[bitnami/kubeapps] Bump chart version to 10.4.0-dev0 (#12828)

* Remove kubeops from the chart Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> * Remove old testImage Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> * Sync rest of the Kubeapps' chart chanegs Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> * Bump chart version up Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> * Regenerate readme Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Antonio Gamez Diaz <agamez@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
2026-03-16 06:47:30 +08:00 · 2022-10-07 11:51:21 +02:00
parent 8ef44e189c
commit e8436d2a4f
20 changed files with 318 additions and 1073 deletions
--- a/bitnami/kubeapps/templates/_helpers.tpl
+++ b/bitnami/kubeapps/templates/_helpers.tpl
@@ -4,7 +4,7 @@
 Return the proper Docker Image Registry Secret Names
 */}}
 {{- define "kubeapps.imagePullSecrets" -}}
-{{ include "common.images.pullSecrets" (dict "images" (list .Values.frontend.image .Values.dashboard.image .Values.apprepository.image .Values.apprepository.syncImage .Values.kubeops.image .Values.authProxy.image .Values.pinnipedProxy.image .Values.kubeappsapis.image .Values.testImage) "global" .Values.global) }}
+{{ include "common.images.pullSecrets" (dict "images" (list .Values.frontend.image .Values.dashboard.image .Values.apprepository.image .Values.apprepository.syncImage .Values.authProxy.image .Values.pinnipedProxy.image .Values.kubeappsapis.image) "global" .Values.global) }}
 {{- end -}}

 {{/*
@@ -56,13 +56,6 @@ Return the proper kubeappsapis image name
 {{- include "common.images.image" (dict "imageRoot" .Values.kubeappsapis.image "global" .Values.global) -}}
 {{- end -}}

-{{/*
-Return the proper kubeops image name
-*/}}
-{{- define "kubeapps.kubeops.image" -}}
-{{- include "common.images.image" (dict "imageRoot" .Values.kubeops.image "global" .Values.global) -}}
-{{- end -}}
-
 {{/*
 Create a default fully qualified app name for PostgreSQL dependency.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -140,13 +133,6 @@ Create name for kubeappsapis based on the fullname
 {{- printf "%s-internal-kubeappsapis" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

-{{/*
-Create name for kubeops based on the fullname
-*/}}
-{{- define "kubeapps.kubeops.fullname" -}}
-{{- printf "%s-internal-kubeops" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
 {{/*
 Create name for the clusters config based on the fullname
 */}}
@@ -176,24 +162,6 @@ Create the name of the kubeappsapis service account to use
 {{- end -}}
 {{- end -}}

-{{/*
-Create the name of the kubeops service account to use
-*/}}
-{{- define "kubeapps.kubeops.serviceAccountName" -}}
-{{- if .Values.kubeops.serviceAccount.create -}}
-    {{- default (include "kubeapps.kubeops.fullname" .) .Values.kubeops.serviceAccount.name -}}
-{{- else -}}
-    {{- default "default" .Values.kubeops.serviceAccount.name -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create proxy_pass for the frontend config
-*/}}
-{{- define "kubeapps.frontend-config.proxy_pass" -}}
-{{- printf "http://%s:%d" (include "kubeapps.kubeops.fullname" .) (int .Values.kubeops.service.ports.http) -}}
-{{- end -}}
-
 {{/*
 Create proxy_pass for the kubeappsapis
 */}}
@@ -271,10 +239,15 @@ Returns a JSON list of cluster names only (without sensitive tokens etc.)
 {{- end -}}

 {{/*
-Returns the name of the globalRepos namespace
+Returns the name of the global packaging namespace for the Helm plugin.
+It uses the value passed in the plugin's config, but falls back to the "release namespace + suffix" formula.
