[DATA-6011] Upgrade 0.9.2 (#3)

* upgrading to 8.40 (acryldata#139) * Option to add podAnnotations to jobs. (acryldata#137) * feat(helm): add pod annotations to jobs * feat(helm): add pod annotation to cron jobs. * docs(helm): Add podAnnotation documentation and default values. * feat(helm) chart version bump. * update to v0.8.41 (acryldata#143) * fix(mysql): update mysql helm chart version (acryldata#146) * fix(metrics): fix Prometheus env variable in the MCE consumer deployment (acryldata#148) * feat(datahub-frontend): Option to configure OIDC auth easily (acryldata#142) * fix(kafka): update kafka chart version (acryldata#147) * feat(datahub-frontend): Allow lifecycle hooks (acryldata#141) * <feat>(datahub-frontend): Allow lifecycle hooks This PR adds a lifecycle node to the datahub-frontend deployment template. It can be used to execute lifecycle hooks, e.g. postStart actions, like replacing the default user.props file. * Bump chart version to 0.2.86 Co-authored-by: Pedro Silva <pedro.cls93@gmail.com> * Update to v0.8.43 (acryldata#151) * feat(upgrade): allow setting batch args (acryldata#155) * feat(datahub-upgrade): Restore Indices Resources (acryldata#152) * <feat>(datahub-upgrade): Restore Indices Resources This PR adds the ability for end-users to specify resource requests and limits for the datahub upgrade job 'restore indices'. This is needed for situations where the restore indices job will OOM due to a large backfill of data. I've seen this happening with our deployment of datahub and am unable to tune the resources for the restore indices job because the current requests and limits are hard-coded. * fix(gms): remove unused JMX sidecar (acryldata#156) * fix(gms): remove unused JMX sidecar in favour of the already included JVM agent * Update Chart.yaml * Update Chart.yaml * Bumping to v0.8.44 (acryldata#160) * feat(ci): close stale issues/prs (acryldata#164) * feat: add extra labels to ingress configurations (acryldata#163) * feat(prerequisites): add postgresql to prerequistes Helm chart as an optional dependency (acryldata#121) * feat(charts): add an option to configure revisionHistoryLimit to subcharts (acryldata#159) * feat: datahub-frontend add oidc authentication client secret reference (acryldata#165) * fix(monitoring) Fixes monitoring default values + gms chart version (acryldata#161) * chore: bump datahub-actions version (acryldata#168) * Feat(actions): Support mounting a customer defined k8s secrets as files needed in ingestion recipes (acryldata#169) * Mount a customer defined k8s secret for ssl secrets needed in ingestion recipes * Bump chart versions * Address comment * Update readme * Address Pedro's comment * feat(monitoring): enable monitoring on frontend (acryldata#171) * Add kafka-exporter to expose prometheus metrics for kafka cluster (acryldata#170) * Add kafka-exporter to expose prometheus metrics for kafka cluster * Kafka-exporter: Updated values.yaml to support tls/sasl authentication while connecting kafka cluster * Kafka-exporter: Updated values.yaml to remove default values and correct intendation * Add kafka-exporter to expose prometheus metrics for kafka cluster * Kafka-exporter: Updated values.yaml to support tls/sasl authentication while connecting kafka cluster * Kafka-exporter: Updated values.yaml to remove default values and correct intendation * Updated chart version * Bumping actions (acryldata#173) * feat(elasticsearch-setup): Add support for insecure curl connections (acryldata#166) * fix versions, clean jmx exporter (acryldata#175) * bumping helm charts for 0.8.45 (acryldata#178) * bumping to 0.8.45 * Fixing * feat(monitoring): Add