diff --git a/apis/installer/v1alpha1/ace_user_roles_types.go b/apis/installer/v1alpha1/ace_user_roles_types.go
index dcb23039..eb7f3df5 100644
--- a/apis/installer/v1alpha1/ace_user_roles_types.go
+++ b/apis/installer/v1alpha1/ace_user_roles_types.go
@@ -55,6 +55,7 @@ type AceUserRolesSpec struct {
type UserClusterRoles struct {
Ace bool `json:"ace"`
Appcatalog bool `json:"appcatalog"`
+ Audit bool `json:"audit"`
Catalog bool `json:"catalog"`
CertManager bool `json:"cert-manager"`
Kubedb bool `json:"kubedb"`
diff --git a/charts/ace-user-roles/Chart.yaml b/charts/ace-user-roles/Chart.yaml
index efae20c3..665f29d3 100755
--- a/charts/ace-user-roles/Chart.yaml
+++ b/charts/ace-user-roles/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
name: ace-user-roles
description: A Helm chart for ACE user roles
type: application
-version: v2026.2.16
-appVersion: v2026.2.16
+version: v2026.6.12
+appVersion: v2026.6.12
icon: https://cdn.appscode.com/images/products/kubeops/icons/android-icon-192x192.png
sources:
- https://github.com/kubeops/installer
diff --git a/charts/ace-user-roles/README.md b/charts/ace-user-roles/README.md
index 1cfe4cdc..a10bb86c 100644
--- a/charts/ace-user-roles/README.md
+++ b/charts/ace-user-roles/README.md
@@ -7,8 +7,8 @@
```bash
$ helm repo add appscode https://charts.appscode.com/stable/
$ helm repo update
-$ helm search repo appscode/ace-user-roles --version=v2026.2.16
-$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2026.2.16
+$ helm search repo appscode/ace-user-roles --version=v2026.6.12
+$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2026.6.12
```
## Introduction
@@ -24,7 +24,7 @@ This chart deploys ACE User Roles on a [Kubernetes](http://kubernetes.io) cluste
To install/upgrade the chart with the release name `ace-user-roles`:
```bash
-$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2026.2.16
+$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2026.6.12
```
The command deploys ACE User Roles on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -51,6 +51,7 @@ The following table lists the configurable parameters of the `ace-user-roles` ch
| fullnameOverride | Overrides fullname template | "" |
| enableClusterRoles.ace | | false |
| enableClusterRoles.appcatalog | | false |
+| enableClusterRoles.audit | | false |
| enableClusterRoles.catalog | | false |
| enableClusterRoles.cert-manager | | false |
| enableClusterRoles.kubedb-ui | | false |
@@ -70,12 +71,12 @@ The following table lists the configurable parameters of the `ace-user-roles` ch
Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
```bash
-$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2026.2.16 --set annotations.helm.sh/hook=pre-install,pre-upgrade
+$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2026.6.12 --set annotations.helm.sh/hook=pre-install,pre-upgrade
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while
installing the chart. For example:
```bash
-$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2026.2.16 --values values.yaml
+$ helm upgrade -i ace-user-roles appscode/ace-user-roles -n kubeops --create-namespace --version=v2026.6.12 --values values.yaml
```
diff --git a/charts/ace-user-roles/templates/audit/audit-token-requester-cluster-role.yaml b/charts/ace-user-roles/templates/audit/audit-token-requester-cluster-role.yaml
new file mode 100644
index 00000000..a18e2b1f
--- /dev/null
+++ b/charts/ace-user-roles/templates/audit/audit-token-requester-cluster-role.yaml
@@ -0,0 +1,19 @@
+{{- if dig "audit" false .Values.enableClusterRoles }}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: appscode:audit-token-requester
+ {{- with .Values.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+rules:
+# Request a NATS credential for publishing audit events
+- apiGroups:
+ - identity.k8s.appscode.com
+ resources:
+ - audittokenrequests
+ verbs: ["create"]
+
+{{- end }}
diff --git a/charts/ace-user-roles/values.openapiv3_schema.yaml b/charts/ace-user-roles/values.openapiv3_schema.yaml
index 4b446174..0481d5d2 100644
--- a/charts/ace-user-roles/values.openapiv3_schema.yaml
+++ b/charts/ace-user-roles/values.openapiv3_schema.yaml
@@ -9,6 +9,8 @@ properties:
type: boolean
appcatalog:
type: boolean
+ audit:
+ type: boolean
catalog:
type: boolean
cert-manager:
@@ -36,6 +38,7 @@ properties:
required:
- ace
- appcatalog
+ - audit
- catalog
- cert-manager
- kubedb
diff --git a/charts/ace-user-roles/values.yaml b/charts/ace-user-roles/values.yaml
index 8775c00b..e2a3f4bb 100644
--- a/charts/ace-user-roles/values.yaml
+++ b/charts/ace-user-roles/values.yaml
@@ -10,6 +10,7 @@ fullnameOverride: ""
enableClusterRoles:
ace: false
appcatalog: false
+ audit: false
catalog: false
cert-manager: false
kubedb-ui: false
diff --git a/charts/kube-ui-server/Chart.lock b/charts/kube-ui-server/Chart.lock
index d00b4f4f..2f8bb411 100644
--- a/charts/kube-ui-server/Chart.lock
+++ b/charts/kube-ui-server/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: ace-user-roles
repository: file://../ace-user-roles
- version: v2026.2.16
-digest: sha256:8ebb50d898e45afa11b04daf76165c2fb22f95a7a59568d28fbc592d3f20d748
-generated: "2026-02-18T07:11:36.291445+05:30"
+ version: v2026.6.12
+digest: sha256:02eb658e99201f139350aa6d4933467948547f562342cf455bd750659d8ceab4
+generated: "2026-06-04T13:37:16.198267+06:00"
diff --git a/charts/kube-ui-server/Chart.yaml b/charts/kube-ui-server/Chart.yaml
index 5bc58162..a32997b8 100755
--- a/charts/kube-ui-server/Chart.yaml
+++ b/charts/kube-ui-server/Chart.yaml
@@ -18,4 +18,4 @@ dependencies:
- name: ace-user-roles
repository: file://../ace-user-roles
condition: ace-user-roles.enabled
- version: v2026.2.16
+ version: v2026.6.12
diff --git a/charts/kube-ui-server/values.openapiv3_schema.yaml b/charts/kube-ui-server/values.openapiv3_schema.yaml
index 3865adf9..de730cf0 100644
--- a/charts/kube-ui-server/values.openapiv3_schema.yaml
+++ b/charts/kube-ui-server/values.openapiv3_schema.yaml
@@ -7,6 +7,8 @@ properties:
type: boolean
appcatalog:
type: boolean
+ audit:
+ type: boolean
catalog:
type: boolean
cert-manager:
@@ -34,6 +36,7 @@ properties:
required:
- ace
- appcatalog
+ - audit
- catalog
- cert-manager
- kubedb
diff --git a/charts/panopticon/Chart.lock b/charts/panopticon/Chart.lock
index 12fba416..4f958d89 100644
--- a/charts/panopticon/Chart.lock
+++ b/charts/panopticon/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: ace-user-roles
repository: file://../ace-user-roles
- version: v2026.2.16
-digest: sha256:8ebb50d898e45afa11b04daf76165c2fb22f95a7a59568d28fbc592d3f20d748
-generated: "2026-02-18T07:11:39.889616+05:30"
+ version: v2026.6.12
+digest: sha256:02eb658e99201f139350aa6d4933467948547f562342cf455bd750659d8ceab4
+generated: "2026-06-04T13:37:16.766199+06:00"
diff --git a/charts/panopticon/Chart.yaml b/charts/panopticon/Chart.yaml
index 2d650b0b..66a81e2e 100755
--- a/charts/panopticon/Chart.yaml
+++ b/charts/panopticon/Chart.yaml
@@ -17,4 +17,4 @@ dependencies:
- name: ace-user-roles
repository: file://../ace-user-roles
condition: ace-user-roles.enabled
- version: v2026.2.16
+ version: v2026.6.12
diff --git a/charts/panopticon/README.md b/charts/panopticon/README.md
index 9acff629..8f9e92ee 100644
--- a/charts/panopticon/README.md
+++ b/charts/panopticon/README.md
@@ -94,6 +94,7 @@ The following table lists the configurable parameters of the `panopticon` chart
| ace-user-roles.enabled | If enabled, installs the ace-user-roles chart | true |
| ace-user-roles.enableClusterRoles.ace | | false |
| ace-user-roles.enableClusterRoles.appcatalog | | false |
+| ace-user-roles.enableClusterRoles.audit | | true |
| ace-user-roles.enableClusterRoles.catalog | | false |
| ace-user-roles.enableClusterRoles.cert-manager | | false |
| ace-user-roles.enableClusterRoles.kubedb-ui | | false |
diff --git a/charts/panopticon/values.openapiv3_schema.yaml b/charts/panopticon/values.openapiv3_schema.yaml
index 805731e1..17483edc 100644
--- a/charts/panopticon/values.openapiv3_schema.yaml
+++ b/charts/panopticon/values.openapiv3_schema.yaml
@@ -7,6 +7,8 @@ properties:
type: boolean
appcatalog:
type: boolean
+ audit:
+ type: boolean
catalog:
type: boolean
cert-manager:
@@ -34,6 +36,7 @@ properties:
required:
- ace
- appcatalog
+ - audit
- catalog
- cert-manager
- kubedb
diff --git a/charts/panopticon/values.yaml b/charts/panopticon/values.yaml
index 39613828..668621c9 100644
--- a/charts/panopticon/values.yaml
+++ b/charts/panopticon/values.yaml
@@ -154,6 +154,7 @@ ace-user-roles:
enableClusterRoles:
ace: false
appcatalog: false
+ audit: true
catalog: false
cert-manager: false
kubedb-ui: false