chore(deps): update helm/chart-testing-action action to v2.8.0

2026-04-26 19:13:23 +00:00
45 changed files with 204 additions and 371 deletions
@@ -18,7 +18,7 @@ env:

 jobs:
  chart-testing:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
@@ -108,7 +108,7 @@ jobs:
          image: true

  lint-helm:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
@@ -14,7 +14,7 @@ env:

 jobs:
  release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
@@ -14,7 +14,7 @@ env:

 jobs:
  release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
@@ -14,7 +14,7 @@ env:

 jobs:
  release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
@@ -14,7 +14,7 @@ env:

 jobs:
  release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
@@ -14,7 +14,7 @@ env:

 jobs:
  release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
@@ -14,7 +14,7 @@ env:

 jobs:
  release:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-js
    steps:
      - name: Checkout
        uses: actions/checkout@v6
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 5.0.1
-digest: sha256:754f21ee6fca6dc4a85e91384ff0b919b715234d764ef344bd3bbe93414275d3
-generated: "2026-05-17T20:56:16.253838-05:00"
+  version: 4.6.2
+digest: sha256:35e8f4e5d15d878c246a04eb51de580291f31203fa10e9e4d2318f16026b2061
+generated: "2026-01-16T13:29:29.385123-06:00"
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: cloudflared
-version: 3.3.1
+version: 2.6.0
 description: Cloudflared Tunnel
 keywords:
  - cloudflare
@@ -14,7 +14,7 @@ maintainers:
 dependencies:
  - name: common
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 5.0.1
+    version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/cloudflare.png
 # renovate: datasource=docker depName=cloudflare/cloudflared
-appVersion: 2026.5.0
+appVersion: 2026.3.0
@@ -1,6 +1,6 @@
 # cloudflared

-![Version: 3.3.1](https://img.shields.io/badge/Version-3.3.1-informational?style=flat-square) ![AppVersion: 2026.5.0](https://img.shields.io/badge/AppVersion-2026.5.0-informational?style=flat-square)
+![Version: 2.6.0](https://img.shields.io/badge/Version-2.6.0-informational?style=flat-square) ![AppVersion: 2026.3.0](https://img.shields.io/badge/AppVersion-2026.3.0-informational?style=flat-square)

 Cloudflared Tunnel

@@ -20,16 +20,14 @@ Cloudflared Tunnel

 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s-labs.github.io/helm-charts/ | common | 5.0.1 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.2 |

 ## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2026.5.0@sha256:59bab8d3aceec09bf6bdb07d6beca0225ca5cd7ab79436a87ea97978fe1dc4f9"}` | Default image |
-| metrics | object | `{"enabled":true}` | Metrics |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2026.3.0@sha256:6b599ca3e974349ead3286d178da61d291961182ec3fe9c505e1dd02c8ac31b0"}` | Default image |
 | name | string | `""` | Name override of release |
-| protocol | string | `"auto"` | Protocol - Available values are auto, http2, and quic. |
 | resources | object | `{"requests":{"cpu":"1m","memory":"20Mi"}}` | Default resources |
 | secret | object | `{"existingSecret":{"key":"cf-tunnel-token","name":"cloudflared-secret"},"externalSecret":{"additionalLabels":{},"enabled":true,"nameOverride":"","store":{"name":"openbao","path":"/cloudflare/tunnels","property":"token"}}}` | Secret configuration |
 | secret.existingSecret | object | `{"key":"cf-tunnel-token","name":"cloudflared-secret"}` | Name of existing secret that contains Cloudflare token |
@@ -4,14 +4,10 @@
 global:
  nameOverride: {{ include "cloudflared.name" . }}
  fullNameOverride: {{ include "cloudflared.name" . }}
-  createDefaultServiceAccount: true
 controllers:
  main:
    type: deployment
-    replicas: 1
    strategy: Recreate
-    serviceAccount:
-      identifier: {{ .Release.Name }}
    containers:
      main:
        image:
@@ -21,12 +17,8 @@ controllers:
        args:
          - tunnel
          - --protocol
-          - {{ .Values.protocol }}
+          - http2
          - --no-autoupdate
-          {{- if .Values.metrics.enabled }}
-          - --metrics
-          - 0.0.0.0:20241
-          {{- end }}
          - run
          - --token
          - $(CF_MANAGED_TUNNEL_TOKEN)
@@ -37,30 +29,10 @@ controllers:
                name: {{ include "secret.name" . }}
                key: {{ include "secret.key" . }}
        resources:
-          {{- with .Values.resources }}
+        {{- with .Values.resources }}
+        resources:
          {{- toYaml . | nindent 10 }}
-          {{ end }}
-{{- if .Values.metrics.enabled }}
-service:
-  main:
-    controller: main
-    ports:
-      metrics:
-        port: 20241
-        targetPort: 20241
-serviceMonitor:
-  main:
-    selector:
-      matchLabels:
-        app.kubernetes.io/name: {{ include "cloudflared.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Namespace }}
-    serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
-    endpoints:
-      - port: metrics
-        interval: 30s
-        scrapeTimeout: 10s
-        path: /metrics
-{{- end }}
+        {{ end }}
 {{- end -}}
 {{- $_ := mergeOverwrite .Values (include "cloudflared.hardcodedValues" . | fromYaml) -}}

@@ -1,13 +1,6 @@
 # -- Name override of release
 name: ""

-# -- Protocol - Available values are auto, http2, and quic.
-protocol: auto
-
-# -- Metrics
-metrics:
-  enabled: true
-
 # -- Secret configuration
 secret:

@@ -33,7 +26,7 @@ secret:
 # -- Default image
 image:
  repository: cloudflare/cloudflared
-  tag: 2026.5.0@sha256:59bab8d3aceec09bf6bdb07d6beca0225ca5cd7ab79436a87ea97978fe1dc4f9
+  tag: 2026.3.0@sha256:6b599ca3e974349ead3286d178da61d291961182ec3fe9c505e1dd02c8ac31b0
  pullPolicy: IfNotPresent

 # -- Default resources
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 5.0.1
-digest: sha256:754f21ee6fca6dc4a85e91384ff0b919b715234d764ef344bd3bbe93414275d3
-generated: "2026-05-17T20:56:28.479119-05:00"
+  version: 4.6.2
+digest: sha256:35e8f4e5d15d878c246a04eb51de580291f31203fa10e9e4d2318f16026b2061
+generated: "2026-01-16T13:29:01.760344-06:00"
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: generic-device-plugin
-version: 0.21.6
+version: 0.20.31
 description: Generic Device Plugin
 keywords:
  - generic-device-plugin
@@ -14,5 +14,5 @@ maintainers:
 dependencies:
  - name: common
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 5.0.1
-appVersion: 0.21.1
+    version: 4.6.2
+appVersion: 0.20.17
@@ -1,6 +1,6 @@
 # generic-device-plugin

