diff --git a/examples/helm-chart/vendir.lock.yml b/examples/helm-chart/vendir.lock.yml index bd1558fd..bbf9a438 100644 --- a/examples/helm-chart/vendir.lock.yml +++ b/examples/helm-chart/vendir.lock.yml @@ -2,8 +2,8 @@ apiVersion: vendir.k14s.io/v1alpha1 directories: - contents: - helmChart: - appVersion: 1.8.0 - version: 1.2.1 + appVersion: 1.20.1 + version: 7.10.1 path: custom-repo-custom-version path: vendor kind: LockConfig diff --git a/examples/helm-chart/vendir.yml b/examples/helm-chart/vendir.yml index 8bf39a63..57d3afe5 100644 --- a/examples/helm-chart/vendir.yml +++ b/examples/helm-chart/vendir.yml @@ -11,6 +11,6 @@ directories: - path: custom-repo-custom-version helmChart: name: contour - version: "1.2.1" + version: "7.10.1" repository: url: https://charts.bitnami.com/bitnami diff --git a/examples/locked/vendir.lock.yml b/examples/locked/vendir.lock.yml index 90107eca..b55ff619 100644 --- a/examples/locked/vendir.lock.yml +++ b/examples/locked/vendir.lock.yml @@ -10,8 +10,8 @@ directories: url: https://api.github.com/repos/vmware-tanzu/carvel-kapp-controller/releases/21912613 path: github.com/k14s/kapp-controller - helmChart: - appVersion: 1.8.0 - version: 1.2.1 + appVersion: 1.20.1 + version: 7.10.1 path: helm-chart path: vendor kind: LockConfig diff --git a/examples/locked/vendor/helm-chart/Chart.lock b/examples/locked/vendor/helm-chart/Chart.lock new file mode 100644 index 00000000..e60720a2 --- /dev/null +++ b/examples/locked/vendor/helm-chart/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.14.1 +digest: sha256:c69621f97b90b8c2e909293fbc475f0a3b0aaa4aa04de5df3e5d7a1974e5d735 +generated: "2022-05-20T17:49:43.887206+02:00" diff --git a/examples/locked/vendor/helm-chart/Chart.yaml b/examples/locked/vendor/helm-chart/Chart.yaml index f060c60a..a6c217a0 100644 --- a/examples/locked/vendor/helm-chart/Chart.yaml +++ b/examples/locked/vendor/helm-chart/Chart.yaml @@ -1,9 +1,16 @@ annotations: category: Infrastructure -apiVersion: v1 -appVersion: 1.8.0 -description: Contour Ingress controller for Kubernetes -home: https://projectcontour.io +apiVersion: v2 +appVersion: 1.20.1 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: Contour is an open source Kubernetes ingress controller that works by + deploying the Envoy proxy as a reverse proxy and load balancer. +home: https://github.com/bitnami/charts/tree/master/bitnami/contour icon: https://bitnami.com/assets/stacks/contour/img/contour-stack-220x234.png keywords: - ingress @@ -12,11 +19,12 @@ keywords: maintainers: - name: cellebyte url: https://github.com/Cellebyte -- email: containers@bitnami.com - name: Bitnami +- name: Bitnami + url: https://github.com/bitnami/charts name: contour sources: - https://github.com/projectcontour/contour - https://github.com/envoyproxy/envoy - https://github.com/bitnami/bitnami-docker-contour -version: 1.2.1 +- https://projectcontour.io +version: 7.10.1 diff --git a/examples/locked/vendor/helm-chart/README.md b/examples/locked/vendor/helm-chart/README.md index 17f4c0ad..3b22c59c 100644 --- a/examples/locked/vendor/helm-chart/README.md +++ b/examples/locked/vendor/helm-chart/README.md @@ -1,5 +1,13 @@ -# contour + +# Contour packaged by Bitnami + +Contour is an open source Kubernetes ingress controller that works by deploying the Envoy proxy as a reverse proxy and load balancer. + +[Overview of Contour](https://github.com/projectcontour/contour) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + ## TL;DR ```console @@ -11,15 +19,15 @@ $ helm install my-release bitnami/contour Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. -This chart bootstraps a [Contour](https://projectcontour.io) Ingress Controller Deployment and a [Envoy Proxy](https://www.envoyproxy.io) Daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. +This chart bootstraps a [Contour](https://projectcontour.io) Ingress Controller Deployment and a [Envoy Proxy](https://www.envoyproxy.io) Daemonset on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. ## Prerequisites -- Kubernetes 1.12+ -- Helm 2.11+ or Helm 3.0-beta3+ -- An Operator for `ServiceType: LoadBalancer` like [MetalLB](../metallb/README.md) +- Kubernetes 1.19+ +- Helm 3.2.0+ +- An Operator for `ServiceType: LoadBalancer` like [MetalLB](https://github.com/bitnami/charts/tree/master/bitnami/metallb) ## Installing the Chart @@ -36,111 +44,387 @@ These commands deploy contour on the Kubernetes cluster in the default configura ## Uninstalling the Chart +:warning: Uninstalling this chart will also remove CRDs. Removing CRDs will **remove all instances of it's Custom Resources**. If you wish to retain your Custom Resources for the future, run the following commands before uninstalling. + +```console +$ kubectl get -o yaml extensionservice,httpproxy,tlscertificatedelegation -A > backup.yaml +``` + To uninstall/delete the `my-release` helm release: ```console $ helm uninstall my-release ``` -The command removes all the Kubernetes components associated with the chart and deletes the release. - ## Parameters -The following tables lists the configurable parameters of the contour chart and their default values. - -| Parameter | Description | Default | -|----------------------------------------------------|--------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `rbac.create` | create the RBAC roles for API accessibility | `true` | -| `contour.enabled` | Contour Deployment creation. | `true` | -| `contour.image.registry` | Contour image registry | `docker.io` | -| `contour.image.repository` | Contour image name | `projectcontour/contour` | -| `contour.image.tag` | Contour image tag | `{TAG_NAME}` | -| `contour.pullPolicy` | Contour image pull policy | `IfNotPresent` | -| `contour.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `contour.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) | -| `contour.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) | -| `contour.createCustomResource` | Creation of customResources via helm hooks (only helm v2) | `true` | -| `contour.customResourceDeletePolicy` | Deletion hook of customResources viah helm hooks (only helm v2) | `nil` | -| `contour.nodeSelector` | Node labels for contour pod assignment | `{}` | -| `contour.tolerations` | Tolerations for contour pod assignment | `[]` | -| `contour.affinity` | Affinity for contour pod assignment | `{}` | -| `contour.podAnnotations` | Contour Pod annotations | `{}` | -| `contour.serviceAccount.create` | create a serviceAccount for the contour pod | `true` | -| `contour.serviceAccount.name` | use the serviceAccount with the specified name | "" | -| `contour.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `contour.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `contour.livenessProbe.periodSeconds` | How often to perform the probe | `20` | -| `contour.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `contour.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `6` | -| `contour.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | -| `contour.readynessProbe.enabled` | Enable/disable the Readyness probe | `true` | -| `contour.readynessProbe.initialDelaySeconds` | Delay before readyness probe is initiated | `15` | -| `contour.readynessProbe.periodSeconds` | How often to perform the probe | `10` | -| `contour.readynessProbe.timeoutSeconds` | When the probe times out | `5` | -| `contour.readynessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `3` | -| `contour.readynessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | -| `contour.certgen.serviceAccount.create` | create a serviceAccount for the contour pod | `true` | -| `contour.certgen.serviceAccount.name` | use the serviceAccount with the specified name | `""` | -| `contour.securityContext.enabled` | If the pod should run in a securityContext. | `true` | -| `contour.securityContext.runAsNonRoot` | If the pod should run as a non root container. | `true` | -| `contour.securityContext.runAsUser` | define the uid with which the pod will run | `65534` | -| `contour.securityContext.runAsGroup` | define the gid with which the pod will run | `65534` | -| `envoy.enabled` | Envoy Proxy Daemonset creation. | `true` | -| `envoy.image.registry` | Envoy Proxy image registry | `docker.io` | -| `envoy.image.repository` | Envoy Proxy image name | `envoyproxy/envoy` | -| `envoy.image.tag` | Envoy Proxy image tag | `{TAG_NAME}` | -| `envoy.pullPolicy` | Envoy Proxy image pull policy | `IfNotPresent` | -| `envoy.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `envoy.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` (does not add resource limits to deployed pods) | -| `envoy.