optional ServiceMonitors to all JVM based services (acryldata#181) * feat(frontend): add service monitoring * feat(gms): add service monitoring * gms: servicemonitor * feat(mae): enable service monitoring * update READMEs * fix service ports * bump version * Add missing default value * Update charts/datahub/Chart.yaml * delete jmx config and rename port to http * feat(secrets): Allow users to specify their own secret values at first boot (acryldata#180) * fix(auth-secret): Make template use correct retrieval method `datahub-auth-secret` yaml was incorrectly using the `index` template function which is for list variables. For dictionaries as is the case with the `$secret.data` object, the correct method is: https://helm.sh/docs/chart_template_guide/function_list/#get Tested locally, that this works against a running cluster. * Updates encryption secret to use get helm function * feat(secrets): Allow users to specify their own secret values at first boot * fix(datahub-frontend): Remove unused env var (acryldata#176) * fix(datahub-frontend): Remove unused env var * Bump chart version * Change default versions 0.9.0 (acryldata#184) * feat(release): automatically bumbp versions for all subcharts (acryldata#185) * feat(release): automatically bumbp versions for all subcharts * Remove kafka export as subchart Kafka exporter is useful for monitoring datahub, but it's not part of it. It should be deploy sepratly, as we do in production * Add script to bump versions together * Add tagging to the workflow * Don't run release on CI commits * fix(CI): remove duplicate id (acryldata#189) * fix(ci): us sh instead of bash; increase tag by patch (acryldata#190) * DataHub Release v0.9.1 (acryldata#191) * fix(v0.9.1): Fix v0.9.1 release versions (acryldata#192) * Release v0.9.1 Helm * Bump chart versions * Fixing final 210 * Bumping to release Helm charts for v0.9.2 * stg actions image upgrade * service annotations scp applied * filters deprecated in favor of orFilters * filters deprecated in favor of orFilters version applied in yaml * release(v0.9.2) Release Helm Charts for DataHub v0.9.2 (acryldata#194) * Bumping to release Helm charts for v0.9.2 * bump version by running: ./.github/scripts/bump-chart-versions.sh 0.2.112 Co-authored-by: szalai1 <szalaipeti.vagyok@gmail.com> * fix(gha): revert auto bump release changes (acryldata#197) Co-authored-by: Gabe Lyons <itsgabelyons@gmail.com> Co-authored-by: Lukáš Novotný <42157644+novotl@users.noreply.github.com> Co-authored-by: Aseem Bansal <asmbansal2@gmail.com> Co-authored-by: RyanHolstien <RyanHolstien@users.noreply.github.com> Co-authored-by: Justin Marozas <justinas.marozas@gmail.com> Co-authored-by: Tomáš Kubín <tomas.kubin@blindspot.ai> Co-authored-by: Toby Irmer <toby@irmer.com> Co-authored-by: Pedro Silva <pedro.cls93@gmail.com> Co-authored-by: Pedro Silva <pedro@acryl.io> Co-authored-by: Hunter Elbourn <hunterelbourn@gmail.com> Co-authored-by: Peter Szalai <szalaipeti.vagyok@gmail.com> Co-authored-by: John Joyce <john@acryl.io> Co-authored-by: Upendra Rao Vedullapalli <upendrao@gmail.com> Co-authored-by: Felix Lüdin <13187726+Masterchen09@users.noreply.github.com> Co-authored-by: Bumsoo Kim <bskim45@gmail.com> Co-authored-by: Tony Ouyang <43738225+TonyOuyangGit@users.noreply.github.com> Co-authored-by: Harshal Sheth <hsheth2@gmail.com> Co-authored-by: Jinlin Yang <86577891+jinlintt@users.noreply.github.com> Co-authored-by: Navin Sharma <103643430+NavinSharma13@users.noreply.github.com> Co-authored-by: Bogdan Antoniu <bogdan.antoniu@gmail.com>
sendbird · Nov 21, 2022 · 85f61cb · 85f61cb
1 parent cee14ae
commit 85f61cb
Show file tree

