MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
-[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
+[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
 [PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
 [probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 [RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
-[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
-[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
 [values.yaml]: values.yaml
 [v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md
 [tini]: https://github.com/argoproj/argo-cd/pull/12707
@ -1651,3 +1758,8 @@ Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/
 [Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace
 [Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice
 [Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer
 [Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/
 [Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md
 [CNCF Allowlist License Policy]: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md#cncf-allowlist-license-policy
 [v2.14 to 3.0 upgrade instructions]: https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/2.14-3.0/
 [Argo CD v3.0 Release Blog Post]: https://blog.argoproj.io/argo-cd-v3-0-release-candidate-a0b933f4e58f
--- a/manifests/argo-cd/charts/redis-ha/Chart.yaml
+++ b/manifests/argo-cd/charts/redis-ha/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 7.2.4
+appVersion: 7.2.7
 description: This Helm chart provides a highly available Redis implementation with
  a master/slave configuration and uses Sentinel sidecars for failover management
 home: http://redis.io/
@ -9,8 +9,6 @@ keywords:
 - keyvalue
 - database
 maintainers:
 - email: salimsalaues@gmail.com
  name: ssalaues
 - email: aaron.layfield@gmail.com
  name: dandydeveloper
 name: redis-ha
@ -18,4 +16,4 @@ sources:
 - https://redis.io/download
 - https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha
 - https://github.com/oliver006/redis_exporter
-version: 4.29.4
+version: 4.33.7
--- a/manifests/argo-cd/charts/redis-ha/README.md
+++ b/manifests/argo-cd/charts/redis-ha/README.md
@ -67,9 +67,9 @@ The following table lists the configurable parameters of the Redis chart and the
 | `auth` | Configures redis with AUTH (requirepass & masterauth conf params) | bool | `false` |
 | `authKey` | Defines the key holding the redis password in existing secret. | string | `"auth"` |
 | `configmap.labels` | Custom labels for the redis configmap | object | `{}` |
-| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.5.0"}` |
+| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.10.0"}` |
 | `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | string | `"koalaman/shellcheck"` |
-| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.5.0"` |
+| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.10.0"` |
 | `configmapTest.resources` | Resources for the ConfigMap test pod | object | `{}` |
 | `containerSecurityContext` | Security context to be added to the Redis containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` |
 | `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | object | `{}` |
@ -78,7 +78,7 @@ The following table lists the configurable parameters of the Redis chart and the
 | `extraInitContainers` | Extra init containers to include in StatefulSet | list | `[]` |
 | `extraLabels` | Labels added here are applied to all created resources | object | `{}` |
 | `extraVolumes` | Extra volumes to include in StatefulSet | list | `[]` |
-| `fullNameOverride` | Full name of the Redis HA Resources | string | `""` |
+| `fullnameOverride` | Full name of the Redis HA Resources | string | `""` |
 | `global.compatibility` | Openshift compatibility options | object | `{"openshift":{"adaptSecurityContext":"auto"}}` |
 | `global.priorityClassName` | Default priority class for all components | string | `""` |
 | `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. # This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature | bool | `true` |
@ -86,7 +86,7 @@ The following table lists the configurable parameters of the Redis chart and the
 | `hostPath.path` | Use this path on the host for data storage. path is evaluated as template so placeholders are replaced | string | `""` |
 | `image.pullPolicy` | Redis image pull policy | string | `"IfNotPresent"` |
 | `image.repository` | Redis image repository | string | `"public.ecr.aws/docker/library/redis"` |
-| `image.tag` | Redis image tag | string | `"7.2.4-alpine"` |
+| `image.tag` | Redis image tag | string | `"7.2.7-alpine"` |
 | `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | list | `[]` |
 | `init.resources` | Extra init resources | object | `{}` |
 | `labels` | Custom labels for the redis pod | object | `{}` |
@ -165,7 +165,7 @@ The following table lists the configurable parameters of the Redis chart and the
 | `schedulerName` | Use an alternate scheduler, e.g. "stork". ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | string | `""` |
 | `securityContext` | Security context to be added to the Redis StatefulSet. | object | `{"fsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` |
 | `serviceAccount.annotations` | Annotations to be added to the service account for the redis statefulset | object | `{}` |
-| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `false` |
+| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `true` |
 | `serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` |
 | `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the redis-ha.fullname template | string | `""` |
 | `serviceLabels` | Custom labels for redis service | object | `{}` |
--- a/manifests/argo-cd/charts/redis-ha/templates/_configs.tpl
+++ b/manifests/argo-cd/charts/redis-ha/templates/_configs.tpl
@ -333,7 +333,7 @@
    identify_announce_ip
    if [ -z "${ANNOUNCE_IP}" ]; then
-        "Error: Could not resolve the announce ip for this pod."
+        "Error: Could not resolve the announce ip for this pod"
        exit 1
    elif [ "${MASTER}" ]; then
        find_master
@ -534,7 +534,7 @@
      {{- if .Values.haproxy.tls.enabled }}
      bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.haproxy.containerPort }} ssl crt {{ .Values.haproxy.tls.certMountPath }}{{ .Values.haproxy.tls.keyName }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
      {{ else }}
-      bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.redis.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
+      bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ if ne (int $root.Values.redis.port) 0 }}{{ $root.Values.redis.port }}{{ else }}{{ $root.Values.redis.tlsPort }}{{ end }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
      {{- end }}
      use_backend bk_redis_master
    {{- if .Values.haproxy.readOnly.enabled }}
--- a/manifests/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml
+++ b/manifests/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml
@ -12,9 +12,6 @@ metadata:
 spec:
  selector:
    matchLabels:
      # The replica label is set on StatefulSet pods but not the Test pods
      # We want to avoid including the Test pods in the budget
      {{ template "redis-ha.fullname" . }}: replica
      release: {{ .Release.Name }}
      app: {{ template "redis-ha.name" . }}
 {{ toYaml .Values.podDisruptionBudget | indent 2 }}
--- a/manifests/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml
+++ b/manifests/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml
@ -1,5 +1,6 @@
 {{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}}
 {{- $regexRestoreSSH := "^.+@.+:.+" -}}
 {{- $regexRestoreRedis := "^redis://(?:[A-Za-z0-9_]+(?::[^@]+)?@)?[A-Za-z0-9.-]+(?::\\d{1,5})?(?:/\\d+)?$" -}}
 apiVersion: apps/v1
 kind: StatefulSet
@ -246,6 +247,34 @@ spec:
        - name: data
          mountPath: /data
 {{- end }}
 {{ if regexFind $regexRestoreRedis (toString .Values.restore.redis.source) }}
      - name: restore-redis
        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        resources:
 {{ toYaml .Values.init.resources | indent 10 }}
        command:
        - sh
        args:
        - "-c"
        - "echo $HOSTNAME | grep -q 'ha-server-0' \
          && nc -w 5 -vz {{ regexReplaceAll  "^redis:\\/\\/(.*)" .Values.restore.redis.source "${1}" }} \
          && test ! -s /data/dump.rdb \
          && timeout {{ .Values.restore.timeout }} \
          redis-cli -u {{ .Values.restore.redis.source }} --rdb /data/dump.rdb_ \
          && test -s /data/dump.rdb_ \
          && if test -s /data/dump.rdb; \
              then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \
          && mv -v /data/dump.rdb_ /data/dump.rdb || true"
        {{- if .Values.restore.existingSecret }}
        envFrom:
        - secretRef:
            name: {{ .Values.existingSecret }}
        {{- end }}
        volumeMounts:
        - name: data
          mountPath: /data
 {{- end }}
 {{- if .Values.extraInitContainers }}
 {{- toYaml .Values.extraInitContainers | nindent 6 }}
 {{- end }}
--- a/manifests/argo-cd/charts/redis-ha/values.yaml
+++ b/manifests/argo-cd/charts/redis-ha/values.yaml
@ -14,12 +14,12 @@ image:
  # -- Redis image repository
  repository: public.ecr.aws/docker/library/redis
  # -- Redis image tag
-  tag: 7.2.4-alpine
+  tag: 7.2.7-alpine
  # -- Redis image pull policy
  pullPolicy: IfNotPresent
 # -- Full name of the Redis HA Resources
-fullNameOverride: ""
+fullnameOverride: ""
 # -- Name override for Redis HA resources
 nameOverride: ""
@ -70,7 +70,7 @@ configmapTest:
    # -- Repository of the configmap shellcheck test image.
    repository: koalaman/shellcheck
    # -- Tag of the configmap shellcheck test image.
-    tag: v0.5.0
+    tag: v0.10.0
  # -- Resources for the ConfigMap test pod
  resources: {}
@ -127,7 +127,7 @@ haproxy:
    # -- HAProxy Image Repository
    repository: public.ecr.aws/docker/library/haproxy
    # -- HAProxy Image Tag
-    tag: 2.9.4-alpine
+    tag: 3.0.8-alpine
    # -- HAProxy Image PullPolicy
    pullPolicy: IfNotPresent
@ -185,7 +185,7 @@ haproxy:
  serviceAccount:
    # -- Specifies whether a ServiceAccount should be created
    create: true
-    automountToken: false
+    automountToken: true
  ## Official HAProxy embedded prometheus metrics settings.
  ## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter
@ -418,15 +418,15 @@ redis:
    # -- Enable Startup Probe
    enabled: true
    # -- Initial delay in seconds for startup probe
-    initialDelaySeconds: 5
+    initialDelaySeconds: 30
    # -- Period in seconds after which startup probe will be repeated
-    periodSeconds: 10
+    periodSeconds: 15
    # -- Timeout seconds for startup probe
    timeoutSeconds: 15
    # -- Success threshold for startup probe
    successThreshold: 1
    # -- Failure threshold for startup probe
-    failureThreshold: 3
+    failureThreshold: 5
  # -- Array with commands to disable
  disableCommands:
@ -700,9 +700,9 @@ exporter:
  # -- If `true`, the prometheus exporter sidecar is enabled
  enabled: false
  # -- Exporter image
-  image: oliver006/redis_exporter
+  image: quay.io/oliver006/redis_exporter
  # -- Exporter image tag
-  tag: v1.57.0
+  tag: v1.67.0
  # -- Exporter image pullPolicy
  pullPolicy: IfNotPresent
@ -889,6 +889,8 @@ tls:
 # EXAMPLE source for s3 restore: 's3://bucket/dump.rdb'
 # REQUIRED for ssh restore: 'key' should be in one line including CR i.e. '-----BEGIN RSA PRIVATE KEY-----\n...\n...\n...\n-----END RSA PRIVATE KEY-----'
 # EXAMPLE source for ssh restore: 'user@server:/path/dump.rdb'
 # REQUIRED for redis restore: 'source' should be in form of redis connection uri: 'redis://[username:password@]host:port[/db]'
 # EXAMPLE source for redis restore: 'redis://username:password@localhost:6379'
 restore:
  # -- Timeout for the restore
  timeout: 600
@ -914,6 +916,8 @@ restore:
    # Key should be in one line separated with \n.
    # i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----`
    key: ""
  redis:
    source: ""
 ## Custom PrometheusRule to be defined
 ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
--- a/manifests/argo-cd/templates/NOTES.txt
+++ b/manifests/argo-cd/templates/NOTES.txt
@ -1,3 +1,15 @@
 {{- if .Values.notifications.logLevel }}
 DEPRECATED option notifications.logLevel - Use `configs.params."notificationscontroller.log.level"`
 {{- end }}
 {{- if .Values.notifications.logFormat }}
 DEPRECATED option notifications.logFormat - Use `configs.params."notificationscontroller.log.format"`
 {{- end }}
 {{- if .Values.dex.logLevel }}
 DEPRECATED option dex.logLevel - Use `configs.params."dexserver.log.level"`
 {{- end }}
 {{- if .Values.dex.logFormat }}
 DEPRECATED option dex.logFormat - Use `configs.params."dexserver.log.format"`
 {{- end }}
 In order to access the server UI you have the following options:
 1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include  "argo-cd.namespace" . }} 8080:443
--- a/manifests/argo-cd/templates/_helpers.tpl
+++ b/manifests/argo-cd/templates/_helpers.tpl
@ -177,6 +177,24 @@ Create the name of the notifications service account to use
 {{- end -}}
 {{- end -}}
 {{/*
 Create argocd commit-server name and version as used by the chart label.
 */}}
 {{- define "argo-cd.commitServer.fullname" -}}
 {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create the name of the commit-server service account to use
 */}}
 {{- define "argo-cd.commitServer.serviceAccountName" -}}
 {{- if .Values.commitServer.serviceAccount.create -}}
    {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.commitServer.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 {{/*
 Argo Configuration Preset Values (Influenced by Values configuration)
 */}}
@ -220,7 +238,7 @@ NOTE: Configuration keys must be stored as dict because YAML treats dot as separ
 {{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}}
 {{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}}
 {{- end -}}
-{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" -}}
+{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" "notificationscontroller" "dexserver" -}}
 {{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}}
 {{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}}
 {{- end -}}
@ -257,3 +275,44 @@ ipFamilyPolicy: {{ . }}
 ipFamilies: {{ toYaml . | nindent 4 }}
 {{- end }}
 {{- end }}
 {{/*
 secretKeyRef of env variable REDIS_USERNAME
 */}}
 {{- define "argo-cd.redisUsernameSecretRef" -}}
    {{- if .Values.externalRedis.host -}}
 name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
 key: redis-username
 optional: {{ if .Values.externalRedis.username }}false{{ else }}true{{ end }}
    {{- else -}}
 name: "argocd-redis"
 key: redis-username
 optional: true
    {{- end -}}
 {{- end -}}
 {{/*
 secretKeyRef of env variable REDIS_PASSWORD
 */}}
 {{- define "argo-cd.redisPasswordSecretRef" -}}
    {{- if .Values.externalRedis.host -}}
    {{- /* External Redis use case */ -}}
    {{- /* Secret is required when specifying existingSecret or a password, otherwise it is optional */ -}}
 name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
 key: redis-password
 optional: {{ if or .Values.externalRedis.existingSecret .Values.externalRedis.password }}false{{ else }}true{{ end }}
    {{- else if and .Values.redisSecretInit.enabled -}}
    {{- /* Default case where Secret is generated by the Job with Helm pre-install hooks */ -}}
 name: "argocd-redis" # hard-coded in Job command and embedded Redis deployments (standalone and redis-ha)
 key: auth
 optional: false # Secret is not optional in this case !
    {{- else -}}
    {{- /* All other use cases (e.g. disabled pre-install Job) */ -}}
 name: "argocd-redis"
 key: auth
 optional: true
    {{- end -}}
 {{- end -}}
--- a/manifests/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/manifests/argo-cd/templates/argocd-application-controller/deployment.yaml
@ -145,6 +145,12 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.log.level
                optional: true
          - name: ARGOCD_LOG_FORMAT_TIMESTAMP
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: log.format.timestamp
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
@ -175,6 +181,18 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.cap.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.cooldown.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.sync.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
            valueFrom:
              configMapKeyRef:
@ -220,19 +238,11 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
@ -311,6 +321,24 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.ignore.normalizer.jq.timeout
                optional: true
          - name: ARGOCD_HYDRATOR_ENABLED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: hydrator.enabled
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.batch.events.processing
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.events.processing.interval
                optional: true
        {{- with .Values.controller.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
--- a/manifests/argo-cd/templates/argocd-application-controller/role.yaml
+++ b/manifests/argo-cd/templates/argocd-application-controller/role.yaml
@ -19,6 +19,7 @@ rules:
  - argoproj.io
  resources:
  - applications
  - applicationsets
  - appprojects
  verbs:
  - create
--- a/manifests/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/manifests/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -144,6 +144,12 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.log.level
                optional: true
          - name: ARGOCD_LOG_FORMAT_TIMESTAMP
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: log.format.timestamp
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
            valueFrom:
              configMapKeyRef:
@ -174,6 +180,18 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.cap.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.self.heal.backoff.cooldown.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.sync.timeout.seconds
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
            valueFrom:
              configMapKeyRef:
@ -219,19 +237,11 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
@ -268,6 +278,12 @@ spec:
                name: argocd-cmd-params-cm
                key: otlp.headers
                optional: true
          - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.attrs
                optional: true
          - name: ARGOCD_APPLICATION_NAMESPACES
            valueFrom:
              configMapKeyRef:
@ -310,6 +326,26 @@ spec:
                name: argocd-cmd-params-cm
                key: controller.ignore.normalizer.jq.timeout
                optional: true
          - name: ARGOCD_HYDRATOR_ENABLED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: hydrator.enabled
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.batch.events.processing
                optional: true
          - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: controller.cluster.cache.events.processing.interval
                optional: true
          - name: KUBECACHEDIR
            value: /tmp/kubecache
        {{- with .Values.controller.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
@ -344,6 +380,8 @@ spec:
          name: argocd-home
        - name: argocd-cmd-params-cm
          mountPath: /home/argocd/params
        - name: argocd-application-controller-tmp
          mountPath: /tmp
      {{- with .Values.controller.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
@ -385,6 +423,8 @@ spec:
        {{- else }}
        emptyDir: {}
        {{- end }}
      - emptyDir: {}
        name: argocd-application-controller-tmp
      - name: argocd-repo-server-tls
        secret:
          secretName: argocd-repo-server-tls
--- a/manifests/argo-cd/templates/argocd-applicationset/deployment.yaml
+++ b/manifests/argo-cd/templates/argocd-applicationset/deployment.yaml
@ -133,6 +133,12 @@ spec:
                  key: applicationsetcontroller.log.level
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_LOG_FORMAT_TIMESTAMP
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: log.format.timestamp
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
              valueFrom:
                configMapKeyRef:
@ -151,6 +157,12 @@ spec:
                  key: applicationsetcontroller.enable.progressive.syncs
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.enable.tokenref.strict.mode
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
              valueFrom:
                configMapKeyRef:
@ -211,6 +223,12 @@ spec:
                  name: argocd-cmd-params-cm
                  key: applicationsetcontroller.webhook.parallelism.limit
                  optional: true
            - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
              valueFrom:
                configMapKeyRef:
                  key: applicationsetcontroller.requeue.after
                  name: argocd-cmd-params-cm
                  optional: true
          {{- with .Values.applicationSet.extraEnvFrom }}
          envFrom:
            {{- toYaml . | nindent 12 }}
--- a/manifests/argo-cd/templates/argocd-commit-server/deployment.yaml
+++ b/manifests/argo-cd/templates/argocd-commit-server/deployment.yaml
@ -0,0 +1,238 @@
 {{- if .Values.commitServer.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  name: {{ template "argo-cd.commitServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
 spec:
  {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }}
  strategy:
    {{- trim . | nindent 4 }}
  {{- end }}
  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
  selector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
  template:
    metadata:
      annotations:
        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }}
        {{- range $key, $value := . }}
        {{ $key }}: {{ $value | quote }}
        {{- end }}
        {{- end }}
      labels:
        {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }}
        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }}
      runtimeClassName: {{ . }}
      {{- end }}
      {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.hostAliases }}
      hostAliases:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.global.securityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
      {{- with .Values.commitServer.terminationGracePeriodSeconds }}
      terminationGracePeriodSeconds: {{ . }}
      {{- end }}
      serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }}
      automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }}
      containers:
      - name: {{ .Values.commitServer.name }}
        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }}
        args:
        - /usr/local/bin/argocd-commit-server
        {{- with .Values.commitServer.extraArgs }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        env:
          {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }}
            {{- toYaml . | nindent 10 }}
          {{- end }}
          - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.listen.address
                optional: true
          - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.metrics.listen.address
                optional: true
          - name: ARGOCD_COMMIT_SERVER_LOGFORMAT
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.log.format
                optional: true
          - name: ARGOCD_COMMIT_SERVER_LOGLEVEL
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: commitserver.log.level
                optional: true
          - name: ARGOCD_LOG_FORMAT_TIMESTAMP
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: log.format.timestamp
                optional: true
        {{- with .Values.commitServer.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        ports:
        - containerPort: 8086
          name: server
          protocol: TCP
        - containerPort: 8087
          name: metrics
          protocol: TCP
        {{- if .Values.commitServer.livenessProbe.enabled }}
        livenessProbe:
          httpGet:
            path: /healthz?full=true
            port: 8087
          initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }}
          failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }}
          timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }}
        {{- end }}
        {{- if .Values.commitServer.readinessProbe.enabled }}
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8087
          initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }}
          periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }}
          failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }}
          timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }}
        {{- end }}
        resources:
          {{- toYaml .Values.commitServer.resources | nindent 10 }}
        {{- with .Values.commitServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        {{- with .Values.commitServer.lifecycle }}
        lifecycle:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        volumeMounts:
        {{- with .Values.commitServer.extraVolumeMounts }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        - name: ssh-known-hosts
