From 87664f6b8c853aa1b1513c51717ad26176f3eb01 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Thu, 11 Dec 2025 11:35:13 +0100
Subject: [PATCH 01/16] refactor: remove core and graph

They are obsolete and unused components
---
 helm-chart/renku/templates/core/_helpers.tpl  |  16 -
 .../templates/core/cache-cleanup-job.yaml     |  32 --
 .../renku/templates/core/configmap.yaml       |  23 --
 .../core/cronjob-serviceaccount.yaml          |  38 ---
 .../renku/templates/core/deployment.yaml      | 300 ------------------
 helm-chart/renku/templates/core/hpa.yaml      |  31 --
 helm-chart/renku/templates/core/pdb.yaml      |  14 -
 helm-chart/renku/templates/core/service.yaml  |  50 ---
 helm-chart/renku/templates/graph/_helpers.tpl | 114 -------
 .../commit-event-service-deployment.yaml      |  85 -----
 .../graph/commit-event-service-service.yaml   |  25 --
 .../templates/graph/db-encryption-secret.yaml |  62 ----
 .../templates/graph/event-log-deployment.yaml | 112 -------
 .../templates/graph/event-log-service.yaml    |  25 --
 .../renku/templates/graph/jena-shiro-ini.yaml |  73 -----
 .../graph/knowledge-graph-deployment.yaml     | 104 ------
 .../graph/knowledge-graph-service.yaml        |  25 --
 .../graph/token-repository-deployment.yaml    | 121 -------
 .../graph/token-repository-service.yaml       |  25 --
 .../graph/triples-generator-deployment.yaml   | 143 ---------
 .../graph/triples-generator-service.yaml      |  25 --
 .../graph/webhook-service-deployment.yaml     | 102 ------
 .../graph/webhook-service-service.yaml        |  25 --
 23 files changed, 1570 deletions(-)
 delete mode 100644 helm-chart/renku/templates/core/_helpers.tpl
 delete mode 100644 helm-chart/renku/templates/core/cache-cleanup-job.yaml
 delete mode 100644 helm-chart/renku/templates/core/configmap.yaml
 delete mode 100644 helm-chart/renku/templates/core/cronjob-serviceaccount.yaml
 delete mode 100644 helm-chart/renku/templates/core/deployment.yaml
 delete mode 100644 helm-chart/renku/templates/core/hpa.yaml
 delete mode 100644 helm-chart/renku/templates/core/pdb.yaml
 delete mode 100644 helm-chart/renku/templates/core/service.yaml
 delete mode 100644 helm-chart/renku/templates/graph/_helpers.tpl
 delete mode 100644 helm-chart/renku/templates/graph/commit-event-service-deployment.yaml
 delete mode 100644 helm-chart/renku/templates/graph/commit-event-service-service.yaml
 delete mode 100644 helm-chart/renku/templates/graph/db-encryption-secret.yaml
 delete mode 100644 helm-chart/renku/templates/graph/event-log-deployment.yaml
 delete mode 100644 helm-chart/renku/templates/graph/event-log-service.yaml
 delete mode 100644 helm-chart/renku/templates/graph/jena-shiro-ini.yaml
 delete mode 100644 helm-chart/renku/templates/graph/knowledge-graph-deployment.yaml
 delete mode 100644 helm-chart/renku/templates/graph/knowledge-graph-service.yaml
 delete mode 100644 helm-chart/renku/templates/graph/token-repository-deployment.yaml
 delete mode 100644 helm-chart/renku/templates/graph/token-repository-service.yaml
 delete mode 100644 helm-chart/renku/templates/graph/triples-generator-deployment.yaml
 delete mode 100644 helm-chart/renku/templates/graph/triples-generator-service.yaml
 delete mode 100644 helm-chart/renku/templates/graph/webhook-service-deployment.yaml
 delete mode 100644 helm-chart/renku/templates/graph/webhook-service-service.yaml