 */}}
-{{- define "kubeapps.globalReposNamespace" -}}
-{{- printf "%s%s" .Release.Namespace .Values.apprepository.globalReposNamespaceSuffix -}}
+{{- define "kubeapps.helmGlobalPackagingNamespace" -}}
+  {{- if .Values.kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace }}
+      {{- printf "%s" .Values.kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace -}}
+  {{- else -}}
+      {{- printf "%s%s" .Release.Namespace .Values.apprepository.globalReposNamespaceSuffix -}}
+  {{- end -}}
 {{- end -}}

 {{/*
@@ -369,7 +342,6 @@ Check if there are rolling tags in the images
 {{- include "common.warnings.rollingTag" .Values.frontend.image }}
 {{- include "common.warnings.rollingTag" .Values.dashboard.image }}
 {{- include "common.warnings.rollingTag" .Values.apprepository.image }}
-{{- include "common.warnings.rollingTag" .Values.kubeops.image }}
 {{- include "common.warnings.rollingTag" .Values.authProxy.image }}
 {{- include "common.warnings.rollingTag" .Values.pinnipedProxy.image }}
 {{- include "common.warnings.rollingTag" .Values.kubeappsapis.image }}
--- a/bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml
+++ b/bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml
@@ -5,7 +5,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ printf "apprepo-%s-secrets" .name }}
-  namespace: {{ default (include "kubeapps.globalReposNamespace" $) .namespace | quote }}
+  namespace: {{ default (include "kubeapps.helmGlobalPackagingNamespace" $) .namespace | quote }}
  labels: {{- include "common.labels.standard" $ | nindent 4 }}
    {{- if $.Values.commonLabels }}
    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
@@ -30,11 +30,11 @@ data:
  {{- end }}
 ---
 {{/* credentials are required in the release namespace for syncer jobs */}}
-{{- if or .namespace $.Values.apprepository.globalReposNamespaceSuffix }}
+{{- if or .namespace $.Values.apprepository.globalReposNamespaceSuffix $.Values.kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ printf "%s-apprepo-%s" (default (include "kubeapps.globalReposNamespace" $) .namespace) .name }}
+  name: {{ printf "%s-apprepo-%s" (default (include "kubeapps.helmGlobalPackagingNamespace" $) .namespace) .name }}
  namespace: {{ $.Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" $ | nindent 4 }}
    {{- if $.Values.commonLabels }}
--- a/bitnami/kubeapps/templates/apprepository/apprepositories.yaml
+++ b/bitnami/kubeapps/templates/apprepository/apprepositories.yaml
@@ -4,7 +4,7 @@ apiVersion: kubeapps.com/v1alpha1
 kind: AppRepository
 metadata:
  name: {{ .name }}
-  namespace: {{ default (include "kubeapps.globalReposNamespace" $) .namespace | quote }}
+  namespace: {{ default (include "kubeapps.helmGlobalPackagingNamespace" $) .namespace | quote }}
  labels: {{- include "common.labels.standard" $ | nindent 4 }}
    {{- if $.Values.commonLabels }}
    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
--- a/bitnami/kubeapps/templates/apprepository/deployment.yaml
+++ b/bitnami/kubeapps/templates/apprepository/deployment.yaml
@@ -96,7 +96,7 @@ spec:
            {{- end }}
            - --repo-sync-cmd=/asset-syncer
            - --namespace={{ .Release.Namespace }}
-            - --global-repos-namespace={{ include "kubeapps.globalReposNamespace" . }}
+            - --global-repos-namespace={{ include "kubeapps.helmGlobalPackagingNamespace" . }}
            - --database-secret-name={{ include "kubeapps.postgresql.secretName" . }}
            - --database-secret-key=postgres-password
            - --database-url={{ printf "%s:%d" (include "kubeapps.postgresql.host" .) (int (include "kubeapps.postgresql.port" .)) }}
--- a/bitnami/kubeapps/templates/apprepository/rbac.yaml
+++ b/bitnami/kubeapps/templates/apprepository/rbac.yaml
@@ -222,7 +222,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: RoleBinding
 metadata:
  name: {{ printf "kubeapps:%s:global-repos-read" .Release.Namespace | quote }}
-  namespace: {{ include "kubeapps.globalReposNamespace" . | quote }}
+  namespace: {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
--- a/bitnami/kubeapps/templates/dashboard/configmap.yaml
+++ b/bitnami/kubeapps/templates/dashboard/configmap.yaml
@@ -69,8 +69,8 @@ data:
    {
      "kubeappsCluster": {{ include "kubeapps.kubeappsCluster" . | quote }},
      "kubeappsNamespace": {{ .Release.Namespace | quote }},
