jetstack · inteon · Apr 16, 2025
diff --git a/deploy/charts/venafi-kubernetes-agent/README.md b/deploy/charts/venafi-kubernetes-agent/README.md
@@ -476,6 +476,13 @@ Cannot be used if `maxUnavailable` is set.
 Configure the maximum unavailable pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).  
 Cannot be used if `minAvailable` is set.
 
+#### **venafiConnection.include** ~ `bool`
+> Default value:
+> ```yaml
+> false
+> ```
+
+When set to false, the rendered output does not contain the. VenafiConnection CRDs and RBAC. This is useful for when the. Venafi Connection resources are already installed separately.
 ### CRDs
 
 
@@ -494,12 +501,5 @@ The 'x-kubernetes-validations' annotation is not supported in Kubernetes 1.22 an
 > ```
 
 This option makes it so that the "helm.sh/resource-policy": keep annotation is added to the CRD. This will prevent Helm from uninstalling the CRD when the Helm release is uninstalled.
-#### **crds.venafiConnection.include** ~ `bool`
-> Default value:
-> ```yaml
-> false
-> ```
-
-When set to false, the rendered output does not contain the. VenafiConnection CRDs and RBAC. This is useful for when the. Venafi Connection resources are already installed separately.
 
 <!-- /AUTO-GENERATED -->
diff --git a/deploy/charts/venafi-kubernetes-agent/crd_bases/crd.header-without-validations.yaml b/deploy/charts/venafi-kubernetes-agent/crd_bases/crd.header-without-validations.yaml
@@ -1,5 +1,5 @@
 {{/* DO NOT EDIT. Use 'make generate-crds-venconn' to regenerate. */}}
-{{- if .Values.crds.venafiConnection.include }}
+{{- if .Values.venafiConnection.include }}
 {{- if (or (semverCompare "<1.25" .Capabilities.KubeVersion.GitVersion) .Values.crds.forceRemoveValidationAnnotations) }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -12,4 +12,4 @@ metadata:
     helm.sh/resource-policy: keep
   {{- end }}
   labels:
-  {{- include "venafi-connection.labels" . | nindent 4 }}
+  {{- include "venafi-connection.labels" $ | nindent 4 }}
diff --git a/deploy/charts/venafi-kubernetes-agent/crd_bases/crd.header.yaml b/deploy/charts/venafi-kubernetes-agent/crd_bases/crd.header.yaml
@@ -1,5 +1,5 @@
 {{/* DO NOT EDIT. Use 'make generate-crds-venconn' to regenerate. */}}
-{{- if .Values.crds.venafiConnection.include }}
+{{- if .Values.venafiConnection.include }}
 {{- if not (or (semverCompare "<1.25" .Capabilities.KubeVersion.GitVersion) .Values.crds.forceRemoveValidationAnnotations) }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -12,4 +12,4 @@ metadata:
     helm.sh/resource-policy: keep
   {{- end }}
   labels:
-  {{- include "venafi-connection.labels" . | nindent 4 }}
+  {{- include "venafi-connection.labels" $ | nindent 4 }}
diff --git a/...y/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.without-validations.yaml b/...y/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.without-validations.yaml
@@ -1,5 +1,5 @@
 {{/* DO NOT EDIT. Use 'make generate-crds-venconn' to regenerate. */}}
-{{- if .Values.crds.venafiConnection.include }}
+{{- if .Values.venafiConnection.include }}
 {{- if (or (semverCompare "<1.25" .Capabilities.KubeVersion.GitVersion) .Values.crds.forceRemoveValidationAnnotations) }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -12,7 +12,7 @@ metadata:
     helm.sh/resource-policy: keep
   {{- end }}
   labels:
-  {{- include "venafi-connection.labels" . | nindent 4 }}
+  {{- include "venafi-connection.labels" $ | nindent 4 }}
 spec:
   group: jetstack.io
   names:

diff --git a/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.yaml b/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.yaml
@@ -1,5 +1,5 @@
 {{/* DO NOT EDIT. Use 'make generate-crds-venconn' to regenerate. */}}
-{{- if .Values.crds.venafiConnection.include }}
+{{- if .Values.venafiConnection.include }}
 {{- if not (or (semverCompare "<1.25" .Capabilities.KubeVersion.GitVersion) .Values.crds.forceRemoveValidationAnnotations) }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -12,7 +12,7 @@ metadata:
     helm.sh/resource-policy: keep
   {{- end }}
   labels:
-  {{- include "venafi-connection.labels" . | nindent 4 }}
+  {{- include "venafi-connection.labels" $ | nindent 4 }}
 spec:
   group: jetstack.io
   names:

diff --git a/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-rbac.yaml b/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-rbac.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.crds.venafiConnection.include }}
+{{- if .Values.venafiConnection.include }}
 # The 'venafi-connection' service account is used by multiple
 # controllers. When configuring which resources a VenafiConnection
 # can access, the RBAC rules you create manually must point to this SA.
@@ -43,4 +43,4 @@ subjects:
 - kind: ServiceAccount
   name: venafi-connection
   namespace: {{ $.Release.Namespace | quote }}
-{{- end }}
+{{- end }}
diff --git a/deploy/charts/venafi-kubernetes-agent/values.schema.json b/deploy/charts/venafi-kubernetes-agent/values.schema.json
@@ -75,6 +75,9 @@
         "tolerations": {
           "$ref": "#/$defs/helm-values.tolerations"
         },
+        "venafiConnection": {
+          "$ref": "#/$defs/helm-values.venafiConnection"
+        },
         "volumeMounts": {
           "$ref": "#/$defs/helm-values.volumeMounts"
         },
@@ -275,9 +278,6 @@
         },
         "keep": {
           "$ref": "#/$defs/helm-values.crds.keep"
-        },
-        "venafiConnection": {
-          "$ref": "#/$defs/helm-values.crds.venafiConnection"
         }
       },
       "type": "object"
@@ -292,20 +292,6 @@
       "description": "This option makes it so that the \"helm.sh/resource-policy\": keep annotation is added to the CRD. This will prevent Helm from uninstalling the CRD when the Helm release is uninstalled.",
       "type": "boolean"
     },
-    "helm-values.crds.venafiConnection": {
-      "additionalProperties": false,
-      "properties": {
-        "include": {
-          "$ref": "#/$defs/helm-values.crds.venafiConnection.include"
-        }
-      },
-      "type": "object"
-    },
-    "helm-values.crds.venafiConnection.include": {
-      "default": false,
-      "description": "When set to false, the rendered output does not contain the. VenafiConnection CRDs and RBAC. This is useful for when the. Venafi Connection resources are already installed separately.",
-      "type": "boolean"
-    },
     "helm-values.extraArgs": {
       "default": [],
       "description": "Specify additional arguments to pass to the agent binary. For example, to enable JSON logging use `--logging-format`, or to increase the logging verbosity use `--log-level`.\nThe log levels are: 0=Info, 1=Debug, 2=Trace.\nUse 6-9 for increasingly verbose HTTP request logging.\nThe default log level is 0.\n\nExample:\nextraArgs:\n- --logging-format=json\n- --log-level=6 # To enable HTTP request logging",
@@ -638,6 +624,20 @@
       "items": {},
       "type": "array"
     },
+    "helm-values.venafiConnection": {
+      "additionalProperties": false,
+      "properties": {
+        "include": {
+          "$ref": "#/$defs/helm-values.venafiConnection.include"
+        }
+      },
+      "type": "object"
+    },
+    "helm-values.venafiConnection.include": {
+      "default": false,
+      "description": "When set to false, the rendered output does not contain the. VenafiConnection CRDs and RBAC. This is useful for when the. Venafi Connection resources are already installed separately.",
+      "type": "boolean"
+    },
     "helm-values.volumeMounts": {
       "default": [],
       "description": "Additional volume mounts to add to the Venafi Kubernetes Agent container. This is useful for mounting a custom CA bundle. Any PEM certificate mounted under /etc/ssl/certs will be loaded by the Venafi Kubernetes Agent. For\nexample:\n\nvolumeMounts:\n  - name: cabundle\n    mountPath: /etc/ssl/certs/cabundle\n    subPath: cabundle\n    readOnly: true",

diff --git a/deploy/charts/venafi-kubernetes-agent/values.yaml b/deploy/charts/venafi-kubernetes-agent/values.yaml
@@ -285,6 +285,13 @@ podDisruptionBudget:
   # +docs:property
   # maxUnavailable: 1
 
+# Optionally include the VenafiConnection CRDs
+venafiConnection:
+  # When set to false, the rendered output does not contain the
+  # VenafiConnection CRDs and RBAC. This is useful for when the
+  # Venafi Connection resources are already installed separately.
+  include: false
+
 # +docs:section=CRDs
 # The CRDs installed by this chart are annotated with "helm.sh/resource-policy: keep", this
 # prevents them from being accidentally removed by Helm when this chart is deleted. After
@@ -301,10 +308,3 @@ crds:
   # annotation is added to the CRD. This will prevent Helm from uninstalling
   # the CRD when the Helm release is uninstalled.
   keep: false
-
-  # Optionally include the VenafiConnection CRDs
-  venafiConnection:
-    # When set to false, the rendered output does not contain the
-    # VenafiConnection CRDs and RBAC. This is useful for when the
-    # Venafi Connection resources are already installed separately.
-    include: false