diff --git a/helm-chart/renku/templates/core/_helpers.tpl b/helm-chart/renku/templates/core/_helpers.tpl
deleted file mode 100644
index 90b6caa027..0000000000
--- a/helm-chart/renku/templates/core/_helpers.tpl
+++ /dev/null
@@ -1,16 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Common labels
-*/}}
-{{- define "renku-core.labels" -}}
-app.kubernetes.io/name: core
-{{ template "renku.labels" . }}
-{{- end -}}
-
-{{- define "renku-core.name" -}}
-core
-{{- end -}}
-
-{{- define "renku-core.fullname" -}}
-{{- printf "%s-%s" (include "renku.fullname" .) (include "renku-core.name" .) -}}
-{{- end -}}
diff --git a/helm-chart/renku/templates/core/cache-cleanup-job.yaml b/helm-chart/renku/templates/core/cache-cleanup-job.yaml
deleted file mode 100644
index ef5281b5ac..0000000000
--- a/helm-chart/renku/templates/core/cache-cleanup-job.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{- if .Values.enableV1Services }}
-{{- range $version := .Values.global.core.versions }}
-{{ if ne $version.name "v9"}}
----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: {{ include "renku-core.fullname" $ }}-cleanup-{{ $version.name }}
-  labels:
-    app.kubernetes.io/deploymentVersion: {{ $version.name }}
-spec:
-  schedule: "*/5 * * * *"
-  concurrencyPolicy: Forbid
-  jobTemplate:
-    spec:
-      template:
-        metadata:
-          labels:
-            app: core-cache-cleanup
-        spec:
-          containers:
-          - name: {{ include "renku-core.fullname" $ }}-cache-cleanup-{{ $version.name }}
-            image: renku/renku-core-cleanup:v1
-            imagePullPolicy: IfNotPresent
-            args:
-            - {{ $version.name | quote}}
-            - {{ $.Release.Namespace }}
-          restartPolicy: OnFailure
-          serviceAccountName: {{ include "renku-core.fullname" $ }}-cleanup
-{{ end }}
-{{ end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/core/configmap.yaml b/helm-chart/renku/templates/core/configmap.yaml
deleted file mode 100644
index d5eb0c4c5b..0000000000
--- a/helm-chart/renku/templates/core/configmap.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "renku-core.fullname" . }}-metadata-versions
-data:
-  metadata-versions.json: |
-    {
-      "name": "renku-core",
-      "versions": [
-        {{- $printComma := false -}}
-        {{- range $key, $version := .Values.global.core.versions }}
-        {{- if $printComma }},{{ else }} {{- $printComma = true }} {{ end }}
-        {
-          "version": "{{ $version.image.tag }}",
-          "data": {
-            "metadata_version": "{{ $version.prefix }}"
-          }
-        }
-        {{- end }}
-      ]
-    }
-{{- end }}
diff --git a/helm-chart/renku/templates/core/cronjob-serviceaccount.yaml b/helm-chart/renku/templates/core/cronjob-serviceaccount.yaml
deleted file mode 100644
index b92f266b4d..0000000000
--- a/helm-chart/renku/templates/core/cronjob-serviceaccount.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "renku-core.fullname" $ }}-cleanup
-  labels:
-{{ include "renku-core.labels" $ | indent 4 }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "renku-core.fullname" $ }}-cleanup
-  labels:
-{{ include "renku-core.labels" $ | indent 4 }}
-rules:
-- apiGroups:
-    - ""
-  resources:
-    - pods
-  verbs:
-    - get
-    - list
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "renku-core.fullname" $ }}-cleanup
-  labels:
-{{ include "renku-core.labels" $ | indent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ include "renku-core.fullname" $ }}-cleanup
-subjects:
-- kind: ServiceAccount
-  name: {{ include "renku-core.fullname" $ }}-cleanup
-  namespace: {{ $.Release.Namespace }}
-{{- end }}
diff --git a/helm-chart/renku/templates/core/deployment.yaml b/helm-chart/renku/templates/core/deployment.yaml
deleted file mode 100644
index 122d2bdafd..0000000000
--- a/helm-chart/renku/templates/core/deployment.yaml
+++ /dev/null
@@ -1,300 +0,0 @@
-{{- if .Values.enableV1Services }}
-{{- range $version := .Values.global.core.versions }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "renku-core.fullname" $ }}-{{ $version.name }}
-  labels:
-    app.kubernetes.io/deploymentVersion: {{ $version.name }}
-{{ include "renku-core.labels" $ | indent 4 }}
-spec:
-  replicas: {{ $.Values.core.replicaCount }}
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 0
-      maxSurge: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "renku-core.name" $ }}
-      app.kubernetes.io/instance: {{ $.Release.Name }}
-      app.kubernetes.io/deploymentVersion: {{ $version.name }}
-  template:
-    metadata:
-      annotations:
-      {{ if $.Values.core.metrics.enabled }}
-        prometheus.io/scrape: 'true'
-        prometheus.io/path: '/metrics'
-        prometheus.io/port: '8766'
-      {{ end }}
-      labels:
-        app.kubernetes.io/name: {{ include "renku-core.name" $ }}
-        app.kubernetes.io/instance: {{ $.Release.Name }}
-        app.kubernetes.io/deploymentVersion: {{ $version.name }}
-        {{ $.Values.global.redis.clientLabel | toYaml | nindent 8 }}
-    spec:
-    {{- with $.Values.core.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      volumes:
-        - name: shared-volume
-          emptyDir: {}
-        - name: metadata-versions
-          configMap:
-            name: {{ include "renku-core.fullname" $ }}-metadata-versions
-        {{- include "certificates.volumes" $ | nindent 8 }}
-      initContainers:
-        {{- include "certificates.initContainer" $ | nindent 8 }}
-      securityContext:
-        {{- toYaml $.Values.podSecurityContext | nindent 8 }}
-      automountServiceAccountToken: {{ $.Values.global.debug }}
-      containers:
-      {{ if $.Values.core.metrics.enabled }}
-        - name: {{ $.Chart.Name}}-rqmetrics
-          image: "{{ $.Values.core.metrics.image.repository }}:{{ $.Values.core.metrics.image.tag }}"
-          imagePullPolicy: {{ $.Values.core.metrics.image.pullPolicy }}
-          securityContext:
-            {{- toYaml $.Values.securityContext | nindent 12 }}
-          env:
-            - name: RQ_REDIS_HOST
-              value: {{ $.Values.global.redis.host | quote }}
-            - name: RQ_REDIS_PORT
-              value: {{ $.Values.global.redis.port | quote }}
-            - name: RQ_REDIS_DB
-              value: {{ $.Values.global.redis.dbIndex.coreService | quote }}
-            - name: RQ_REDIS_IS_SENTINEL
-              value: {{ $.Values.global.redis.sentinel.enabled | quote }}
-            - name: RQ_REDIS_MASTER_SET
-              value: {{ $.Values.global.redis.sentinel.masterSet | quote }}
-            - name: RQ_REDIS_PASS
-              valueFrom:
-                secretKeyRef:
-                  name: {{ $.Values.global.redis.existingSecret }}
-                  key: {{ $.Values.global.redis.existingSecretPasswordKey }}
-            - name: REDIS_NAMESPACE
-              value: {{ $version.name }}
-          ports:
-            - name: prometheus
-              containerPort: 8765
-              protocol: TCP
-          resources:
-            {{- toYaml $.Values.core.resources.rqmetrics | nindent 12 }}
-      {{ end }}
-        - name: {{ $.Chart.Name }}
-          image: "{{ $version.image.repository }}:{{ $version.image.tag }}"
-          imagePullPolicy: {{ $version.image.pullPolicy }}
-          securityContext:
-            {{- toYaml $.Values.securityContext | nindent 12 }}
-          args: ["service", "api"]
-          env:
-            - name: REDIS_HOST
-              value: {{ $.Values.global.redis.host | quote }}
-            - name: REDIS_PORT
-              value: {{ $.Values.global.redis.port | quote }}
-            - name: REDIS_DATABASE
-              value: {{ $.Values.global.redis.dbIndex.coreService | quote }}
-            - name: REDIS_IS_SENTINEL
-              value: {{ $.Values.global.redis.sentinel.enabled | quote }}
-            - name: REDIS_MASTER_SET
-              value: {{ $.Values.global.redis.sentinel.masterSet | quote }}
-            - name: REDIS_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ $.Values.global.redis.existingSecret }}
-                  key: {{ $.Values.global.redis.existingSecretPasswordKey }}
-            - name: REDIS_NAMESPACE
-              value: {{ $version.name }}
-            - name: CACHE_DIR
-              value: {{ $.Values.core.cacheDirectory }}
-            - name: PROJECT_CLONE_DEPTH_DEFAULT
-              value: {{ $.Values.core.projectCloneDepth | quote }}
-            - name: TEMPLATE_CLONE_DEPTH_DEFAULT
-              value: {{ $.Values.core.templateCloneDepth | quote }}
-            - name: MAX_CONTENT_LENGTH
-              value: {{ $.Values.core.maximumUploadSizeBytes | quote }}
-            - name: REQUEST_TIMEOUT
-              value: {{ $.Values.core.requestTimeout | quote }}
-            - name: CORE_SERVICE_PREFIX
-              value: /renku
-            - name: CORE_SERVICE_API_BASE_PATH
-              value: {{ $.Values.core.apiBasePath }}
-            - name: RENKU_SVC_SWAGGER_URL
-              value: /renku/openapi.json
-            - name: SERVICE_LOG_LEVEL
-              value: {{ $.Values.core.logLevel }}
-            - name: SENTRY_ENABLED
-              value: {{ $.Values.core.sentry.enabled | quote }}
-            - name: SENTRY_DSN
-              value: {{ $.Values.core.sentry.dsn }}
-            - name: SENTRY_SAMPLE_RATE
-              value: {{ $.Values.core.sentry.sampleRate | quote }}
-            - name: SENTRY_ENV
-              value: {{ $.Values.core.sentry.environment }}
-            - name: METRICS_PORT
-              value: "8766"
-            {{ if $.Values.nWorkers }}
-            - name: RENKU_SVC_NUM_WORKERS
-              value: {{ $.Values.core.nWorkers | quote }}
-            {{ end }}
-            {{ if $.Values.core.nThreads }}
-            - name: RENKU_SVC_NUM_THREADS
-              value: {{ $.Values.core.nThreads | quote }}
-            {{ end }}
-            - name: GIT_LFS_SKIP_SMUDGE
-              value: {{ $.Values.core.gitLFSSkipSmudge | quote }}
-            - name: RENKU_DOMAIN
-              value: {{ $.Values.global.renku.domain }}
-            - name: RENKU_PROJECT_DEFAULT_CLI_VERSION
-              value: {{ $.Values.global.renku.cli_version | default "" | quote }}
-            - name: METADATA_VERSIONS_LIST
-              value: /svc/config/metadata-versions/metadata-versions.json
-            {{- include "certificates.env.python" $ | nindent 12 }}
-          volumeMounts:
-            - name: shared-volume
-              mountPath: {{ $.Values.core.cacheDirectory }}
-            - name: metadata-versions
-              mountPath: /svc/config/metadata-versions
-            {{- include "certificates.volumeMounts.system" $ | nindent 12 }}
-          ports:
-            - name: http
-              containerPort: 8080
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /health
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: http
-          resources:
-            {{- toYaml $.Values.core.resources.core | nindent 12 }}
-        - name: {{ $.Chart.Name }}-datasets-workers
-          image: "{{ $version.image.repository }}:{{ $version.image.tag }}"
-          imagePullPolicy: {{ $version.image.pullPolicy }}
-          securityContext:
-            {{- toYaml $.Values.securityContext | nindent 12 }}
-          args: ["service", "worker"]
-          env:
-            - name: REDIS_HOST
-              value: {{ $.Values.global.redis.host | quote }}
-            - name: REDIS_PORT
-              value: {{ $.Values.global.redis.port | quote }}
-            - name: REDIS_DATABASE
-              value: {{ $.Values.global.redis.dbIndex.coreService | quote }}
-            - name: REDIS_IS_SENTINEL
-              value: {{ $.Values.global.redis.sentinel.enabled | quote }}
-            - name: REDIS_MASTER_SET
-              value: {{ $.Values.global.redis.sentinel.masterSet | quote }}
-            - name: REDIS_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ $.Values.global.redis.existingSecret }}
-                  key: {{ $.Values.global.redis.existingSecretPasswordKey }}
-            - name: REDIS_NAMESPACE
-              value: {{ $version.name }}
-            - name: RENKU_JWT_TOKEN_SECRET
-              value: {{ $.Values.core.jwtTokenSecret }}
-            - name: CACHE_DIR
-              value: {{ $.Values.core.cacheDirectory }}
-            - name: RENKU_SVC_CLEANUP_INTERVAL
-              value: {{ $.Values.core.cleanupInterval | quote }}
-            - name: RENKU_SVC_WORKER_QUEUES
-              value: {{ $.Values.core.datasetsWorkerQueues}}
-            - name: RENKU_SVC_CLEANUP_TTL_FILES
-              value: {{ $.Values.core.cleanupFilesTTL | quote }}
-            - name: RENKU_SVC_CLEANUP_TTL_PROJECTS
-              value: {{ $.Values.core.cleanupProjectsTTL | quote }}
-            - name: DEPLOYMENT_LOG_LEVEL
-              value: {{ $.Values.core.logLevel }}
-            - name: SENTRY_ENABLED
-              value: {{ $.Values.core.sentry.enabled | quote }}
-            - name: SENTRY_DSN
-              value: {{ $.Values.core.sentry.dsn }}
-            - name: SENTRY_SAMPLE_RATE
-              value: {{ $.Values.core.sentry.sampleRate | quote }}
-            - name: SENTRY_ENV
-              value: {{ $.Values.core.sentry.environment }}
-            - name: GIT_LFS_SKIP_SMUDGE
-              value: {{ $.Values.core.gitLFSSkipSmudge | quote }}
-            - name: RENKU_DOMAIN
-              value: {{ $.Values.global.renku.domain }}
-            {{- include "certificates.env.python" $ | nindent 12 }}
-          volumeMounts:
-            - name: shared-volume
-              mountPath: {{ $.Values.core.cacheDirectory }}
-            {{- include "certificates.volumeMounts.system" $ | nindent 12 }}
-          resources:
-            {{- toYaml $.Values.core.resources.datasetsWorkers | nindent 12 }}
-
-        - name: {{ $.Chart.Name }}-management-workers
-          image: "{{ $version.image.repository }}:{{ $version.image.tag }}"
-          imagePullPolicy: {{ $version.image.pullPolicy }}
-          securityContext:
-            {{- toYaml $.Values.securityContext | nindent 12 }}
-          args: ["service", "worker"]
-          env:
-            - name: REDIS_HOST
-              value: {{ $.Values.global.redis.host | quote }}
-            - name: REDIS_PORT
-              value: {{ $.Values.global.redis.port | quote }}
-            - name: REDIS_DATABASE
-              value: {{ $.Values.global.redis.dbIndex.coreService | quote }}
-            - name: REDIS_IS_SENTINEL
-              value: {{ $.Values.global.redis.sentinel.enabled | quote }}
-            - name: REDIS_MASTER_SET
-              value: {{ $.Values.global.redis.sentinel.masterSet | quote }}
-            - name: REDIS_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ $.Values.global.redis.existingSecret }}
-                  key: {{ $.Values.global.redis.existingSecretPasswordKey }}
-            - name: REDIS_NAMESPACE
-              value: {{ $version.name }}
-            - name: CACHE_DIR
-              value: {{ $.Values.core.cacheDirectory }}
-            - name: RENKU_SVC_CLEANUP_INTERVAL
-              value: {{ $.Values.core.cleanupInterval | quote }}
-            - name: RENKU_SVC_WORKER_QUEUES
-              value: {{ $.Values.core.managementWorkerQueues }}
-            - name: RENKU_SVC_CLEANUP_TTL_FILES
-              value: {{ $.Values.core.cleanupFilesTTL | quote }}
-            - name: RENKU_SVC_CLEANUP_TTL_PROJECTS
-              value: {{ $.Values.core.cleanupProjectsTTL | quote }}
-            - name: DEPLOYMENT_LOG_LEVEL
-              value: {{ $.Values.core.logLevel }}
-            - name: SENTRY_ENABLED
-              value: {{ $.Values.core.sentry.enabled | quote }}
-            - name: SENTRY_DSN
-              value: {{ $.Values.core.sentry.dsn }}
-            - name: SENTRY_SAMPLE_RATE
-              value: {{ $.Values.core.sentry.sampleRate | quote }}
-            - name: SENTRY_ENV
-              value: {{ $.Values.core.sentry.environment }}
-            - name: GIT_LFS_SKIP_SMUDGE
-              value: {{ $.Values.core.gitLFSSkipSmudge | quote }}
-            - name: RENKU_DOMAIN
-              value: {{ $.Values.global.renku.domain }}
-            {{- include "certificates.env.python" $ | nindent 12 }}
-          volumeMounts:
-            - name: shared-volume
-              mountPath: {{ $.Values.core.cacheDirectory }}
-            {{- include "certificates.volumeMounts.system" $ | nindent 12 }}
-          resources:
-            {{- toYaml $.Values.core.resources.scheduler | nindent 12 }}
-      {{- with $.Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- with $.Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-    {{- with $.Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-{{ end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/core/hpa.yaml b/helm-chart/renku/templates/core/hpa.yaml
deleted file mode 100644
index eade450946..0000000000
--- a/helm-chart/renku/templates/core/hpa.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-{{- if .Values.enableV1Services }}
-{{- range $version := .Values.global.core.versions }}
----
-{{- if $.Capabilities.APIVersions.Has "autoscaling/v2" }}
-apiVersion: autoscaling/v2
-{{- else if $.Capabilities.APIVersions.Has "autoscaling/v2beta2" }}
-apiVersion: autoscaling/v2beta2
-{{- else if $.Capabilities.APIVersions.Has "autoscaling/v2beta1" }}
-apiVersion: autoscaling/v2beta1
-{{- else }}
-  {{- fail "ERROR: You must have at least autoscaling/v2beta1 to use HorizontalPodAutoscaler" }}
-{{- end }}
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "renku-core.fullname" $ }}-{{ $version.name }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "renku-core.fullname" $ }}-{{ $version.name }}
-  minReplicas: {{ $.Values.core.horizontalPodAutoscaling.minReplicas }}
-  maxReplicas: {{ $.Values.core.horizontalPodAutoscaling.maxReplicas }}
-  metrics:
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ $.Values.core.horizontalPodAutoscaling.averageMemoryUtilization }}
-{{ end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/core/pdb.yaml b/helm-chart/renku/templates/core/pdb.yaml
deleted file mode 100644
index 40d2f23b77..0000000000
--- a/helm-chart/renku/templates/core/pdb.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{- if .Values.enableV1Services }}
-{{- range $version := .Values.global.core.versions }}
----
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ include "renku-core.fullname" $ }}-{{ $version.name }}
-spec:
-  minAvailable: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/deploymentVersion: {{ $version.name }}
-{{ end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/core/service.yaml b/helm-chart/renku/templates/core/service.yaml
deleted file mode 100644
index 8554452372..0000000000
--- a/helm-chart/renku/templates/core/service.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-{{- if .Values.enableV1Services }}
-{{- range $version := .Values.global.core.versions }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "renku-core.fullname" $ }}-{{ $version.name }}
-  labels:
-    app.kubernetes.io/deploymentVersion: {{ $version.name }}
-{{ include "renku-core.labels" $ | indent 4 }}
-spec:
-  type: {{ $.Values.core.service.type }}
-  ports:
-    - port: {{ $.Values.core.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ include "renku-core.name" $ }}
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-    app.kubernetes.io/deploymentVersion: {{ $version.name }}
-{{ if $.Values.core.metrics.enabled }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "renku-core.fullname" $ }}-{{ $version.name }}-rqmetrics
-  annotations:
-    prometheus.io/scrape: 'true'
-    prometheus.io/path: '/metrics'
-    prometheus.io/port: '8765'
-  labels:
-    app.kubernetes.io/deploymentVersion: {{ $version.name }}
-{{ include "renku-core.labels" $ | indent 4 }}
-spec:
-  type: {{ $.Values.core.service.type }}
-  ports:
-    - port: 8765
-      targetPort: prometheus
-      protocol: TCP
-      name: prometheus
-  selector:
-    app.kubernetes.io/name: {{ include "renku-core.name" $ }}