-![Version: 0.21.6](https://img.shields.io/badge/Version-0.21.6-informational?style=flat-square) ![AppVersion: 0.21.1](https://img.shields.io/badge/AppVersion-0.21.1-informational?style=flat-square)
+![Version: 0.20.31](https://img.shields.io/badge/Version-0.20.31-informational?style=flat-square) ![AppVersion: 0.20.17](https://img.shields.io/badge/AppVersion-0.20.17-informational?style=flat-square)

 Generic Device Plugin

@@ -19,7 +19,7 @@ Generic Device Plugin

 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s-labs.github.io/helm-charts/ | common | 5.0.1 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.2 |

 ## Values

@@ -28,7 +28,7 @@ Generic Device Plugin
 | config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
 | config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
 | deviceDomain | string | `"devic.es"` | Domain used by devices for identifcation |
-| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:dc192e164c69b03f156765793a1be62ca437709ae477b27ca7d8f3dcf5021576"}` | Default image |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:d9e098e33a20c32a561adb1ef8cace7d5912cd5ffb38f07dd9f83af4bdf38505"}` | Default image |
 | name | string | `"generic-device-plugin"` | Name override of release |
 | resources | object | `{"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
 | service | object | `{"listenPort":8080}` | Service port |
@@ -4,7 +4,7 @@ name: generic-device-plugin
 # -- Default image
 image:
  repository: ghcr.io/squat/generic-device-plugin
-  tag: latest@sha256:dc192e164c69b03f156765793a1be62ca437709ae477b27ca7d8f3dcf5021576
+  tag: latest@sha256:d9e098e33a20c32a561adb1ef8cace7d5912cd5ffb38f07dd9f83af4bdf38505
  pullPolicy: Always

 # -- Domain used by devices for identifcation
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 7.15.0
+version: 7.12.1
 description: Cloudnative-pg Cluster
 keywords:
  - database
@@ -12,4 +12,4 @@ maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
 # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
-appVersion: v1.29.1
+appVersion: v1.29.0
@@ -1,6 +1,6 @@
 # postgres-cluster

-![Version: 7.15.0](https://img.shields.io/badge/Version-7.15.0-informational?style=flat-square) ![AppVersion: v1.29.1](https://img.shields.io/badge/AppVersion-v1.29.1-informational?style=flat-square)
+![Version: 7.12.1](https://img.shields.io/badge/Version-7.12.1-informational?style=flat-square) ![AppVersion: v1.29.0](https://img.shields.io/badge/AppVersion-v1.29.0-informational?style=flat-square)