          mountPath: /app/config/ssh
        - name: tls-certs
          mountPath: /app/config/tls
        - name: gpg-keys
          mountPath: /app/config/gpg/source
        - name: gpg-keyring
          mountPath: /app/config/gpg/keys
        # We need a writeable temp directory for the askpass socket file.
        - name: tmp
          mountPath: /tmp
      initContainers:
      - command:
        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
        image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }}
        name: copyutil
        resources:
          {{- toYaml .Values.commitServer.resources | nindent 10 }}
        {{- with .Values.commitServer.containerSecurityContext }}
        securityContext:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        volumeMounts:
        - mountPath: /var/run/argocd
          name: var-files
      volumes:
        {{- with .Values.commitServer.extraVolumes }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
        - name: ssh-known-hosts
          configMap:
            name: argocd-ssh-known-hosts-cm
        - name: tls-certs
          configMap:
            name: argocd-tls-certs-cm
        - name: gpg-keys
          configMap:
            name: argocd-gpg-keys-cm
        - name: gpg-keyring
          emptyDir: {}
        - name: tmp
          emptyDir: {}
        - name: argocd-commit-server-tls
          secret:
            secretName: argocd-commit-server-tls
            optional: true
            items:
            - key: tls.crt
              path: tls.crt
            - key: tls.key
              path: tls.key
            - key: ca.crt
              path: ca.crt
        - emptyDir: {}
          name: var-files
      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }}
      affinity:
        {{- trim . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{- range $constraint := . }}
      - {{ toYaml $constraint | nindent 8 | trim }}
        {{- if not $constraint.labelSelector }}
        labelSelector:
          matchLabels:
            {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.commitServer.name) | nindent 12 }}
        {{- end }}
        {{- end }}
      {{- end }}
      {{- if .Values.commitServer.hostNetwork }}
      hostNetwork: {{ .Values.commitServer.hostNetwork }}
      {{- end }}
      {{- with .Values.commitServer.dnsConfig }}
      dnsConfig:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      dnsPolicy: {{ .Values.commitServer.dnsPolicy }}
 {{- end }}
--- a/manifests/argo-cd/templates/argocd-commit-server/metrics.yaml
+++ b/manifests/argo-cd/templates/argocd-commit-server/metrics.yaml
@ -0,0 +1,35 @@
 {{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "argo-cd.commitServer.fullname" . }}-metrics
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }}
    {{- with .Values.commitServer.metrics.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
  annotations:
    {{- if .Values.global.addPrometheusAnnotations }}
    prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }}
    prometheus.io/scrape: "true"
    {{- end }}
    {{- range $key, $value := .Values.commitServer.metrics.service.annotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
  type: {{ .Values.commitServer.metrics.service.type }}
  {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }}
  clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }}
  {{- end }}
  {{- include "argo-cd.dualStack" . | indent 2 }}
  ports:
  - name:  {{ .Values.commitServer.metrics.service.portName }}
    protocol: TCP
    port: {{ .Values.commitServer.metrics.service.servicePort }}
    targetPort: 8087
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
 {{- end }}
--- a/manifests/argo-cd/templates/argocd-commit-server/networkpolicy.yaml
+++ b/manifests/argo-cd/templates/argocd-commit-server/networkpolicy.yaml
@ -0,0 +1,25 @@
 {{- if and .Values.commitServer.enabled .Values.global.networkPolicy.create }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ template "argo-cd.commitServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
 spec:
  podSelector:
    matchLabels:
      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }}
      ports:
        - protocol: TCP
          port: 8086
    - from:
        - namespaceSelector: { }
      ports:
        - port: 8087
 {{- end }}
--- a/manifests/argo-cd/templates/argocd-commit-server/service.yaml
+++ b/manifests/argo-cd/templates/argocd-commit-server/service.yaml
@ -0,0 +1,26 @@
 {{- if .Values.commitServer.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "argo-cd.commitServer.fullname" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
    {{- with .Values.commitServer.service.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.commitServer.service.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
 spec:
  ports:
  - name: server
    protocol: TCP
    port: 8086
    targetPort: 8086
  selector:
    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }}
 {{- end }}
--- a/manifests/argo-cd/templates/argocd-commit-server/serviceaccount.yaml
+++ b/manifests/argo-cd/templates/argocd-commit-server/serviceaccount.yaml
@ -0,0 +1,19 @@
 {{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }}
 metadata:
  name: {{ include "argo-cd.commitServer.serviceAccountName" . }}
  namespace: {{ include  "argo-cd.namespace" . }}
  {{- with .Values.commitServer.serviceAccount.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
  {{- end }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }}
    {{- with .Values.commitServer.serviceAccount.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
 {{- end }}
--- a/manifests/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
+++ b/manifests/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
@ -1,3 +1,4 @@
 {{- if .Values.configs.tls.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@ -15,3 +16,4 @@ metadata:
 data:
  {{- toYaml . | nindent 2 }}
 {{- end }}
 {{- end }}
--- a/manifests/argo-cd/templates/argocd-configs/cluster-secrets.yaml
+++ b/manifests/argo-cd/templates/argocd-configs/cluster-secrets.yaml
@ -22,7 +22,7 @@ stringData:
  {{- if $cluster_value.shard }}
  shard: {{ $cluster_value.shard | quote }}
  {{- end }}
-  name: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.name entry is required!" $cluster_key }}
+  name: {{ $cluster_key }}
  server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }}
  {{- if $cluster_value.namespaces }}
  namespaces: {{ $cluster_value.namespaces }}
--- a/manifests/argo-cd/templates/argocd-notifications/deployment.yaml
+++ b/manifests/argo-cd/templates/argocd-notifications/deployment.yaml
@ -66,11 +66,15 @@ spec:
          args:
            - /usr/local/bin/argocd-notifications
            - --metrics-port={{ .Values.notifications.containerPorts.metrics }}
            - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
            - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
            - --namespace={{ include "argo-cd.namespace" . }}
            - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
            - --secret-name={{ .Values.notifications.secret.name }}
            {{- with .Values.notifications.logLevel }}
            - --loglevel={{ . }}
            {{- end }}
            {{- with .Values.notifications.logFormat }}
            - --logformat={{ . }}
            {{- end }}
            {{- range .Values.notifications.extraArgs }}
            - {{ . | squote }}
            {{- end }}
@ -90,6 +94,12 @@ spec:
                  key: notificationscontroller.log.format
                  name: argocd-cmd-params-cm
                  optional: true
            - name: ARGOCD_LOG_FORMAT_TIMESTAMP
              valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: log.format.timestamp
                  optional: true
            - name: ARGOCD_APPLICATION_NAMESPACES
              valueFrom:
                configMapKeyRef:
--- a/manifests/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/manifests/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -109,6 +109,12 @@ spec:
                name: argocd-cmd-params-cm
                key: reposerver.log.level
                optional: true
          - name: ARGOCD_LOG_FORMAT_TIMESTAMP
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: log.format.timestamp
                optional: true
          - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
            valueFrom:
              configMapKeyRef:
@ -178,19 +184,11 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
@ -227,6 +225,12 @@ spec:
                name: argocd-cmd-params-cm
                key: otlp.headers
                optional: true
          - name: ARGOCD_REPO_SERVER_OTLP_ATTRS
            valueFrom:
                configMapKeyRef:
                  name: argocd-cmd-params-cm
                  key: otlp.attrs
                  optional: true
          - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
            valueFrom:
              configMapKeyRef:
@ -239,6 +243,12 @@ spec:
                name: argocd-cmd-params-cm
                key: reposerver.plugin.tar.exclusions
                optional: true
          - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS
            valueFrom:
              configMapKeyRef:
                key: reposerver.plugin.use.manifest.generate.paths
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
            valueFrom:
              configMapKeyRef:
--- a/manifests/argo-cd/templates/argocd-server/deployment.yaml
+++ b/manifests/argo-cd/templates/argocd-server/deployment.yaml
@ -246,19 +246,11 @@ spec:
          - name: REDIS_USERNAME
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }}
                key: redis-username
                optional: true
          - name: REDIS_PASSWORD
            valueFrom:
              secretKeyRef:
-                name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }}
+                {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }}
                {{- if .Values.externalRedis.host }}
                key: redis-password
                {{- else }}
                key: auth
                {{- end }}
                optional: true
          - name: REDIS_SENTINEL_USERNAME
            valueFrom:
              secretKeyRef:
@ -313,6 +305,12 @@ spec:
                name: argocd-cmd-params-cm
                key: otlp.headers
                optional: true
          - name: ARGOCD_SERVER_OTLP_ATTRS
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: otlp.attrs
                optional: true
          - name: ARGOCD_APPLICATION_NAMESPACES
            valueFrom:
              configMapKeyRef:
@ -373,6 +371,18 @@ spec:
                name: argocd-cmd-params-cm
                key: applicationsetcontroller.enable.scm.providers
                optional: true
          - name: ARGOCD_HYDRATOR_ENABLED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: hydrator.enabled
                optional: true
          - name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: server.sync.replace.allowed
                optional: true
        {{- with .Values.server.envFrom }}
        envFrom:
          {{- toYaml . | nindent 10 }}
--- a/manifests/argo-cd/templates/argocd-server/ingress.yaml
+++ b/manifests/argo-cd/templates/argocd-server/ingress.yaml
@ -9,20 +9,20 @@ metadata:
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
    {{- with .Values.server.ingress.labels }}
-      {{- toYaml . | nindent 4 }}
+      {{- tpl (toYaml .) $ | nindent 4 }}
    {{- end }}
  {{- with .Values.server.ingress.annotations }}
  annotations:
    {{- range $key, $value := . }}
-    {{ $key }}: {{ $value | quote }}
+    {{ $key }}: {{ tpl (toString $value) $ | quote }}
    {{- end }}
  {{- end }}
 spec:
  {{- with .Values.server.ingress.ingressClassName }}
-  ingressClassName: {{ . }}
+  ingressClassName: {{ tpl . $ }}
  {{- end }}
  rules:
-    - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }}
+    - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }}
      http:
        paths:
          {{- with .Values.server.ingress.extraPaths }}
@ -36,7 +36,7 @@ spec:
                port:
                  number: {{ $servicePort }}
    {{- range .Values.server.ingress.extraHosts }}
-    - host: {{ .name | quote }}
+    - host: {{ tpl .name $ | quote }}
      http:
        paths:
          - path: {{ default $.Values.server.ingress.path .path }}
@ -54,10 +54,10 @@ spec:
  tls:
    {{- if .Values.server.ingress.tls }}
    - hosts:
-      - {{ .Values.server.ingress.hostname | default .Values.global.domain }}
+      - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }}
      {{- range .Values.server.ingress.extraHosts }}
        {{- if .name }}
-      -  {{ .name }}
+      - {{ tpl .name $ }}
        {{- end }}
      {{- end }}
      secretName: argocd-server-tls
--- a/manifests/argo-cd/templates/crds/crd-application.yaml
+++ b/manifests/argo-cd/templates/crds/crd-application.yaml
@ -319,6 +319,14 @@ spec:
                            description: SkipCrds skips custom resource definition
                              installation step (Helm's --skip-crds)
                            type: boolean
                          skipSchemaValidation:
                            description: SkipSchemaValidation skips JSON schema validation
                              (Helm's --skip-schema-validation)
                            type: boolean
                          skipTests:
                            description: SkipTests skips test manifest installation
                              step (Helm's --skip-tests).