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-    app.kubernetes.io/deploymentVersion: {{ $version.name }}
-
-
-{{ end }}
-{{ end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/_helpers.tpl b/helm-chart/renku/templates/graph/_helpers.tpl
deleted file mode 100644
index 077315cdc8..0000000000
--- a/helm-chart/renku/templates/graph/_helpers.tpl
+++ /dev/null
@@ -1,114 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "renku.graph.webhookService.name" -}}
-{{- "webhook-service" -}}
-{{- end -}}
-
-{{- define "renku.graph.triplesGenerator.name" -}}
-{{- "triples-generator" -}}
-{{- end -}}
-
-{{- define "renku.graph.tokenRepository.name" -}}
-{{- "token-repository" -}}
-{{- end -}}
-
-{{- define "renku.graph.knowledgeGraph.name" -}}
-{{- "knowledge-graph" -}}
-{{- end -}}
-
-{{- define "renku.graph.eventLog.name" -}}
-{{- "event-log" -}}
-{{- end -}}
-
-{{- define "renku.graph.commitEventService.name" -}}
-{{- "commit-event-service" -}}
-{{- end -}}
-
-{{- define "renku.graph.jena.name" -}}
-{{- "jena" -}}
-{{- end -}}
-
-{{- define "renku.graph.dbEncryptionSecret.name" -}}
-{{- printf "%s-graph-db-encryption" (include "renku.fullname" .) -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "renku.graph.webhookService.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- printf "%s-webhook-service" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-webhook-service" .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "renku.graph.triplesGenerator.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- printf "%s-triples-generator" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-triples-generator" .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "renku.graph.tokenRepository.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- printf "%s-token-repository" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-token-repository" .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "renku.graph.knowledgeGraph.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- printf "%s-knowledge-graph" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-knowledge-graph" .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "renku.graph.eventLog.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- printf "%s-event-log" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-event-log" .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "renku.graph.jena.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- printf "%s-jena" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-jena" .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "renku.graph.commitEventService.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- printf "%s-commit-event-service" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-commit-event-service" .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "renku.graph.core.latestUrl" -}}
-{{- $coreBaseName := printf "%s-core" .Release.Name -}}
-{{- printf "http://%s-%s" $coreBaseName (get $.Values.global.core.versions "latest").name -}}
-{{- end -}}
-
-{{/*
-Comma separated list of renku-core service names
-*/}}
-{{- define "renku.graph.core.urls" -}}
-{{- $serviceUrls := list -}}
-{{- $coreBaseName := printf "%s-core" .Release.Name -}}
-{{- range $i, $k := (keys .Values.global.core.versions | sortAlpha) -}}
-{{- $serviceUrl := printf "http://%s-%s" $coreBaseName (get $.Values.global.core.versions $k).name -}}
-{{- $serviceUrls = mustAppend $serviceUrls $serviceUrl -}}
-{{- end -}}
-{{- join "," $serviceUrls -}}
-{{- end -}}
diff --git a/helm-chart/renku/templates/graph/commit-event-service-deployment.yaml b/helm-chart/renku/templates/graph/commit-event-service-deployment.yaml
deleted file mode 100644
index 2c63d075b2..0000000000
--- a/helm-chart/renku/templates/graph/commit-event-service-deployment.yaml
+++ /dev/null
@@ -1,85 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "renku.graph.commitEventService.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.commitEventService.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: {{ template "renku.graph.commitEventService.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "renku.graph.commitEventService.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      automountServiceAccountToken: {{ .Values.global.debug }}
-      initContainers:
-        {{- include "certificates.initContainer" . | nindent 8 }}
-      containers:
-        - name: commit-event-service
-          image: "{{ .Values.graph.commitEventService.image.repository }}:{{ .Values.graph.commitEventService.image.tag }}"
-          imagePullPolicy: {{ .Values.graph.commitEventService.image.pullPolicy }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          env:
-            - name: EVENT_LOG_BASE_URL
-              value: "http://{{ template "renku.graph.eventLog.fullname" . }}:{{ .Values.graph.eventLog.service.port }}"
-            - name: TOKEN_REPOSITORY_BASE_URL
-              value: "http://{{ template "renku.graph.tokenRepository.fullname" . }}:{{ .Values.graph.tokenRepository.service.port }}"
-            - name: GITLAB_BASE_URL
-              value: {{ .Values.global.gitlab.url | quote }}
-            - name: GITLAB_RATE_LIMIT
-              value: {{ .Values.graph.commitEventService.gitlab.rateLimit }}
-            - name: SENTRY_ENABLED
-              value: "{{ .Values.graph.sentry.enabled }}"
-              {{- if .Values.graph.sentry.enabled }}
-            - name: SENTRY_DSN
-              value: {{ .Values.graph.sentry.dsn }}
-            - name: SENTRY_ENVIRONMENT
-              value: {{ .Values.graph.sentry.environment }}
-              {{- end }}
-            - name: JAVA_OPTS
-              value: -Xmx{{ .Values.graph.commitEventService.jvmXmx }} -XX:+UseG1GC
-          ports:
-            - name: http-commit-sv
-              containerPort: 9006
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: http-commit-sv
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: http-commit-sv
-          resources:
-            {{- toYaml .Values.graph.commitEventService.resources | nindent 12 }}
-          volumeMounts:
-            {{- include "certificates.volumeMounts.openjdk17" . | nindent 12 }}
-      volumes:
-        {{- include "certificates.volumes" . | nindent 8 }}
-  {{- with .Values.nodeSelector }}
-nodeSelector:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.affinity }}
-affinity:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.tolerations }}
-tolerations:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/commit-event-service-service.yaml b/helm-chart/renku/templates/graph/commit-event-service-service.yaml
deleted file mode 100644
index 1dcae9940d..0000000000
--- a/helm-chart/renku/templates/graph/commit-event-service-service.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "renku.graph.commitEventService.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.commitEventService.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    prometheus.io/scrape: 'true'
-    prometheus.io/path: '/metrics'
-    prometheus.io/port: '9006'
-spec:
-  type: {{ .Values.graph.commitEventService.service.type }}
-  ports:
-    - port: {{ .Values.graph.commitEventService.service.port }}
-      targetPort: http-commit-sv
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "renku.graph.commitEventService.name" . }}
-    release: {{ .Release.Name }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/db-encryption-secret.yaml b/helm-chart/renku/templates/graph/db-encryption-secret.yaml
deleted file mode 100644
index 87fbaf672c..0000000000
--- a/helm-chart/renku/templates/graph/db-encryption-secret.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
-{{- if .Values.enableV1Services }}
----
-{{- $tokenRepository := default (randAlphaNum 32) .Values.graph.tokenRepository.aesEncryptionKey | b64enc | quote -}}
-{{- $webhookAesEncryptionKey := default (randAlphaNum 32) .Values.graph.webhookService.aesEncryptionKey | b64enc | quote -}}
-
-{{/* If this secret already exist just re-use it */}}
-{{- $secretName := include "renku.graph.dbEncryptionSecret.name" . -}}
-{{- $graphEncKeys := lookup "v1" "Secret" .Release.Namespace $secretName -}}
-{{- if $graphEncKeys -}}
-  {{- $tokenRepository = index $graphEncKeys.data "tokenRepository-aes-encryption-key" -}}
-  {{- $webhookAesEncryptionKey = index $graphEncKeys.data "webhook-aes-encryption-key" -}}
-{{/* If it doesn't exist check if it's in the previous form or in the values */}}
-{{- else -}}
-  {{- $secretName := include "renku.graph.tokenRepository.fullname" . -}}
-  {{- $oldTokenSecret := lookup "v1" "Secret" .Release.Namespace $secretName -}}
-  {{- if $oldTokenSecret -}}
-    {{- $newTokenSecret :=  index $oldTokenSecret.data "tokenRepository-tokenEncryption-secret" | b64dec | b64dec | trim -}}
-    {{/* If a secret has been specified in the values make sure that corresponds to the base64-decoded secret already present in the cluster, or fail */}}
-    {{- if and .Values.graph.tokenRepository.aesEncryptionKey (ne $newTokenSecret .Values.graph.tokenRepository.aesEncryptionKey) -}}
-       {{- fail (printf "The token repository AES encryption key provided in `graph.tokenRepository.aesEncryptionKey` does not match with the base64 decoded key present in %s. %s != %s" $secretName $newTokenSecret .Values.graph.tokenRepository.aesEncryptionKey) -}}
-    {{- else -}}
-      {{- $tokenRepository = $newTokenSecret | b64enc | quote -}}
-    {{- end -}}
-  {{- end -}}
-
-  {{- $secretName := include "renku.graph.webhookService.fullname" . -}}
-  {{- $oldWebhookSecret := (lookup "v1" "Secret" .Release.Namespace $secretName) -}}
-  {{- if $oldWebhookSecret -}}
-    {{- $newWebhookSecret := index $oldWebhookSecret.data "webhookService-hookToken-secret" | b64dec | b64dec | trim -}}
-    {{/* If a secret has been specified in the values make sure that corresponds to the base64-decoded secret already present in the cluster, or fail */}}
-    {{- if and .Values.graph.webhookService.aesEncryptionKey (ne $newWebhookSecret .Values.graph.webhookService.aesEncryptionKey) -}}
-      {{- fail (printf "The webhook AES encryption key provided in `.graph.webhookService.aesEncryptionKey` does not match with the base64 decoded key present in %s. $secretName %s != %s" $secretName $newWebhookSecret .Values.graph.webhookService.aesEncryptionKey) -}}
-    {{- else -}}
-      {{- $webhookAesEncryptionKey = $newWebhookSecret | b64enc | quote -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-
-{{/* Make sure that the secrets are set in the correct value.*/}}
-{{- if .Values.graph.tokenRepository.tokenEncryption -}}
-{{- fail "The value `graph.tokenRepository.tokenEncryption.secret` is deprecated. Please move it to `graph.tokenRepository.aesEncryptionKey` base64 decoded." -}}
-{{- end -}}
-{{- if .Values.graph.webhookService.hookToken -}}
-{{- fail "The value `graph.webhookService.hookToken.secret` is deprecated. Please move it to `graph.webhookService.aesEncryptionKey` base64 decoded." -}}
-{{- end -}}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "renku.graph.dbEncryptionSecret.name" . }}
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": "pre-install,pre-upgrade,pre-rollback"
-type: Opaque
-data:
-  tokenRepository-aes-encryption-key: {{ $tokenRepository }}
-  webhook-aes-encryption-key: {{ $webhookAesEncryptionKey }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/event-log-deployment.yaml b/helm-chart/renku/templates/graph/event-log-deployment.yaml
deleted file mode 100644
index b2c5c9009b..0000000000
--- a/helm-chart/renku/templates/graph/event-log-deployment.yaml
+++ /dev/null
@@ -1,112 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "renku.graph.eventLog.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.eventLog.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: {{ template "renku.graph.eventLog.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "renku.graph.eventLog.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      initContainers:
-        {{- include "certificates.initContainer" . | nindent 8 }}
-      containers:
-        - name: event-log
-          image: "{{ .Values.graph.eventLog.image.repository }}:{{ .Values.graph.eventLog.image.tag }}"
-          imagePullPolicy: {{ .Values.graph.eventLog.image.pullPolicy }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          env:
-            - name: EVENT_LOG_POSTGRES_HOST
-              value: "{{ template "postgresql.fullname" . }}"
-            - name: EVENT_LOG_POSTGRES_PORT
-              value: "5432"
-            - name: EVENT_LOG_POSTGRES_USER
-              value: {{ .Values.global.graph.dbEventLog.postgresUser }}
-            - name: EVENT_LOG_POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  {{- if .Values.global.graph.dbEventLog.existingSecret }}
-                  name: {{ tpl .Values.global.graph.dbEventLog.existingSecret . }}
-                  {{- else }}
-                  name: {{ template "renku.fullname" . }}-graph-db-postgres
-                  {{- end }}
-                  key: graph-dbEventLog-postgresPassword
-            - name: EVENT_LOG_POSTGRES_CONNECTION_POOL
-              value: "{{ .Values.graph.eventLog.connectionPool }}"
-            - name: EVENT_LOG_BASE_URL
-              value: "http://{{ template "renku.graph.eventLog.fullname" . }}:{{ .Values.graph.eventLog.service.port }}"
-            - name: GITLAB_BASE_URL
-              value: {{ .Values.global.gitlab.url | quote }}
-            - name: GITLAB_RATE_LIMIT
-              value: {{ .Values.graph.eventLog.gitlab.rateLimit }}
-            - name: SENTRY_ENABLED
-              value: "{{ .Values.graph.sentry.enabled }}"
-              {{- if .Values.graph.sentry.enabled }}
-            - name: SENTRY_DSN
-              value: {{ .Values.graph.sentry.dsn }}
-            - name: SENTRY_ENVIRONMENT
-              value: {{ .Values.graph.sentry.environment }}
-              {{- end }}
-            - name: WEBHOOK_SERVICE_BASE_URL
-              value: "http://{{ template "renku.graph.webhookService.fullname" . }}:{{ .Values.graph.webhookService.service.port }}"
-            - name: TRIPLES_GENERATOR_BASE_URL
-              value: "http://{{ template "renku.graph.triplesGenerator.fullname" . }}:{{ .Values.graph.triplesGenerator.service.port }}"
-            - name: TOKEN_REPOSITORY_BASE_URL
-              value: "http://{{ template "renku.graph.tokenRepository.fullname" . }}:{{ .Values.graph.tokenRepository.service.port }}"
-            - name: JAVA_OPTS
-              value: -Xmx{{ .Values.graph.eventLog.jvmXmx }} -XX:+UseG1GC
-          ports:
-            - name: http-event-log
-              containerPort: 9005
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: http-event-log
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 10
-            timeoutSeconds: 5
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: http-event-log
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
-          resources:
-            {{- toYaml .Values.graph.eventLog.resources | nindent 12 }}
-          volumeMounts:
-            {{- include "certificates.volumeMounts.openjdk17" . | nindent 12 }}
-      volumes:
-        {{- include "certificates.volumes" . | nindent 8 }}
-  {{- with .Values.nodeSelector }}
-nodeSelector:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.affinity }}
-affinity:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.tolerations }}
-tolerations:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/event-log-service.yaml b/helm-chart/renku/templates/graph/event-log-service.yaml
deleted file mode 100644
index f9d38a8e21..0000000000
--- a/helm-chart/renku/templates/graph/event-log-service.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "renku.graph.eventLog.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.eventLog.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    prometheus.io/scrape: 'true'
-    prometheus.io/path: '/metrics'
-    prometheus.io/port: '9005'
-spec:
-  type: {{ .Values.graph.eventLog.service.type }}
-  ports:
-    - port: {{ .Values.graph.eventLog.service.port }}
-      targetPort: http-event-log
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "renku.graph.eventLog.name" . }}
-    release: {{ .Release.Name }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/jena-shiro-ini.yaml b/helm-chart/renku/templates/graph/jena-shiro-ini.yaml
deleted file mode 100644
index ef1b330210..0000000000
--- a/helm-chart/renku/templates/graph/jena-shiro-ini.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
-{{- if .Values.enableV1Services }}
-{{- $jenaAdminPwd := .Values.jena.users.admin.password | default (randAlphaNum 64) | b64enc }}
-{{- $jenaRenkuPwd := .Values.jena.users.renku.password | default (randAlphaNum 64) | b64enc }}
-
-# Check if the secret already exist. If it does then overwrite the passwords with the existing ones.
-{{- $secretName := include "renku.graph.jena.fullname" . }}
-{{- if not .Values.jena.users.admin.password -}}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
-{{- if $secret }}
-{{- $jenaAdminPwd = index $secret.data "jena-users-admin-password" }}
-{{- end -}}
-{{- end -}}
-
-{{- if not .Values.jena.users.renku.password -}}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
-{{- if $secret }}
-{{- $jenaRenkuPwd = index $secret.data "jena-users-renku-password" }}
-{{- end -}}
-{{- end -}}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "renku.graph.jena.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.jena.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": "pre-install,pre-upgrade,pre-rollback"
-type: Opaque
-data:
-  jena-users-admin-password: {{ $jenaAdminPwd}}
-  jena-users-renku-password: {{ $jenaRenkuPwd}}
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: shiro-ini
-  labels:
-    app: {{ template "renku.graph.jena.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-data:
-  shiro.ini: |-
-    [main]
-    # Development
-    ssl.enabled = false
-
-    plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
-    iniRealm.credentialsMatcher = $plainMatcher
-
-    [users]
-    admin={{ $jenaAdminPwd | b64dec | trim }}
-    renku={{ $jenaRenkuPwd | b64dec | trim }}
-
-    [roles]
-
-    [urls]
-    ## Control functions open to anyone
-    /$/status = anon
-    /$/ping   = anon
-
-    ## and the rest are restricted
-    /$/** = authcBasic,user[admin]
-    /renku/** = authcBasic,user[renku]
-    /projects/** = authcBasic,user[renku]
-    /migrations/** = authcBasic,user[admin]
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/knowledge-graph-deployment.yaml b/helm-chart/renku/templates/graph/knowledge-graph-deployment.yaml
deleted file mode 100644
index a9af8de9d9..0000000000
--- a/helm-chart/renku/templates/graph/knowledge-graph-deployment.yaml
+++ /dev/null
@@ -1,104 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "renku.graph.knowledgeGraph.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.knowledgeGraph.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.graph.knowledgeGraph.replicas }}
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: {{ template "renku.graph.knowledgeGraph.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "renku.graph.knowledgeGraph.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      automountServiceAccountToken: {{ .Values.global.debug }}
-      initContainers:
-        {{- include "certificates.initContainer" . | nindent 8 }}
-      containers:
-        - name: knowledge-graph
-          image: "{{ .Values.graph.knowledgeGraph.image.repository }}:{{ .Values.graph.knowledgeGraph.image.tag }}"
-          imagePullPolicy: {{ .Values.graph.knowledgeGraph.image.pullPolicy }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          env:
-            - name: RENKU_URL
-              value: https://{{ .Values.global.renku.domain }}
-            - name: RENKU_API_URL
-              value: https://{{ .Values.global.renku.domain }}{{ .Values.graph.knowledgeGraph.services.renku.resourcesPath }}
-            - name: JENA_BASE_URL
-              value: "http://{{ template "renku.graph.jena.fullname" . }}-master:{{ .Values.jena.service.port }}"