 Cloudnative-pg Cluster

@@ -19,17 +19,17 @@ Cloudnative-pg Cluster

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| backup | object | `{"externalSecret":{"enabled":true},"method":"objectStore","objectStore":[],"scheduledBackups":[]}` | Backup settings |
+| backup | object | `{"externalSecret":{"enabled":true},"method":"objectStore","objectStore":null,"scheduledBackups":[]}` | Backup settings |
 | backup.externalSecret | object | `{"enabled":true}` | Use generated External Secrets, credentialPath points at path in cluster store that contains the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY |
 | backup.method | string | `"objectStore"` | Method to create backups, options currently are only objectStore |
-| backup.objectStore | list | `[]` | Options for object store backups |
+| backup.objectStore | string | `nil` | Options for object store backups |
 | backup.scheduledBackups | list | `[]` | List of scheduled backups |
-| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.4-standard-trixie"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{"database":"app","owner":"app"},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":true,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"512MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"50m","memory":"512Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":"local-path"},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":"local-path"}}` | Cluster settings |
+| cluster | object | `{"additionalLabels":{},"affinity":{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"},"annotations":{},"certificates":{},"enablePDB":true,"enableSuperuserAccess":false,"image":{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.3-standard-trixie"},"imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"initdb":{"database":"app","owner":"app"},"instances":3,"logLevel":"info","monitoring":{"customQueries":[],"customQueriesSecret":[],"disableDefaultQueries":false,"enabled":true,"podMonitor":{"enabled":true,"metricRelabelings":[],"relabelings":[]},"prometheusRule":{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}},"postgresGID":-1,"postgresUID":-1,"postgresql":{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}},"primaryUpdateMethod":"switchover","primaryUpdateStrategy":"unsupervised","priorityClassName":"","resources":{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"20m","memory":"80Mi"}},"roles":[],"serviceAccountTemplate":{},"services":{},"storage":{"size":"10Gi","storageClass":"local-path"},"superuserSecret":"","walStorage":{"enabled":true,"size":"2Gi","storageClass":"local-path"}}` | Cluster settings |
 | cluster.affinity | object | `{"enablePodAntiAffinity":true,"topologyKey":"kubernetes.io/hostname"}` | Affinity/Anti-affinity rules for Pods. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration |
 | cluster.certificates | object | `{}` | The configuration for the CA and related certificates. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration |
 | cluster.enablePDB | bool | `true` | Allow to disable PDB, mainly useful for upgrade of single-instance clusters or development purposes See: https://cloudnative-pg.io/documentation/current/kubernetes_upgrade/#pod-disruption-budgets |
 | cluster.enableSuperuserAccess | bool | `false` | When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. If the secret is not present, the operator will automatically create one. When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. |
-| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.4-standard-trixie"}` | Default image |
+| cluster.image | object | `{"repository":"ghcr.io/cloudnative-pg/postgresql","tag":"18.3-standard-trixie"}` | Default image |
 | cluster.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | cluster.imagePullSecrets | list | `[]` | The list of pull secrets to be used to pull the images. See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-LocalObjectReference |
 | cluster.initdb | object | `{"database":"app","owner":"app"}` | Bootstrap is the configuration of the bootstrap process when initdb is used. See: https://cloudnative-pg.io/documentation/current/bootstrap/ See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-bootstrapinitdb |
@@ -42,20 +42,19 @@ Cloudnative-pg Cluster
 | cluster.monitoring.podMonitor.enabled | bool | `true` | Whether to enable the PodMonitor |
 | cluster.monitoring.podMonitor.metricRelabelings | list | `[]` | The list of metric relabelings for the PodMonitor. Applied to samples before ingestion. |
 | cluster.monitoring.podMonitor.relabelings | list | `[]` | The list of relabelings for the PodMonitor. Applied to samples before scraping. |
-| cluster.monitoring.prometheusRule | object | `{"enabled":true,"excludeRules":["CNPGClusterLastFailedArchiveTimeWarning"]}` | Prometheus rule |
 | cluster.monitoring.prometheusRule.enabled | bool | `true` | Whether to enable the PrometheusRule automated alerts |
 | cluster.monitoring.prometheusRule.excludeRules | list | `["CNPGClusterLastFailedArchiveTimeWarning"]` | Exclude specified rules |
 | cluster.postgresUID | int | `-1` | The UID and GID of the postgres user inside the image, defaults to 26 |
-| cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"512MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
+| cluster.postgresql | object | `{"ldap":{},"parameters":{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"},"pg_hba":[],"pg_ident":[],"shared_preload_libraries":[],"synchronous":{}}` | Parameters to be set for the database itself See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration |
 | cluster.postgresql.ldap | object | `{}` | PostgreSQL LDAP configuration (see https://cloudnative-pg.io/documentation/current/postgresql_conf/#ldap-configuration) |
-| cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"512MB"}` | PostgreSQL configuration options (postgresql.conf) |
+| cluster.postgresql.parameters | object | `{"hot_standby_feedback":"on","max_slot_wal_keep_size":"2000MB","shared_buffers":"128MB"}` | PostgreSQL configuration options (postgresql.conf) |
 | cluster.postgresql.pg_hba | list | `[]` | PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file) |
 | cluster.postgresql.pg_ident | list | `[]` | PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file) |
 | cluster.postgresql.shared_preload_libraries | list | `[]` | Lists of shared preload libraries to add to the default ones |
 | cluster.postgresql.synchronous | object | `{}` | Quorum-based Synchronous Replication |
 | cluster.primaryUpdateMethod | string | `"switchover"` | Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated. It can be switchover (default) or restart. |
 | cluster.primaryUpdateStrategy | string | `"unsupervised"` | Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised) |
-| cluster.resources | object | `{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"50m","memory":"512Mi"}}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
+| cluster.resources | object | `{"limits":{"hugepages-2Mi":"256Mi"},"requests":{"cpu":"20m","memory":"80Mi"}}` | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. We strongly advise you use the same setting for limits and requests so that your cluster pods are given a Guaranteed QoS. See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/ |
 | cluster.roles | list | `[]` | This feature enables declarative management of existing roles, as well as the creation of new roles if they are not already present in the database. See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ |
 | cluster.serviceAccountTemplate | object | `{}` | Configure the metadata of the generated service account |
 | cluster.services | object | `{}` | Customization of service definitions. Please refer to https://cloudnative-pg.io/documentation/current/service_management/ |
@@ -1,11 +1,12 @@
 {{- define "cluster.bootstrap" -}}
-{{- if eq .Values.mode "standalone" -}}
+
+{{- if eq .Values.mode "standalone" }}
 bootstrap:
  initdb:
    {{- with .Values.cluster.initdb }}
-      {{- with (omit . "postInitApplicationSQL" "owner" "import") }}
-      {{- . | toYaml | nindent 4 }}
-      {{- end }}
+        {{- with (omit . "postInitApplicationSQL" "owner" "import") }}
+            {{- . | toYaml | nindent 4 }}
+        {{- end }}
    {{- end }}
    {{- if .Values.cluster.initdb.owner }}
    owner: {{ tpl .Values.cluster.initdb.owner . }}
@@ -13,18 +14,20 @@ bootstrap:
    {{- if (.Values.cluster.initdb.postInitApplicationSQL) }}
    postInitApplicationSQL:
      {{- with .Values.cluster.initdb }}
-      {{- range .postInitApplicationSQL }}
-      {{- printf "- %s" . | nindent 6 }}
-      {{- end }}
+        {{- range .postInitApplicationSQL }}
+          {{- printf "- %s" . | nindent 6 }}
+        {{- end -}}
      {{- end }}
    {{- end }}
+
 {{- else if eq .Values.mode "recovery" -}}
 bootstrap:
+
  {{- if eq .Values.recovery.method "import" }}
  initdb:
    {{- with .Values.cluster.initdb }}
      {{- with (omit . "owner" "import" "postInitApplicationSQL") }}
-      {{- . | toYaml | nindent 4 }}
+        {{- . | toYaml | nindent 4 }}
      {{- end }}
    {{- end }}
    {{- if .Values.cluster.initdb.owner }}
@@ -55,45 +58,50 @@ bootstrap:
        {{- end }}
      {{- end }}
      schemaOnly: {{ .Values.recovery.import.schemaOnly }}
-      {{- with .Values.recovery.import.pgDumpExtraOptions }}
+      {{ with .Values.recovery.import.pgDumpExtraOptions }}
      pgDumpExtraOptions:
        {{- . | toYaml | nindent 8 }}
      {{- end }}
-      {{- with .Values.recovery.import.pgRestoreExtraOptions }}
+      {{ with .Values.recovery.import.pgRestoreExtraOptions }}
      pgRestoreExtraOptions:
        {{- . | toYaml | nindent 8 }}
      {{- end }}
+
  {{- else if eq .Values.recovery.method "backup" }}
  recovery:
    {{- with .Values.recovery.backup.pitrTarget.time }}
    recoveryTarget:
      targetTime: {{ . }}
    {{- end }}
-    {{- with .Values.recovery.backup.database }}
+    {{ with .Values.recovery.backup.database }}
    database: {{ . }}
    {{- end }}
-    {{- with .Values.recovery.backup.owner }}
+    {{ with .Values.recovery.backup.owner }}
    owner: {{ . }}
    {{- end }}
    backup:
      name: {{ .Values.recovery.backup.backupName }}
+
  {{- else if eq .Values.recovery.method "objectStore" }}
  recovery:
    {{- with .Values.recovery.objectStore.pitrTarget.time }}
    recoveryTarget:
      targetTime: {{ . }}
    {{- end }}
-    {{- with .Values.recovery.objectStore.database }}
+    {{ with .Values.recovery.objectStore.database }}
    database: {{ . }}
    {{- end }}
-    {{- with .Values.recovery.objectStore.owner }}
+    {{ with .Values.recovery.objectStore.owner }}
    owner: {{ . }}
    {{- end }}
    source: {{ include "cluster.recoveryServerName" . }}
-  {{- else -}}
+
+  {{-  else }}
    {{ fail "Invalid recovery mode!" }}
-  {{- end -}}
-{{- else -}}
+  {{- end }}
+
+{{-  else }}
  {{ fail "Invalid cluster mode!" }}
-{{- end -}}
-{{- end -}}
+{{- end }}
+
+{{- end }}
@@ -1,6 +1,6 @@
 {{- define "cluster.externalClusters" -}}
-{{- if eq .Values.mode "standalone" -}}
-{{- else if eq .Values.mode "recovery" -}}
+{{- if eq .Values.mode "standalone" }}
+{{- else if eq .Values.mode "recovery" }}
 externalClusters:
  {{- if eq .Values.recovery.method "import" }}
  - name: importSource
@@ -15,7 +15,7 @@ externalClusters:
        barmanObjectName: "{{ include "cluster.name" . }}-recovery"
        serverName: {{ include "cluster.recoveryServerName" . }}
  {{- end }}
-{{- else -}}
+{{- else }}
  {{ fail "Invalid cluster mode!" }}
-{{- end -}}
-{{- end -}}
+{{- end }}
+{{ end }}
@@ -30,4 +30,4 @@
    name: {{ $config.sslRootCertSecret.name }}
    key: {{ $config.sslRootCertSecret.key }}
  {{- end }}
-{{- end -}}
+{{- end }}
@@ -35,7 +35,7 @@ spec:
  {{- with .Values.cluster.resources }}
  resources:
    {{- toYaml . | nindent 4 }}
-  {{- end }}
+  {{ end }}
  {{- with .Values.cluster.affinity }}
  affinity:
    {{- toYaml . | nindent 4 }}
@@ -43,6 +43,7 @@ spec:
  {{- if .Values.cluster.priorityClassName }}
  priorityClassName: {{ .Values.cluster.priorityClassName }}
  {{- end }}
+
  primaryUpdateMethod: {{ .Values.cluster.primaryUpdateMethod }}
  primaryUpdateStrategy: {{ .Values.cluster.primaryUpdateStrategy }}
  logLevel: {{ .Values.cluster.logLevel }}
@@ -56,6 +57,7 @@ spec:
    name: {{ . }}
  {{ end }}
  enablePDB: {{ .Values.cluster.enablePDB }}
+
  postgresql:
    {{- if .Values.cluster.postgresql.shared_preload_libraries }}
    shared_preload_libraries:
@@ -83,6 +85,7 @@ spec:
    parameters:
      {{- toYaml . | nindent 6 }}
    {{- end }}
+
  {{- if not (and (empty .Values.cluster.roles) (empty .Values.cluster.services)) }}
  managed:
    {{- with .Values.cluster.services }}
@@ -94,12 +97,14 @@ spec:
      {{- toYaml . | nindent 6 }}
    {{ end }}
  {{- end }}
+
  {{- with .Values.cluster.serviceAccountTemplate }}
  serviceAccountTemplate:
    {{- toYaml . | nindent 4 }}
  {{- end }}
+
  monitoring:
-    enablePodMonitor: false
+    enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
    disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
    {{- if not (empty .Values.cluster.monitoring.customQueries) }}
    customQueriesConfigMap:
@@ -122,9 +127,9 @@ spec:
    {{- with .Values.cluster.monitoring.podMonitor.metricRelabelings }}
    podMonitorMetricRelabelings:
      {{- toYaml . | nindent 6 }}
+    {{ end }}
    {{- end }}
-    {{- end }}
-  {{- if not (empty .Values.backup.objectStore) }}
+
  plugins:
  {{- range $objectStore := .Values.backup.objectStore }}
    - name: barman-cloud.cloudnative-pg.io
@@ -141,7 +146,7 @@ spec:
        {{- else }}
        serverName: "{{ include "cluster.name" $ }}-backup-{{ $objectStore.index }}"
        {{- end }}
-  {{- end -}}
-  {{- end -}}
-  {{- include "cluster.bootstrap" . | nindent 2 -}}
-  {{- include "cluster.externalClusters" . | nindent 2 -}}
+  {{- end }}
+
+  {{ include "cluster.bootstrap" . | nindent 2 }}
+  {{ include "cluster.externalClusters" . | nindent 2 }}
@@ -1,6 +1,6 @@
-{{- if and (eq .Values.backup.method "objectStore") (.Values.backup.externalSecret.enabled) }}
-{{- $context := . }}
-{{- range .Values.backup.objectStore }}
+{{ if and (eq .Values.backup.method "objectStore") (.Values.backup.externalSecret.enabled) }}
+{{ $context := . -}}
+{{ range .Values.backup.objectStore -}}
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
@@ -30,8 +30,8 @@ spec:
      remoteRef:
        key: {{ .externalSecretCredentialPath| required "External Secret Credential local path is required" }}
        property: ACCESS_SECRET_KEY
-{{- end }}
-{{- end }}
+{{ end -}}
+{{ end }}