                            type: boolean
                          valueFiles:
                            description: ValuesFiles is a list of Helm value files
                              to use when generating a template
@ -382,6 +390,11 @@ spec:
                            description: ForceCommonLabels specifies whether to force
                              applying common labels to resources for Kustomize apps
                            type: boolean
                          ignoreMissingComponents:
                            description: IgnoreMissingComponents prevents kustomize
                              from failing when components do not exist locally by
                              not appending them to kustomization file
                            type: boolean
                          images:
                            description: Images is a list of Kustomize image override
                              specifications
@ -395,6 +408,10 @@ spec:
                              KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                              uses the Kubernetes version of the target cluster.
                            type: string
                          labelIncludeTemplates:
                            description: LabelIncludeTemplates specifies whether to
                              apply common labels to resource templates or not
                            type: boolean
                          labelWithoutSelector:
                            description: LabelWithoutSelector specifies whether to
                              apply common labels to resource selectors or not
@ -466,6 +483,10 @@ spec:
                              to use for rendering manifests
                            type: string
                        type: object
                      name:
                        description: Name is used to refer to a source and is displayed
                          in the UI. It is used in multi-source Applications.
                        type: string
                      path:
                        description: Path is a directory path within the Git repository,
                          and is only valid for applications sourced from Git.
@ -685,6 +706,14 @@ spec:
                              description: SkipCrds skips custom resource definition
                                installation step (Helm's --skip-crds)
                              type: boolean
                            skipSchemaValidation:
                              description: SkipSchemaValidation skips JSON schema
                                validation (Helm's --skip-schema-validation)
                              type: boolean
                            skipTests:
                              description: SkipTests skips test manifest installation
                                step (Helm's --skip-tests).
                              type: boolean
                            valueFiles:
                              description: ValuesFiles is a list of Helm value files
                                to use when generating a template
@ -750,6 +779,11 @@ spec:
                                force applying common labels to resources for Kustomize
                                apps
                              type: boolean
                            ignoreMissingComponents:
                              description: IgnoreMissingComponents prevents kustomize
                                from failing when components do not exist locally
                                by not appending them to kustomization file
                              type: boolean
                            images:
                              description: Images is a list of Kustomize image override
                                specifications
@ -763,6 +797,10 @@ spec:
                                KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                                uses the Kubernetes version of the target cluster.
                              type: string
                            labelIncludeTemplates:
                              description: LabelIncludeTemplates specifies whether
                                to apply common labels to resource templates or not
                              type: boolean
                            labelWithoutSelector:
                              description: LabelWithoutSelector specifies whether
                                to apply common labels to resource selectors or not
@ -834,6 +872,10 @@ spec:
                                to use for rendering manifests
                              type: string
                          type: object
                        name:
                          description: Name is used to refer to a source and is displayed
                            in the UI. It is used in multi-source Applications.
                          type: string
                        path:
                          description: Path is a directory path within the Git repository,
                            and is only valid for applications sourced from Git.
@ -1166,6 +1208,14 @@ spec:
                        description: SkipCrds skips custom resource definition installation
                          step (Helm's --skip-crds)
                        type: boolean
                      skipSchemaValidation:
                        description: SkipSchemaValidation skips JSON schema validation
                          (Helm's --skip-schema-validation)
                        type: boolean
                      skipTests:
                        description: SkipTests skips test manifest installation step
                          (Helm's --skip-tests).
                        type: boolean
                      valueFiles:
                        description: ValuesFiles is a list of Helm value files to
                          use when generating a template
@ -1228,6 +1278,11 @@ spec:
                        description: ForceCommonLabels specifies whether to force
                          applying common labels to resources for Kustomize apps
                        type: boolean
                      ignoreMissingComponents:
                        description: IgnoreMissingComponents prevents kustomize from
                          failing when components do not exist locally by not appending
                          them to kustomization file
                        type: boolean
                      images:
                        description: Images is a list of Kustomize image override
                          specifications
@ -1241,6 +1296,10 @@ spec:
                          KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                          uses the Kubernetes version of the target cluster.
                        type: string
                      labelIncludeTemplates:
                        description: LabelIncludeTemplates specifies whether to apply
                          common labels to resource templates or not
                        type: boolean
                      labelWithoutSelector:
                        description: LabelWithoutSelector specifies whether to apply
                          common labels to resource selectors or not
@ -1312,6 +1371,10 @@ spec:
                          use for rendering manifests
                        type: string
                    type: object
                  name:
                    description: Name is used to refer to a source and is displayed
                      in the UI. It is used in multi-source Applications.
                    type: string
                  path:
                    description: Path is a directory path within the Git repository,
                      and is only valid for applications sourced from Git.
@ -1378,6 +1441,64 @@ spec:
                required:
                - repoURL
                type: object
              sourceHydrator:
                description: SourceHydrator provides a way to push hydrated manifests
                  back to git before syncing them to the cluster.
                properties:
                  drySource:
                    description: DrySource specifies where the dry "don't repeat yourself"
                      manifest source lives.
                    properties:
                      path:
                        description: Path is a directory path within the Git repository
                          where the manifests are located
                        type: string
                      repoURL:
                        description: RepoURL is the URL to the git repository that
                          contains the application manifests
                        type: string
                      targetRevision:
                        description: TargetRevision defines the revision of the source
                          to hydrate
                        type: string
                    required:
                    - path
                    - repoURL
                    - targetRevision
                    type: object
                  hydrateTo:
                    description: |-
                      HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
                      have to move manifests to the SyncSource, e.g. by pull request.
                    properties:
                      targetBranch:
                        description: TargetBranch is the branch to which hydrated
                          manifests should be committed
                        type: string
                    required:
                    - targetBranch
                    type: object
                  syncSource:
                    description: SyncSource specifies where to sync hydrated manifests
                      from.
                    properties:
                      path:
                        description: |-
                          Path is a directory path within the git repository where hydrated manifests should be committed to and synced
                          from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
                        type: string
                      targetBranch:
                        description: TargetBranch is the branch to which hydrated
                          manifests should be committed
                        type: string
                    required:
                    - path
                    - targetBranch
                    type: object
                required:
                - drySource
                - syncSource
                type: object
              sources:
                description: Sources is a reference to the location of the application's
                  manifests or chart
@ -1523,6 +1644,14 @@ spec:
                          description: SkipCrds skips custom resource definition installation
                            step (Helm's --skip-crds)
                          type: boolean
                        skipSchemaValidation:
                          description: SkipSchemaValidation skips JSON schema validation
                            (Helm's --skip-schema-validation)
                          type: boolean
                        skipTests:
                          description: SkipTests skips test manifest installation
                            step (Helm's --skip-tests).
                          type: boolean
                        valueFiles:
                          description: ValuesFiles is a list of Helm value files to
                            use when generating a template
@ -1586,6 +1715,11 @@ spec:
                          description: ForceCommonLabels specifies whether to force
                            applying common labels to resources for Kustomize apps
                          type: boolean
                        ignoreMissingComponents:
                          description: IgnoreMissingComponents prevents kustomize
                            from failing when components do not exist locally by not
                            appending them to kustomization file
                          type: boolean
                        images:
                          description: Images is a list of Kustomize image override
                            specifications
@ -1599,6 +1733,10 @@ spec:
                            KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                            uses the Kubernetes version of the target cluster.
                          type: string
                        labelIncludeTemplates:
                          description: LabelIncludeTemplates specifies whether to
                            apply common labels to resource templates or not
                          type: boolean
                        labelWithoutSelector:
                          description: LabelWithoutSelector specifies whether to apply
                            common labels to resource selectors or not
@ -1670,6 +1808,10 @@ spec:
                            to use for rendering manifests
                          type: string
                      type: object
                    name:
                      description: Name is used to refer to a source and is displayed
                        in the UI. It is used in multi-source Applications.
                      type: string
                    path:
                      description: Path is a directory path within the Git repository,
                        and is only valid for applications sourced from Git.