-            - name: JENA_RENKU_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "renku.graph.jena.fullname" . }}
-                  key: jena-users-renku-password
-            - name: WEBHOOK_SERVICE_BASE_URL
-              value: "http://{{ template "renku.graph.webhookService.fullname" . }}:{{ .Values.graph.webhookService.service.port }}"
-            - name: TRIPLES_GENERATOR_BASE_URL
-              value: "http://{{ template "renku.graph.triplesGenerator.fullname" . }}:{{ .Values.graph.triplesGenerator.service.port }}"
-            - name: TOKEN_REPOSITORY_BASE_URL
-              value: "http://{{ template "renku.graph.tokenRepository.fullname" . }}:{{ .Values.graph.tokenRepository.service.port }}"
-            - name: EVENT_LOG_BASE_URL
-              value: "http://{{ template "renku.graph.eventLog.fullname" . }}:{{ .Values.graph.eventLog.service.port }}"
-            - name: RENKU_CORE_LATEST_URL			
-              value: {{ include "renku.graph.core.latestUrl" . | quote }}		
-            - name: RENKU_CORE_SERVICE_URLS			
-              value: {{ include "renku.graph.core.urls" . | quote }}
-            - name: GITLAB_BASE_URL
-              value: {{ .Values.global.gitlab.url | quote }}
-            - name: GITLAB_RATE_LIMIT
-              value: {{ .Values.graph.knowledgeGraph.gitlab.rateLimit }}
-            - name: SENTRY_ENABLED
-              value: "{{ .Values.graph.sentry.enabled }}"
-              {{- if .Values.graph.sentry.enabled }}
-            - name: SENTRY_DSN
-              value: {{ .Values.graph.sentry.dsn }}
-            - name: SENTRY_ENVIRONMENT
-              value: {{ .Values.graph.sentry.environment }}
-              {{- end }}
-            - name: JAVA_OPTS
-              value: -Xmx{{ .Values.graph.knowledgeGraph.jvmXmx }} -XX:+UseG1GC
-          ports:
-            - name: http-kg
-              containerPort: 9004
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: http-kg
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: http-kg
-          resources:
-            {{- toYaml .Values.graph.knowledgeGraph.resources | nindent 12 }}
-          volumeMounts:
-            {{- include "certificates.volumeMounts.openjdk17" . | nindent 12 }}
-      volumes:
-        {{- include "certificates.volumes" . | nindent 8 }}
-  {{- with .Values.nodeSelector }}
-nodeSelector:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.affinity }}
-affinity:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.tolerations }}
-tolerations:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/knowledge-graph-service.yaml b/helm-chart/renku/templates/graph/knowledge-graph-service.yaml
deleted file mode 100644
index e56556bc43..0000000000
--- a/helm-chart/renku/templates/graph/knowledge-graph-service.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "renku.graph.knowledgeGraph.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.knowledgeGraph.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    prometheus.io/scrape: 'true'
-    prometheus.io/path: '/metrics'
-    prometheus.io/port: '9004'
-spec:
-  type: {{ .Values.graph.knowledgeGraph.service.type }}
-  ports:
-    - port: {{ .Values.graph.knowledgeGraph.service.port }}
-      targetPort: http-kg
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "renku.graph.knowledgeGraph.name" . }}
-    release: {{ .Release.Name }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/token-repository-deployment.yaml b/helm-chart/renku/templates/graph/token-repository-deployment.yaml
deleted file mode 100644
index 9159ecae9f..0000000000
--- a/helm-chart/renku/templates/graph/token-repository-deployment.yaml
+++ /dev/null
@@ -1,121 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "renku.graph.tokenRepository.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.tokenRepository.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: {{ template "renku.graph.tokenRepository.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "renku.graph.tokenRepository.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      automountServiceAccountToken: {{ .Values.global.debug }}
-      initContainers:
-        {{- include "certificates.initContainer" . | nindent 8 }}
-      containers:
-        - name: token-repository
-          image: "{{ .Values.graph.tokenRepository.image.repository }}:{{ .Values.graph.tokenRepository.image.tag }}"
-          imagePullPolicy: {{ .Values.graph.tokenRepository.image.pullPolicy }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          env:
-            - name: TOKEN_ENCRYPTION_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "renku.graph.dbEncryptionSecret.name" . }}
-                  key: tokenRepository-aes-encryption-key
-            - name: PROJECT_TOKEN_TTL
-              value: "{{ .Values.graph.tokenRepository.projectTokenTTL }}"
-            - name: PROJECT_TOKEN_NAME
-              {{- if .Values.graph.tokenRepository.projectTokenName }}
-              value: "{{ .Values.graph.tokenRepository.projectTokenName }}"
-              {{- else }}
-              value: "{{ .Release.Name }}"
-              {{- end }}
-            - name: PROJECT_TOKEN_DUE_PERIOD
-              value: "{{ .Values.graph.tokenRepository.projectTokenDuePeriod }}"
-            - name: TOKEN_REPOSITORY_POSTGRES_HOST
-              value: "{{ template "postgresql.fullname" . }}"
-            - name: TOKEN_REPOSITORY_POSTGRES_PORT
-              value: "5432"
-            - name: TOKEN_REPOSITORY_POSTGRES_USER
-              value: {{ .Values.global.graph.tokenRepository.postgresUser }}
-            - name: TOKEN_REPOSITORY_POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  {{- if .Values.global.graph.tokenRepository.existingSecret }}
-                  name: {{ tpl .Values.global.graph.tokenRepository.existingSecret . }}
-                  {{- else }}
-                  name: {{ template "renku.fullname" . }}-graph-token-postgres
-                  {{- end }}
-                  key: graph-tokenRepository-postgresPassword
-            - name: TOKEN_REPOSITORY_POSTGRES_CONNECTION_POOL
-              value: "{{ .Values.graph.tokenRepository.connectionPool }}"
-            - name: EVENT_LOG_BASE_URL
-              value: "http://{{ template "renku.graph.eventLog.fullname" . }}:{{ .Values.graph.eventLog.service.port }}"
-            - name: GITLAB_BASE_URL
-              value: {{ .Values.global.gitlab.url | quote }}
-            - name: GITLAB_RATE_LIMIT
-              value: {{ .Values.graph.tokenRepository.gitlab.rateLimit }}
-            - name: SENTRY_ENABLED
-              value: "{{ .Values.graph.sentry.enabled }}"
-              {{- if .Values.graph.sentry.enabled }}
-            - name: SENTRY_DSN
-              value: {{ .Values.graph.sentry.dsn }}
-            - name: SENTRY_ENVIRONMENT
-              value: {{ .Values.graph.sentry.environment }}
-              {{- end }}
-            - name: JAVA_OPTS
-              value: -Xmx{{ .Values.graph.tokenRepository.jvmXmx }} -XX:+UseG1GC
-          ports:
-            - name: http-token-repo
-              containerPort: 9003
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: http-token-repo
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 10
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: http-token-repo
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
-          resources:
-            {{- toYaml .Values.graph.tokenRepository.resources | nindent 12 }}
-          volumeMounts:
-            {{- include "certificates.volumeMounts.openjdk17" . | nindent 12 }}
-      volumes:
-        {{- include "certificates.volumes" . | nindent 8 }}
-  {{- with .Values.nodeSelector }}
-nodeSelector:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.affinity }}
-affinity:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.tolerations }}
-tolerations:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/token-repository-service.yaml b/helm-chart/renku/templates/graph/token-repository-service.yaml
deleted file mode 100644
index 38e91f856b..0000000000
--- a/helm-chart/renku/templates/graph/token-repository-service.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "renku.graph.tokenRepository.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.tokenRepository.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    prometheus.io/scrape: 'true'
-    prometheus.io/path: '/metrics'
-    prometheus.io/port: '9003'
-spec:
-  type: {{ .Values.graph.tokenRepository.service.type }}
-  ports:
-    - port: {{ .Values.graph.tokenRepository.service.port }}
-      targetPort: http-token-repo
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "renku.graph.tokenRepository.name" . }}
-    release: {{ .Release.Name }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/triples-generator-deployment.yaml b/helm-chart/renku/templates/graph/triples-generator-deployment.yaml
deleted file mode 100644
index aebb546bc5..0000000000
--- a/helm-chart/renku/templates/graph/triples-generator-deployment.yaml
+++ /dev/null
@@ -1,143 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "renku.graph.triplesGenerator.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.triplesGenerator.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.graph.triplesGenerator.replicas }}
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: {{ template "renku.graph.triplesGenerator.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "renku.graph.triplesGenerator.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      securityContext:
-        {{- toYaml .Values.graph.podSecurityContext | nindent 8 }}
-      automountServiceAccountToken: {{ .Values.global.debug }}
-      initContainers:
-        {{- include "certificates.initContainer" . | nindent 8 }}
-      containers:
-        - name: triples-generator
-          image: "{{ .Values.graph.triplesGenerator.image.repository }}:{{ .Values.graph.triplesGenerator.image.tag }}"
-          imagePullPolicy: {{ .Values.graph.triplesGenerator.image.pullPolicy }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          env:
-            - name: RENKU_DOMAIN
-              value: {{ .Values.global.renku.domain }}
-            - name: RENKU_URL
-              value: https://{{ .Values.global.renku.domain }}
-            - name: TRIPLES_GENERATOR_BASE_URL
-              value: "http://{{ template "renku.graph.triplesGenerator.fullname" . }}:{{ .Values.graph.triplesGenerator.service.port }}"
-            - name: EVENT_LOG_BASE_URL
-              value: "http://{{ template "renku.graph.eventLog.fullname" . }}:{{ .Values.graph.eventLog.service.port }}"
-            - name: TOKEN_REPOSITORY_BASE_URL
-              value: "http://{{ template "renku.graph.tokenRepository.fullname" . }}:{{ .Values.graph.tokenRepository.service.port }}"
-            - name: GITLAB_BASE_URL
-              value: {{ .Values.global.gitlab.url | quote }}
-            - name: GITLAB_RATE_LIMIT
-              value: {{ .Values.graph.triplesGenerator.gitlab.rateLimit }}
-            - name: JENA_BASE_URL
-              value: "http://{{ template "renku.graph.jena.fullname" . }}-master:{{ .Values.jena.service.port }}"
-            - name: JENA_ADMIN_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "renku.graph.jena.fullname" . }}
-                  key: jena-users-admin-password
-            - name: JENA_RENKU_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "renku.graph.jena.fullname" . }}
-                  key: jena-users-renku-password
-            - name: TRIPLES_GENERATOR_POSTGRES_HOST
-              value: "{{ template "postgresql.fullname" . }}"
-            - name: TRIPLES_GENERATOR_POSTGRES_PORT
-              value: "5432"
-            - name: TRIPLES_GENERATOR_POSTGRES_USER
-              value: {{ .Values.global.graph.triplesGenerator.postgresUser }}
-            - name: TRIPLES_GENERATOR_POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  {{- if .Values.global.graph.triplesGenerator.existingSecret }}
-                  name: {{ tpl .Values.global.graph.triplesGenerator.existingSecret . }}
-                  {{- else }}
-                  name: {{ template "renku.fullname" . }}-graph-tg-postgres
-                  {{- end }}
-                  key: graph-triplesGenerator-postgresPassword
-            - name: TRIPLES_GENERATOR_POSTGRES_CONNECTION_POOL
-              value: "{{ .Values.graph.triplesGenerator.connectionPool }}"
-            - name: RENKU_DISABLE_VERSION_CHECK
-              value: "true"
-            - name: SENTRY_ENABLED
-              value: "{{ .Values.graph.sentry.enabled }}"
-              {{- if .Values.graph.sentry.enabled }}
-            - name: SENTRY_DSN
-              value: {{ .Values.graph.sentry.sentryDsnRenkuPython }}
-            - name: SENTRY_GRAPH_DSN
-              value: {{ .Values.graph.sentry.dsn }}
-            - name: SENTRY_ENV
-              value: {{ .Values.graph.sentry.environment }}
-              {{- end }}
-            - name: GENERATION_PROCESSES_NUMBER
-              value: "{{ .Values.graph.triplesGenerator.generationProcessesNumber }}"
-            - name: TRANSFORMATION_PROCESSES_NUMBER
-              value: "{{ .Values.graph.triplesGenerator.transformationProcessesNumber }}"
-            - name: JAVA_OPTS
-              value: -Xmx{{ .Values.graph.triplesGenerator.jvmXmx }} -XX:+UseG1GC
-            - name: RENKU_PYTHON_DEV_VERSION
-              value: "{{ .Values.graph.triplesGenerator.renkuPythonDevVersion }}"
-          ports:
-            - name: http-triples-gn
-              containerPort: 9002
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: http-triples-gn
-            timeoutSeconds: 60
-            periodSeconds: 60
-            successThreshold: 1
-            failureThreshold: 10
-            {{- if .Values.graph.triplesGenerator.renkuPythonDevVersion }}
-            initialDelaySeconds: 120
-            {{- end }}
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: http-triples-gn
-            periodSeconds: 10
-            successThreshold: 1
-            failureThreshold: 3
-            {{- if .Values.graph.triplesGenerator.renkuPythonDevVersion }}
-            initialDelaySeconds: 120
-            {{- end }}
-          resources:
-            {{- toYaml .Values.graph.triplesGenerator.resources | nindent 12 }}
-          volumeMounts:
-            {{- include "certificates.volumeMounts.openjdk17" . | nindent 12 }}
-      volumes:
-        {{- include "certificates.volumes" . | nindent 8 }}
-  {{- with .Values.nodeSelector }}
-nodeSelector:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.affinity }}
-affinity:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.tolerations }}
-tolerations:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/triples-generator-service.yaml b/helm-chart/renku/templates/graph/triples-generator-service.yaml
deleted file mode 100644
index a138463bc7..0000000000
--- a/helm-chart/renku/templates/graph/triples-generator-service.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "renku.graph.triplesGenerator.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.triplesGenerator.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    prometheus.io/scrape: 'true'
-    prometheus.io/path: '/metrics'
-    prometheus.io/port: '9002'
-spec:
-  type: {{ .Values.graph.triplesGenerator.service.type }}
-  ports:
-    - port: {{ .Values.graph.triplesGenerator.service.port }}
-      targetPort: http-triples-gn
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "renku.graph.triplesGenerator.name" . }}
-    release: {{ .Release.Name }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/webhook-service-deployment.yaml b/helm-chart/renku/templates/graph/webhook-service-deployment.yaml
deleted file mode 100644
index a4c0e6de6d..0000000000
--- a/helm-chart/renku/templates/graph/webhook-service-deployment.yaml
+++ /dev/null
@@ -1,102 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "renku.graph.webhookService.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.webhookService.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: {{ template "renku.graph.webhookService.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "renku.graph.webhookService.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      automountServiceAccountToken: {{ .Values.global.debug }}
-      initContainers:
-        {{- include "certificates.initContainer" . | nindent 8 }}
-      containers:
-        - name: webhook-service
-          image: "{{ .Values.graph.webhookService.image.repository }}:{{ .Values.graph.webhookService.image.tag }}"
-          imagePullPolicy: {{ .Values.graph.webhookService.image.pullPolicy }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          env:
-            - name: HOOK_TOKEN_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "renku.graph.dbEncryptionSecret.name" . }}
-                  key: webhook-aes-encryption-key
-            - name: EVENT_LOG_BASE_URL
-              value: "http://{{ template "renku.graph.eventLog.fullname" . }}:{{ .Values.graph.eventLog.service.port }}"
-            - name: TRIPLES_GENERATOR_BASE_URL
-              value: "http://{{ template "renku.graph.triplesGenerator.fullname" . }}:{{ .Values.graph.triplesGenerator.service.port }}"
-            - name: TOKEN_REPOSITORY_BASE_URL
-              value: "http://{{ template "renku.graph.tokenRepository.fullname" . }}:{{ .Values.graph.tokenRepository.service.port }}"
-            - name: GITLAB_BASE_URL
-              value: {{ .Values.global.gitlab.url | quote }}
-            - name: GITLAB_RATE_LIMIT
-              value: {{ .Values.graph.webhookService.gitlab.rateLimit }}
-            - name: SELF_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: SELF_URL
-              {{- if .Values.global.renku.domain }}
-              value: {{ template "renku.http" . }}://{{ .Values.global.renku.domain }}
-              {{- else }}
-              value: {{ printf "http://$(SELF_IP):9001" | quote }}
-              {{- end }}
-            - name: SENTRY_ENABLED
-              value: "{{ .Values.graph.sentry.enabled }}"
-              {{- if .Values.graph.sentry.enabled }}
-            - name: SENTRY_DSN
-              value: {{ .Values.graph.sentry.dsn }}
-            - name: SENTRY_ENVIRONMENT
-              value: {{ .Values.graph.sentry.environment }}
-              {{- end }}
-            - name: JAVA_OPTS
-              value: -Xmx{{ .Values.graph.webhookService.jvmXmx }} -XX:+UseG1GC
-          ports:
-            - name: http-webhook-sv
-              containerPort: 9001
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: http-webhook-sv
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: http-webhook-sv
-          resources:
-            {{- toYaml .Values.graph.webhookService.resources | nindent 12 }}
-          volumeMounts:
-            {{- include "certificates.volumeMounts.openjdk17" . | nindent 12 }}
-      volumes:
-        {{- include "certificates.volumes" . | nindent 8 }}
-  {{- with .Values.nodeSelector }}
-nodeSelector:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.affinity }}
-affinity:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-  {{- with .Values.tolerations }}
-tolerations:
-  {{ toYaml . | indent 8 }}
-  {{- end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph/webhook-service-service.yaml b/helm-chart/renku/templates/graph/webhook-service-service.yaml
deleted file mode 100644
index aef7b3af25..0000000000
--- a/helm-chart/renku/templates/graph/webhook-service-service.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-{{- if .Values.enableV1Services }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "renku.graph.webhookService.fullname" . }}
-  labels:
-    app: {{ template "renku.graph.webhookService.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    prometheus.io/scrape: 'true'
-    prometheus.io/path: '/metrics'
-    prometheus.io/port: '9001'
-spec:
-  type: {{ .Values.graph.webhookService.service.type }}
-  ports:
-    - port: {{ .Values.graph.webhookService.service.port }}
-      targetPort: http-webhook-sv
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "renku.graph.webhookService.name" . }}
-    release: {{ .Release.Name }}
-{{- end }}