 {{- if and (eq .Values.recovery.method "objectStore") (.Values.recovery.objectStore.externalSecret.enabled) }}
 ---
@@ -1,6 +1,6 @@
-{{- if (eq .Values.backup.method "objectStore") }}
-{{- $context := . }}
-{{- range .Values.backup.objectStore }}
+{{ if (eq .Values.backup.method "objectStore") }}
+{{ $context := . -}}
+{{ range .Values.backup.objectStore -}}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
@@ -57,9 +57,10 @@ spec:
      region:
        name: {{ include "cluster.backupSecretName" (dict "instance" . "global" $context) }}
        key: ACCESS_REGION
-{{- end }}
-{{- end }}
-{{- if eq .Values.recovery.method "objectStore" }}
+{{ end -}}
+{{ end }}
+
+{{ if eq .Values.recovery.method "objectStore" }}
 ---
 apiVersion: barmancloud.cnpg.io/v1
 kind: ObjectStore
@@ -103,4 +104,4 @@ spec:
      region:
        name: {{ include "cluster.recoverySecretName" . }}
        key: ACCESS_REGION
-{{- end }}
+{{ end }}
@@ -1,18 +0,0 @@
-{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
---
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  name: {{ include "cluster.name" $ }}-cluster
-  namespace: {{ include "cluster.namespace" $ }}
-  labels:
-    app.kubernetes.io/name: {{ include "cluster.name" $ }}-cluster
-    {{- include "cluster.labels" $ | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-      cnpg.io/cluster: {{ include "cluster.name" $ }}-cluster
-      cnpg.io/podRole: instance
-  podMetricsEndpoints:
-    - port: metrics
-{{- end }}
@@ -47,6 +47,6 @@ spec:
  {{- end }}
  {{- with .template }}
  template:
-    {{ . | toYaml | nindent 4 }}
+    {{- . | toYaml | nindent 4 }}
  {{- end }}
 {{- end }}
@@ -1,5 +1,4 @@
-{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled }}
---
+{{- if and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.prometheusRule.enabled -}}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
@@ -26,4 +25,4 @@ spec:
        - {{ $tpl }}
        {{- end -}}
        {{- end }}
-{{- end }}
+{{ end }}
@@ -1,5 +1,5 @@
-{{- $context := . }}
-{{- range .Values.backup.scheduledBackups }}
+{{ $context := . -}}
+{{ range .Values.backup.scheduledBackups -}}
 ---
 apiVersion: postgresql.cnpg.io/v1
 kind: ScheduledBackup
@@ -21,4 +21,4 @@ spec:
    name: {{ .plugin | default "barman-cloud.cloudnative-pg.io" }}
    parameters:
      barmanObjectName: "{{ include "cluster.name" $context }}-backup-{{ .backupName }}"
-{{- end }}
+{{ end -}}
@@ -23,7 +23,7 @@ cluster:
  # -- Default image
  image:
    repository: ghcr.io/cloudnative-pg/postgresql
-    tag: 18.4-standard-trixie
+    tag: 18.3-standard-trixie

