ory
diff --git a/‎.prettierignore
+3-1 b/‎.prettierignore
+3-1
diff --git a/‎helm/charts/example-idp/Chart.yaml
+3-1 b/‎helm/charts/example-idp/Chart.yaml
+3-1
diff --git a/‎helm/charts/example-idp/README.md
+1-1 b/‎helm/charts/example-idp/README.md
+1-1
diff --git a/‎helm/charts/example-idp/values.yaml
+3-2 b/‎helm/charts/example-idp/values.yaml
+3-2
diff --git a/‎helm/charts/hydra-maester/values.yaml
+3-2 b/‎helm/charts/hydra-maester/values.yaml
+3-2
diff --git a/‎helm/charts/hydra/Chart.yaml
+1-1 b/‎helm/charts/hydra/Chart.yaml
+1-1
diff --git a/‎helm/charts/hydra/README.md
+6-6 b/‎helm/charts/hydra/README.md
+6-6
diff --git a/‎helm/charts/hydra/values.yaml
+8-9 b/‎helm/charts/hydra/values.yaml
+8-9
diff --git a/‎helm/charts/keto/Chart.yaml
+1-1 b/‎helm/charts/keto/Chart.yaml
+1-1
diff --git a/‎helm/charts/keto/README.md
+6-6 b/‎helm/charts/keto/README.md
+6-6
diff --git a/‎helm/charts/keto/values.yaml
+8-8 b/‎helm/charts/keto/values.yaml
+8-8
diff --git a/‎helm/charts/kratos-selfservice-ui-node/values.yaml
+4-3 b/‎helm/charts/kratos-selfservice-ui-node/values.yaml
+4-3
diff --git a/‎helm/charts/kratos/Chart.yaml
+1-1 b/‎helm/charts/kratos/Chart.yaml
+1-1
@@ -1,4 +1,6 @@
 .github/pull_request_template.md
 .github/ISSUE_TEMPLATE/
-helm/charts/
 docs/helm/charts/index.yaml
+helm/charts/**/templates/*.yaml
+helm/charts/**/tests/*.yaml
+helm/charts/**/README.md
@@ -1,6 +1,8 @@
 apiVersion: v2
 appVersion: "1.4.6"
-description: A Helm chart for deploying the reference implementation for the User Login and Consent Flow in Kubernetes
+description:
+  A Helm chart for deploying the reference implementation for the User Login and
+  Consent Flow in Kubernetes
 name: example-idp
 version: 0.31.0
 type: application
@@ -26,7 +26,7 @@ A Helm chart for deploying the reference implementation for the User Login and C
 | ingress.tls | list | `[]` |  |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
-| resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user.  This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
+| resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
 | service.annotations | object | `{}` | If you do want to specify annotations, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'annotations:'. |
 | service.port | int | `3000` |  |
 | service.type | string | `"ClusterIP"` |  |
 
@@ -22,7 +22,8 @@ service:
 ingress:
   enabled: false
   className: ""
-  annotations: {}
+  annotations:
+    {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   hosts:
@@ -40,7 +41,7 @@ ingress:
 # baseUrl: ""
 # mockTlsTermination: ""
 
-# -- We usually recommend not to specify default resources and to leave this as a conscious choice for the user. 
+# -- We usually recommend not to specify default resources and to leave this as a conscious choice for the user.
 # This also increases chances charts run on environments with little
 # resources, such as Minikube. If you do want to specify resources, uncomment the following
 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
 
@@ -35,7 +35,8 @@ adminService:
 forwardedProto:
 
 deployment:
-  resources: {}
+  resources:
+    {}
     #  We usually recommend not to specify default resources and to leave this as a conscious
     #  choice for the user. This also increases chances charts run on environments with little
     #  resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -51,7 +52,7 @@ deployment:
   securityContext:
     capabilities:
       drop:
-      - ALL
+        - ALL
     seccompProfile:
       type: RuntimeDefault
     readOnlyRootFilesystem: true
 
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: "v2.0.3"
+appVersion: "v2.1.1"
 description: A Helm chart for deploying ORY Hydra in Kubernetes
 name: hydra
 icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-hydra.svg
 
@@ -1,6 +1,6 @@
 # hydra
 
-![Version: 0.31.0](https://img.shields.io/badge/Version-0.31.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.0.3](https://img.shields.io/badge/AppVersion-v2.0.3-informational?style=flat-square)
+![Version: 0.31.0](https://img.shields.io/badge/Version-0.31.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.1.1](https://img.shields.io/badge/AppVersion-v2.1.1-informational?style=flat-square)
 