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` (does not add resource limits to deployed pods) | -| `envoy.nodeSelector` | Node labels for envoy pod assignment | `{}` | -| `envoy.tolerations` | Tolerations for envoy pod assignment | `[]` | -| `envoy.affinity` | Affinity for envoy pod assignment | `{}` | -| `envoy.podAnnotations` | Envoy Pod annotations | `{}` | -| `envoy.podSecurityContext` | Envoy Pod securityContext | `{}` | -| `envoy.containerSecurityContext` | Envoy Container securityContext | `{}` | -| `envoy.dnsPolicy` | Envoy Pod Dns Policy | `ClusterFirst` | -| `envoy.hostNetwork` | Envoy Pod host network access | `false` | -| `envoy.readynessProbe.enabled` | Enable/disable the Readyness probe | `true` | -| `envoy.readynessProbe.initialDelaySeconds` | Delay before readyness probe is initiated | `10` | -| `envoy.readynessProbe.periodSeconds` | How often to perform the probe | `3` | -| `envoy.readynessProbe.timeoutSeconds` | When the probe times out | `1` | -| `envoy.readynessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `3` | -| `envoy.readynessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | -| `envoy.service.type` | Type of envoy service to create | `LoadBalancer` | -| `envoy.service.externalTrafficPolicy` | If `envoy.service.type` is NodePort or LoadBalancer, set this to Local to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `Local` | -| `envoy.service.clusterIP` | Internal envoy cluster service IP | `""` | -| `envoy.service.externalIPs` | Envoy service external IP addresses. | `[]` | -| `envoy.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `envoy.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `envoy.service.annotations` | Annotations for envoy service | `{}` | -| `envoy.service.ports.http` | Sets service http port | `80` | -| `envoy.service.ports.https` | Sets service https port | `443` | -| `envoy.service.nodePorts.http` | If `envoy.service.type` is NodePort and this is non-empty, it sets the nodePort that maps to envoys http port | `""` | -| `envoy.service.nodePorts.https` | If `envoy.service.type` is NodePort and this is non-empty, it sets the nodePort that maps to envoys https port | `""` | -| `existingConfigMap` | Specify an existing configMapName to use. (this mutually exclusive with existingConfigMap) | `nil` | -| `configInline` | Specify the config for contour as a new configMap inline. | `{Quickstart Config}` (evaluated as a template) | -| `ingressClass` | Name of the ingress class to route through this controller (defaults to `contour` if `nil`) | `nil` | -| `nameOverride` | String to partially override contour.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override contour.fullname template with a string | `nil` | -| `prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `true` | -| `prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `contour` | -| `prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` | -| `prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` | -| `prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` | +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | ------- | +| `nameOverride` | String to partially override contour.fullname include (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override contour.fullname template | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `[]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `[]` | + + +### Contour parameters + +| Name | Description | Value | +| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `existingConfigMap` | Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`) | `""` | +| `configInline` | Specifies Contour's configuration directly in YAML format | `{}` | +| `contour.enabled` | Contour Deployment creation. | `true` | +| `contour.image.registry` | Contour image registry | `docker.io` | +| `contour.image.repository` | Contour image name | `bitnami/contour` | +| `contour.image.tag` | Contour image tag | `1.20.1-debian-10-r53` | +| `contour.image.pullPolicy` | Contour Image pull policy | `IfNotPresent` | +| `contour.image.pullSecrets` | Contour Image pull secrets | `[]` | +| `contour.image.debug` | Enable image debug mode | `false` | +| `contour.replicaCount` | Number of Contour Pod replicas | `1` | +| `contour.priorityClassName` | Priority class assigned to the pods | `""` | +| `contour.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `contour.terminationGracePeriodSeconds` | In seconds, time the given to the Contour pod needs to terminate gracefully | `""` | +| `contour.