From 58178085f0fedaf6795ab68bcd42dd4d4746247e Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Thu, 11 Dec 2025 14:43:22 +0100
Subject: [PATCH 02/16] refactor: removed core and graph elements from values
 file

---
 helm-chart/renku/values.yaml | 212 -----------------------------------
 1 file changed, 212 deletions(-)

diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml
index 80921482c1..4c63db161f 100644
--- a/helm-chart/renku/values.yaml
+++ b/helm-chart/renku/values.yaml
@@ -1246,218 +1246,6 @@ jena:
   additionalInitContainerScript: "find /fuseki -name tdb.lock -type f -delete && find /fuseki/configuration -name *.ttl -type f -empty -delete && echo clean-up done"
   test:
     enabled: false
-## Configuration for renku-graph services
-graph:
-  webhookService:
-    aesEncryptionKey: # A 8, 16 or 32 bytes string used for AES encryption of the project tokens
-    image:
-      repository: renku/webhook-service
-      tag: "2.50.0"
-      pullPolicy: IfNotPresent
-    service:
-      type: ClusterIP
-      port: 80
-    resources:
-      limits:
-        memory: 256Mi
-      requests:
-        cpu: 50m
-        memory: 256Mi
-    jvmXmx: 128M
-    gitlab:
-      rateLimit: 100/sec
-  tokenRepository:
-    aesEncryptionKey: # A 8, 16 or 32 bytes string used for AES encryption of the project tokens
-    image:
-      repository: renku/token-repository
-      tag: "2.50.0"
-      pullPolicy: IfNotPresent
-    service:
-      type: ClusterIP
-      port: 9003
-    resources:
-      requests:
-        cpu: 500m
-        memory: 256Mi
-    jvmXmx: 128M
-    gitlab:
-      rateLimit: 50/sec
-    projectTokenTTL: "365 days"
-    # name of the Project Access Tokens to be created on behalf of the user in GitLab; defaults to .Release.Name
-    projectTokenName:
-    projectTokenDuePeriod: "184 days"
-    connectionPool: 2
-  triplesGenerator:
-    replicas: 1
-    image:
-      repository: renku/triples-generator
-      tag: "2.50.0"
-      pullPolicy: IfNotPresent
-    service:
-      type: ClusterIP
-      port: 9002
-    jvmXmx: 512m
-    resources:
-      limits:
-        memory: 600Mi
-      requests:
-        cpu: 500m
-        memory: 600Mi
-    gitlab:
-      rateLimit: 30/sec
-    ## a demanded number of concurrent triples generation processes
-    generationProcessesNumber: 2
-    transformationProcessesNumber: 2
-    connectionPool: 5
-    # set this to a pip-installable renku-python version which will be installed on startup
-    renkuPythonDevVersion:
-  knowledgeGraph:
-    replicas: 1
-    image:
-      repository: renku/knowledge-graph
-      tag: "2.50.0"
-      pullPolicy: IfNotPresent
-    service:
-      type: ClusterIP
-      port: 80
-    resources:
-      limits:
-        memory: 512Mi
-      requests:
-        cpu: 100m
-        memory: 512Mi
-    gitlab:
-      rateLimit: 100/sec
-    jvmXmx: 256M
-    services:
-      renku:
-        ## Renku knowledge-graph resources path e.g. `knowledge-graph` would assume
-        ## Renku resource are available at: https://{global.renku.domain}/knowledge-graph
-        resourcesPath: "/knowledge-graph"
-  eventLog:
-    image:
-      repository: renku/event-log
-      tag: "2.50.0"
-      pullPolicy: IfNotPresent
-    service:
-      type: ClusterIP
-      port: 9005
-    resources:
-      limits:
-        memory: 512Mi
-      requests:
-        cpu: 100m
-        memory: 512Mi
-    jvmXmx: 256M
-    gitlab:
-      rateLimit: 10/sec
-    connectionPool: 10
-  commitEventService:
-    image:
-      repository: renku/commit-event-service
-      tag: "2.50.0"
-      pullPolicy: IfNotPresent
-    service:
-      type: ClusterIP
-      port: 9006
-    resources:
-      limits:
-        memory: 256Mi
-      requests:
-        cpu: 50m
-        memory: 256Mi
-    jvmXmx: 128M
-    gitlab:
-      rateLimit: 10/sec
-  sentry:
-    enabled: false
-    dsn: "" # Sentry dsn
-    sentryDsnRenkuPython: "" # Sentry dsn for renku CLI
-    environment: "" # Environment name e.g. renkulabio
-  persistence:
-    enabled: true
-    ## A manually managed Persistent Volume and Claim
-    ## Requires persistence.enabled: true
-    ## If defined, PVC must be created manually before volume will be bound
-    # existingClaim:
-
-    # storageClass: "-"
-    accessMode: ReadWriteOnce
-    size: 2Gi
-## Configuration for renku-core service
-core:
-  apiBasePath: /api
-  cacheDirectory: /svc/cache
-  cleanupInterval: 60 # NOTE: This needs to be a divisor of, and less than cleanupFilesTTL|cleanupProjectsTTL.
-  projectCloneDepth: 1
-  templateCloneDepth: 1
-  maximumUploadSizeBytes: "1073741824" # 1 Gigabyte, store as string to keep Helm from converting it to scientific notation
-  requestTimeout: 600
-  datasetsWorkerQueues: datasets.jobs,delayed.ctrl.DatasetsCreateCtrl,delayed.ctrl.DatasetsAddFileCtrl,delayed.ctrl.DatasetsRemoveCtrl,delayed.ctrl.DatasetsImportCtrl,delayed.ctrl.DatasetsEditCtrl,delayed.ctrl.DatasetsUnlinkCtrl
-  managementWorkerQueues: cache.cleanup.files,cache.cleanup.projects,delayed.ctrl.MigrateProjectCtrl,delayed.ctrl.SetConfigCtrl
-  cleanupFilesTTL: 1800
-  cleanupProjectsTTL: 1800
-  logLevel: INFO
-  # override to automatically pull LFS data on clone
-  gitLFSSkipSmudge: 1
-  # Concurrency settings for the main service:
-  # the default it 4 workers with 8 threads set in the Dockerfile
-  nWorkers: 4
-  nThreads: 8
-  # NOTE: Make sure token secret is greater or equal to 32 bytes.
-  jwtTokenSecret: bW9menZ3cnh6cWpkcHVuZ3F5aWJycmJn
-  imagePullSecrets: []
-  nameOverride: ""
-  fullnameOverride: ""
-  service:
-    type: ClusterIP
-    port: 80
-  metrics:
-    enabled: false
-    image:
-      repository: renku/rqmetrics
-      tag: 0.0.3
-      pullPolicy: IfNotPresent
-  resources:
-    core:
-      limits:
-        memory: 512Mi
-      requests:
-        cpu: 500m
-        memory: 512Mi
-    rqmetrics:
-      limits:
-        memory: 128Mi
-      requests:
-        cpu: 50m
-        memory: 128Mi
-    datasetsWorkers:
-      limits:
-        memory: 128Mi
-      requests:
-        cpu: 50m
-        memory: 128Mi
-    managementWorkers:
-      limits:
-        memory: 128Mi
-      requests:
-        cpu: 50m
-        memory: 128Mi
-    scheduler:
-      limits:
-        memory: 128Mi
-      requests:
-        cpu: 50m
-        memory: 128Mi
-  sentry:
-    enabled: false
-    dsn:
-    environment:
-    sampleRate: 0.2
-  horizontalPodAutoscaling:
-    minReplicas: 1
-    maxReplicas: 2
-    averageMemoryUtilization: 75
 ## Configuration for the Swagger-UI available at <renku-domain>/swagger
 swagger:
   enabled: true

From 805d559e758090b3dd631726169ad561a8211700 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Thu, 11 Dec 2025 11:37:49 +0100
Subject: [PATCH 03/16] feat: add "charts" cache folder to gitignore

This folder can be created when testing locally.
---
 .gitignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitignore b/.gitignore
index da5acc6d5a..3d6a158780 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,6 +25,9 @@ _sidebar.rst.inc
 # The requirements lockfile is generated when packaging the chart
 helm-chart/renku/requirements.lock
 
+# Charts dependencies downloads
+helm-chart/renku/charts
+
 # Created by https://www.gitignore.io/api/vim,macos,linux,emacs,scala,python,visualstudiocode,helm
 # Edit at https://www.gitignore.io/?templates=vim,macos,linux,emacs,scala,python,visualstudiocode,helm
 

From f128e86994b3b8c7714ebc8709f99605fc2427c7 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Thu, 11 Dec 2025 11:44:24 +0100
Subject: [PATCH 04/16] refactor: moved session related eleemtns from notebooks
 to data-service

---
 .../{notebooks/_helpers.tpl => data-service/_session_helpers.tpl} | 0
 .../env-secret.yaml => data-service/session-env-secret.yaml}      | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename helm-chart/renku/templates/{notebooks/_helpers.tpl => data-service/_session_helpers.tpl} (100%)
 rename helm-chart/renku/templates/{notebooks/env-secret.yaml => data-service/session-env-secret.yaml} (100%)

diff --git a/helm-chart/renku/templates/notebooks/_helpers.tpl b/helm-chart/renku/templates/data-service/_session_helpers.tpl
similarity index 100%
rename from helm-chart/renku/templates/notebooks/_helpers.tpl
rename to helm-chart/renku/templates/data-service/_session_helpers.tpl
diff --git a/helm-chart/renku/templates/notebooks/env-secret.yaml b/helm-chart/renku/templates/data-service/session-env-secret.yaml
similarity index 100%
rename from helm-chart/renku/templates/notebooks/env-secret.yaml
rename to helm-chart/renku/templates/data-service/session-env-secret.yaml

From 26e049187b1ce705a6012ebc5d06a36d967ab229 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Thu, 11 Dec 2025 11:45:29 +0100
Subject: [PATCH 05/16] refactor: removed obsolete notebooks elements

---
 .../renku/templates/notebooks/configmap.yaml  |  17 ---
 helm-chart/renku/templates/notebooks/ssh.yaml | 110 ------------------
 2 files changed, 127 deletions(-)
 delete mode 100644 helm-chart/renku/templates/notebooks/configmap.yaml
 delete mode 100644 helm-chart/renku/templates/notebooks/ssh.yaml

diff --git a/helm-chart/renku/templates/notebooks/configmap.yaml b/helm-chart/renku/templates/notebooks/configmap.yaml
deleted file mode 100644
index 3c89f21fc6..0000000000
--- a/helm-chart/renku/templates/notebooks/configmap.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{- if .Values.enableV1Services }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "renku.notebooks.fullname" . }}-options
-  labels:
-    app: {{ template "renku.notebooks.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-data:
-  server_options.json: |
-    {{ .Values.notebooks.serverOptions | default dict | toJson }}
-  server_defaults.json: |
-    {{ toJson .Values.notebooks.serverDefaults }}
-{{- end }}
diff --git a/helm-chart/renku/templates/notebooks/ssh.yaml b/helm-chart/renku/templates/notebooks/ssh.yaml
deleted file mode 100644
index f5e8af8c2a..0000000000
--- a/helm-chart/renku/templates/notebooks/ssh.yaml
+++ /dev/null
@@ -1,110 +0,0 @@
-{{- if .Values.enableV1Services }}
-{{- if .Values.notebooks.ssh.enabled }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "renku.notebooks.fullname" . }}-ssh
-  labels:
-    app: {{ template "renku.notebooks.name" . }}-ssh
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  {{- if not .Values.notebooks.ssh.autoscaling.enabled }}
-  replicas: {{ .Values.notebooks.ssh.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      app: {{ template "renku.notebooks.name" . }}-ssh
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "renku.notebooks.name" . }}-ssh
-        chart: {{ template "renku.chart" . }}
-        release: {{ .Release.Name }}
-        heritage: {{ .Release.Service }}
-    spec:
-      {{- with .Values.notebooks.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      securityContext:
-        fsGroup: 1000
-      containers:
-        - name: ssh
-          securityContext:
-            allowPrivilegeEscalation: false
-            runAsNonRoot: true
-            runAsUser: 1000
-          image: "{{ .Values.notebooks.ssh.image.repository }}:{{ .Values.notebooks.ssh.image.tag }}"
-          imagePullPolicy: {{ .Values.notebooks.ssh.image.pullPolicy }}
-          ports:
-            - name: ssh
-              containerPort: 2022
-              protocol: TCP
-          resources:
-            {{- toYaml .Values.notebooks.ssh.resources | nindent 12 }}
-          {{- if not (kindIs "invalid" .Values.notebooks.ssh.hostKeySecret) }}
-          volumeMounts:
-            - name: ssh-host-key
-              mountPath: /opt/ssh/ssh_host_keys
-              readOnly: true
-          {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- if not (kindIs "invalid" .Values.notebooks.ssh.hostKeySecret) }}
-      volumes:
-        - name: ssh-host-key
-          secret:
-            secretName: {{ .Values.notebooks.ssh.hostKeySecret | quote }}
-      {{- end }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "renku.notebooks.fullname" . }}-ssh
-  labels:
-    app: {{ template "renku.notebooks.name" . }}-ssh
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.notebooks.ssh.service.type }}
-  ports:
-    - name: ssh
-      {{- if eq .Values.notebooks.ssh.service.type "NodePort" }}
-      nodePort: {{ .Values.notebooks.ssh.service.port }}
-      {{- end }}
-      port: {{ .Values.notebooks.ssh.service.port }}
-      protocol: TCP
-      targetPort: ssh
-  selector:
-    app: {{ template "renku.notebooks.name" . }}-ssh
-    release: {{ .Release.Name }}
----
-apiVersion: autoscaling/v1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ template "renku.notebooks.fullname" . }}-ssh
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ template "renku.notebooks.fullname" . }}-ssh
-  minReplicas: {{ .Values.notebooks.ssh.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.notebooks.ssh.autoscaling.maxReplicas }}
-  targetCPUUtilizationPercentage: {{ .Values.notebooks.ssh.autoscaling.targetCPUUtilizationPercentage }}
-{{- end }}
-{{- end }}

