Added chart versions:

  cerbos/cerbos:
    - 0.39.0
  cockroach-labs/cockroachdb:
    - 14.0.4
  codefresh/cf-runtime:
    - 6.4.2
  crate/crate-operator:
    - 2.42.0
  f5/nginx-ingress:
    - 1.4.0
  intel/intel-device-plugins-operator:
    - 0.31.0
  intel/intel-device-plugins-qat:
    - 0.31.0
  intel/intel-device-plugins-sgx:
    - 0.31.0
  jenkins/jenkins:
    - 5.7.2
  new-relic/nri-bundle:
    - 5.0.93
  speedscale/speedscale-operator:
    - 2.2.488

charts/cerbos/cerbos/0.39.0/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/cerbos/cerbos/0.39.0/Chart.yaml

@@ -0,0 +1,27 @@
+annotations:
+  catalog.cattle.io/certified: partner
+  catalog.cattle.io/display-name: Cerbos
+  catalog.cattle.io/kube-version: '>=1.23.0-0'
+  catalog.cattle.io/release-name: cerbos
+apiVersion: v2
+appVersion: 0.39.0
+description: A Helm chart to deploy Cerbos. Cerbos is an open core, language agnostic,
+  scalable solution that makes user permissions and authorization simple to implement
+  and manage by writing context-aware access control policies for your application
+  resources.
+home: https://cerbos.dev
+icon: file://assets/icons/cerbos.png
+keywords:
+- abac
+- authorization
+- developer tools
+- policies
+- rbac
+- security
+kubeVersion: '>=1.23.0-0'
+maintainers:
+- email: [email protected]
+  name: Cerbos authors
+name: cerbos
+type: application
+version: 0.39.0

charts/cerbos/cerbos/0.39.0/README.md

@@ -0,0 +1,9 @@
+Cerbos Helm Chart
+=================
+
+Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
+
+* [Cerbos website](https://cerbos.dev)
+* [Cerbos documentation](https://docs.cerbos.dev)
+* [Cerbos GitHub repository](https://github.com/cerbos/cerbos)
+* [Cerbos Slack community](http://go.cerbos.io/slack)

charts/cerbos/cerbos/0.39.0/app-readme.md

@@ -0,0 +1,5 @@
+## Cerbos
+
+Implement roles and permissions in your application in minutes with Cerbos. Cerbos is a plug and play collaborative authorization service for developer, product and security teams.
+
+A guide for how to deploy Cerbos can be found on the [Cerbos Documentation](https://docs.cerbos.dev/cerbos/latest/installation/helm) site.

charts/cerbos/cerbos/0.39.0/templates/NOTES.txt

@@ -0,0 +1,17 @@
+You have successfully deployed Cerbos.
+
+You can get started with the API by accessing the Cerbos OpenAPI definitions as follows:
+{{- $scheme := (include "cerbos.httpScheme" .) -}}
+{{- if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cerbos.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo {{ $scheme }}://$NODE_IP:$NODE_PORT/schema/swagger.json
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "cerbos.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "cerbos.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo {{ $scheme }}://$SERVICE_IP:{{ .Values.service.port }}/schema/swagger.json
+{{- else if contains "ClusterIP" .Values.service.type }}
+  echo "Download OpenAPI definition by accesing {{ $scheme }}://127.0.0.1:{{ .Values.service.httpPort }}/schema/swagger.json"
+  kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ include "cerbos.fullname" . }} {{ .Values.service.httpPort }}
+{{- end }}

