Update Helm release gitea to v12

clusters/cl01tl/services/harbor/templates/external-secret.yaml

@@ -4,11 +4,8 @@ metadata:
   name: harbor-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: harbor-secret
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -71,11 +68,8 @@ metadata:
   name: harbor-postgresql-17-cluster-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/services/tailscale-operator/templates/connector.yaml

@@ -4,11 +4,8 @@ metadata:
   name: subnet-router-local
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: subnet-router-local
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: tailscale
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   hostname: subnet-router-local-cl01tl
   proxyClass: default

clusters/cl01tl/services/tailscale-operator/templates/dns-config.yaml

@@ -4,11 +4,8 @@ metadata:
   name: ts-dns
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: ts-dns
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: tailscale
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   nameserver:
     image:

clusters/cl01tl/services/tailscale-operator/templates/external-secrets.yaml

@@ -4,11 +4,8 @@ metadata:
   name: operator-oauth
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: operator-oauth
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/services/tailscale-operator/templates/proxy-class.yaml

@@ -4,11 +4,8 @@ metadata:
   name: default
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: default
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: proxy
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   metrics:
     enable: true
@@ -32,11 +29,8 @@ metadata:
   name: no-metrics
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: no-metrics
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: proxy
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   metrics:
     enable: false

clusters/cl01tl/services/talos/templates/external-secret.yaml

@@ -4,11 +4,8 @@ metadata:
   name: talos-etcd-backup-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: talos-etcd-backup-secret
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
   annotations:
     kubernetes.io/service-account.name: talos-backup-secrets
 spec:

clusters/cl01tl/services/talos/templates/secret.yaml

@@ -4,10 +4,7 @@ metadata:
   name: talos-backup-secrets
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: talos-backup-secrets
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
   annotations:
     kubernetes.io/service-account.name: talos-backup-secrets

clusters/cl01tl/services/talos/templates/service-account.yaml

@@ -4,11 +4,8 @@ metadata:
   name: talos-backup-secrets
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: talos-backup-secrets
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   roles:
     - os:etcd:backup

clusters/cl01tl/standalone/cilium/templates/cilium-l2-announcement-policy.yaml

@@ -4,11 +4,8 @@ metadata:
   name: default-l2-announcement-policy
   namespace: cilium
   labels:
-    app.kubernetes.io/name: default-l2-announcement-policy
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: network
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   interfaces:
     - enp6s0

clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml

@@ -4,11 +4,8 @@ metadata:
   name: default-ip-pool
   namespace: cilium
   labels:
-    app.kubernetes.io/name: default-ip-pool
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: network
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   blocks:
     - start: "10.232.1.21"

clusters/cl01tl/standalone/cilium/templates/http-route.yaml

@@ -4,11 +4,8 @@ metadata:
   name: http-route-hubble
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: http-route-hubble
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   parentRefs:
     - group: gateway.networking.k8s.io

clusters/cl01tl/standalone/kubelet-serving-cert-approver/Chart.yaml

@@ -17,6 +17,6 @@ dependencies:
   - name: app-template
     alias: kubelet-serving-cert-approver
     repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 3.7.3
+    version: 4.0.1
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
 appVersion: 0.9.1

clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml

@@ -4,16 +4,13 @@ metadata:
   name: kubelet-serving-cert-approver
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: "certificates:{{ .Release.Name }}"
 subjects:
   - kind: ServiceAccount
-    name: {{ .Release.Name }}
+    name: kubelet-serving-cert-approver
     namespace: {{ .Release.Namespace }}

clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/cluster-role.yaml

@@ -4,11 +4,8 @@ metadata:
   name: "certificates:{{ .Release.Name }}"
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 rules:
   - apiGroups:
       - certificates.k8s.io
@@ -46,11 +43,8 @@ metadata:
   name: "events:{{ .Release.Name }}"
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 rules:
   - apiGroups:
       - ""

clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/namespace.yaml

@@ -3,7 +3,7 @@ kind: Namespace
 metadata:
   name: kubelet-serving-cert-approver
   labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     pod-security.kubernetes.io/audit: restricted
     pod-security.kubernetes.io/enforce: restricted

clusters/cl01tl/standalone/kubelet-serving-cert-approver/templates/role-binding.yaml

@@ -4,11 +4,8 @@ metadata:
   name: "events:{{ .Release.Name }}"
   namespace: default
   labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
+    app.kubernetes.io/name: {{ .Release.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

clusters/cl01tl/standalone/kubelet-serving-cert-approver/values.yaml

@@ -30,6 +30,10 @@ kubelet-serving-cert-approver:
       replicas: 1
       strategy: Recreate
       revisionHistoryLimit: 3
+      serviceAccount:
+        name: kubelet-serving-cert-approver
+      pod:
+        automountServiceAccountToken: true
       containers:
         main:
           image:
@@ -56,7 +60,9 @@ kubelet-serving-cert-approver:
             readOnlyRootFilesystem: true
             runAsNonRoot: true
   serviceAccount:
-    create: true
+    kubelet-serving-cert-approver:
+      enabled: true
+      staticToken: true
   service:
     main:
       controller: main