-      "globalReposNamespace": {{ include "kubeapps.globalReposNamespace" . | quote }},
-      "carvelGlobalNamespace": "kapp-controller-packaging-global",
+      "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
+      "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
      "appVersion": {{ printf "v%s" .Chart.AppVersion | quote }},
      "authProxyEnabled": {{ .Values.authProxy.enabled }},
      "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
--- a/bitnami/kubeapps/templates/frontend/configmap.yaml
+++ b/bitnami/kubeapps/templates/frontend/configmap.yaml
@@ -125,44 +125,6 @@ data:
        proxy_pass {{ include "kubeapps.kubeappsapis.proxy_pass" . -}};
      }

-  {{- if .Values.kubeops.enabled }}
-      location ~* /api/kubeops {
-        # Keep the connection open with the API server even if idle (the default is 60 seconds)
-        # Setting it to 10 minutes which should be enough for our current use case of deploying/upgrading/deleting apps
-        proxy_read_timeout 10m;
-        rewrite /api/kubeops/(.*) /$1 break;
-        rewrite /api/kubeops / break;
-
-    {{- if .Values.frontend.proxypassExtraSetHeader }}
-        proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
-    {{- end }}
-
-    {{- if .Values.frontend.proxypassAccessTokenAsBearer }}
-        # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
-        proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
-    {{- end }}
-
-        proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}};
-      }
-
-      # The route for the Kubeapps backend API is not prefixed.
-      location ~* /api/ {
-        rewrite /api/(.*) /backend/$1 break;
-        rewrite /api/ /backend break;
-
-    {{- if .Values.frontend.proxypassExtraSetHeader }}
-        proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
-    {{- end }}
-
-    {{- if .Values.frontend.proxypassAccessTokenAsBearer }}
-        # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
-        proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
-    {{- end }}
-
-        proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}};
-      }
-  {{- end }}
-
      location / {
        # Add the Authorization header if exists
        add_header Authorization $http_authorization;
--- a/bitnami/kubeapps/templates/frontend/deployment.yaml
+++ b/bitnami/kubeapps/templates/frontend/deployment.yaml
@@ -166,14 +166,17 @@ spec:
            - --pass-access-token=true
            - --pass-authorization-header=true
            - --skip-auth-regex=^\/config\.json$
-            - --skip-auth-regex=^\/manifest\.json$
+            - --skip-auth-regex=^\/site\.webmanifest$
            - --skip-auth-regex=^\/custom_style\.css$
            - --skip-auth-regex=^\/clr-ui.min\.css$
            - --skip-auth-regex=^\/clr-ui-dark.min\.css$
            - --skip-auth-regex=^\/custom_locale\.json$
            - --skip-auth-regex=^\/favicon.*\.png$
            - --skip-auth-regex=^\/favicon.*\.ico$
+            - --skip-auth-regex=^\/android-chrome-.*\.png$
            - --skip-auth-regex=^\/static\/
+            - --skip-auth-regex=^\/apis/core/plugins/v1alpha1/configured-plugins$
+            - --skip-auth-regex=^\/apis/kubeappsapis.core.plugins.v1alpha1.PluginsService/GetConfiguredPlugins$
            - --skip-auth-regex=^\/$
            - --scope={{ .Values.authProxy.scope }}
            - --cookie-refresh={{ .Values.authProxy.cookieRefresh }}
--- a/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml
+++ b/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml
@@ -108,7 +108,7 @@ spec:
            - --pinniped-proxy-ca-cert=/etc/pinniped-proxy-tls/ca.crt
            {{- end }}
            {{- end }}
-            - --global-repos-namespace={{ include "kubeapps.globalReposNamespace" . }}
+            - --global-repos-namespace={{ include "kubeapps.helmGlobalPackagingNamespace" . }}
            {{- if .Values.kubeappsapis.qps }}
            - --kube-api-qps={{ .Values.kubeappsapis.qps }}
            {{- end }}
--- a/bitnami/kubeapps/templates/kubeappsapis/rbac.yaml
+++ b/bitnami/kubeapps/templates/kubeappsapis/rbac.yaml
@@ -0,0 +1,85 @@
+{{- if .Values.rbac.create -}}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: ClusterRole
+metadata:
+  name: {{ printf "kubeapps:%s:kubeappsapis-ns-discovery" .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: kubeappsapis