  # -- Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated.
  # More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
@@ -56,8 +56,8 @@ cluster:
  # See: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/
  resources:
    requests:
-      memory: 512Mi
-      cpu: 50m
+      memory: 80Mi
+      cpu: 20m
    limits:
      hugepages-2Mi: 256Mi

@@ -127,7 +127,6 @@ cluster:
      # Applied to samples before ingestion.
      metricRelabelings: []

-    # -- Prometheus rule
    prometheusRule:

      # -- Whether to enable the PrometheusRule automated alerts
@@ -165,7 +164,7 @@ cluster:

    # -- PostgreSQL configuration options (postgresql.conf)
    parameters:
-      shared_buffers: 512MB
+      shared_buffers: 128MB
      max_slot_wal_keep_size: 2000MB
      hot_standby_feedback: "on"

@@ -394,8 +393,7 @@ backup:
    enabled: true

  # -- Options for object store backups
-  objectStore: []
-
+  objectStore:
    # -
    #   # -- Object store backup name
    #   name: external
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 5.0.1
-digest: sha256:754f21ee6fca6dc4a85e91384ff0b919b715234d764ef344bd3bbe93414275d3
-generated: "2026-05-17T20:56:33.77714-05:00"
+  version: 4.6.2
+digest: sha256:35e8f4e5d15d878c246a04eb51de580291f31203fa10e9e4d2318f16026b2061
+generated: "2026-04-25T20:40:50.27544-05:00"
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: rclone-bucket
-version: 0.11.6
+version: 0.4.0
 description: Rclone CronJob to replicate buckets
 keywords:
  - rclone-bucket
@@ -14,7 +14,7 @@ maintainers:
 dependencies:
  - name: common
    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 5.0.1
+    version: 4.6.2
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
 # renovate: datasource=github-releases depName=rclone/rclone
-appVersion: v1.74.2
+appVersion: v1.73.5
@@ -1,6 +1,6 @@
 # rclone-bucket

-![Version: 0.11.4](https://img.shields.io/badge/Version-0.11.4-informational?style=flat-square) ![AppVersion: v1.74.1](https://img.shields.io/badge/AppVersion-v1.74.1-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: v1.73.5](https://img.shields.io/badge/AppVersion-v1.73.5-informational?style=flat-square)

 Rclone CronJob to replicate buckets

@@ -19,7 +19,7 @@ Rclone CronJob to replicate buckets

 | Repository | Name | Version |
 |------------|------|---------|
-| https://bjw-s-labs.github.io/helm-charts/ | common | 5.0.1 |
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.6.2 |

 ## Values

@@ -27,10 +27,8 @@ Rclone CronJob to replicate buckets
 |-----|------|---------|-------------|
 | additionalLabels | object | `{}` | Add additional labels |
 | cronJob | object | `{"backoffLimit":3,"parallelism":1,"schedule":"0 0 * * *","suspend":false,"timeZone":"America/Chicago"}` | CronJob configuration |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"rclone/rclone","tag":"1.74.1@sha256:eb8788b795f0009324e9572b0e2acb9b56885327c2746b07d67a9d3b893a6602"}` | Default image |
-| metrics | object | `{"enabled":true}` | Metrics |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"rclone/rclone","tag":"1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96"}` | Default image |
 | nameOverride | string | `""` | Default pattern follows <pvcTarget>-backup |
-| prometheusRule | object | `{"enabled":true}` | Prometheus Rule |
 | prune | object | `{"ageToPrune":"90d","enabled":false,"exclude":"","include":""}` | Enable prune job |
 | rclone | object | `{"destination":{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"},"providerType":"Other","source":{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"}}` | rclone configuration |
 | rclone.destination | object | `{"bucketName":"bucket","forcePathStyle":true,"providerType":"Other"}` | Destination configuration |
@@ -43,35 +43,35 @@ Generate the secret name
 {{/*
 Common env names
 */}}
-{{- define "secretRclone.envAccessKey" -}}
+{{- define "secret.envAccessKey" -}}
 ACCESS_KEY_ID
 {{- end }}
-{{- define "secretRclone.envSecretKey" -}}
+{{- define "secret.envSecretKey" -}}
 ACCESS_SECRET_KEY
 {{- end }}
-{{- define "secretRclone.envRegion" -}}
+{{- define "secret.envRegion" -}}
 ACCESS_REGION
 {{- end }}
-{{- define "secretRclone.envSrcEndpoint" -}}
+{{- define "secret.envSrcEndpoint" -}}
 SRC_ENDPOINT
 {{- end }}
-{{- define "secretRclone.envDestEndpoint" -}}
+{{- define "secret.envDestEndpoint" -}}
 DEST_ENDPOINT
 {{- end }}

 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "rclone.chart" -}}
+{{- define "secret.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}