From 46ea7b8a285a5f9598229713623d3948ddf09e03 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Thu, 11 Dec 2025 14:14:00 +0100
Subject: [PATCH 06/16] fix(data-service/deployment): update path to
 session-env-secret.yaml

---
 helm-chart/renku/templates/data-service/deployment.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-chart/renku/templates/data-service/deployment.yaml b/helm-chart/renku/templates/data-service/deployment.yaml
index 2833a5c6bf..e910a9b2a9 100644
--- a/helm-chart/renku/templates/data-service/deployment.yaml
+++ b/helm-chart/renku/templates/data-service/deployment.yaml
@@ -25,7 +25,7 @@ spec:
         {{ .Values.global.redis.clientLabel | toYaml | nindent 8 }}
       annotations:
         # NOTE: Without this the pod will not restart when the secret values change.
-        checksum/config: {{ include (print $.Template.BasePath "/notebooks/env-secret.yaml") . | sha256sum }}
+        checksum/config: {{ include (print $.Template.BasePath "/data-service/session-env-secret.yaml") . | sha256sum }}
       {{- with .Values.dataService.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}

From 2a93aa848c01b7471cf50c8a6f1dc5e772c545a0 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Thu, 11 Dec 2025 14:27:22 +0100
Subject: [PATCH 07/16] refactor: removed everything enableV1Services related

---
 helm-chart/renku/requirements.yaml            |   9 -
 .../data-service/deployment_k8s_watcher.yaml  |   2 -
 .../renku/templates/data-service/rbac.yaml    |  14 -
 .../data-service/rbac_k8s_watcher.yaml        |  14 -
 .../data-service/session-env-secret.yaml      |   6 -
 .../renku/templates/gateway/configmap.yaml    |   2 -
 .../templates/graph-db-postgres-secret.yaml   |  29 --
 .../templates/graph-tg-postgres-secret.yaml   |  29 --
 .../graph-token-postgres-secret.yaml          |  29 --
 helm-chart/renku/templates/ingress.yaml       |  37 --
 .../renku/templates/network-policies.yaml     | 422 ------------------
 .../renku/templates/setup-job-renku-dbs.yaml  |  29 --
 helm-chart/renku/templates/swagger.yaml       |   4 -
 .../renku/templates/tests/test-renku.yaml     |  93 ----
 .../ui/ui-client-deployment-template.yaml     |   2 -
 helm-chart/renku/values.yaml                  |   4 -
 16 files changed, 725 deletions(-)
 delete mode 100644 helm-chart/renku/templates/graph-db-postgres-secret.yaml
 delete mode 100644 helm-chart/renku/templates/graph-tg-postgres-secret.yaml
 delete mode 100644 helm-chart/renku/templates/graph-token-postgres-secret.yaml
 delete mode 100644 helm-chart/renku/templates/tests/test-renku.yaml