 A Helm chart for deploying ORY Hydra in Kubernetes
 
@@ -47,9 +47,9 @@ A Helm chart for deploying ORY Hydra in Kubernetes
 | deployment.automigration.extraEnv | list | `[]` | Array of extra envs to be passed to the initContainer. Kubernetes format is expected - name: FOO   value: BAR |
 | deployment.automountServiceAccountToken | bool | `true` |  |
 | deployment.autoscaling | object | `{"enabled":false,"maxReplicas":3,"minReplicas":1,"targetCPU":{},"targetMemory":{}}` | Configure HPA |
-| deployment.customLivenessProbe | object | `{}` | Configure a custom livenessProbe. This overwrites the default object  |
-| deployment.customReadinessProbe | object | `{}` | Configure a custom readinessProbe. This overwrites the default object   |
-| deployment.customStartupProbe | object | `{}` | Configure a custom startupProbe. This overwrites the default object   |
+| deployment.customLivenessProbe | object | `{}` | Configure a custom livenessProbe. This overwrites the default object |
+| deployment.customReadinessProbe | object | `{}` | Configure a custom readinessProbe. This overwrites the default object |
+| deployment.customStartupProbe | object | `{}` | Configure a custom startupProbe. This overwrites the default object |
 | deployment.dnsConfig | object | `{}` | Configure pod dnsConfig. |
 | deployment.extraContainers | string | `""` | If you want to add extra sidecar containers. |
 | deployment.extraEnv | list | `[]` | Array of extra envs to be passed to the deployment. Kubernetes format is expected - name: FOO   value: BAR |
@@ -92,10 +92,10 @@ A Helm chart for deploying ORY Hydra in Kubernetes
 | hydra.automigration.type | string | `"job"` | Configure the way to execute database migration. Possible values: job, initContainer When set to job, the migration will be executed as a job on release or upgrade. When set to initContainer, the migration will be executed when kratos pod is created Defaults to job |
 | hydra.config | object | `{"secrets":{},"serve":{"admin":{"port":4445},"public":{"port":4444},"tls":{"allow_termination_from":["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"]}},"urls":{"self":{}}}` | The ORY Hydra configuration. For a full list of available settings, check:  https://www.ory.sh/docs/hydra/reference/configuration |
 | hydra.config.secrets | object | `{}` | The secrets have to be provided as a string slice, example: system:   - "OG5XbmxXa3dYeGplQXpQanYxeEFuRUFa"   - "foo bar 123 456 lorem"   - "foo bar 123 456 lorem 1"   - "foo bar 123 456 lorem 2"   - "foo bar 123 456 lorem 3" |
-| hydra.dev | bool | `false` | Enable dev mode, not secure in production environments  |
+| hydra.dev | bool | `false` | Enable dev mode, not secure in production environments |
 | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
 | image.repository | string | `"oryd/hydra"` | ORY Hydra image |
-| image.tag | string | `"v2.0.3"` | ORY Hydra version |
+| image.tag | string | `"v2.1.1"` | ORY Hydra version |
 | imagePullSecrets | list | `[]` | Image pull secrets |
 | ingress | object | `{"admin":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"admin.hydra.localhost","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]},"public":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"public.hydra.localhost","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}]}}` | Configure ingress |
 | ingress.admin.enabled | bool | `false` | En-/Disable the api ingress. |
 
@@ -5,7 +5,7 @@ image:
   # -- ORY Hydra image
   repository: oryd/hydra
   # -- ORY Hydra version
-  tag: v2.0.3
+  tag: v2.1.1
   # -- Image pull policy
   pullPolicy: IfNotPresent
 
@@ -167,7 +167,7 @@ hydra:
     # -- resource requests and limits for the automigration initcontainer
     resources: {}
 
-  # -- Enable dev mode, not secure in production environments 
+  # -- Enable dev mode, not secure in production environments
   dev: false
 
 deployment:
@@ -230,11 +230,10 @@ deployment:
 
   # -- Parameters for the automigration initContainer
   automigration:
-
     # -- Array of extra envs to be passed to the initContainer. Kubernetes format is expected
     # - name: FOO
     #   value: BAR
-    extraEnv: []    
+    extraEnv: []
 
   # -- Configure node tolerations.
   tolerations: []
@@ -336,11 +335,11 @@ deployment:
   #  - name: ...
   #    image: ...
 