 {{/*
 Common labels
 */}}
-{{- define "rclone.labels" -}}
-helm.sh/chart: {{ include "rclone.chart" $ }}
-{{ include "rclone.selectorLabels" $ }}
+{{- define "secret.labels" -}}
+helm.sh/chart: {{ include "secret.chart" $ }}
+{{ include "secret.selectorLabels" $ }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.Version | quote }}
 {{- end }}
@@ -84,7 +84,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "rclone.selectorLabels" -}}
+{{- define "secret.selectorLabels" -}}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
@@ -4,7 +4,6 @@
 global:
  nameOverride: {{ include "rclone.name" . }}
  fullNameOverride: {{ include "rclone.name" . }}
-  createDefaultServiceAccount: true
 controllers:
  main:
    type: cronjob
@@ -12,8 +11,6 @@ controllers:
    cronjob:
      {{- toYaml . | nindent 6 }}
    {{ end }}
-    serviceAccount:
-      identifier: {{ .Release.Name }}
    containers:
      sync:
        image:
@@ -26,22 +23,16 @@ controllers:
          - dest:{{ .Values.rclone.destination.bucketName }}
          - --s3-no-check-bucket
          {{- if .Values.prune.enabled }}
-          - --max-age
-          - {{ .Values.prune.ageToPrune | quote }}
+          - --min-age
+          - {{ .Values.prune.ageToPrune }}
          {{- end }}
          {{- if .Values.prune.include }}
          - --include
-          - {{ .Values.prune.include | quote }}
+          - {{ .Values.prune.include }}
          {{- end }}
          {{- if .Values.prune.exclude }}
          - --exclude
-          - {{ .Values.prune.exclude | quote }}
-          {{- end }}
-          {{- if .Values.metrics.enabled }}
-          - --rc
-          - --rc-addr=0.0.0.0:5572
-          - --rc-enable-metrics
-          - --rc-no-auth
+          - {{ .Values.prune.exclude }}
          {{- end }}
          - --verbose
        env:
@@ -52,57 +43,57 @@ controllers:
          - name: RCLONE_CONFIG_SRC_PROVIDER
            value: {{ .Values.rclone.source.providerType }}
          - name: RCLONE_CONFIG_SRC_ENV_AUTH
-            value: "false"
+            value: false
          - name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secretRclone.envAccessKey" . }}
+                key: {{ include "secret.envAccessKey" . }}
          - name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secretRclone.envSecretKey" . }}
+                key: {{ include "secret.envSecretKey" . }}
          - name: RCLONE_CONFIG_SRC_REGION
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secretRclone.envRegion" . }}
+                key: {{ include "secret.envRegion" . }}
          - name: RCLONE_CONFIG_SRC_ENDPOINT
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.sourceSecretName" . }}
-                key: {{ include "secretRclone.envSrcEndpoint" . }}
-          - name: RCLONE_CONFIG_SRC_FORCE_PATH_STYLE
-            value: {{ .Values.rclone.source.forcePathStyle | quote }}
+                key: {{ include "secret.envSrcEndpoint" . }}
+          - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
+            value: {{ .Values.rclone.source.forcePathStyle }}
          - name: RCLONE_CONFIG_DEST_TYPE
            value: s3
          - name: RCLONE_CONFIG_DEST_PROVIDER
            value: {{ .Values.rclone.destination.providerType }}
          - name: RCLONE_CONFIG_DEST_ENV_AUTH
-            value: "false"
+            value: false
          - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secretRclone.envAccessKey" . }}
+                key: {{ include "secret.envAccessKey" . }}
          - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secretRclone.envSecretKey" . }}
+                key: {{ include "secret.envSecretKey" . }}
          - name: RCLONE_CONFIG_DEST_REGION
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secretRclone.envRegion" . }}
+                key: {{ include "secret.envRegion" . }}
          - name: RCLONE_CONFIG_DEST_ENDPOINT
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secretRclone.envDestEndpoint" . }}
-          - name: RCLONE_CONFIG_DEST_FORCE_PATH_STYLE
-            value: {{ .Values.rclone.destination.forcePathStyle | quote }}
+                key: {{ include "secret.envDestEndpoint" . }}
+          - name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
+            value: {{ .Values.rclone.destination.forcePathStyle }}
      {{- if .Values.prune.enabled }}
      prune:
        image:
@@ -113,72 +104,38 @@ controllers:
          - delete
          - dest:{{ .Values.rclone.destination.bucketName }}
          - --min-age
-          - {{ .Values.prune.ageToPrune | quote }}
+          - {{ .Values.prune.ageToPrune }}
          - --verbose
-          {{- if .Values.metrics.enabled }}
-          - --rc
-          - --rc-addr=0.0.0.0:5573
-          - --rc-enable-metrics
-          - --rc-no-auth
-          {{- end }}
        env:
          - name: RCLONE_CONFIG_DEST_TYPE
            value: s3
          - name: RCLONE_CONFIG_DEST_PROVIDER
            value: {{ .Values.rclone.destination.providerType }}
          - name: RCLONE_CONFIG_DEST_ENV_AUTH
-            value: "false"
+            value: false
          - name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secretRclone.envAccessKey" . }}
+                key: {{ include "secret.envAccessKey" . }}
          - name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secretRclone.envSecretKey" . }}
+                key: {{ include "secret.envSecretKey" . }}
          - name: RCLONE_CONFIG_DEST_REGION
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secretRclone.envRegion" . }}
+                key: {{ include "secret.envRegion" . }}
          - name: RCLONE_CONFIG_DEST_ENDPOINT
            valueFrom:
              secretKeyRef:
                name: {{ include "rclone.destinationSecretName" . }}
-                key: {{ include "secretRclone.envDestEndpoint" . }}
-          - name: RCLONE_CONFIG_DEST_FORCE_PATH_STYLE
-            value: {{ .Values.rclone.destination.forcePathStyle | quote }}
+                key: {{ include "secret.envDestEndpoint" . }}
+          - name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
+            value: {{ .Values.rclone.destination.forcePathStyle }}
      {{- end }}
-{{- if .Values.metrics.enabled }}
-service:
-  main:
-    controller: main
-    ports:
-      rc-sync:
-        port: 5572
-        targetPort: 5572
-      rc-prune:
-        port: 5573
-        targetPort: 5573
-serviceMonitor:
-  main:
-    selector:
-      matchLabels:
-        app.kubernetes.io/name: {{ include "rclone.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Namespace }}
-    serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
-    endpoints:
-      - port: rc-sync
-        interval: 10s
-        scrapeTimeout: 5s
-        path: /metrics
-      - port: rc-prune
-        interval: 10s
-        scrapeTimeout: 5s
-        path: /metrics
-{{- end }}
 {{- end -}}
 {{- $_ := mergeOverwrite .Values (include "rclone.hardcodedValues" . | fromYaml) -}}