@ -1751,6 +1893,10 @@ spec:
                        description: 'AllowEmpty allows apps have zero live resources
                          (default: false)'
                        type: boolean
                      enabled:
                        description: Enable allows apps to explicitly control automated
                          sync
                        type: boolean
                      prune:
                        description: 'Prune specifies whether to delete resources
                          from the cluster that are not found in the sources anymore
@ -1848,6 +1994,11 @@ spec:
                description: Health contains information about the application's current
                  health status
                properties:
                  lastTransitionTime:
                    description: LastTransitionTime is the time the HealthStatus was
                      set or updated
                    format: date-time
                    type: string
                  message:
                    description: Message is a human-readable informational message
                      describing the health status
@ -2045,6 +2196,14 @@ spec:
                              description: SkipCrds skips custom resource definition
                                installation step (Helm's --skip-crds)
                              type: boolean
                            skipSchemaValidation:
                              description: SkipSchemaValidation skips JSON schema
                                validation (Helm's --skip-schema-validation)
                              type: boolean
                            skipTests:
                              description: SkipTests skips test manifest installation
                                step (Helm's --skip-tests).
                              type: boolean
                            valueFiles:
                              description: ValuesFiles is a list of Helm value files
                                to use when generating a template
@ -2110,6 +2269,11 @@ spec:
                                force applying common labels to resources for Kustomize
                                apps
                              type: boolean
                            ignoreMissingComponents:
                              description: IgnoreMissingComponents prevents kustomize
                                from failing when components do not exist locally
                                by not appending them to kustomization file
                              type: boolean
                            images:
                              description: Images is a list of Kustomize image override
                                specifications
@ -2123,6 +2287,10 @@ spec:
                                KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                                uses the Kubernetes version of the target cluster.
                              type: string
                            labelIncludeTemplates:
                              description: LabelIncludeTemplates specifies whether
                                to apply common labels to resource templates or not
                              type: boolean
                            labelWithoutSelector:
                              description: LabelWithoutSelector specifies whether
                                to apply common labels to resource selectors or not
@ -2194,6 +2362,10 @@ spec:
                                to use for rendering manifests
                              type: string
                          type: object
                        name:
                          description: Name is used to refer to a source and is displayed
                            in the UI. It is used in multi-source Applications.
                          type: string
                        path:
                          description: Path is a directory path within the Git repository,
                            and is only valid for applications sourced from Git.
@ -2414,6 +2586,14 @@ spec:
                                description: SkipCrds skips custom resource definition
                                  installation step (Helm's --skip-crds)
                                type: boolean
                              skipSchemaValidation:
                                description: SkipSchemaValidation skips JSON schema
                                  validation (Helm's --skip-schema-validation)
                                type: boolean
                              skipTests:
                                description: SkipTests skips test manifest installation
                                  step (Helm's --skip-tests).
                                type: boolean
                              valueFiles:
                                description: ValuesFiles is a list of Helm value files
                                  to use when generating a template
@ -2480,6 +2660,11 @@ spec:
                                  force applying common labels to resources for Kustomize
                                  apps
                                type: boolean
                              ignoreMissingComponents:
                                description: IgnoreMissingComponents prevents kustomize
                                  from failing when components do not exist locally
                                  by not appending them to kustomization file
                                type: boolean
                              images:
                                description: Images is a list of Kustomize image override
                                  specifications
@ -2493,6 +2678,11 @@ spec:
                                  KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                                  uses the Kubernetes version of the target cluster.
                                type: string
                              labelIncludeTemplates:
                                description: LabelIncludeTemplates specifies whether
                                  to apply common labels to resource templates or
                                  not
                                type: boolean
                              labelWithoutSelector:
                                description: LabelWithoutSelector specifies whether
                                  to apply common labels to resource selectors or
@ -2565,6 +2755,10 @@ spec:
                                  to use for rendering manifests
                                type: string
                            type: object
                          name:
                            description: Name is used to refer to a source and is
                              displayed in the UI. It is used in multi-source Applications.
                            type: string
                          path:
                            description: Path is a directory path within the Git repository,
                              and is only valid for applications sourced from Git.
@ -2933,6 +3127,14 @@ spec:
                                    description: SkipCrds skips custom resource definition
                                      installation step (Helm's --skip-crds)
                                    type: boolean
                                  skipSchemaValidation:
                                    description: SkipSchemaValidation skips JSON schema
                                      validation (Helm's --skip-schema-validation)
                                    type: boolean
                                  skipTests:
                                    description: SkipTests skips test manifest installation
                                      step (Helm's --skip-tests).
                                    type: boolean
                                  valueFiles:
                                    description: ValuesFiles is a list of Helm value
                                      files to use when generating a template
@ -3000,6 +3202,12 @@ spec:
                                      to force applying common labels to resources
                                      for Kustomize apps
                                    type: boolean
                                  ignoreMissingComponents:
                                    description: IgnoreMissingComponents prevents
                                      kustomize from failing when components do not
                                      exist locally by not appending them to kustomization
                                      file
                                    type: boolean
                                  images:
                                    description: Images is a list of Kustomize image
                                      override specifications
@ -3013,6 +3221,11 @@ spec:
                                      KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                                      uses the Kubernetes version of the target cluster.
                                    type: string
                                  labelIncludeTemplates:
                                    description: LabelIncludeTemplates specifies whether
                                      to apply common labels to resource templates
                                      or not
                                    type: boolean
                                  labelWithoutSelector:
                                    description: LabelWithoutSelector specifies whether
                                      to apply common labels to resource selectors
@ -3085,6 +3298,11 @@ spec:
                                      Kustomize to use for rendering manifests
                                    type: string
                                type: object
                              name:
                                description: Name is used to refer to a source and
                                  is displayed in the UI. It is used in multi-source
                                  Applications.
                                type: string
                              path:
                                description: Path is a directory path within the Git
                                  repository, and is only valid for applications sourced
@ -3320,6 +3538,14 @@ spec:
                                      description: SkipCrds skips custom resource
                                        definition installation step (Helm's --skip-crds)
                                      type: boolean
                                    skipSchemaValidation:
                                      description: SkipSchemaValidation skips JSON
                                        schema validation (Helm's --skip-schema-validation)
                                      type: boolean
                                    skipTests:
                                      description: SkipTests skips test manifest installation
                                        step (Helm's --skip-tests).
                                      type: boolean
                                    valueFiles:
                                      description: ValuesFiles is a list of Helm value
                                        files to use when generating a template
@ -3389,6 +3615,12 @@ spec:
                                        to force applying common labels to resources
                                        for Kustomize apps
                                      type: boolean
                                    ignoreMissingComponents:
                                      description: IgnoreMissingComponents prevents
                                        kustomize from failing when components do
                                        not exist locally by not appending them to
                                        kustomization file
                                      type: boolean
                                    images:
                                      description: Images is a list of Kustomize image
                                        override specifications
@ -3402,6 +3634,11 @@ spec:
                                        KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                                        uses the Kubernetes version of the target cluster.
                                      type: string
                                    labelIncludeTemplates:
                                      description: LabelIncludeTemplates specifies
                                        whether to apply common labels to resource
                                        templates or not
                                      type: boolean
                                    labelWithoutSelector:
                                      description: LabelWithoutSelector specifies
                                        whether to apply common labels to resource
@ -3475,6 +3712,11 @@ spec:
                                        of Kustomize to use for rendering manifests
                                      type: string
                                  type: object
                                name:
                                  description: Name is used to refer to a source and
                                    is displayed in the UI. It is used in multi-source
                                    Applications.
                                  type: string
                                path:
                                  description: Path is a directory path within the
                                    Git repository, and is only valid for applications
@ -3824,6 +4066,14 @@ spec:
                                description: SkipCrds skips custom resource definition
                                  installation step (Helm's --skip-crds)
                                type: boolean
                              skipSchemaValidation:
                                description: SkipSchemaValidation skips JSON schema
                                  validation (Helm's --skip-schema-validation)
                                type: boolean
                              skipTests:
                                description: SkipTests skips test manifest installation
                                  step (Helm's --skip-tests).
                                type: boolean
                              valueFiles:
                                description: ValuesFiles is a list of Helm value files
                                  to use when generating a template
@ -3890,6 +4140,11 @@ spec:
                                  force applying common labels to resources for Kustomize
                                  apps
                                type: boolean
                              ignoreMissingComponents:
                                description: IgnoreMissingComponents prevents kustomize
                                  from failing when components do not exist locally
                                  by not appending them to kustomization file
                                type: boolean
                              images:
                                description: Images is a list of Kustomize image override
                                  specifications
@ -3903,6 +4158,11 @@ spec:
                                  KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                                  uses the Kubernetes version of the target cluster.
                                type: string
                              labelIncludeTemplates:
                                description: LabelIncludeTemplates specifies whether
                                  to apply common labels to resource templates or
                                  not
                                type: boolean
                              labelWithoutSelector:
                                description: LabelWithoutSelector specifies whether
                                  to apply common labels to resource selectors or
@ -3975,6 +4235,10 @@ spec:
                                  to use for rendering manifests
                                type: string
                            type: object
                          name:
                            description: Name is used to refer to a source and is
                              displayed in the UI. It is used in multi-source Applications.
                            type: string
                          path:
                            description: Path is a directory path within the Git repository,
                              and is only valid for applications sourced from Git.
@ -4205,6 +4469,14 @@ spec:
                                  description: SkipCrds skips custom resource definition
                                    installation step (Helm's --skip-crds)
                                  type: boolean
                                skipSchemaValidation:
                                  description: SkipSchemaValidation skips JSON schema
                                    validation (Helm's --skip-schema-validation)
                                  type: boolean
                                skipTests:
                                  description: SkipTests skips test manifest installation
                                    step (Helm's --skip-tests).
                                  type: boolean
                                valueFiles:
                                  description: ValuesFiles is a list of Helm value
                                    files to use when generating a template
@ -4272,6 +4544,11 @@ spec:
                                    to force applying common labels to resources for
                                    Kustomize apps
                                  type: boolean
                                ignoreMissingComponents:
                                  description: IgnoreMissingComponents prevents kustomize
                                    from failing when components do not exist locally
                                    by not appending them to kustomization file
                                  type: boolean
                                images:
                                  description: Images is a list of Kustomize image
                                    override specifications
@ -4285,6 +4562,11 @@ spec:
                                    KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                                    uses the Kubernetes version of the target cluster.