Hide file tree

Showing 62 changed files with 627 additions and 359 deletions.
diff --git a/.github/scripts/bump-chart-versions.sh b/.github/scripts/bump-chart-versions.sh
@@ -0,0 +1,19 @@
+#! /bin/sh
+
+export TAG=$1
+
+function updateVersion() {
+    TAG=$1 yq -i e '.version |= env(TAG) ' $2;
+    echo "Version is updated to $1 in $2"
+}
+
+# updating subcharts 
+for file in charts/datahub/*/*/Chart.yaml; do 
+   updateVersion $TAG $file
+done
+
+# updating datahub chart
+updateVersion $TAG charts/datahub/Chart.yaml
+
+
+ yq -i e ".dependencies[].version |= env(TAG)" charts/datahub/Chart.yaml
diff --git a/.github/workflows/close-stale-issues.yml b/.github/workflows/close-stale-issues.yml
@@ -0,0 +1,25 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v5
+        with:
+          days-before-issue-stale: 30
+          days-before-issue-close: 30
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 30 days with no activity. If you believe this is still an issue on the latest DataHub release please leave a comment with the version that you tested it with. If this is a question/discussion please head to https://slack.datahubproject.io. For feature requests please use https://feature-requests.datahubproject.io"
+          close-issue-message: "This issue was closed because it has been inactive for 30 days since being marked as stale."
+          days-before-pr-stale: 30
+          days-before-pr-close: 30
+          stale-pr-label: "stale"
+          stale-pr-message: "This PR is stale. We will close it in 30 days if there is no comment or activity. If you want feedback but not able to get it on github please head to #contribute channel in slack at https://slack.datahubproject.io."
+          close-pr-message: "Closing stale PR."
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -44,4 +44,4 @@ jobs:
           fi
 
       - name: Run chart-testing (lint)
-        run: ct lint
+        run: ct lint 
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,3 +1,5 @@
+
+
 name: Release Charts
 
 on:
@@ -23,7 +25,6 @@ jobs:
         run: |
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
       - name: Install Helm
         uses: azure/setup-helm@v1
         with:

diff --git a/charts/datahub/Chart.yaml b/charts/datahub/Chart.yaml
@@ -4,36 +4,33 @@ description: A Helm chart for LinkedIn DataHub
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.84
+version: 0.2.112
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 0.8.39
+appVersion: 0.9.1
 dependencies:
   - name: datahub-gms
-    version: 0.2.5
+    version: 0.2.112
     repository: file://./subcharts/datahub-gms
     condition: datahub-gms.enabled
   - name: datahub-frontend
-    version: 0.2.2
+    version: 0.2.112
     repository: file://./subcharts/datahub-frontend
     condition: datahub-frontend.enabled
   - name: datahub-mae-consumer
-    version: 0.2.5
+    version: 0.2.112
     repository: file://./subcharts/datahub-mae-consumer
     condition: global.datahub_standalone_consumers_enabled
   - name: datahub-mce-consumer
-    version: 0.2.5
+    version: 0.2.112
     repository: file://./subcharts/datahub-mce-consumer
     condition: global.datahub_standalone_consumers_enabled
   - name: datahub-ingestion-cron
-    version: 0.2.3
+    version: 0.2.112
     repository: file://./subcharts/datahub-ingestion-cron
     condition: datahub-ingestion-cron.enabled
-  - name: datahub-jmxexporter
-    version: 0.2.1
-    repository: file://./subcharts/datahub-jmxexporter
   - name: acryl-datahub-actions
-    version: 0.0.2
+    version: 0.2.112
     repository: file://./subcharts/acryl-datahub-actions
     condition: acryl-datahub-actions.enabled
 maintainers:

diff --git a/charts/datahub/README.md b/charts/datahub/README.md
@@ -22,37 +22,43 @@ helm install datahub datahub/datahub --values <<path-to-values-file>>
 |-----|------|---------|-------------|
 | datahub-frontend.enabled | bool | `true` | Enable Datahub Front-end |
 | datahub-frontend.image.repository | string | `"linkedin/datahub-frontend-react"` | Image repository for datahub-frontend |
-| datahub-frontend.image.tag | string | `"v0.8.39"` | Image tag for datahub-frontend |
+| datahub-frontend.image.tag | string | `"v0.9.2"` | Image tag for datahub-frontend |
 | datahub-gms.enabled | bool | `true` | Enable GMS |
 | datahub-gms.image.repository | string | `"linkedin/datahub-gms"` | Image repository for datahub-gms |
-| datahub-gms.image.tag | string | `"v0.8.39"` | Image tag for datahub-gms |
+| datahub-gms.image.tag | string | `"v0.9.2"` | Image tag for datahub-gms |
 | datahub-mae-consumer.image.repository | string | `"linkedin/datahub-mae-consumer"` | Image repository for datahub-mae-consumer |
-| datahub-mae-consumer.image.tag | string | `"v0.8.39"` | Image tag for datahub-mae-consumer |
+| datahub-mae-consumer.image.tag | string | `"v0.9.2"` | Image tag for datahub-mae-consumer |
 | datahub-mce-consumer.image.repository | string | `"linkedin/datahub-mce-consumer"` | Image repository for datahub-mce-consumer |
-| datahub-mce-consumer.image.tag | string | `"v0.8.39"` | Image tag for datahub-mce-consumer |
+| datahub-mce-consumer.image.tag | string | `"v0.9.2"` | Image tag for datahub-mce-consumer |
 | datahub-ingestion-cron.enabled | bool | `false` | Enable cronjob for periodic ingestion |
 | datahubUpgrade.podSecurityContext | object | `{}` | Pod security context for datahubUpgrade jobs |
 | datahubUpgrade.securityContext | object | `{}` | Container security context for datahubUpgrade jobs |
+| datahubUpgrade.podAnnotations | object | `{}` | Pod annotations for datahubUpgrade jobs |
+| datahubUpgrade.restoreIndices.resources | object | '{}' | Kube Resource definitions for the datahub upgrade job 'restore indices' |
 | elasticsearchSetupJob.enabled | bool | `true` | Enable setup job for elasicsearch |
 | elasticsearchSetupJob.image.repository | string | `"linkedin/datahub-elasticsearch-setup"` | Image repository for elasticsearchSetupJob |
-| elasticsearchSetupJob.image.tag | string | `"v0.8.39"` | Image repository for elasticsearchSetupJob |
+| elasticsearchSetupJob.image.tag | string | `"v0.9.2"` | Image repository for elasticsearchSetupJob |
 | elasticsearchSetupJob.podSecurityContext | object | `{"fsGroup": 1000}` | Pod security context for elasticsearchSetupJob |
 | elasticsearchSetupJob.securityContext | object | `{"runAsUser": 1000}` | Container security context for elasticsearchSetupJob |
+| elasticsearchSetupJob.podAnnotations | object | `{}` | Pod annotations for elasticsearchSetupJob |
 | kafkaSetupJob.enabled | bool | `true` | Enable setup job for kafka |
 | kafkaSetupJob.image.repository | string | `"linkedin/datahub-kafka-setup"` | Image repository for kafkaSetupJob |
-| kafkaSetupJob.image.tag | string | `"v0.8.39"` | Image repository for kafkaSetupJob |
+| kafkaSetupJob.image.tag | string | `"v0.9.2"` | Image repository for kafkaSetupJob |
 | kafkaSetupJob.podSecurityContext | object | `{"fsGroup": 1000}` | Pod security context for kafkaSetupJob |
 | kafkaSetupJob.securityContext | object | `{"runAsUser": 1000}` | Container security context for kafkaSetupJob |
+| kafkaSetupJob.podAnnotations | object | `{}` | Pod annotations for kafkaSetupJob |
 | mysqlSetupJob.enabled | bool | `false` | Enable setup job for mysql |
 | mysqlSetupJob.image.repository | string | `"acryldata/datahub-mysql-setup"` | Image repository for mysqlSetupJob |
-| mysqlSetupJob.image.tag | string | `"v0.8.39"` | Image repository for mysqlSetupJob |
+| mysqlSetupJob.image.tag | string | `"v0.9.2"` | Image repository for mysqlSetupJob |