diff --git a/helm-chart/renku/requirements.yaml b/helm-chart/renku/requirements.yaml
index aa6edcbbcd..8543cdf447 100644
--- a/helm-chart/renku/requirements.yaml
+++ b/helm-chart/renku/requirements.yaml
@@ -11,15 +11,6 @@ dependencies:
     repository: "oci://harbor.renkulab.io/bitnami-mirror"
     version: 20.3.0
     condition: redis.install
-  - name: renku-jena
-    version: "0.0.25"
-    repository: "https://swissdatasciencecenter.github.io/helm-charts/"
-    alias: jena
-    condition: enableV1Services
-  - name: amalthea
-    repository: "https://swissdatasciencecenter.github.io/helm-charts/"
-    version: "0.22.1"
-    condition: enableV1Services
   - name: amalthea-sessions
     repository: "https://swissdatasciencecenter.github.io/helm-charts/"
     version: "0.22.1"
diff --git a/helm-chart/renku/templates/data-service/deployment_k8s_watcher.yaml b/helm-chart/renku/templates/data-service/deployment_k8s_watcher.yaml
index 7463019843..9d49db93e6 100644
--- a/helm-chart/renku/templates/data-service/deployment_k8s_watcher.yaml
+++ b/helm-chart/renku/templates/data-service/deployment_k8s_watcher.yaml
@@ -54,8 +54,6 @@ spec:
               value: {{ .Values.posthog.enabled | quote }}
             - name: IMAGE_BUILDERS_ENABLED
               value: {{ .Values.dataService.imageBuilders.enabled | quote }}
-            - name: V1_SERVICES_ENABLED
-              value: {{ .Values.enableV1Services | default false | quote }}
             - name: KUBERNETES_NAMESPACE
               valueFrom:
                 fieldRef:
diff --git a/helm-chart/renku/templates/data-service/rbac.yaml b/helm-chart/renku/templates/data-service/rbac.yaml
index 157154f9e0..22a016701c 100644
--- a/helm-chart/renku/templates/data-service/rbac.yaml
+++ b/helm-chart/renku/templates/data-service/rbac.yaml
@@ -56,20 +56,6 @@ rules:
       - update
       - delete
       - patch
-  {{- if .Values.enableV1Services }}
-  - apiGroups:
-      - {{ .Values.amalthea.crdApiGroup }}
-    resources:
-      - {{ .Values.amalthea.crdNames.plural }}
-    verbs:
-      - create
-      - update
-      - delete
-      - patch
-      - list
-      - get
-      - watch
-  {{- end }}
   - apiGroups:
       - amalthea.dev
     resources:
diff --git a/helm-chart/renku/templates/data-service/rbac_k8s_watcher.yaml b/helm-chart/renku/templates/data-service/rbac_k8s_watcher.yaml
index 2de7f13cd6..3684fa600d 100644
--- a/helm-chart/renku/templates/data-service/rbac_k8s_watcher.yaml
+++ b/helm-chart/renku/templates/data-service/rbac_k8s_watcher.yaml
@@ -9,20 +9,6 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 rules:
-  {{- if .Values.enableV1Services }}
-  - apiGroups:
-      - {{ .Values.amalthea.crdApiGroup }}
-    resources:
-      - {{ .Values.amalthea.crdNames.plural }}
-    verbs:
-      - create
-      - update
-      - delete
-      - patch
-      - list
-      - get
-      - watch
-  {{- end }}
   - apiGroups:
       - amalthea.dev
     resources:
diff --git a/helm-chart/renku/templates/data-service/session-env-secret.yaml b/helm-chart/renku/templates/data-service/session-env-secret.yaml
index fb0e10c0e0..319627c00a 100644
--- a/helm-chart/renku/templates/data-service/session-env-secret.yaml
+++ b/helm-chart/renku/templates/data-service/session-env-secret.yaml
@@ -41,15 +41,9 @@ stringData:
   NB_SESSIONS__CULLING__REGISTERED__HIBERNATED_SECONDS: {{ .Values.notebooks.culling.hibernatedSecondsThreshold.registered | quote }}
   NB_SESSIONS__CULLING__REGISTERED__MAX_AGE_SECONDS: {{ .Values.notebooks.culling.maxAgeSecondsThreshold.registered | quote }}
   NB_SESSIONS__CULLING__ANONYMOUS__MAX_AGE_SECONDS: {{ .Values.notebooks.culling.maxAgeSecondsThreshold.anonymous | quote }}
-  {{- if .Values.enableV1Services }}
-  NB_AMALTHEA__GROUP: {{ .Values.amalthea.crdApiGroup }}
-  NB_AMALTHEA__VERSION: {{ .Values.amalthea.crdApiVersion }}
-  NB_AMALTHEA__PLURAL: {{ .Values.amalthea.crdNames.plural }}
-  {{- else }}
   NB_AMALTHEA__GROUP: "amalthea.dev"
   NB_AMALTHEA__VERSION: "v1alpha1"
   NB_AMALTHEA__PLURAL: "jupyterservers"
-  {{- end }}
   NB_AMALTHEA__CACHE_URL: "http://{{ template "renku.notebooks.fullname" . }}-k8s-watcher"
   NB_AMALTHEA_V2__CACHE_URL: "http://{{ template "renku.notebooks.fullname" . }}-k8s-watcher"
   NB_SESSIONS__GIT_CLONE__SENTRY__ENABLED: {{ .Values.notebooks.sessionSentry.gitClone.enabled | quote }}
diff --git a/helm-chart/renku/templates/gateway/configmap.yaml b/helm-chart/renku/templates/gateway/configmap.yaml
index 2465d2d3a6..b658b47627 100644
--- a/helm-chart/renku/templates/gateway/configmap.yaml
+++ b/helm-chart/renku/templates/gateway/configmap.yaml
@@ -36,7 +36,6 @@ data:
           audience: renku
           authorizedParty: renku-cli
     revproxy:
-      enableV1Services: {{ .Values.enableV1Services | default false }}
       enableInternalGitlab: {{ .Values.enableInternalGitlab | default false }}
       renkuBaseUrl: {{ include "renku.baseUrl" . | quote }}
       externalGitlabUrl: {{ .Values.global.gitlab.url | default "" | quote }}
@@ -56,7 +55,6 @@ data:
         uiserver: {{ printf "http://%s" (include "ui-server.fullname" .) | quote }} 
         search: {{ printf "http://%s-search-api" .Release.Name | quote }}
     login:
-      enableV1Services: {{ .Values.enableV1Services | default false }}
       enableInternalGitlab: {{ .Values.enableInternalGitlab | default false }}
       renkuBaseUrl: {{ include "renku.baseUrl" . | quote }}
       loginRoutesBasePath: "/api/auth"
diff --git a/helm-chart/renku/templates/graph-db-postgres-secret.yaml b/helm-chart/renku/templates/graph-db-postgres-secret.yaml
deleted file mode 100644
index 1b82191ce6..0000000000
--- a/helm-chart/renku/templates/graph-db-postgres-secret.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-{{- if .Values.enableV1Services }}
----
-{{- $db_password := default (randAlphaNum 64) .Values.global.graph.dbEventLog.postgresPassword.value | b64enc | quote }}
-
-{{- $renkuFullname := include "renku.fullname" . -}}
-
-{{- if not .Values.global.graph.dbEventLog.postgresPassword.value -}}
-{{- $secretName := cat $renkuFullname "-graph-db-postgres" | nospace }}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
-{{- if $secret }}
-{{- $db_password = index $secret.data "graph-dbEventLog-postgresPassword" }}
-{{- end -}}
-{{- end -}}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "renku.fullname" . }}-graph-db-postgres
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": "pre-install,pre-upgrade,pre-rollback"
-type: Opaque
-data:
-  graph-dbEventLog-postgresPassword: {{ $db_password }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph-tg-postgres-secret.yaml b/helm-chart/renku/templates/graph-tg-postgres-secret.yaml
deleted file mode 100644
index 23103db10a..0000000000
--- a/helm-chart/renku/templates/graph-tg-postgres-secret.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-{{- if .Values.enableV1Services }}
----
-{{- $db_password := default (randAlphaNum 64) .Values.global.graph.triplesGenerator.postgresPassword.value | b64enc | quote }}
-
-{{- $renkuFullname := include "renku.fullname" . -}}
-
-{{- if not .Values.global.graph.triplesGenerator.postgresPassword.value -}}
-{{- $secretName := cat $renkuFullname "-graph-tg-postgres" | nospace }}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
-{{- if $secret }}
-{{- $db_password = index $secret.data "graph-triplesGenerator-postgresPassword" }}
-{{- end -}}
-{{- end -}}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "renku.fullname" . }}-graph-tg-postgres
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": "pre-install,pre-upgrade,pre-rollback"
-type: Opaque
-data:
-  graph-triplesGenerator-postgresPassword: {{ $db_password }}
-{{- end }}
diff --git a/helm-chart/renku/templates/graph-token-postgres-secret.yaml b/helm-chart/renku/templates/graph-token-postgres-secret.yaml
deleted file mode 100644
index 3293fe3319..0000000000
--- a/helm-chart/renku/templates/graph-token-postgres-secret.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-{{- if .Values.enableV1Services }}
----
-{{- $db_password := default (randAlphaNum 64) .Values.global.graph.tokenRepository.postgresPassword.value | b64enc | quote }}
-
-{{- $renkuFullname := include "renku.fullname" . -}}
-
-{{- if not .Values.global.graph.tokenRepository.postgresPassword.value -}}
-{{- $secretName := cat $renkuFullname "-graph-token-postgres" | nospace }}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
-{{- if $secret }}
-{{- $db_password = index $secret.data "graph-tokenRepository-postgresPassword" }}
-{{- end -}}
-{{- end -}}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "renku.fullname" . }}-graph-token-postgres
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": "pre-install,pre-upgrade,pre-rollback"
-type: Opaque
-data:
-  graph-tokenRepository-postgresPassword: {{ $db_password }}
-{{- end }}
diff --git a/helm-chart/renku/templates/ingress.yaml b/helm-chart/renku/templates/ingress.yaml
index 67eade47a6..bc2ba1bfd8 100644
--- a/helm-chart/renku/templates/ingress.yaml
+++ b/helm-chart/renku/templates/ingress.yaml
@@ -71,43 +71,6 @@ spec:
             name: {{ template "renku.fullname" $ }}-gateway
             port:
               number: {{ $uiserverServicePort }}
-      {{- if $.Values.enableV1Services }}
-      - path: /gitlab
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ template "renku.fullname" $ }}-gateway
-            port:
-              number: 80
-      - path: /repos
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ template "renku.fullname" $ }}-gateway
-            port:
-              number: 80
-      - path: /entities
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ template "renku.fullname" $ }}-gateway
-            port:
-              number: 80
-      - path: /webhooks/events
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ template "renku.graph.webhookService.fullname" $ }}
-            port:
-              number: 80
-      - path: /knowledge-graph
-        pathType: Prefix
-        backend:
-          service:
-            name: {{ template "renku.fullname" $ }}-gateway
-            port:
-              number: 80
-      {{- end }}
       {{- if $swaggerEnabled }}
       - path: /swagger
         pathType: Prefix
diff --git a/helm-chart/renku/templates/network-policies.yaml b/helm-chart/renku/templates/network-policies.yaml
index 1e31c036ba..874af6717f 100644
--- a/helm-chart/renku/templates/network-policies.yaml
+++ b/helm-chart/renku/templates/network-policies.yaml
@@ -38,26 +38,6 @@ spec:
             matchLabels:
               kubernetes.io/metadata.name: {{ .Release.Namespace }}
         {{- end }}
-        {{- if .Values.enableV1Services }}
-        - podSelector:
-            matchLabels:
-              app: event-log
-          namespaceSelector:
-            matchLabels:
-              kubernetes.io/metadata.name: {{ .Release.Namespace }}
-        - podSelector:
-            matchLabels:
-              app: triples-generator
-          namespaceSelector:
-            matchLabels:
-              kubernetes.io/metadata.name: {{ .Release.Namespace }}
-        - podSelector:
-            matchLabels:
-              app: token-repository
-          namespaceSelector:
-            matchLabels:
-              kubernetes.io/metadata.name: {{ .Release.Namespace }}
-        {{- end }}
         - podSelector:
             matchLabels:
               app: post-install-postgres
@@ -290,86 +270,6 @@ spec:
       ports:
         - protocol: TCP
           port: http
-{{- if .Values.enableV1Services }}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-core-service-from-gateway
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "renku-core.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: {{ template "gateway.name" . }}
-              release: {{ .Release.Name }}
-      ports:
-        - protocol: TCP
-          port: http
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-core-service-from-graph
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "renku-core.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.knowledgeGraph.name" . }}
-              release: {{ .Release.Name }}
-      ports:
-        - protocol: TCP
-          port: http
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-knowledge-graph-from-gateway
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app: {{ template "renku.graph.knowledgeGraph.name" . }}
-      release: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: {{ template "gateway.name" . }}
-              release: {{ .Release.Name }}
-      ports:
-        - protocol: TCP
-          port: http-kg
-{{- end }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -471,32 +371,6 @@ spec:
         - protocol: TCP
           port: http
 {{- end }}
-{{- if .Values.enableV1Services }}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-webhook-service-from-anywhere
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app: {{ template "renku.graph.webhookService.name" . }}
-      release: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - ipBlock:
-            cidr: 0.0.0.0/0
-      ports:
-        - protocol: TCP
-          port: http-webhook-sv
-{{- end }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -552,33 +426,6 @@ spec:
           port: http
         - protocol: TCP
           port: grpc
-{{- if .Values.enableV1Services }}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-core-service-from-core-cleanup-job
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "renku-core.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: core-cache-cleanup
-      ports:
-        - protocol: TCP
-          port: http
-{{- end }}
 {{- if .Values.redis.install }}
 ---
 apiVersion: networking.k8s.io/v1
@@ -721,220 +568,6 @@ spec:
     - from:
         - ipBlock:
             cidr: 0.0.0.0/0
-{{- if .Values.enableV1Services }}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-jena-from-services
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: jena
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.knowledgeGraph.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.triplesGenerator.name" . }}
-              release: {{ .Release.Name }}
-      ports:
-        - protocol: TCP
-          port: jena-http
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-event-log-from-kg-services
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app: {{ template "renku.graph.eventLog.name" . }}
-      release: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.triplesGenerator.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.webhookService.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.knowledgeGraph.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.tokenRepository.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.commitEventService.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              # The event log calls itself via a k8s service so if it is not allowed in the 
-              # network policy like this then those requests fail.
-              app: {{ template "renku.graph.eventLog.name" . }}
-              release: {{ .Release.Name }}
-      ports:
-        - protocol: TCP
-          port: http-event-log
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-token-repository-from-kg-services
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app: {{ template "renku.graph.tokenRepository.name" . }}
-      release: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.triplesGenerator.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.eventLog.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.webhookService.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.knowledgeGraph.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.commitEventService.name" . }}
-              release: {{ .Release.Name }}
-      ports:
-        - protocol: TCP
-          port: http-token-repo
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-triple-generator-from-kg-services
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app: {{ template "renku.graph.triplesGenerator.name" . }}
-      release: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.eventLog.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.webhookService.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.knowledgeGraph.name" . }}
-              release: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              # The triples generator calls itself via a k8s service so if it is not allowed in the 
-              # network policy like this then those requests fail.
-              app: {{ template "renku.graph.triplesGenerator.name" . }}
-              release: {{ .Release.Name }}
-      ports:
-        - protocol: TCP
-          port: http-triples-gn
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-commit-events-from-kg-services
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app: {{ template "renku.graph.commitEventService.name" . }}
-      release: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.graph.eventLog.name" . }}
-              release: {{ .Release.Name }}
-      ports:
-        - protocol: TCP
-          port: http-commit-sv
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: ingress-to-data-service-from-notebooks
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app: renku-data-service
-      release: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.notebooks.name" . }}
-              release: {{ .Release.Name }}
-      ports:
-        - protocol: TCP
-          port: http
-{{- end }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -964,36 +597,6 @@ spec:
       ports:
         - protocol: TCP
           port: http
-{{- if .Values.enableV1Services }}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  # Needed for secret mounting
-  name: ingress-to-data-service-from-v1-sessions
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app: renku-data-service
-      release: {{ .Release.Name }}
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/component: jupyterserver
-              app.kubernetes.io/instance: {{ .Release.Name }}
-              app.kubernetes.io/name: amalthea
-      ports:
-        - protocol: TCP
-          port: http
-{{- end }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -1021,31 +624,6 @@ spec:
       ports:
         - protocol: TCP
           port: http
-{{- if .Values.enableV1Services }}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: egress-from-renku-v1-sessions
-spec:
-  egress:
-    {{- with .Values.networkPolicies.sessions.egress }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    - to:
-      # Allow access to data service, needed for secret mounting
-      - podSelector:
-          matchLabels:
-            app: renku-data-service
-            release: {{ .Release.Name }}
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/component: jupyterserver
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/name: amalthea
-  policyTypes:
-  - Egress
-{{- end }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
diff --git a/helm-chart/renku/templates/setup-job-renku-dbs.yaml b/helm-chart/renku/templates/setup-job-renku-dbs.yaml
index a7e47c58bb..6a2430bd62 100644
--- a/helm-chart/renku/templates/setup-job-renku-dbs.yaml
+++ b/helm-chart/renku/templates/setup-job-renku-dbs.yaml
@@ -51,35 +51,6 @@ spec:
                   name: {{ .Values.global.externalServices.postgresql.existingSecret }}
                   key: postgres-password
             {{- end }}
-            {{- if .Values.enableV1Services }}
-            - name: EVENTLOG_DB_USERNAME
-              value: {{ .Values.global.graph.dbEventLog.postgresUser | quote }}
-            - name: EVENTLOG_DB_NAME
-              value: event_log
-            - name: EVENTLOG_DB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "renku.fullname" . }}-graph-db-postgres
-                  key: graph-dbEventLog-postgresPassword
-            - name: TG_DB_USERNAME
-              value: {{ .Values.global.graph.triplesGenerator.postgresUser | quote }}
-            - name: TG_DB_NAME
-              value: triples_generator
-            - name: TG_DB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "renku.fullname" . }}-graph-tg-postgres
-                  key: graph-triplesGenerator-postgresPassword
-            - name: TOKENREPO_DB_USERNAME
-              value: {{ .Values.global.graph.tokenRepository.postgresUser | quote }}
-            - name: TOKENREPO_DB_NAME
-              value: projects_tokens
-            - name: TOKENREPO_DB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "renku.fullname" . }}-graph-token-postgres
-                  key: graph-tokenRepository-postgresPassword
-            {{- end }}
             - name: RENKU_DB_USERNAME
               value: {{ .Values.global.db.common.username | quote }}
             - name: RENKU_DB_NAME
diff --git a/helm-chart/renku/templates/swagger.yaml b/helm-chart/renku/templates/swagger.yaml
index e464302306..2df47f49be 100644
--- a/helm-chart/renku/templates/swagger.yaml
+++ b/helm-chart/renku/templates/swagger.yaml
@@ -27,10 +27,6 @@ spec:
               value: >
                 [
                   {"url": "/api/data/spec.json", "name": "data service"},
-                  {{- if .Values.enableV1Services }}
-                  {"url": "/api/renku/spec.json", "name": "core service"},
-                  {"url": "/api/kg/spec.json", "name": "knowledge graph"},
-                  {{- end }}
                 ]
             - name: OAUTH2_REDIRECT_URL
               value: https://{{ .Values.global.renku.domain }}/swagger/oauth2-redirect.html
diff --git a/helm-chart/renku/templates/tests/test-renku.yaml b/helm-chart/renku/templates/tests/test-renku.yaml
deleted file mode 100644
index 7cc5748407..0000000000
--- a/helm-chart/renku/templates/tests/test-renku.yaml
+++ /dev/null
@@ -1,93 +0,0 @@
-{{ if .Values.tests.enabled -}}
-{{ if .Values.enableV1Services -}}
-apiVersion: v1
-kind: Pod
-metadata:
-  name: '{{ .Release.Name }}-acceptance-tests'
-  annotations:
-    "helm.sh/hook": test
-spec:
-  securityContext:
-    {{- toYaml .Values.podSecurityContext | nindent 4 }}
-  volumes:
-  - name: dshm
-    emptyDir:
-      medium: Memory
-  restartPolicy: Never
-  containers:
-  - name: sbt
-    image: {{ .Values.tests.image.repository }}:{{ .Values.tests.image.tag }}
-    securityContext:
-      {{- toYaml .Values.securityContext | nindent 6 }}
-    env:
-      - name: RENKU_TEST_URL
-        value: '{{ template "renku.http" . }}://{{ .Values.global.renku.domain }}'
-      - name: GITLAB_TEST_URL
-        value: {{ .Values.global.gitlab.url | quote }}
-      - name: RENKU_TEST_EMAIL
-        value: '{{ .Values.tests.parameters.email }}'
-      - name: RENKU_TEST_USERNAME
-        value: '{{ .Values.tests.parameters.username }}'
-      - name: RENKU_TEST_FULL_NAME
-        value: '{{ .Values.tests.parameters.fullname }}'
-      - name: RENKU_TEST_PASSWORD
-        value: '{{ .Values.tests.parameters.password }}'
-      {{ if .Values.global.renku.cli_version }}
-      - name: RENKU_CLI_VERSION
-        value: '{{ .Values.global.renku.cli_version }}'
-      {{ end }}
-      {{ if .Values.tests.parameters.provider }}
-      - name: RENKU_TEST_PROVIDER
-        value: '{{ .Values.tests.parameters.provider }}'
-      {{ end }}
-      {{ if .Values.tests.parameters.register }}
-      - name: RENKU_TEST_REGISTER
-        value: '{{ .Values.tests.parameters.register }}'
-      {{ end }}
-      {{ if .Values.tests.parameters.docsRun }}
-      - name: RENKU_TEST_DOCS_RUN
-        value: '{{ .Values.tests.parameters.docsRun }}'
-      {{ end }}
-      {{ if .Values.tests.parameters.extantProject }}
-      - name: RENKU_TEST_EXTANT_PROJECT
-        value: '{{ .Values.tests.parameters.extantProject }}'
-      {{ end }}
-      {{ if .Values.tests.parameters.anonProject }}
-      - name: RENKU_TEST_ANON_PROJECT
-        value: '{{ .Values.tests.parameters.anonProject }}'
-      {{ end }}
-      {{ if .Values.tests.parameters.anonAvailable }}
-      - name: RENKU_TEST_ANON_AVAILABLE
-        value: '{{ .Values.tests.parameters.anonAvailable }}'
-      {{ end }}
-      {{ if .Values.tests.parameters.batchRemove }}
-      - name: RENKU_TEST_BATCH_REMOVE
-        value: '{{ .Values.tests.parameters.batchRemove }}'
-      {{ end }}
-      {{ if .Values.tests.parameters.removePattern }}
-      - name: RENKU_TEST_REMOVE_PATTERN
-        value: '{{ .Values.tests.parameters.removePattern }}'
-      {{ end }}
-      {{ if .Values.tests.resultsS3.enabled }}
-      - name: RENKU_TEST_S3_HOST
-        value: '{{ .Values.tests.resultsS3.host }}'
-      - name: RENKU_TEST_S3_BUCKET
-        value: '{{ .Values.tests.resultsS3.bucket }}'
-      - name: RENKU_TEST_S3_FILENAME
-        value: '{{ .Values.tests.resultsS3.filename }}'
-      - name: RENKU_TEST_S3_ACCESS_KEY
-        value: '{{ .Values.tests.resultsS3.accessKey }}'
-      - name: RENKU_TEST_S3_SECRET_KEY
-        value: '{{ .Values.tests.resultsS3.secretKey }}'
-      {{ end }}
-    volumeMounts:
-      - mountPath: /dev/shm
-        name: dshm
-    {{ if .Values.tests.parameters.testTarget -}}
-    args:
-      - '{{ .Values.tests.parameters.testTarget }}'
-    {{ end }}
-    resources:
-{{ toYaml .Values.tests.resources | indent 6 }}
-{{- end }}
-{{- end }}
diff --git a/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml b/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml
index c5d592a8ef..dae1471857 100644
--- a/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml
+++ b/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml
@@ -103,8 +103,6 @@ spec:
               value: {{ toJson .Values.ui.client.sessionClassEmailUs | quote }}
             - name: IMAGE_BUILDERS_ENABLED
               value: {{ .Values.dataService.imageBuilders.enabled | quote }}
-            - name: LEGACY_SUPPORT
-              value: {{ dict "enabled" .Values.enableV1Services "supportLegacySessions" .Values.ui.client.supportLegacySessions | toJson | quote }}
             - name: METRICS_ENABLED
               value: {{ .Values.ui.client.prometheus.enabled | quote }}
           livenessProbe:
diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml
index 4c63db161f..1910ccfaa6 100644
--- a/helm-chart/renku/values.yaml
+++ b/helm-chart/renku/values.yaml
@@ -1420,10 +1420,6 @@ secretsStorage:
   tolerations: []
   affinity: {}
 
-# Important note: running legacy (v1) services is deprecated and this chart value will be removed
-# in the next Renku release.
-enableV1Services: false
-
 # When this is set to false the gateway and data service will ignore the Gitlab
 # that can be integrated with Renku and will not ask users to log into this Gitlab.
 # NOTE: This flag has no effect on the core service and knowledge graph. Therefore

From 956c76e65391daabd833e4728ebd332849362d0b Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Thu, 11 Dec 2025 15:39:50 +0100
Subject: [PATCH 08/16] refactor: add deletion information to changelog

---
 helm-chart/values.yaml.changelog.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/helm-chart/values.yaml.changelog.md b/helm-chart/values.yaml.changelog.md
index 555e3c4065..36d5ef6e89 100644
--- a/helm-chart/values.yaml.changelog.md
+++ b/helm-chart/values.yaml.changelog.md
@@ -4,6 +4,10 @@ For changes that require manual steps other than changing values, please check o
 
 Please follow this convention when adding a new row
 * `<type: NEW|EDIT|DELETE> - *<resource name>*: <details>`
+## Upgrading to Renku 2.12.0
+
+* DELETE all `enableV1Services` related resources. These resources were already
+  disabled by default. They are now fully removed from the deployment process.
 