                                  type: string
                                labelIncludeTemplates:
                                  description: LabelIncludeTemplates specifies whether
                                    to apply common labels to resource templates or
                                    not
                                  type: boolean
                                labelWithoutSelector:
                                  description: LabelWithoutSelector specifies whether
                                    to apply common labels to resource selectors or
@ -4357,6 +4639,10 @@ spec:
                                    to use for rendering manifests
                                  type: string
                              type: object
                            name:
                              description: Name is used to refer to a source and is
                                displayed in the UI. It is used in multi-source Applications.
                              type: string
                            path:
                              description: Path is a directory path within the Git
                                repository, and is only valid for applications sourced
@ -4453,16 +4739,22 @@ spec:
                description: Resources is a list of Kubernetes resources managed by
                  this application
                items:
-                  description: |-
+                  description: ResourceStatus holds the current synchronization and
-                    ResourceStatus holds the current sync and health status of a resource
+                    health status of a Kubernetes resource.
                    TODO: describe members of this type
                  properties:
                    group:
                      description: Group represents the API group of the resource
                        (e.g., "apps" for Deployments).
                      type: string
                    health:
-                      description: HealthStatus contains information about the currently
+                      description: Health indicates the health status of the resource
-                        observed health state of an application or resource
+                        (e.g., Healthy, Degraded, Progressing).
                      properties:
                        lastTransitionTime:
                          description: LastTransitionTime is the time the HealthStatus
                            was set or updated
                          format: date-time
                          type: string
                        message:
                          description: Message is a human-readable informational message
                            describing the health status
@ -4473,26 +4765,216 @@ spec:
                          type: string
                      type: object
                    hook:
                      description: Hook is true if the resource is used as a lifecycle
                        hook in an Argo CD application.
                      type: boolean
                    kind:
                      description: Kind specifies the type of the resource (e.g.,
                        "Deployment", "Service").
                      type: string
                    name:
                      description: Name is the unique name of the resource within
                        the namespace.
                      type: string
                    namespace:
                      description: Namespace defines the Kubernetes namespace where
                        the resource is located.
                      type: string
                    requiresDeletionConfirmation:
                      description: RequiresDeletionConfirmation is true if the resource
                        requires explicit user confirmation before deletion.
                      type: boolean
                    requiresPruning:
                      description: RequiresPruning is true if the resource needs to
                        be pruned (deleted) as part of synchronization.
                      type: boolean
                    status:
-                      description: SyncStatusCode is a type which represents possible
+                      description: Status represents the synchronization state of
-                        comparison results
+                        the resource (e.g., Synced, OutOfSync).
                      type: string
                    syncWave:
                      description: |-
                        SyncWave determines the order in which resources are applied during a sync operation.
                        Lower values are applied first.
                      format: int64
                      type: integer
                    version:
                      description: Version indicates the API version of the resource
                        (e.g., "v1", "v1beta1").
                      type: string
                  type: object
                type: array
              sourceHydrator:
                description: SourceHydrator stores information about the current state
                  of source hydration
                properties:
                  currentOperation:
                    description: CurrentOperation holds the status of the hydrate
                      operation
                    properties:
                      drySHA:
                        description: DrySHA holds the resolved revision (sha) of the
                          dry source as of the most recent reconciliation
                        type: string
                      finishedAt:
                        description: FinishedAt indicates when the hydrate operation
                          finished
                        format: date-time
                        type: string
                      hydratedSHA:
                        description: HydratedSHA holds the resolved revision (sha)
                          of the hydrated source as of the most recent reconciliation
                        type: string
                      message:
                        description: Message contains a message describing the current
                          status of the hydrate operation
                        type: string
                      phase:
                        description: Phase indicates the status of the hydrate operation
                        enum:
                        - Hydrating
                        - Failed
                        - Hydrated
                        type: string
                      sourceHydrator:
                        description: SourceHydrator holds the hydrator config used
                          for the hydrate operation
                        properties:
                          drySource:
                            description: DrySource specifies where the dry "don't
                              repeat yourself" manifest source lives.
                            properties:
                              path:
                                description: Path is a directory path within the Git
                                  repository where the manifests are located
                                type: string
                              repoURL:
                                description: RepoURL is the URL to the git repository
                                  that contains the application manifests
                                type: string
                              targetRevision:
                                description: TargetRevision defines the revision of
                                  the source to hydrate
                                type: string
                            required:
                            - path
                            - repoURL
                            - targetRevision
                            type: object
                          hydrateTo:
                            description: |-
                              HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
                              have to move manifests to the SyncSource, e.g. by pull request.
                            properties:
                              targetBranch:
                                description: TargetBranch is the branch to which hydrated
                                  manifests should be committed
                                type: string
                            required:
                            - targetBranch
                            type: object
                          syncSource:
                            description: SyncSource specifies where to sync hydrated
                              manifests from.
                            properties:
                              path:
                                description: |-
                                  Path is a directory path within the git repository where hydrated manifests should be committed to and synced
                                  from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
                                type: string
                              targetBranch:
                                description: TargetBranch is the branch to which hydrated
                                  manifests should be committed
                                type: string
                            required:
                            - path
                            - targetBranch
                            type: object
                        required:
                        - drySource
                        - syncSource
                        type: object
                      startedAt:
                        description: StartedAt indicates when the hydrate operation
                          started
                        format: date-time
                        type: string
                    required:
                    - message
                    - phase
                    type: object
                  lastSuccessfulOperation:
                    description: LastSuccessfulOperation holds info about the most
                      recent successful hydration
                    properties:
                      drySHA:
                        description: DrySHA holds the resolved revision (sha) of the
                          dry source as of the most recent reconciliation
                        type: string
                      hydratedSHA:
                        description: HydratedSHA holds the resolved revision (sha)
                          of the hydrated source as of the most recent reconciliation
                        type: string
                      sourceHydrator:
                        description: SourceHydrator holds the hydrator config used
                          for the hydrate operation
                        properties:
                          drySource:
                            description: DrySource specifies where the dry "don't
                              repeat yourself" manifest source lives.
                            properties:
                              path:
                                description: Path is a directory path within the Git
                                  repository where the manifests are located
                                type: string
                              repoURL:
                                description: RepoURL is the URL to the git repository
                                  that contains the application manifests
                                type: string
                              targetRevision:
                                description: TargetRevision defines the revision of
                                  the source to hydrate
                                type: string
                            required:
                            - path
                            - repoURL
                            - targetRevision
                            type: object
                          hydrateTo:
                            description: |-
                              HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
                              have to move manifests to the SyncSource, e.g. by pull request.
                            properties:
                              targetBranch:
                                description: TargetBranch is the branch to which hydrated
                                  manifests should be committed
                                type: string
                            required:
                            - targetBranch
                            type: object
                          syncSource:
                            description: SyncSource specifies where to sync hydrated
                              manifests from.
                            properties:
                              path:
                                description: |-
                                  Path is a directory path within the git repository where hydrated manifests should be committed to and synced
                                  from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.
                                type: string
                              targetBranch:
                                description: TargetBranch is the branch to which hydrated
                                  manifests should be committed
                                type: string
                            required:
                            - path
                            - targetBranch
                            type: object
                        required:
                        - drySource
                        - syncSource
                        type: object
                    type: object
                type: object
              sourceType:
                description: SourceType specifies the type of this application
                type: string
@ -4730,6 +5212,14 @@ spec:
                                description: SkipCrds skips custom resource definition
                                  installation step (Helm's --skip-crds)
                                type: boolean
                              skipSchemaValidation:
                                description: SkipSchemaValidation skips JSON schema
                                  validation (Helm's --skip-schema-validation)
                                type: boolean
                              skipTests:
                                description: SkipTests skips test manifest installation
                                  step (Helm's --skip-tests).
                                type: boolean
                              valueFiles:
                                description: ValuesFiles is a list of Helm value files
                                  to use when generating a template
@ -4796,6 +5286,11 @@ spec:
                                  force applying common labels to resources for Kustomize
                                  apps
                                type: boolean
                              ignoreMissingComponents:
                                description: IgnoreMissingComponents prevents kustomize
                                  from failing when components do not exist locally
                                  by not appending them to kustomization file
                                type: boolean
                              images:
                                description: Images is a list of Kustomize image override
                                  specifications
@ -4809,6 +5304,11 @@ spec:
                                  KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                                  uses the Kubernetes version of the target cluster.
                                type: string
                              labelIncludeTemplates:
                                description: LabelIncludeTemplates specifies whether
                                  to apply common labels to resource templates or
                                  not
                                type: boolean
                              labelWithoutSelector:
                                description: LabelWithoutSelector specifies whether
                                  to apply common labels to resource selectors or
@ -4881,6 +5381,10 @@ spec:
                                  to use for rendering manifests
                                type: string
                            type: object
                          name:
                            description: Name is used to refer to a source and is
                              displayed in the UI. It is used in multi-source Applications.
                            type: string
                          path:
                            description: Path is a directory path within the Git repository,
                              and is only valid for applications sourced from Git.
@ -5111,6 +5615,14 @@ spec:
                                  description: SkipCrds skips custom resource definition
                                    installation step (Helm's --skip-crds)
                                  type: boolean
                                skipSchemaValidation:
                                  description: SkipSchemaValidation skips JSON schema
                                    validation (Helm's --skip-schema-validation)
                                  type: boolean
                                skipTests:
                                  description: SkipTests skips test manifest installation
                                    step (Helm's --skip-tests).
                                  type: boolean
                                valueFiles:
                                  description: ValuesFiles is a list of Helm value
                                    files to use when generating a template
@ -5178,6 +5690,11 @@ spec:
                                    to force applying common labels to resources for
                                    Kustomize apps
                                  type: boolean
                                ignoreMissingComponents:
                                  description: IgnoreMissingComponents prevents kustomize
                                    from failing when components do not exist locally
                                    by not appending them to kustomization file
                                  type: boolean
                                images:
                                  description: Images is a list of Kustomize image
                                    override specifications
@ -5191,6 +5708,11 @@ spec:
                                    KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
                                    uses the Kubernetes version of the target cluster.