 | mysqlSetupJob.podSecurityContext | object | `{"fsGroup": 1000}` | Pod security context for mysqlSetupJob |
 | mysqlSetupJob.securityContext | object | `{"runAsUser": 1000}` | Container security context for mysqlSetupJob |
+| mysqlSetupJob.podAnnotations | object | `{}` | Pod annotations for mysqlSetupJob |
 | postgresqlSetupJob.enabled | bool | `false` | Enable setup job for postgresql |
 | postgresqlSetupJob.image.repository | string | `"acryldata/datahub-postgres-setup"` | Image repository for postgresqlSetupJob |
-| postgresqlSetupJob.image.tag | string | `"v0.8.39"` | Image repository for postgresqlSetupJob |
+| postgresqlSetupJob.image.tag | string | `"v0.9.2"` | Image repository for postgresqlSetupJob |
 | postgresqlSetupJob.podSecurityContext | object | `{"fsGroup": 1000}` | Pod security context for mysqlSetupJob |
 | postgresqlSetupJob.securityContext | object | `{"runAsUser": 1000}` | Container security context for mysqlSetupJob |
+| postgresqlSetupJob.podAnnotations | object | `{}` | Pod annotations for mysqlSetupJob |
 | global.datahub_standalone_consumers_enabled | boolean | true | Enable standalone consumers for kafka |
 | global.datahub_analytics_enabled | boolean | true | Enable datahub usage analytics |
 | global.datahub.appVersion | string | `"1.0"` | App version for annotation |
@@ -81,6 +87,7 @@ helm install datahub datahub/datahub --values <<path-to-values-file>>
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| acryl-datahub-actions.ingestionSecretFiles.name | string | `""` | Name of the k8s secret that holds any secret files (e.g., SSL certificates and private keys) that are used in your ingestion recipes. The keys in the secret will be mounted as individual files under `/etc/datahub/ingestion-secret-files` |
 | global.credentialsAndCertsSecrets.name | string | `""` | Name of the secret that holds SSL certificates (keystores, truststores) |
 | global.credentialsAndCertsSecrets.path | string | `"/mnt/certs"` | Path to mount the SSL certificates |
 | global.credentialsAndCertsSecrets.secureEnv | map | `{}` | Map of SSL config name and the corresponding value in the secret |
@@ -100,11 +107,17 @@ helm install datahub datahub/datahub --values <<path-to-values-file>>
 | global.datahub.metadata_service_authentication.tokenService.signingKey.secretKey | string | `token_service_signing_key` | The key of a secret containing the internal system secret that is used to sign JWT auth tokens issued by DataHub GMS. If a secret reference is not provided, a random one will be generated for you in a Kubernetes secret value named `token_service_signing_key` within a secret named `datahub-auth-secrets`. | 
 | global.datahub.metadata_service_authentication.tokenService.salt.secretRef | string | `datahub-auth-secrets` | The reference to a secret containing the internal system secret that is used to salt JWT auth tokens signatures issued by DataHub GMS that is part of the metadata graph. If a secret reference is not provided, a random one will be generated for you in a Kubernetes secret called `datahub-auth-secrets`. |
 | global.datahub.metadata_service_authentication.tokenService.salt.secretKey | string | `token_service_salt` | The key of a secret containing the internal system secret that is used to salt JWT auth tokens signatures issued by DataHub GMS that is part of the metadata graph. If a secret reference is not provided, a random one will be generated for you in a Kubernetes secret value named `token_service_salt` within a secret named `datahub-auth-secrets`. |
-| global.datahub.metadata_service_authentication.provisionSecrets | bool | `true` | Whether auth secrets (token signing key & system client secret) should be provisioned on the first deployment for you. Set this to false if you are overriding global.datahub.metadata_service_authentication.tokenService.signingKey.secretRef or global.datahub.metadata_service_authentication systemClientSecret.secretRef. |