 ## Upgrading to Renku 2.11.0
 

From 357bc5984890c3e50a1560d7f7272f6591a52a04 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Thu, 11 Dec 2025 17:35:46 +0100
Subject: [PATCH 09/16] fix: remove missed pod selector for V1 core

---
 helm-chart/renku/templates/network-policies.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/helm-chart/renku/templates/network-policies.yaml b/helm-chart/renku/templates/network-policies.yaml
index 874af6717f..6b33a07b23 100644
--- a/helm-chart/renku/templates/network-policies.yaml
+++ b/helm-chart/renku/templates/network-policies.yaml
@@ -453,10 +453,6 @@ spec:
             matchLabels:
               app.kubernetes.io/name: "uiserver"
               app.kubernetes.io/instance: {{ .Release.Name }}
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/name: {{ include "renku-core.name" . }}
-              app.kubernetes.io/instance: {{ .Release.Name }}
         - podSelector:
             matchLabels:
               app: renku-data-service

From 5b12ac2b26cd991484e7dcaec0ac3675fa4fe5ef Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Mon, 15 Dec 2025 17:41:32 +0100
Subject: [PATCH 10/16] fix: improve changelog text

Co-authored-by: Tasko Olevski <tasko.olevski@sdsc.ethz.ch>
---
 helm-chart/values.yaml.changelog.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/helm-chart/values.yaml.changelog.md b/helm-chart/values.yaml.changelog.md
index 36d5ef6e89..7a1d3cee27 100644
--- a/helm-chart/values.yaml.changelog.md
+++ b/helm-chart/values.yaml.changelog.md
@@ -8,6 +8,7 @@ Please follow this convention when adding a new row
 
 * DELETE all `enableV1Services` related resources. These resources were already
   disabled by default. They are now fully removed from the deployment process.
+  So with this version of Renku all V1 services will be fully deleted from the cluster.
 
 ## Upgrading to Renku 2.11.0
 

From d36fab68d60e996a3c4346d286398050f2fd4e9e Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Mon, 15 Dec 2025 18:09:12 +0100
Subject: [PATCH 11/16] refactor: remove additional obsolete entries from
 values.yaml

---
 helm-chart/renku/values.yaml | 87 ------------------------------------
 1 file changed, 87 deletions(-)

diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml
index 1910ccfaa6..b79f677696 100644
--- a/helm-chart/renku/values.yaml
+++ b/helm-chart/renku/values.yaml
@@ -63,17 +63,6 @@ global:
     ## Should be set to a proper value (i.e. by using openssl rand -hex 32) for production.
     ## Can be set here or as .gitlabClientSecret outside of .global, the values set ouside of global (if defined) take precedence.
     gitlabClientSecret:
-  core:
-    versions:
-      latest:
-        name: v10
-        prefix: "10"
-        nameOverride: ""
-        fullnameOverride: ""
-        image:
-          repository: renku/renku-core
-          tag: "v2.9.4"
-          pullPolicy: IfNotPresent
   uiserver:
     ## The client secret for the renku-ui client application registered in keycloak.
     clientSecret: # use `uuidgen -r`
@@ -89,38 +78,6 @@ global:
     ## for a new project based on its own version.
     ## NOTE should only be set for CI deployments and development purposes.
     cli_version:
-  ## Note that the graph will not turned on by default until renku 0.4.0
-  graph:
-    dbEventLog:
-      ## Name of the postgres user to be used to access the Event Log db
-      postgresUser: eventlog
-      ## Postgres password to be used to access the Event Log db
-      ## NOTE: The helm chart cannot update this password in Postgres once it has been created for the first  time either by
-      ## setting this value or by randomly generating it because it was omitted below.
-      postgresPassword:
-        value:
-      existingSecret:
-    tokenRepository:
-      ## Name of the postgres user to be used to access the db storing access tokens
-      postgresUser: tokenstorage
-      ## Postgres password to be used to access the db storing access tokens
-      ## NOTE: The helm chart cannot update this password in Postgres once it has been created for the first time either by
-      ## setting this value or by randomly generating it because it was omitted below.
-      postgresPassword:
-        value:
-      existingSecret:
-    triplesGenerator:
-      ## Name of the postgres user to be used to access the tg db
-      postgresUser: triplesgenerator
-      ## Postgres password to be used to access the db storing access tokens
-      ## NOTE: The helm chart cannot update this password in Postgres once it has been created for the first time either by
-      ## setting this value or by randomly generating it because it was omitted below.
-      postgresPassword:
-        value:
-      existingSecret:
-    jena:
-      ## specify which dataset should be used in Jena
-      dataset:
   externalServices:
     # If an external Postgres database is defined in global.externalServices.postgresql,
     # global.externalServices.postgresql.enabled should be true, and postgresql.enabled should be false.
@@ -1202,50 +1159,6 @@ gateway:
           nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" # Default is 4k, larger size necessary for keycloak
           nginx.ingress.kubernetes.io/use-regex: "true"
           nginx.ingress.kubernetes.io/rewrite-target: /api/gitlab-redirect/$1
-jena:
-  image:
-    repository: renku/renku-jena
-    pullPolicy: IfNotPresent
-  users:
-    admin:
-      ## Admin user password
-      ## Generate one using: `openssl rand -hex 16`
-      password:
-    renku:
-      ## Dataset user password
-      ## Generate one using: `openssl rand -hex 16`
-      password:
-  persistence:
-    accessModes:
-      - ReadWriteOnce
-    size: 10Gi
-  additionalEnvironmentVariables:
-    - name: JVM_ARGS
-      value: -Xmx2G -Xms2G
-  compacting:
-    - name: ADMIN_USER
-      value: admin
-    - name: COMPACTING_SCHEDULE ## The 'Mon *-*-* 00:00:00' expression means the process will be run every Monday at 00:00:00. More details at https://github.com/eikek/calev
-      value: "Mon *-*-* 00:00:00"
-  resources:
-    limits:
-      memory: 3Gi
-    requests:
-      cpu: 300m
-      memory: 3Gi
-  additionalVolumeMounts:
-    - name: shiro
-      mountPath: /fuseki/shiro.ini
-      subPath: shiro.ini
-      readOnly: true
-  additionalVolumes:
-    - name: shiro
-      configMap:
-        name: shiro-ini
-        defaultMode: 0555
-  additionalInitContainerScript: "find /fuseki -name tdb.lock -type f -delete && find /fuseki/configuration -name *.ttl -type f -empty -delete && echo clean-up done"
-  test:
-    enabled: false
 ## Configuration for the Swagger-UI available at <renku-domain>/swagger
 swagger:
   enabled: true

From 36618372a993064249302be673457165a6ba6a7a Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Mon, 15 Dec 2025 18:11:15 +0100
Subject: [PATCH 12/16] refactor: remove network policy for v1 sessions

---
 .../renku/templates/network-policies.yaml     | 34 -------------------
 1 file changed, 34 deletions(-)

diff --git a/helm-chart/renku/templates/network-policies.yaml b/helm-chart/renku/templates/network-policies.yaml
index 6b33a07b23..45281fe47a 100644
--- a/helm-chart/renku/templates/network-policies.yaml
+++ b/helm-chart/renku/templates/network-policies.yaml
@@ -120,40 +120,6 @@ spec:
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
-metadata:
-  name: {{ template "renku.notebooks.fullname" . }}-sessions
-  labels:
-    app: {{ template "renku.name" . }}
-    chart: {{ template "renku.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/component: jupyterserver
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/name: amalthea
-  policyTypes:
-    - Ingress
-  ingress:
-    - from:
-      # Allow ssh ingress to sessions only for the ssh jump host
-        - podSelector:
-            matchLabels:
-              app: {{ template "renku.notebooks.name" . }}-ssh
-      ports:
-        - port: ssh
-          protocol: TCP
-    - from:
-      # Allow ingress to the oauth2proxy for anyone
-        - ipBlock:
-            cidr: 0.0.0.0/0
-      ports:
-        - protocol: TCP
-          port: 4180
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
 metadata:
   name: {{ template "renku.notebooks.fullname" . }}-sessions-v2
   labels:

From b75ab57ddba0139e23f66cbc2eddb5a0c81e1000 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Tue, 16 Dec 2025 10:38:30 +0100
Subject: [PATCH 13/16] refactor: remove core and kg related entries from
 gateway

---
 .../renku/templates/gateway/_helpers.tpl      | 30 -------------------
 .../renku/templates/gateway/configmap.yaml    |  7 -----
 2 files changed, 37 deletions(-)

diff --git a/helm-chart/renku/templates/gateway/_helpers.tpl b/helm-chart/renku/templates/gateway/_helpers.tpl
index fbe9d65ddb..5999bf1b24 100644
--- a/helm-chart/renku/templates/gateway/_helpers.tpl
+++ b/helm-chart/renku/templates/gateway/_helpers.tpl
@@ -1,33 +1,3 @@
-{{/*
-Template core service paths as a comma separated list
-*/}}
-{{- define "gateway.core.pathsYaml" -}}
-{{- $paths := list -}}
-{{- range $i, $k := (keys .Values.global.core.versions | sortAlpha) -}}
-{{- $paths = mustAppend $paths (printf "/api/renku/%s" (get $.Values.global.core.versions $k).prefix) -}}
-{{- if eq $k "latest" -}}
-{{- $paths = mustAppend $paths "/api/renku" -}}
-{{- end -}}
-{{- end -}}
-{{- $paths | toYaml -}}
-{{- end -}}
-
-{{/*
-Template core service names as a comma separated list
-*/}}
-{{- define "gateway.core.serviceNamesYaml" -}}
-{{- $serviceNames := list -}}
-{{- $coreBaseName := printf "%s-core" .Release.Name -}}
-{{- range $i, $k := (keys .Values.global.core.versions | sortAlpha) -}}
-{{- $serviceName := printf "%s-%s" $coreBaseName (get $.Values.global.core.versions $k).name -}}
-{{- $serviceNames = mustAppend $serviceNames $serviceName -}}
-{{- if eq $k "latest" -}}
-{{- $serviceNames = mustAppend $serviceNames $serviceName -}}
-{{- end -}}
-{{- end -}}
-{{- $serviceNames | toYaml -}}
-{{- end -}}
-
 {{/*
 Expand the name of the chart.
 */}}
diff --git a/helm-chart/renku/templates/gateway/configmap.yaml b/helm-chart/renku/templates/gateway/configmap.yaml
index b658b47627..81c3ca5e16 100644
--- a/helm-chart/renku/templates/gateway/configmap.yaml
+++ b/helm-chart/renku/templates/gateway/configmap.yaml
@@ -42,14 +42,7 @@ data:
       k8sNamespace: {{ .Release.Namespace }}
       renkuServices:
         notebooks: {{ printf "http://%s-notebooks" .Release.Name | quote }}
-        kg: {{ printf "http://%s-knowledge-graph" .Release.Name | quote }}
         webhook: {{ printf "http://%s-webhook-service" .Release.Name | quote }}
-        core:
-          serviceNames: 
-            {{- include "gateway.core.serviceNamesYaml" . | nindent 12 }}
-          servicePaths: 
-            {{- include "gateway.core.pathsYaml" . | nindent 12 }}
-          sticky: true 
         dataService: {{ printf "http://%s-data-service" (include "renku.fullname" .) | quote }}
         keycloak: {{ include "renku.keycloakUrl" . | quote }} 
         uiserver: {{ printf "http://%s" (include "ui-server.fullname" .) | quote }} 

From f57b025f0276d7de5289c155857de352031dca2a Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Tue, 16 Dec 2025 10:51:53 +0100
Subject: [PATCH 14/16] refactor: remove obsolete core cookies handling

---
 helm-chart/renku/templates/ui/_helpers.tpl | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/helm-chart/renku/templates/ui/_helpers.tpl b/helm-chart/renku/templates/ui/_helpers.tpl
index 8191a00a63..2daf9a2afc 100644
--- a/helm-chart/renku/templates/ui/_helpers.tpl
+++ b/helm-chart/renku/templates/ui/_helpers.tpl
@@ -38,18 +38,5 @@ Return the appropriate apiVersion for autoscaling.
 Template a json list of cookies that should not be stripped by the ui-server proxy
 */}}
 {{- define "ui-server.keepCookies" -}}
-{{- $cookieNames := list -}}
-{{- $coreBaseName := printf "%s-core" .Release.Name -}}
-{{- if .Values.core -}}
-{{- $coreBaseName := .Values.core.basename | default (printf "%s-core" .Release.Name) -}}
-{{- end -}}
-{{- range $i, $k := (keys .Values.global.core.versions | sortAlpha) -}}
-{{- $serviceName := printf "reverse-proxy-sticky-session-%s-%s" $coreBaseName (get $.Values.global.core.versions $k).name -}}
-{{- $cookieNames = mustAppend $cookieNames $serviceName -}}
-{{- if eq $k "latest" -}}
-{{- $cookieNames = mustAppend $cookieNames $serviceName -}}
-{{- end -}}
-{{- end -}}
-{{- $cookieNames = concat $cookieNames .Values.ui.server.keepCookies -}}
-{{- $cookieNames | uniq | toJson -}}
+{{- $cookieNames := .Values.ui.server.keepCookies | uniq | toJson -}}
 {{- end -}}

From b4b59067cf20fe35b4d25a36df40b816bc0c6690 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Wed, 17 Dec 2025 16:42:07 +0100
Subject: [PATCH 15/16] fix(gateway): add back kg url

Explicitly hard code it and webhooks as
to-be-removed as they are v1 only features
---
 helm-chart/renku/templates/gateway/configmap.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/helm-chart/renku/templates/gateway/configmap.yaml b/helm-chart/renku/templates/gateway/configmap.yaml
index 81c3ca5e16..a02591e545 100644
--- a/helm-chart/renku/templates/gateway/configmap.yaml
+++ b/helm-chart/renku/templates/gateway/configmap.yaml
@@ -42,11 +42,12 @@ data:
       k8sNamespace: {{ .Release.Namespace }}
       renkuServices:
         notebooks: {{ printf "http://%s-notebooks" .Release.Name | quote }}
-        webhook: {{ printf "http://%s-webhook-service" .Release.Name | quote }}
         dataService: {{ printf "http://%s-data-service" (include "renku.fullname" .) | quote }}
         keycloak: {{ include "renku.keycloakUrl" . | quote }} 
         uiserver: {{ printf "http://%s" (include "ui-server.fullname" .) | quote }} 
         search: {{ printf "http://%s-search-api" .Release.Name | quote }}
+        kg: "http://to-be-removed"
+        webhook: "http://to-be-removed"
     login:
       enableInternalGitlab: {{ .Values.enableInternalGitlab | default false }}
       renkuBaseUrl: {{ include "renku.baseUrl" . | quote }}

From 215cc81b66b95eb062f68b3799df8d8b754f2871 Mon Sep 17 00:00:00 2001
From: Flora Thiebaut <flora.thiebaut@sdsc.ethz.ch>
Date: Wed, 7 Jan 2026 11:28:50 +0100
Subject: [PATCH 16/16] fix ui

---
 .../renku/templates/ui/ui-client-deployment-template.yaml       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml b/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml
index dae1471857..c7e3ff3aa5 100644
--- a/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml
+++ b/helm-chart/renku/templates/ui/ui-client-deployment-template.yaml
@@ -105,6 +105,8 @@ spec:
               value: {{ .Values.dataService.imageBuilders.enabled | quote }}
             - name: METRICS_ENABLED
               value: {{ .Values.ui.client.prometheus.enabled | quote }}
+            - name: LEGACY_SUPPORT
+              value: {{ dict "enabled" false "supportLegacySessions" false | toJson | quote }}
           livenessProbe:
             httpGet:
               path: /