charts/cerbos/cerbos/0.39.0/templates/_helpers.tpl

@@ -0,0 +1,193 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cerbos.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cerbos.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cerbos.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cerbos.labels" -}}
+helm.sh/chart: {{ include "cerbos.chart" . }}
+{{ include "cerbos.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.commonLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cerbos.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cerbos.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Name of the secret used to read the TLS certificates from
+*/}}
+{{- define "cerbos.tlsSecretName" -}}
+{{ coalesce .Values.cerbos.tlsSecretName .Values.certManager.certSpec.secretName "None" }}
+{{- end }}
+
+{{/*
+Determine the scheme based on whether the TLS secret is defined or not
+*/}}
+{{- define "cerbos.httpScheme" -}}
+{{- $tlsDisabled := (eq (include "cerbos.tlsSecretName" .) "None") -}}
+{{- if $tlsDisabled -}}
+http
+{{- else -}}
+https
+{{- end -}}
+{{- end }}
+
+{{/*
+Prometheus annotations
+*/}}
+{{- define "cerbos.promAnnotations" -}}
+prometheus.io/scrape: "true"
+prometheus.io/port: "{{ .Values.cerbos.httpPort }}"
+prometheus.io/path: "/_cerbos/metrics"
+prometheus.io/scheme: {{ include "cerbos.httpScheme" . }}
+{{- end }}
+
+{{/*
+Generate pod annotations based on config
+*/}}
+{{- define "cerbos.podAnnotations" -}}
+{{- $annotations := mustMergeOverwrite .Values.podAnnotations (dict "checksum/config" (include "cerbos.config" . | sha256sum)) -}}
+{{- if .Values.cerbos.prometheusPodAnnotationsEnabled -}}
+{{- $promAnnotations := (include "cerbos.promAnnotations" .)| fromYaml -}}
+{{- $annotations = mustMergeOverwrite $annotations $promAnnotations -}}
+{{- end -}}
+annotations:
+  {{- $annotations | toYaml | nindent 2 }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cerbos.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cerbos.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Default configuration if none is provided
+*/}}
+{{- define "cerbos.defaultConfig" -}}
+storage:
+  driver: "disk"
+  disk:
+    directory: /work
+    watchForChanges: false
+{{- end }}
+
+
+{{/*
+Configuration derived from values provided by the user
+*/}}
+{{- define "cerbos.derivedConfig" -}}
+{{- $tlsDisabled := (eq (include "cerbos.tlsSecretName" .) "None") -}}
+{{- $defaultHTTPListenAddr := (toString .Values.cerbos.httpPort | printf ":%s") -}}
+{{- $defaultGRPCListenAddr := (toString .Values.cerbos.grpcPort | printf ":%s") -}}
+server:
+  httpListenAddr: "{{ dig "config" "server" "httpListenAddr" $defaultHTTPListenAddr .Values.cerbos }}"
+  grpcListenAddr: "{{ dig "config" "server" "grpcListenAddr" $defaultGRPCListenAddr .Values.cerbos }}"
+  {{- if not $tlsDisabled }}
+  tls:
+    cert: /certs/tls.crt
+    key: /certs/tls.key
+    caCert: /certs/ca.crt
+  {{- end }}
+{{- end }}
+
+
+{{/*
+Merge the configurations to obtain the final configuration file
+*/}}
+{{- define "cerbos.config" -}}
+{{- $defaultConf := (include "cerbos.defaultConfig" .) | fromYaml -}}
+{{- $derivedConf := (include "cerbos.derivedConfig" .) | fromYaml -}}
+{{ mustMergeOverwrite $defaultConf .Values.cerbos.config $derivedConf | toYaml }}
+{{- end }}
+
+{{/*
+Detect if hub driver is used with default config
+*/}}
+{{- define "cerbos.defaultHubDriverEnabled" -}}
+{{- $isBundleDriver := (eq (dig "config" "storage" "driver" "<not_defined>" .Values.cerbos) "bundle") -}}
+{{- $isHubDriver := (eq (dig "config" "storage" "driver" "<not_defined>" .Values.cerbos) "hub") -}}
+{{- $isBundleStorage := (or $isBundleDriver $isHubDriver) -}}
+{{- $isDefaultTmp := (eq (dig "config" "storage" "bundle" "remote" "tempDir" "<not_defined>" .Values.cerbos) "<not_defined>") -}}
+{{- $isDefaultCache := (eq (dig "config" "storage" "bundle" "remote" "cacheDir" "<not_defined>" .Values.cerbos) "<not_defined>") -}}
+{{- if (and $isBundleStorage $isDefaultTmp $isDefaultCache) -}}yes{{- else -}}no{{- end -}}
+{{- end }}
+
+{{/*
+The image reference to use in pods
+*/}}
+{{- define "cerbos.image" -}}
+"{{ .Values.image.repository }}
+{{- with .Values.image.digest -}}
+@{{ . }}
+{{- else -}}
+:{{ .Values.image.tag | default .Chart.AppVersion }}
+{{- end -}}
+"
+{{- end }}
+
+{{/*
+Topology spread constraints with label selector injected
+*/}}
+{{- define "cerbos.topologySpreadConstraints" -}}
+{{- if .Values.topologySpreadConstraints }}
+{{- $defaultLabels := (fromYaml (include "cerbos.selectorLabels" $)) }}
+{{- $defaultLabelSelector := (dict "labelSelector" (dict "matchLabels" $defaultLabels)) }}
+{{- $constraints := list }}
+{{- range $c := .Values.topologySpreadConstraints }}
+{{- if (hasKey $c "labelSelector") }}
+{{- $constraints = (append $constraints $c) }}
+{{- else }}
+{{- $constraints = (append $constraints (mergeOverwrite $c $defaultLabelSelector)) }}
+{{- end }}
+{{- end }}
+topologySpreadConstraints:
+{{ toYaml $constraints | indent 2 }}
+{{- end }}
+{{- end }}

charts/cerbos/cerbos/0.39.0/templates/certificate.yaml

@@ -0,0 +1,10 @@
+{{- if .Values.certManager.certSpec -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "cerbos.fullname" . }}
+  labels:
+    {{- include "cerbos.labels" . | nindent 4 }}
+spec:
+  {{- toYaml .Values.certManager.certSpec | nindent 2 }}
+{{- end -}}

charts/cerbos/cerbos/0.39.0/templates/configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "cerbos.fullname" . }}
+  labels:
+    {{- include "cerbos.labels" . | nindent 4 }}
+data:
+    ".cerbos.yaml": |-
+    {{- include "cerbos.config" . | nindent 8 }}