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - list
+---
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ printf "kubeapps:%s:kubeappsapis-ns-discovery" .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: kubeappsapis
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ printf "kubeapps:%s:kubeappsapis-ns-discovery" .Release.Namespace | quote }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- if $.Values.featureFlags.operators }}
+---
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: ClusterRole
+metadata:
+  name: {{ printf "kubeapps:%s:kubeappsapis-operators" .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: kubeappsapis
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+rules:
+  - apiGroups:
+      - packages.operators.coreos.com
+    resources:
+      - packagemanifests/icon
+    verbs:
+      - get
+---
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ printf "kubeapps:%s:kubeappsapis-operators" .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: kubeappsapis
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ printf "kubeapps:%s:kubeappsapis-operators" .Release.Namespace | quote }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "kubeapps.kubeappsapis.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}
+{{- end -}}
--- a/bitnami/kubeapps/templates/kubeops/deployment.yaml
+++ b/bitnami/kubeapps/templates/kubeops/deployment.yaml
@@ -1,199 +0,0 @@
-{{- if .Values.kubeops.enabled }}
-apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
-kind: Deployment
-metadata:
-  name: {{ template "kubeapps.kubeops.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app.kubernetes.io/component: kubeops
-    {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
-    {{- end }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-spec:
-  replicas: {{ .Values.kubeops.replicaCount }}
-  {{- if .Values.kubeops.updateStrategy }}
-  strategy: {{- toYaml .Values.kubeops.updateStrategy | nindent 4 }}
-  {{- end }}
-  selector:
-    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
-      app.kubernetes.io/component: kubeops
-  template:
-    metadata:
-      {{- if .Values.kubeops.podAnnotations }}
-      annotations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.podAnnotations "context" $) | nindent 8 }}
-      {{- end }}
-      labels: {{- include "common.labels.standard" . | nindent 8 }}
-        app.kubernetes.io/component: kubeops
-        {{- if .Values.kubeops.podLabels }}
-        {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.podLabels "context" $) | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- include "kubeapps.imagePullSecrets" . | indent 6 }}
-      serviceAccountName: {{ template "kubeapps.kubeops.serviceAccountName" . }}
-      {{- if .Values.kubeops.hostAliases }}
-      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.hostAliases "context" $) | nindent 8 }}
-      {{- end }}
-      {{- if .Values.kubeops.affinity }}
-      affinity: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.affinity "context" $) | nindent 8 }}
-      {{- else }}
-      affinity:
-        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeops.podAffinityPreset "component" "kubeops" "context" $) | nindent 10 }}
-        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeops.podAntiAffinityPreset "component" "kubeops" "context" $) | nindent 10 }}
-        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.kubeops.nodeAffinityPreset.type "key" .Values.kubeops.nodeAffinityPreset.key "values" .Values.kubeops.nodeAffinityPreset.values) | nindent 10 }}
-      {{- end }}
-      {{- if .Values.kubeops.schedulerName }}
-      schedulerName: {{ .Values.kubeops.schedulerName }}
-      {{- end }}
-      {{- if .Values.kubeops.topologySpreadConstraints }}
-      topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.topologySpreadConstraints "context" .) | nindent 8 }}
-      {{- end }}
-      {{- if .Values.kubeops.nodeSelector }}
-      nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.nodeSelector "context" $) | nindent 8 }}
-      {{- end }}
-      {{- if .Values.kubeops.tolerations }}
-      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.tolerations "context" $) | nindent 8 }}
-      {{- end }}
-      {{- if .Values.kubeops.priorityClassName }}
-      priorityClassName: {{ .Values.kubeops.priorityClassName | quote }}