+| global.datahub.metadata_service_authentication.provisionSecrets.enabled | bool | `true` | Whether auth secrets (system client secret, token signing key & token service salt) should be provisioned on the first deployment for you. Set this to false if you are overriding `global.datahub.metadata_service_authentication.tokenService.signingKey.secretRef` or `global.datahub.metadata_service_authentication systemClientSecret.secretRef`. |
+| global.datahub.metadata_service_authentication.provisionSecrets.autoGenerate | bool | `true` | Whether auth secrets (token signing key, system client secret & token service salt) should be provisioned on the first deployment for you **with a random seed** on the first deployment for you. Set this to false and use `global.datahub.metadata_service_authentication.provisionSecrets.secretValues.*` if you would like to specify the secret values directly. |
+| global.datahub.encryptionKey.provisionSecrets.secretValues.secret | string | `` | The system client secret key value to be used if specified directly. |
+| global.datahub.encryptionKey.provisionSecrets.secretValues.signingkey | string | `` | The system signing key value to be used if specified directly. |
+| global.datahub.encryptionKey.provisionSecrets.secretValues.salt | string | `` | The token service salt value to be used if specified directly. |
 | global.datahub.managed_ingestion.enabled | bool | `true` | Whether or not UI-based ingestion experience is enabled. |
 | global.datahub.encryptionKey.secretRef | string | `datahub-encryption-secrets` | The reference to a secret containing an alpha-numeric encryption key, which is used to encrypt Secrets on DataHub. If a secret reference is not provided, a random one will be generated for you in a Kubernetes secret named `datahub-encryption-secrets`. |
 | global.datahub.encryptionKey.secretKey | string | `encryption_key_secret` | The key of a secret containing an alpha-numeric encryption key, which is used to encrypt Secrets on DataHub. If a secret reference is not provided, a random one will be generated for you in a Kubernetes secret value named `encryption_key_secret` within a secret named `datahub-encryption-secrets`. |
-| global.datahub.managed_ingestion.defaultCliVersion | string | `0.8.39.4` | This is the version of the DataHub CLI to use for UI ingestion, by default. |
-| global.datahub.encryptionKey.provisionSecret | bool | `true` | Whether an encryption key secret should be provisioned on the first deployment for you. Set this to false if you are overriding global.datahub.encryptionKey.secretRef. |
+| global.datahub.managed_ingestion.defaultCliVersion | string | `0.9.1` | This is the version of the DataHub CLI to use for UI ingestion, by default. |
+| global.datahub.encryptionKey.provisionSecret.enabled | bool | `true` | Whether an encryption key secret should be provisioned on the first deployment for you. Set this to false if you are overriding global.datahub.encryptionKey.secretRef. |
+| global.datahub.encryptionKey.provisionSecret.autoGenerate | bool | `true` | Whether an encryption key secret should be provisioned for you **with a random seed** on the first deployment for you. Set this to false and use `global.datahub.encryptionKey.provisionSecret.secretValues.encryptionKey` if you would like to specify the secret values directly. |
+| global.datahub.encryptionKey.provisionSecret.secretValues.encryptionKey | string | `` | The encryption key value to be used if specified directly. |
 | global.datahub.enable_retention | bool | `false` | Whether or not to enable retention on local DB |
 | global.sql.datasource.hostForpostgresqlClient | string | `""` | SQL database host (without port) when using postgresqlSetupJob |
diff --git a/charts/datahub/quickstart-values-with-neo4j.yaml b/charts/datahub/quickstart-values-with-neo4j.yaml
@@ -4,13 +4,13 @@ datahub-gms:
   enabled: true
   image:
     repository: linkedin/datahub-gms
-    tag: "v0.8.39"
+    tag: "v0.9.2"
 