                                  type: string
                                labelIncludeTemplates:
                                  description: LabelIncludeTemplates specifies whether
                                    to apply common labels to resource templates or
                                    not
                                  type: boolean
                                labelWithoutSelector:
                                  description: LabelWithoutSelector specifies whether
                                    to apply common labels to resource selectors or
@ -5263,6 +5785,10 @@ spec:
                                    to use for rendering manifests
                                  type: string
                              type: object
                            name:
                              description: Name is used to refer to a source and is
                                displayed in the UI. It is used in multi-source Applications.
                              type: string
                            path:
                              description: Path is a directory path within the Git
                                repository, and is only valid for applications sourced
--- a/manifests/argo-cd/templates/crds/crd-applicationset.yaml
+++ b/manifests/argo-cd/templates/crds/crd-applicationset.yaml
--- a/manifests/argo-cd/templates/crds/crd-project.yaml
+++ b/manifests/argo-cd/templates/crds/crd-project.yaml
@ -289,6 +289,10 @@ spec:
                  description: SyncWindow contains the kind, time, duration and attributes
                    that are used to assign the syncWindows to apps
                  properties:
                    andOperator:
                      description: UseAndOperator use AND operator for matching applications,
                        namespaces and clusters instead of the default OR operator
                      type: boolean
                    applications:
                      description: Applications contains a list of applications that
                        the window will apply to
--- a/manifests/argo-cd/templates/dex/deployment.yaml
+++ b/manifests/argo-cd/templates/dex/deployment.yaml
@ -72,8 +72,12 @@ spec:
        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }}
        command:
        - /shared/argocd-dex
-        - --logformat={{ default .Values.global.logging.format .Values.dex.logFormat }}
+        {{- with .Values.dex.logLevel }}
-        - --loglevel={{ default .Values.global.logging.level .Values.dex.logLevel }}
+        - --loglevel={{ . }}
        {{- end }}
        {{- with .Values.dex.logFormat }}
        - --logformat={{ . }}
        {{- end }}
        args:
        - rundex
        {{- with .Values.dex.extraArgs }}
@ -95,6 +99,12 @@ spec:
                key: dexserver.log.level
                name: argocd-cmd-params-cm
                optional: true
          - name: ARGOCD_LOG_FORMAT_TIMESTAMP
            valueFrom:
              configMapKeyRef:
                name: argocd-cmd-params-cm
                key: log.format.timestamp
                optional: true
          - name: ARGOCD_DEX_SERVER_DISABLE_TLS
            valueFrom:
              configMapKeyRef:
--- a/manifests/argo-cd/templates/dex/servicemonitor.yaml
+++ b/manifests/argo-cd/templates/dex/servicemonitor.yaml
@ -1,4 +1,4 @@
-{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }}
+{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
--- a/manifests/argo-cd/values.yaml
+++ b/manifests/argo-cd/values.yaml
@ -42,7 +42,7 @@ crds:
 global:
  # -- Default domain used by all components
  ## Used for ingresses, certificates, SSO, notifications, etc.
-  domain: argocd.example.com
+  domain: argocd.homelab.local
  # -- Runtime class name for all components
  runtimeClassName: ""
@ -119,7 +119,8 @@ global:
  priorityClassName: ""
  # -- Default node selector for all components
-  nodeSelector: {}
+  nodeSelector:
    kubernetes.io/os: linux
  # -- Default tolerations for all components
  tolerations: []
@ -141,7 +142,7 @@ global:
        #    - antarctica-west1
  # -- Default [TopologySpreadConstraints] rules for all components
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector of the component
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -163,7 +164,7 @@ global:
 ## Argo Configs
 configs:
-  # General Argo CD configuration
+  # General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap.
  ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
  cm:
    # -- Create the argocd-cm configmap for [declarative setup]
@ -175,6 +176,10 @@ configs:
    # -- The name of tracking label used by Argo CD for resource pruning
    application.instanceLabelKey: argocd.argoproj.io/instance
    # -- Enable control of the service account used for the sync operation (alpha)
    ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/
    application.sync.impersonation.enabled: false
    # -- Enable logs RBAC enforcement
    ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement
    server.rbac.log.enforce.enable: false
@ -247,6 +252,131 @@ configs:
    #           name: some-cluster
    #           server: https://some-cluster
    ## Default configuration for ignoreResourceUpdates.
    ## The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated
    ## by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates.
    # -- Ignoring status for all resources. An update will still be sent if the status update causes the health to change.
    # @default -- See [values.yaml]
    resource.customizations.ignoreResourceUpdates.all: |
      jsonPointers:
        - /status
    # -- Some Application fields are generated and not related to the application updates itself
    ## The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps
    # @default -- See [values.yaml]
    resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
      jqPathExpressions:
        - '.metadata.annotations."notified.notifications.argoproj.io"'
        - '.metadata.annotations."argocd.argoproj.io/refresh"'
        - '.metadata.annotations."argocd.argoproj.io/hydrate"'
        - '.operation'
    # -- Ignore Argo Rollouts generated fields
    # @default -- See [values.yaml]
    resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
      jqPathExpressions:
        - '.metadata.annotations."notified.notifications.argoproj.io"'
    # -- Legacy annotations used on HPA autoscaling/v1
    # @default -- See [values.yaml]
    resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
      jqPathExpressions:
        - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
        - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
        - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
        - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
    # -- Ignore the cluster-autoscaler status
    # @default -- See [values.yaml]
    resource.customizations.ignoreResourceUpdates.ConfigMap: |
      jqPathExpressions:
        # Ignore the cluster-autoscaler status
        - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
        # Ignore the annotation of the legacy Leases election
        - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
    # -- Ignore the common scaling annotations
    # @default -- See [values.yaml]
    resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
      jqPathExpressions:
        - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
        - '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
        - '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
    # -- Ignores update if EndpointSlice is not excluded globally
    # @default -- See [values.yaml]
    resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
      jsonPointers:
        - /metadata
        - /endpoints
        - /ports
    # -- Ignores update if Endpoints is not excluded globally
    # @default -- See [values.yaml]
    resource.customizations.ignoreResourceUpdates.Endpoints: |
      jsonPointers:
        - /metadata
        - /subsets
    ## Default configuration for exclusions.
    ## The exclusion list are K8s resources that we assume will never be declared in Git,
    ## and are never child objects of managed resources that need to be presented in the resource tree.
    ## This list contains high volume and  high churn metadata objects which we exclude for performance
    ## reasons, reducing connections and load to the K8s API servers of managed clusters.
    # -- Resource Exclusion/Inclusion
    # @default -- See [values.yaml]
    resource.exclusions: |
      ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter
      - apiGroups:
        - ''
        - discovery.k8s.io
        kinds:
        - Endpoints
        - EndpointSlice
      ### Internal Kubernetes resources excluded reduce the number of watched events
      - apiGroups:
        - coordination.k8s.io
        kinds:
        - Lease
      ### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events
      - apiGroups:
        - authentication.k8s.io
        - authorization.k8s.io
        kinds:
        - SelfSubjectReview
        - TokenReview
        - LocalSubjectAccessReview
        - SelfSubjectAccessReview
        - SelfSubjectRulesReview
        - SubjectAccessReview
      ### Intermediate Certificate Request excluded reduce the number of watched events
      - apiGroups:
        - certificates.k8s.io
        kinds:
        - CertificateSigningRequest
      - apiGroups:
        - cert-manager.io
        kinds:
        - CertificateRequest
      ### Cilium internal resources excluded reduce the number of watched events and UI Clutter
      - apiGroups:
        - cilium.io
        kinds:
        - CiliumIdentity
        - CiliumEndpoint
        - CiliumEndpointSlice
      ### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance
      - apiGroups:
        - kyverno.io
        - reports.kyverno.io
        - wgpolicyk8s.io
        kinds:
        - PolicyReport
        - ClusterPolicyReport
        - EphemeralReport
        - ClusterEphemeralReport
        - AdmissionReport
        - ClusterAdmissionReport
        - BackgroundScanReport
        - ClusterBackgroundScanReport
        - UpdateRequest
  # Argo CD configuration parameters
  ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
  params:
@ -270,6 +400,8 @@ configs:
    controller.self.heal.timeout.seconds: 5
    # -- Repo server RPC call timeout seconds.
    controller.repo.server.timeout.seconds: 60
    # -- Specifies the timeout after which a sync would be terminated. 0 means no timeout
    controller.sync.timeout.seconds: 0
    ## Server properties
    # -- Run server without TLS
@ -287,6 +419,8 @@ configs:
    server.enable.gzip: true
    # -- Enable proxy extension feature. (proxy extension is in Alpha phase)
    server.enable.proxy.extension: false
    # -- Enable the hydrator feature (hydrator is in Alpha phase)
    hydrator.enabled: false
    # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "".
    server.x.frame.options: sameorigin
@ -412,6 +546,9 @@ configs:
      #   ...
      #   -----END CERTIFICATE-----
    # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
    create: true
  # ConfigMap for Config Management Plugins
  # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
  cmp:
@ -721,8 +858,9 @@ controller:
  #    image: alpine:3
  #    command: [sh, -c]
  #    args:
-  #      - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip &&
+  #      - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
-  #        unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/
+  #        mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip  &&
  #        mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
  #    volumeMounts:
  #      - mountPath: /custom-tools
  #        name: custom-tools
@ -792,7 +930,7 @@ controller:
      - ALL
  # Readiness probe for application controller
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
@ -826,7 +964,7 @@ controller:
  # -- Assign custom [TopologySpreadConstraints] rules to the application controller
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -1017,7 +1155,7 @@ dex:
    # -- Dex image repository
    repository: ghcr.io/dexidp/dex
    # -- Dex image tag
-    tag: v2.41.1
+    tag: v2.43.1
    # -- Dex imagePullPolicy
    # @default -- `""` (defaults to global.image.imagePullPolicy)
    imagePullPolicy: ""
@ -1228,7 +1366,7 @@ dex:
  # -- Assign custom [TopologySpreadConstraints] rules to dex
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -1242,12 +1380,13 @@ dex:
    #   maxSurge: 25%
    #   maxUnavailable: 25%
  # DEPRECATED - Use configs.params to override
  # -- Dex log format. Either `text` or `json`
  # @default -- `""` (defaults to global.logging.format)
-  logFormat: ""
+  # logFormat: ""
  # -- Dex log level. One of: `debug`, `info`, `warn`, `error`
  # @default -- `""` (defaults to global.logging.level)
-  logLevel: ""
+  # logLevel: ""
 ## Redis
 redis:
@ -1279,9 +1418,10 @@ redis:
  ## Redis image
  image:
    # -- Redis repository
-    repository: public.ecr.aws/docker/library/redis
+    repository: ecr-public.aws.com/docker/library/redis
    # -- Redis tag
-    tag: 7.4.1-alpine
+    ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
    tag: 7.2.8-alpine
    # -- Redis image pull policy
    # @default -- `""` (defaults to global.image.imagePullPolicy)
    imagePullPolicy: ""
@ -1295,9 +1435,9 @@ redis:
    ## Prometheus redis-exporter image
    image:
      # -- Repository to use for the redis-exporter
-      repository: public.ecr.aws/bitnami/redis-exporter
+      repository: ghcr.io/oliver006/redis_exporter
      # -- Tag to use for the redis-exporter
-      tag: 1.58.0
+      tag: v1.73.0
      # -- Image pull policy for the redis-exporter
      # @default -- `""` (defaults to global.image.imagePullPolicy)
      imagePullPolicy: ""
@ -1315,7 +1455,7 @@ redis:
        - ALL
    ## Probes for Redis exporter (optional)
-    ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+    ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
    readinessProbe:
      # -- Enable Kubernetes liveness probe for Redis exporter (optional)
      enabled: false
@ -1373,7 +1513,7 @@ redis:
  #     name: secret-name
  ## Probes for Redis server (optional)
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Enable Kubernetes liveness probe for Redis server
    enabled: false
@ -1483,7 +1623,7 @@ redis:
  # -- Assign custom [TopologySpreadConstraints] rules to redis
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -1565,17 +1705,18 @@ redis-ha:
  ## Redis image
  image:
    # -- Redis repository
-    repository: public.ecr.aws/docker/library/redis
+    repository: ecr-public.aws.com/docker/library/redis
    # -- Redis tag
-    tag: 7.4.1-alpine
+    ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
    tag: 7.2.8-alpine
  ## Prometheus redis-exporter sidecar
  exporter:
    # -- Enable Prometheus redis-exporter sidecar
    enabled: false
    # -- Repository to use for the redis-exporter
-    image: public.ecr.aws/bitnami/redis-exporter
+    image: ghcr.io/oliver006/redis_exporter
    # -- Tag to use for the redis-exporter
-    tag: 1.58.0
+    tag: v1.69.0
  persistentVolume:
    # -- Configures persistence on Redis nodes
    enabled: false
@ -1596,6 +1737,9 @@ redis-ha:
    # --  Custom labels for the haproxy pod. This is relevant for Argo CD CLI.
    labels:
      app.kubernetes.io/name: argocd-redis-ha-haproxy
    image:
      # -- HAProxy Image Repository
      repository: ecr-public.aws.com/docker/library/haproxy
    metrics:
      # -- HAProxy enable prometheus metric scraping
      enabled: true
@ -1632,7 +1776,7 @@ redis-ha:
  tolerations: []
  # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
-  ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
  topologySpreadConstraints:
    # -- Enable Redis HA topology spread constraints
    enabled: false
@ -1921,8 +2065,9 @@ server:
  #    image: alpine:3
  #    command: [sh, -c]
  #    args:
-  #      - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip &&
+  #      - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
-  #        unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/
+  #        mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip  &&
  #        mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
  #    volumeMounts:
  #      - mountPath: /custom-tools
  #        name: custom-tools
@ -1991,7 +2136,7 @@ server:
      - ALL
  ## Readiness and liveness probes for default backend
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
@ -2037,7 +2182,7 @@ server:
  # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -2137,9 +2282,10 @@ server:
    # -- The class of the load balancer implementation
    loadBalancerClass: ""
    # -- LoadBalancer will get created with the IP specified in this field
-    loadBalancerIP: ""
+    loadBalancerIP: 192.168.0.242
    # -- Source IP ranges to allow access to service from
-    ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+    ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer
    ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb
    loadBalancerSourceRanges: []
    # -- Server service external IPs
    externalIPs: []
@ -2639,7 +2785,7 @@ repoServer:
      - ALL
  ## Readiness and liveness probes for default backend
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
@ -2681,7 +2827,7 @@ repoServer:
  # -- Assign custom [TopologySpreadConstraints] rules to the repo server
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -3008,7 +3154,7 @@ applicationSet:
      - ALL
  ## Probes for ApplicationSet controller (optional)
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Enable Kubernetes liveness probe for ApplicationSet controller
    enabled: false
@ -3226,12 +3372,13 @@ notifications:
  # @default -- `[]` (defaults to global.imagePullSecrets)
  imagePullSecrets: []
  # DEPRECATED - Use configs.params to override
  # -- Notifications controller log format. Either `text` or `json`
  # @default -- `""` (defaults to global.logging.format)
-  logFormat: ""
+  # logFormat: ""
  # -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error`
  # @default -- `""` (defaults to global.logging.level)
-  logLevel: ""
+  # logLevel: ""
  # -- Extra arguments to provide to the notifications controller
  extraArgs: []
@ -3385,7 +3532,7 @@ notifications:
      - ALL
  ## Probes for notifications controller Pods (optional)
-  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Enable Kubernetes liveness probe for notifications controller Pods
    enabled: false
@ -3431,7 +3578,7 @@ notifications:
  # -- Assign custom [TopologySpreadConstraints] rules to the application controller
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
@ -3742,3 +3889,183 @@ notifications:
    # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
    # defaultTriggers: |
    #   - on-sync-status-unknown
 commitServer:
  # -- Enable commit server
  enabled: false
  # -- Commit server name
  name: commit-server
  # -- Runtime class name for the commit server
  # @default -- `""` (defaults to global.runtimeClassName)
  runtimeClassName: ""
  ## commit server controller image
  image:
    # -- Repository to use for the commit server
    # @default -- `""` (defaults to global.image.repository)
    repository: ""
    # -- Tag to use for the commit server
    # @default -- `""` (defaults to global.image.tag)
    tag: ""
    # -- Image pull policy for the commit server
    # @default -- `""` (defaults to global.image.imagePullPolicy)
    imagePullPolicy: ""
  # -- commit server command line flags
  extraArgs: []
  # -- Environment variables to pass to the commit server
  extraEnv: []
    # - name: "MY_VAR"
    #   value: "value"
  # -- envFrom to pass to the commit server
  # @default -- `[]` (See [values.yaml])
  extraEnvFrom: []
    # - configMapRef:
    #     name: config-map-name
    # - secretRef:
    #     name: secret-name
  # -- List of extra mounts to add (normally used with extraVolumes)
  extraVolumeMounts: []
  # -- List of extra volumes to add
  extraVolumes: []
  metrics:
    # -- Enables prometheus metrics server
    enabled: false
    service:
      # -- Metrics service type
      type: ClusterIP
      # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
      clusterIP: ""
      # -- Metrics service annotations
      annotations: {}
      # -- Metrics service labels
      labels: {}
      # -- Metrics service port
      servicePort: 8087
      # -- Metrics service port name
      portName: metrics
  ## commit server service configuration
  service:
    # -- commit server service annotations
    annotations: {}
    # -- commit server service labels
    labels: {}
  # -- Automount API credentials for the Service Account into the pod.
  automountServiceAccountToken: false
  serviceAccount:
    # -- Create commit server service account
    create: true
    # -- commit server service account name
    name: argocd-commit-server
    # -- Annotations applied to created service account
    annotations: {}
    # -- Labels applied to created service account
    labels: {}
    # -- Automount API credentials for the Service Account
    automountServiceAccountToken: true
  # -- Annotations to be added to commit server Deployment
  deploymentAnnotations: {}
  # -- Annotations for the commit server pods
  podAnnotations: {}
  # -- Labels for the commit server pods
  podLabels: {}
  # -- Resource limits and requests for the commit server pods.
  resources: {}
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi
  # -- [DNS configuration]
  dnsConfig: {}
  # -- Alternative DNS policy for commit server pods
  dnsPolicy: "ClusterFirst"
  # -- commit server container-level security context
  # @default -- See [values.yaml]
  containerSecurityContext:
    runAsNonRoot: true
    readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - ALL
    seccompProfile:
      type: RuntimeDefault
  ## Probes for commit server (optional)
  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Enable Kubernetes liveness probe for commit server
    enabled: true
    # -- Number of seconds after the container has started before [probe] is initiated
    initialDelaySeconds: 5
    # -- How often (in seconds) to perform the [probe]
    periodSeconds: 10
    # -- Number of seconds after which the [probe] times out
    timeoutSeconds: 1
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
  livenessProbe:
    # -- Enable Kubernetes liveness probe for commit server
    enabled: true
    # -- Number of seconds after the container has started before [probe] is initiated
    initialDelaySeconds: 30
    # -- How often (in seconds) to perform the [probe]
    periodSeconds: 30
    # -- Number of seconds after which the [probe] times out
    timeoutSeconds: 5
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 3
  # -- terminationGracePeriodSeconds for container lifecycle hook
  terminationGracePeriodSeconds: 30
  # -- [Node selector]
  # @default -- `{}` (defaults to global.nodeSelector)
  nodeSelector: {}
  # -- [Tolerations] for use with node taints
  # @default -- `[]` (defaults to global.tolerations)
  tolerations: []
  # -- Assign custom [affinity] rules
  # @default -- `{}` (defaults to global.affinity preset)
  affinity: {}
  # -- Assign custom [TopologySpreadConstraints] rules to the commit server
  # @default -- `[]` (defaults to global.topologySpreadConstraints)
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
  topologySpreadConstraints: []
    # - maxSkew: 1
    #   topologyKey: topology.kubernetes.io/zone
    #   whenUnsatisfiable: DoNotSchedule
  # -- Deployment strategy to be added to the commit server Deployment
  deploymentStrategy: {}
    # type: RollingUpdate
    # rollingUpdate:
    #   maxSurge: 25%
    #   maxUnavailable: 25%
  # -- Priority class for the commit server pods
  # @default -- `""` (defaults to global.priorityClassName)
  priorityClassName: ""