@@ -6,7 +6,7 @@ metadata:
  name: {{ include "rclone.sourceSecretName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    {{- include "rclone.labels" . | nindent 4 }}
+    {{- include "secret.labels" . | nindent 4 }}
    app.kubernetes.io/name: {{ include "rclone.sourceSecretName" . }}
    {{- with .Values.additionalLabels }}
    {{- toYaml . | nindent 4 }}
@@ -16,19 +16,19 @@ spec:
    kind: ClusterSecretStore
    name: {{ .Values.secret.externalSecret.storeName | required "External Secret store name is required" }}
  data:
-    - secretKey: {{ include "secretRclone.envAccessKey" . }}
+    - secretKey: {{ include "secret.envAccessKey" . }}
      remoteRef:
        key: {{ .Values.secret.externalSecret.source.credentials.path }}
        property: {{ .Values.secret.externalSecret.source.credentials.keyIdProperty }}
-    - secretKey: {{ include "secretRclone.envSecretKey" . }}
+    - secretKey: {{ include "secret.envSecretKey" . }}
      remoteRef:
        key: {{ .Values.secret.externalSecret.source.credentials.path }}
        property: {{ .Values.secret.externalSecret.source.credentials.secretKeyProperty }}
-    - secretKey: {{ include "secretRclone.envRegion" . }}
+    - secretKey: {{ include "secret.envRegion" . }}
      remoteRef:
        key: {{ .Values.secret.externalSecret.source.credentials.path }}
        property: {{ .Values.secret.externalSecret.source.credentials.regionProperty }}
-    - secretKey: {{ include "secretRclone.envSrcEndpoint" . }}
+    - secretKey: {{ include "secret.envSrcEndpoint" . }}
      remoteRef:
        key: {{ .Values.secret.externalSecret.source.config.path }}
        property: {{ .Values.secret.externalSecret.source.config.endpointProperty }}
@@ -40,7 +40,7 @@ metadata:
  name: {{ include "rclone.destinationSecretName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    {{- include "rclone.labels" . | nindent 4 }}
+    {{- include "secret.labels" . | nindent 4 }}
    app.kubernetes.io/name: {{ include "rclone.destinationSecretName" . }}
    {{- with .Values.additionalLabels }}
    {{- toYaml . | nindent 4 }}
@@ -50,19 +50,19 @@ spec:
    kind: ClusterSecretStore
    name: {{ .Values.secret.externalSecret.storeName | required "External Secret store name is required" }}
  data:
-    - secretKey: {{ include "secretRclone.envAccessKey" . }}
+    - secretKey: {{ include "secret.envAccessKey" . }}
      remoteRef:
        key: {{ .Values.secret.externalSecret.destination.credentials.path }}
        property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
-    - secretKey: {{ include "secretRclone.envSecretKey" . }}
+    - secretKey: {{ include "secret.envSecretKey" . }}
      remoteRef:
        key: {{ .Values.secret.externalSecret.destination.credentials.path }}
-        property: {{ .Values.secret.externalSecret.destination.credentials.secretKeyProperty }}
-    - secretKey: {{ include "secretRclone.envRegion" . }}
+        property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
+    - secretKey: {{ include "secret.envRegion" . }}
      remoteRef:
        key: {{ .Values.secret.externalSecret.destination.credentials.path }}
-        property: {{ .Values.secret.externalSecret.destination.credentials.regionProperty }}
-    - secretKey: {{ include "secretRclone.envDestEndpoint" . }}
+        property: {{ .Values.secret.externalSecret.destination.credentials.keyIdProperty }}
+    - secretKey: {{ include "secret.envDestEndpoint" . }}
      remoteRef:
        key: {{ .Values.secret.externalSecret.destination.config.path }}
        property: {{ .Values.secret.externalSecret.destination.config.endpointProperty }}
@@ -1,32 +0,0 @@
-{{- if .Values.prometheusRule.enabled }}
---
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ include "rclone.name" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "rclone.labels" . | nindent 4 }}
-    app.kubernetes.io/name: {{ include "rclone.name" . }}
-    {{- with .Values.additionalLabels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  groups:
-    - name: rclone.alerts
-      rules:
-        - alert: RclonePodFailed
-          expr: |
-            (kube_pod_container_status_last_terminated_exitcode > 0)
-            * on(pod, namespace) group_left(owner_name)
-            kube_pod_owner{owner_kind="Job", owner_name=~"rclone-.*"}
-          for: 1m
-          labels:
-            severity: critical
-          annotations:
-            summary: "Rclone Pod failed in {{ `{{ $labels.namespace }}` }}"
-            description: |
-              A pod for the Rclone sync of s3 bucket '{{ .Values.rclone.source.bucketName }}' failed with exit code {{ `{{ $value }}` }}.
-              Job: {{ `{{ $labels.owner_name }}` }}
-              Namespace: {{ `{{ $labels.namespace }}` }}
-{{- end }}
@@ -7,7 +7,7 @@ additionalLabels: {}
 # -- Default image
 image:
  repository: rclone/rclone
-  tag: 1.74.2@sha256:9ce0d49b611d3781233e25334e9e23d7af01e5546da7087f90d55f034ef13637
+  tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
  pullPolicy: IfNotPresent

 # -- CronJob configuration
@@ -82,11 +82,3 @@ secret:

  existingSecretDestination:
    name: rclone-destination-secret
-
-# -- Metrics
-metrics:
-  enabled: true
-
-# -- Prometheus Rule
-prometheusRule:
-  enabled: true
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: valkey
-version: 0.9.0
+version: 0.6.1
 description: Valkey chart with preconfigured settings
 keywords:
  - valkey
@@ -19,4 +19,4 @@ dependencies:
    version: 0.9.4
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/valkey.png
 # renovate: datasource=github-releases depName=valkey-io/valkey
-appVersion: 9.1.0
+appVersion: 9.0.3
@@ -1,6 +1,6 @@
 # valkey

-![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![AppVersion: 9.1.0](https://img.shields.io/badge/AppVersion-9.1.0-informational?style=flat-square)
+![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) ![AppVersion: 9.0.3](https://img.shields.io/badge/AppVersion-9.0.3-informational?style=flat-square)

 Valkey chart with preconfigured settings

@@ -35,11 +35,11 @@ Valkey chart with preconfigured settings
 | valkey.dataStorage.requestedSize | string | `"1Gi"` |  |
 | valkey.image.registry | string | `"docker.io"` |  |
 | valkey.image.repository | string | `"valkey/valkey"` |  |
-| valkey.image.tag | string | `"9.1.0@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9"` |  |
+| valkey.image.tag | string | `"9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9"` |  |
 | valkey.metrics.enabled | bool | `true` |  |
 | valkey.metrics.exporter.image.registry | string | `"ghcr.io"` |  |
 | valkey.metrics.exporter.image.repository | string | `"oliver006/redis_exporter"` |  |
-| valkey.metrics.exporter.image.tag | string | `"v1.84.0@sha256:7ef8e9c26638158fa4e7ad60df8c7e53d1919986753d6c1d2d1876b6ec38d87b"` |  |
+| valkey.metrics.exporter.image.tag | string | `"v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03"` |  |
 | valkey.metrics.exporter.resources.requests.cpu | string | `"1m"` |  |
 | valkey.metrics.exporter.resources.requests.memory | string | `"10M"` |  |
 | valkey.metrics.podMonitor.enabled | bool | `true` |  |
@@ -3,7 +3,7 @@ valkey:
  image:
    registry: docker.io
    repository: valkey/valkey
-    tag: 9.1.0@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
+    tag: 9.0.3@sha256:3b55fbaa0cd93cf0d9d961f405e4dfcc70efe325e2d84da207a0a8e6d8fde4f9
  serviceAccount:
    create: true
  resources:
@@ -31,7 +31,7 @@ valkey:
      image:
        registry: ghcr.io
        repository: oliver006/redis_exporter
-        tag: v1.84.0@sha256:7ef8e9c26638158fa4e7ad60df8c7e53d1919986753d6c1d2d1876b6ec38d87b
+        tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03
      resources:
        requests:
          cpu: 1m
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: volsync-target
-version: 2.0.0
+version: 1.0.0
 description: Volsync Replication set to target specific PVC with preconfigured settings
 keywords:
  - volsync-target
@@ -1,6 +1,6 @@
 # volsync-target

-![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 0.15.0](https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square)
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 0.15.0](https://img.shields.io/badge/AppVersion-0.15.0-informational?style=flat-square)