-  # -- Configure a custom livenessProbe. This overwrites the default object 
-  customLivenessProbe: {} 
-  # -- Configure a custom readinessProbe. This overwrites the default object  
+  # -- Configure a custom livenessProbe. This overwrites the default object
+  customLivenessProbe: {}
+  # -- Configure a custom readinessProbe. This overwrites the default object
   customReadinessProbe: {}
-  # -- Configure a custom startupProbe. This overwrites the default object  
+  # -- Configure a custom startupProbe. This overwrites the default object
   customStartupProbe: {}
 
 # -- Values for initialization job
@@ -450,7 +449,7 @@ watcher:
     # -- Extra pod level annotations
     annotations: {}
   # -- Label key used for managing applications
-  watchLabelKey: 'ory.sh/watcher'
+  watchLabelKey: "ory.sh/watcher"
 
   ## -- pod securityContext for watcher deployment
   podSecurityContext: {}
 
@@ -25,4 +25,4 @@ version: 0.31.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "v0.10.0"
+appVersion: "v0.11.0"
@@ -1,6 +1,6 @@
 # keto
 
-![Version: 0.31.0](https://img.shields.io/badge/Version-0.31.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.10.0](https://img.shields.io/badge/AppVersion-v0.10.0-informational?style=flat-square)
+![Version: 0.31.0](https://img.shields.io/badge/Version-0.31.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.11.0](https://img.shields.io/badge/AppVersion-v0.11.0-informational?style=flat-square)
 
 Access Control Policies as a Server
 
@@ -28,8 +28,8 @@ Access Control Policies as a Server
 | deployment.automigration.extraEnv | list | `[]` | Array of extra envs to be passed to the initContainer. Kubernetes format is expected - name: FOO   value: BAR |
 | deployment.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPU":{},"targetMemory":{}}` | Autoscaling for keto deployment |
 | deployment.customLivenessProbe | object | `{}` | Configure a custom livenessProbe. This overwrites the default object |
-| deployment.customReadinessProbe | object | `{}` | Configure a custom readinessProbe. This overwrites the default object   |
-| deployment.customStartupProbe | object | `{}` | Configure a custom startupProbe. This overwrites the default object   |
+| deployment.customReadinessProbe | object | `{}` | Configure a custom readinessProbe. This overwrites the default object |
+| deployment.customStartupProbe | object | `{}` | Configure a custom startupProbe. This overwrites the default object |
 | deployment.dnsConfig | object | `{}` | Configure pod dnsConfig. |
 | deployment.extraContainers | string | `""` | If you want to add extra sidecar containers. |
 | deployment.extraEnv | list | `[]` | Array of extra Envs to be added to the deployment. K8s format expected - name: FOO   value: BAR |
@@ -51,7 +51,7 @@ Access Control Policies as a Server
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` | Default image pull policy |
 | image.repository | string | `"oryd/keto"` | Ory KETO image |
-| image.tag | string | `"v0.10.0"` | Ory KETO version |
+| image.tag | string | `"v0.11.1"` | Ory KETO version |
 | imagePullSecrets | list | `[]` |  |
 | ingress | object | `{"read":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/read","pathType":"Prefix"}]}],"tls":[]},"write":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/write","pathType":"Prefix"}]}],"tls":[]}}` | Ingress definitions |
 | job | object | `{"annotations":{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation,hook-succeeded","helm.sh/hook-weight":"1"},"automountServiceAccountToken":true,"extraContainers":"","extraEnv":[],"extraInitContainers":"","lifecycle":"","nodeSelector":{},"podMetadata":{"annotations":{},"labels":{}},"serviceAccount":{"annotations":{"helm.sh/hook":"pre-install, pre-upgrade","helm.sh/hook-delete-policy":"before-hook-creation","helm.sh/hook-weight":"0"},"create":true,"name":""},"shareProcessNamespace":false,"spec":{"backoffLimit":10},"tolerations":[]}` | Values for initialization job |
@@ -74,9 +74,9 @@ Access Control Policies as a Server
 | job.tolerations | list | `[]` | Configure node tolerations. |
 | keto | object | `{"automigration":{"customArgs":[],"customCommand":[],"enabled":false,"type":"job"},"config":{"dsn":"memory","namespaces":[{"id":0,"name":"sample"}],"serve":{"metrics":{"port":4468},"read":{"port":4466},"write":{"port":4467}}}}` | Main application config. |
 | keto.automigration | object | `{"customArgs":[],"customCommand":[],"enabled":false,"type":"job"}` | Enables database migration |
-| keto.automigration.customArgs | list | `[]` | Ability to override arguments of the entrypoint. Can be used in-depended of customCommand  eg: - sleep 5;   - keto |
+| keto.automigration.customArgs | list | `[]` | Ability to override arguments of the entrypoint. Can be used in-depended of customCommand eg: - sleep 5;   - keto |
 | keto.automigration.customCommand | list | `[]` | Ability to override the entrypoint of the automigration container (e.g. to source dynamic secrets or export environment dynamic variables) |
-| keto.automigration.type | string | `"job"` | Configure the way to execute database migration. Possible values: job, initContainer When set to job, the migration will be executed as a job on release or upgrade. When set to initContainer, the migration will be executed when kratos pod is created Defaults to job   |
+| keto.automigration.type | string | `"job"` | Configure the way to execute database migration. Possible values: job, initContainer When set to job, the migration will be executed as a job on release or upgrade. When set to initContainer, the migration will be executed when kratos pod is created Defaults to job |
 | keto.config | object | `{"dsn":"memory","namespaces":[{"id":0,"name":"sample"}],"serve":{"metrics":{"port":4468},"read":{"port":4466},"write":{"port":4467}}}` | Direct keto config. Full documentation can be found in https://www.ory.sh/keto/docs/reference/configuration |
 | nameOverride | string | `""` |  |
 | pdb | object | `{"enabled":false,"spec":{"minAvailable":1}}` | PodDistributionBudget configuration |
 