-      {{- end }}
-      {{- if .Values.kubeops.podSecurityContext.enabled }}
-      securityContext: {{- omit .Values.kubeops.podSecurityContext "enabled" | toYaml | nindent 8 }}
-      {{- end }}
-      # Increase termination timeout to let remaining operations to finish before ending the pods
-      # This is because new releases/upgrades/deletions are synchronous operations
-      terminationGracePeriodSeconds: {{ .Values.kubeops.terminationGracePeriodSeconds }}
-      {{- if .Values.kubeops.initContainers }}
-      initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.initContainers "context" $) | trim | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: kubeops
-          image: {{ include "kubeapps.kubeops.image" . }}
-          imagePullPolicy: {{ .Values.kubeops.image.pullPolicy | quote }}
-          {{- if .Values.kubeops.containerSecurityContext.enabled }}
-          securityContext: {{- omit .Values.kubeops.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          {{- end }}
-          {{- if .Values.kubeops.lifecycleHooks }}
-          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.lifecycleHooks "context" $) | nindent 12 }}
-          {{- end }}
-          {{- if .Values.kubeops.command }}
-          command: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.command "context" $) | nindent 12 }}
-          {{- else }}
-          command:
-            - /kubeops
-          {{- end }}
-          {{- if .Values.kubeops.args }}
-          args: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.args "context" $) | nindent 12 }}
-          {{- else }}
-          args:
-            {{- if .Values.clusters }}
-            - --clusters-config-path=/config/clusters.conf
-            {{- end }}
-            {{- if .Values.pinnipedProxy.enabled }}
-            - --pinniped-proxy-url={{ printf "http%s://%s.%s:%d" (eq .Values.pinnipedProxy.tls.caCertificate "" | ternary "" "s") (include "kubeapps.pinniped-proxy.fullname" .) .Release.Namespace (int .Values.pinnipedProxy.service.ports.pinnipedProxy) }}
-            {{- if .Values.pinnipedProxy.tls.caCertificate }}
-            - --pinniped-proxy-ca-cert=/etc/pinniped-proxy-tls/ca.crt
-            {{- end }}
-            {{- end }}
-            {{- if .Values.kubeops.burst }}
-            - --burst={{ .Values.kubeops.burst }}
-            {{- end }}
-            {{- if .Values.kubeops.qps }}
-            - --qps={{ .Values.kubeops.qps }}
-            {{- end }}
-            {{- if .Values.kubeops.namespaceHeaderName }}
-            - --namespace-header-name={{ .Values.kubeops.namespaceHeaderName }}
-            {{- end }}
-            {{- if .Values.kubeops.namespaceHeaderPattern }}
-            - --namespace-header-pattern={{ .Values.kubeops.namespaceHeaderPattern }}
-            {{- end }}
-            {{- range .Values.kubeops.extraFlags }}
-            - {{ . }}
-            {{- end }}
-          {{- end }}
-          env:
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: PORT
-              value: {{ .Values.kubeops.containerPorts.http | quote }}
-            {{- if .Values.kubeops.extraEnvVars }}
-            {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVars "context" $) | nindent 12 }}
-            {{- end }}
-          envFrom:
-            {{- if .Values.kubeops.extraEnvVarsCM }}
-            - configMapRef:
-                name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVarsCM "context" $) }}
-            {{- end }}
-            {{- if .Values.kubeops.extraEnvVarsSecret }}
-            - secretRef:
-                name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVarsSecret "context" $) }}
-            {{- end }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.kubeops.containerPorts.http }}
-          {{- if not .Values.diagnosticMode.enabled }}
-          {{- if .Values.kubeops.customLivenessProbe }}
-          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.customLivenessProbe "context" $) | nindent 12 }}
-          {{- else if .Values.kubeops.livenessProbe.enabled }}
-          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.kubeops.livenessProbe "enabled") "context" $) | nindent 12 }}
-            httpGet:
-              path: /live
-              port: http
-          {{- end }}
-          {{- if .Values.kubeops.customReadinessProbe }}