 Volsync Replication set to target specific PVC with preconfigured settings

@@ -20,25 +20,24 @@ Volsync Replication set to target specific PVC with preconfigured settings
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | additionalLabels | object | `{}` | Add additional labels |
-| external | object | `{"enabled":true,"externalSecret":{"bucketPath":"/backblaze/config","credentialPath":"/backblaze/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":35,"repository":"","retain":{"daily":0,"hourly":0,"monthly":0,"weekly":12,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 9 * * 0"}` | External backup configuration |
-| external.externalSecret | object | `{"bucketPath":"/backblaze/config","credentialPath":"/backblaze/home-infra/volsync-backups"}` | External Secret configuration |
-| external.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":35,"repository":"","retain":{"daily":0,"hourly":0,"monthly":0,"weekly":12,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
-| external.schedule | string | `"0 9 * * 0"` | 5 character cron schedule |
+| external | object | `{"enabled":true,"externalSecret":{"bucketPath":"/digital-ocean/config","credentialPath":"/digital-ocean/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 9 * * *"}` | External backup configuration |
+| external.externalSecret | object | `{"bucketPath":"/digital-ocean/config","credentialPath":"/digital-ocean/home-infra/volsync-backups"}` | External Secret configuration |
+| external.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
+| external.schedule | string | `"0 9 * * *"` | 5 character cron schedule |
 | externalSecrets | object | `{"enabled":true}` | Use external secrets |
 | kubernetesClusterName | string | `"cl01tl"` | Kubernetes cluster name |
-| local | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":0,"weekly":4,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 8 * * *"}` | Local backup configuration |
+| local | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 8 * * *"}` | Local backup configuration |
 | local.externalSecret | object | `{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"}` | External Secret configuration |
-| local.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":0,"weekly":4,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
+| local.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
 | local.schedule | string | `"0 8 * * *"` | 5 character cron schedule |
 | moverSecurityContext | object | `{}` | Glocal security context for restic mover |
 | nameOverride | string | `""` | Default pattern follows <pvcTarget>-backup |
 | namespaceOverride | string | `""` | Override the namespace of the chart |
-| prometheusRule | object | `{"enabled":true}` | Prometheus Rule |
 | pvcTarget | string | `"data"` | Name of the PVC target |
-| remote | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":0,"hourly":0,"monthly":0,"weekly":12,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 10 * * 0"}` | Remote backup configuration |
+| remote | object | `{"enabled":false,"externalSecret":{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"},"restic":{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"},"schedule":"0 10 * * *"}` | Remote backup configuration |
 | remote.externalSecret | object | `{"bucketPath":"/garage/config","credentialPath":"/garage/home-infra/volsync-backups"}` | External Secret configuration |
-| remote.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":0,"hourly":0,"monthly":0,"weekly":12,"yearly":0},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
-| remote.schedule | string | `"0 10 * * 0"` | 5 character cron schedule |
+| remote.restic | object | `{"cacheCapacity":"1Gi","copyMethod":"Snapshot","pruneIntervalDays":7,"repository":"","retain":{"daily":7,"hourly":0,"monthly":3,"weekly":4,"yearly":1},"storageClassName":"ceph-block","volumeSnapshotClassName":"ceph-blockpool-snapshot"}` | Backup configuration, inserted directly into the yaml |
+| remote.schedule | string | `"0 10 * * *"` | 5 character cron schedule |

 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -1,32 +0,0 @@
-{{- if .Values.prometheusRule.enabled }}
---
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ include "volsync.name" . }}-source-local
-  namespace: {{ include "volsync.namespace" . }}
-  labels:
-    {{- include "volsync.labels" . | nindent 4 }}
-    app.kubernetes.io/name: {{ include "volsync.name" . }}-source-local
-    {{- with .Values.additionalLabels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  groups:
-    - name: volsync.alerts
-      rules:
-        - alert: VolSyncBackupPodFailed
-          expr: |
-            (kube_pod_container_status_last_terminated_exitcode > 0)
-            * on(pod, namespace) group_left(owner_name)
-            kube_pod_owner{owner_kind="Job", owner_name=~"volsync-.*"}
-          for: 1m
-          labels:
-            severity: critical
-          annotations:
-            summary: "VolSync Backup Pod failed in {{ `{{ $labels.namespace }}` }}"
-            description: |
-              A pod for the VolSync backup of PVC '{{ .Values.pvcTarget }}' failed with exit code {{ `{{ $value }}` }}.
-              Job: {{ `{{ $labels.owner_name }}` }}
-              Namespace: {{ `{{ $labels.namespace }}` }}
-{{- end }}
@@ -7,7 +7,7 @@ metadata:
  namespace: {{ include "volsync.namespace" . }}
  labels:
    {{- include "volsync.labels" . | nindent 4 }}
-    app.kubernetes.io/name: {{ include "volsync.name" . }}-source-local
+    app.kubernetes.io/name: {{ include "volsync.name" . }}
    {{- with .Values.additionalLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
@@ -16,10 +16,6 @@ pvcTarget: "data"
 # -- Glocal security context for restic mover
 moverSecurityContext: {}

-# -- Prometheus Rule
-prometheusRule:
-  enabled: true
-
 # -- Use external secrets
 externalSecrets:
  enabled: true
@@ -39,8 +35,8 @@ local:
      hourly: 0
      daily: 7
      weekly: 4
-      monthly: 0
-      yearly: 0
+      monthly: 3
+      yearly: 1
    copyMethod: Snapshot
    storageClassName: ceph-block
    volumeSnapshotClassName: ceph-blockpool-snapshot
@@ -58,7 +54,7 @@ remote:
  enabled: false

  # -- 5 character cron schedule
-  schedule: 0 10 * * 0
+  schedule: 0 10 * * *

  # -- Backup configuration, inserted directly into the yaml
  restic:
@@ -66,10 +62,10 @@ remote:
    repository: ""
    retain:
      hourly: 0
-      daily: 0
-      weekly: 12
-      monthly: 0
-      yearly: 0
+      daily: 7
+      weekly: 4
+      monthly: 3
+      yearly: 1
    copyMethod: Snapshot
    storageClassName: ceph-block
    volumeSnapshotClassName: ceph-blockpool-snapshot
@@ -87,18 +83,18 @@ external:
  enabled: true

  # -- 5 character cron schedule
-  schedule: 0 9 * * 0
+  schedule: 0 9 * * *

  # -- Backup configuration, inserted directly into the yaml
  restic:
-    pruneIntervalDays: 35
+    pruneIntervalDays: 7
    repository: ""
    retain:
      hourly: 0
-      daily: 0
-      weekly: 12
-      monthly: 0
-      yearly: 0
+      daily: 7
+      weekly: 4
+      monthly: 3
+      yearly: 1
    copyMethod: Snapshot
    storageClassName: ceph-block
    volumeSnapshotClassName: ceph-blockpool-snapshot
@@ -107,6 +103,6 @@ external:
  # -- External Secret configuration
  externalSecret:
    # This path must contain the ENDPOINT
-    bucketPath: /backblaze/config
+    bucketPath: /digital-ocean/config
    # This path must contain the AWS/S3 credentials and RESTIC_PASSWORD
-    credentialPath: /backblaze/home-infra/volsync-backups
+    credentialPath: /digital-ocean/home-infra/volsync-backups