@@ -11,7 +11,7 @@ image:
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
   # -- Ory KETO version
-  tag: "v0.10.0"
+  tag: "v0.11.1"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -207,12 +207,12 @@ keto:
     # -- Configure the way to execute database migration. Possible values: job, initContainer
     # When set to job, the migration will be executed as a job on release or upgrade.
     # When set to initContainer, the migration will be executed when kratos pod is created
-    # Defaults to job  
+    # Defaults to job
     type: job
     # -- Ability to override the entrypoint of the automigration container
     # (e.g. to source dynamic secrets or export environment dynamic variables)
     customCommand: []
-    # -- Ability to override arguments of the entrypoint. Can be used in-depended of customCommand 
+    # -- Ability to override arguments of the entrypoint. Can be used in-depended of customCommand
     # eg:
     # - sleep 5;
     #   - keto
@@ -268,10 +268,10 @@ deployment:
     periodSeconds: 1
     timeoutSeconds: 1
   # -- Configure a custom livenessProbe. This overwrites the default object
-  customLivenessProbe: {} 
-  # -- Configure a custom readinessProbe. This overwrites the default object  
+  customLivenessProbe: {}
+  # -- Configure a custom readinessProbe. This overwrites the default object
   customReadinessProbe: {}
-  # -- Configure a custom startupProbe. This overwrites the default object  
+  # -- Configure a custom startupProbe. This overwrites the default object
   customStartupProbe: {}
 
   # -- Add custom annotations to the deployment
@@ -365,7 +365,7 @@ deployment:
     # -- Array of extra envs to be passed to the initContainer. Kubernetes format is expected
     # - name: FOO
     #   value: BAR
-    extraEnv: []    
+    extraEnv: []
 
 # -- Watcher sidecar configuration
 watcher:
@@ -380,7 +380,7 @@ watcher:
     # -- Extra pod level annotations
     annotations: {}
   # -- Label key used for managing applications
-  watchLabelKey: 'ory.sh/watcher'
+  watchLabelKey: "ory.sh/watcher"
 
 # -- PodDistributionBudget configuration
 pdb:
 
@@ -30,12 +30,13 @@ service:
 ingress:
   enabled: false
   className: ""
-  annotations: {}
+  annotations:
+    {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   hosts:
     - host: chart-example.local
-      paths: 
+      paths:
         - path: /
           pathType: ImplementationSpecific
   tls: []
@@ -47,7 +48,7 @@ ingress:
 securityContext:
   capabilities:
     drop:
-    - ALL
+      - ALL
   seccompProfile:
     type: RuntimeDefault
   readOnlyRootFilesystem: true
 
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v0.11.1
+appVersion: "v0.13.0"
 description: A ORY Kratos Helm chart for Kubernetes
 name: kratos
 icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-kratos.svg