-          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.customReadinessProbe "context" $) | nindent 12 }}
-          {{- else if .Values.kubeops.readinessProbe.enabled }}
-          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.kubeops.readinessProbe "enabled") "context" $) | nindent 12 }}
-            httpGet:
-              path: /ready
-              port: http
-          {{- end }}
-          {{- if .Values.kubeops.customStartupProbe }}
-          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.customStartupProbe "context" $) | nindent 12 }}
-          {{- else if .Values.kubeops.startupProbe.enabled }}
-          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.kubeops.startupProbe "enabled") "context" $) | nindent 12 }}
-            tcpSocket:
-              port: http
-          {{- end }}
-          {{- end }}
-          {{- if .Values.kubeops.resources }}
-          resources: {{- toYaml .Values.kubeops.resources | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            {{- if .Values.clusters }}
-            - name: clusters-config
-              mountPath: /config
-            - name: ca-certs
-              mountPath: /etc/additional-clusters-cafiles
-            {{- end }}
-            {{- if .Values.kubeops.extraVolumeMounts }}
-            {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.extraVolumeMounts "context" $) | nindent 12 }}
-            {{- end }}
-            {{- if .Values.pinnipedProxy.tls.caCertificate }}
-            - name: pinniped-proxy-ca-cert
-              mountPath: /etc/pinniped-proxy-tls
-            {{- end }}
-        {{- if .Values.kubeops.sidecars }}
-        {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.sidecars "context" $) | trim | nindent 8 }}
-        {{- end }}
-      volumes:
-        {{- if .Values.clusters }}
-        - name: clusters-config
-          configMap:
-            name: {{ template "kubeapps.clusters-config.fullname" . }}
-        - name: ca-certs
-          emptyDir: {}
-        {{- end }}
-        {{- if .Values.pinnipedProxy.tls.caCertificate }}
-        - name: pinniped-proxy-ca-cert
-          configMap:
-            name: {{ .Values.pinnipedProxy.tls.caCertificate }}
-        {{- end }}
-        {{- if .Values.kubeops.extraVolumes }}
-        {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.extraVolumes "context" $) | nindent 8 }}
-        {{- end }}
-{{- end }}
--- a/bitnami/kubeapps/templates/kubeops/rbac.yaml
+++ b/bitnami/kubeapps/templates/kubeops/rbac.yaml
@@ -1,137 +0,0 @@
-{{- if and .Values.kubeops.enabled .Values.rbac.create -}}
-apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
-kind: Role
-metadata:
-  name: {{ template "kubeapps.kubeops.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels: {{- include "common.labels.standard" . | nindent 4 }}
-    app.kubernetes.io/component: kubeops
-    {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
-    {{- end }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - get
-      - create
-      - delete
-  - apiGroups:
-      - "kubeapps.com"
-    resources:
-      - apprepositories
-    verbs:
-      - get
-      - list
---
-apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
-kind: RoleBinding
-metadata:
-  name: {{ template "kubeapps.kubeops.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels: {{- include "common.labels.standard" . | nindent 4 }}
-    app.kubernetes.io/component: kubeops
-    {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
-    {{- end }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "kubeapps.kubeops.fullname" . }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "kubeapps.kubeops.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
-{{- if .Values.allowNamespaceDiscovery }}
---
-apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
-kind: ClusterRole
-metadata:
-  name: {{ printf "kubeapps:controller:kubeops-ns-discovery-%s" .Release.Namespace }}
-  labels: {{- include "common.labels.standard" . | nindent 4 }}
-    app.kubernetes.io/component: kubeops
-    {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
-    {{- end }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-    verbs:
-      - list
---
-apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
-kind: ClusterRoleBinding
-metadata:
-  name: {{ printf "kubeapps:controller:kubeops-ns-discovery-%s" .Release.Namespace }}
-  labels: {{- include "common.labels.standard" . | nindent 4 }}
-    app.kubernetes.io/component: kubeops
-    {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
-    {{- end }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ printf "kubeapps:controller:kubeops-ns-discovery-%s" .Release.Namespace }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "kubeapps.kubeops.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
-{{- end }}
---
-apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
-kind: ClusterRole
-metadata:
-  name: {{ printf "kubeapps:controller:kubeops-operators-%s" .Release.Namespace }}
-  labels: {{- include "common.labels.standard" . | nindent 4 }}
-    app.kubernetes.io/component: kubeops
-    {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
-    {{- end }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-rules:
-  - apiGroups:
-      - packages.operators.coreos.com
-    resources:
-      - packagemanifests/icon
-    verbs:
-      - get
---
-apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
-kind: ClusterRoleBinding
-metadata:
-  name: {{ printf "kubeapps:controller:kubeops-operators-%s" .Release.Namespace }}
-  labels: {{- include "common.labels.standard" . | nindent 4 }}
-    app.kubernetes.io/component: kubeops
-    {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
-    {{- end }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ printf "kubeapps:controller:kubeops-operators-%s" .Release.Namespace }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "kubeapps.kubeops.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
-{{- end }}
--- a/bitnami/kubeapps/templates/kubeops/service.yaml
+++ b/bitnami/kubeapps/templates/kubeops/service.yaml
@@ -1,30 +0,0 @@
-{{- if .Values.kubeops.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "kubeapps.kubeops.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels: {{- include "common.labels.standard" . | nindent 4 }}
-    app.kubernetes.io/component: kubeops
-    {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
-    {{- end }}
-  {{- if or .Values.kubeops.service.annotations .Values.commonAnnotations }}
-  annotations:
-    {{- if .Values.kubeops.service.annotations }}
-    {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.service.annotations "context" $) | nindent 4 }}
-    {{- end }}
-    {{- if .Values.commonAnnotations }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-    {{- end }}
-  {{- end }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.kubeops.service.ports.http }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
-    app.kubernetes.io/component: kubeops
-{{- end }}
--- a/bitnami/kubeapps/templates/kubeops/serviceaccount.yaml
+++ b/bitnami/kubeapps/templates/kubeops/serviceaccount.yaml
@@ -1,22 +0,0 @@
-{{- if and .Values.kubeops.enabled .Values.kubeops.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "kubeapps.kubeops.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels: {{- include "common.labels.standard" . | nindent 4 }}
-    app.kubernetes.io/component: kubeops
-    {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
-    {{- end }}
-  {{- if or .Values.kubeops.serviceAccount.annotations .Values.commonAnnotations }}
-  annotations:
-    {{- if .Values.commonAnnotations }}
-    {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
-    {{- end }}
-    {{- if .Values.kubeops.serviceAccount.annotations }}
-    {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.serviceAccount.annotations "context" $) | nindent 4 }}
-    {{- end }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.kubeops.serviceAccount.automountServiceAccountToken }}
-{{- end }}
--- a/bitnami/kubeapps/templates/shared/global-repos-namespace.yaml
+++ b/bitnami/kubeapps/templates/shared/global-repos-namespace.yaml
@@ -1,6 +0,0 @@
-{{- if .Values.apprepository.globalReposNamespaceSuffix }}
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ include "kubeapps.globalReposNamespace" . | quote }}
-{{- end }}
--- a/bitnami/kubeapps/templates/shared/helm-global-repos-namespace.yaml
+++ b/bitnami/kubeapps/templates/shared/helm-global-repos-namespace.yaml
@@ -0,0 +1,6 @@
+{{- if or .Values.apprepository.globalReposNamespaceSuffix .Values.kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }}
+{{- end }}