 datahub-frontend:
   enabled: true
   image:
     repository: linkedin/datahub-frontend-react
-    tag: "v0.8.39"
+    tag: "v0.9.2"
   # Set up ingress to expose react front-end
   ingress:
     enabled: false
@@ -19,7 +19,7 @@ acryl-datahub-actions:
   enabled: true
   image:
     repository: acryldata/datahub-actions
-    tag: "v0.0.4"
+    tag: "v0.0.7"
   resources:
     limits:
       cpu: 500m
@@ -32,31 +32,31 @@ elasticsearchSetupJob:
   enabled: true
   image:
     repository: linkedin/datahub-elasticsearch-setup
-    tag: "v0.8.39"
+    tag: "v0.9.2"
 
 kafkaSetupJob:
   enabled: true
   image:
     repository: linkedin/datahub-kafka-setup
-    tag: "v0.8.39"
+    tag: "v0.9.2"
 
 mysqlSetupJob:
   enabled: true
   image:
     repository: acryldata/datahub-mysql-setup
-    tag: "v0.8.39"
+    tag: "v0.9.2"
 
 datahubUpgrade:
   enabled: true
   image:
     repository: acryldata/datahub-upgrade
-    tag: "v0.8.39"
+    tag: "v0.9.2"
 
 datahub-ingestion-cron:
   enabled: false
   image:
     repository: acryldata/datahub-ingestion
-    tag: "v0.8.39"
+    tag: "v0.9.2"
 
 global:
   graph_service_impl: neo4j
@@ -102,4 +102,4 @@ global:
 
     managed_ingestion:
       enabled: true
-      defaultCliVersion: "0.8.39"
+      defaultCliVersion: "0.9.1"
diff --git a/charts/datahub/subcharts/acryl-datahub-actions/Chart.yaml b/charts/datahub/subcharts/acryl-datahub-actions/Chart.yaml
@@ -1,7 +1,6 @@
 apiVersion: v2
 name: acryl-datahub-actions
 description: A Helm chart for Kubernetes
-
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -11,11 +10,9 @@ description: A Helm chart for Kubernetes
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.0.2
-
+version: 0.2.112
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 0.0.2
+appVersion: 0.0.7
diff --git a/charts/datahub/subcharts/acryl-datahub-actions/README.md b/charts/datahub/subcharts/acryl-datahub-actions/README.md
@@ -2,7 +2,7 @@ acryl-datahub-actions
 ================
 A Helm chart for acryl-datahub-actions
 
-Current chart version is `0.0.1`
+Current chart version is `0.0.3`
 
 ## Chart Values
 
@@ -17,7 +17,7 @@ Current chart version is `0.0.1`
 | global.datahub.gms.port | string | `"8080"` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"acryldata/datahub-actions"` |  |
-| image.tag | string | `"v0.0.4"` |  |
+| image.tag | string | `"v0.0.6"` |  |
 | imagePullSecrets | list | `[]` |  |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |

diff --git a/charts/datahub/subcharts/acryl-datahub-actions/templates/deployment.yaml b/charts/datahub/subcharts/acryl-datahub-actions/templates/deployment.yaml
@@ -35,6 +35,12 @@ spec:
             defaultMode: 0444
             secretName: {{ .name }}
       {{- end }}
+      {{- with .Values.ingestionSecretFiles }}
+        - name: ingestion-secret-files
+          secret:
+            defaultMode: 0444
+            secretName: {{ .name }}
+      {{- end }}
       {{- if .Values.extraVolumes }}
         {{ toYaml .Values.extraVolumes | nindent 8 }}
       {{- end }}
@@ -103,6 +109,11 @@ spec:
           {{- with .Values.extraVolumeMounts }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- with .Values.ingestionSecretFiles }}
+            - name: ingestion-secret-files
+              readOnly: true
+              mountPath: "/etc/datahub/ingestion-secret-files"
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
 

diff --git a/charts/datahub/subcharts/datahub-frontend/Chart.yaml b/charts/datahub/subcharts/datahub-frontend/Chart.yaml
@@ -1,7 +1,6 @@
 apiVersion: v2
 name: datahub-frontend
 description: A Helm chart for Kubernetes
-
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -11,11 +10,10 @@ description: A Helm chart for Kubernetes
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.2.2
 
+version: 0.2.112
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 0.3.2
+appVersion: v0.9.2