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `contour.containerPorts.xds` | Set xds port inside Contour pod | `8001` | +| `contour.containerPorts.metrics` | Set metrics port inside Contour pod | `8000` | +| `contour.hostAliases` | Add deployment host aliases | `[]` | +| `contour.updateStrategy` | Strategy to use to update Pods | `{}` | +| `contour.extraArgs` | Extra arguments passed to Contour container | `[]` | +| `contour.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | +| `contour.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | +| `contour.manageCRDs` | Manage the creation, upgrade and deletion of Contour CRDs. | `true` | +| `contour.podAffinityPreset` | Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `contour.podAntiAffinityPreset` | Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `contour.podLabels` | Extra labels for Contour pods | `{}` | +| `contour.lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | +| `contour.customLivenessProbe` | Override default liveness probe | `{}` | +| `contour.customReadinessProbe` | Override default readiness probe | `{}` | +| `contour.customStartupProbe` | Override default startup probe | `{}` | +| `contour.nodeAffinityPreset.type` | Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `contour.nodeAffinityPreset.key` | Contour Node label key to match Ignored if `affinity` is set. | `""` | +| `contour.nodeAffinityPreset.values` | Contour Node label values to match. Ignored if `affinity` is set. | `[]` | +| `contour.command` | Override default command | `[]` | +| `contour.args` | Override default args | `[]` | +| `contour.affinity` | Affinity for Contour pod assignment | `{}` | +| `contour.nodeSelector` | Node labels for Contour pod assignment | `{}` | +| `contour.tolerations` | Tolerations for Contour pod assignment | `[]` | +| `contour.podAnnotations` | Contour Pod annotations | `{}` | +| `contour.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | +| `contour.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | +| `contour.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` | +| `contour.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `contour.podSecurityContext.enabled` | Default backend Pod securityContext | `true` | +| `contour.podSecurityContext.fsGroup` | Set Default backend Pod's Security Context fsGroup | `1001` | +| `contour.containerSecurityContext.enabled` | Envoy Container securityContext | `true` | +| `contour.containerSecurityContext.runAsUser` | User ID for the Contour container (to change this, http and https containerPorts must be set to >1024) | `1001` | +| `contour.containerSecurityContext.runAsNonRoot` | Run as non root | `true` | +| `contour.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | +| `contour.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | +| `contour.livenessProbe.periodSeconds` | How often to perform the probe | `20` | +| `contour.livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `contour.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | +| `contour.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `contour.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | +| `contour.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `15` | +| `contour.readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `contour.readinessProbe.timeoutSeconds` | When the probe times out | `5` | +| `contour.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `contour.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `contour.startupProbe.enabled` | Enable/disable the startup probe | `false` | +| `contour.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `15` | +| `contour.startupProbe.periodSeconds` | How often to perform the probe | `10` | +| `contour.startupProbe.timeoutSeconds` | When the probe times out | `5` | +| `contour.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `contour.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `contour.certgen.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | +| `contour.certgen.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | +| `contour.certgen.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` | +| `contour.certgen.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `contour.certgen.certificateLifetime` | Generated certificate lifetime (in days). | `365` | +| `contour.tlsExistingSecret` | Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled. | `""` | +| `contour.service.type` | Service type | `ClusterIP` | +| `contour.service.ports.xds` | Contour service xds port | `8001` | +| `contour.service.ports.metrics` | Contour service xds port | `8000` | +| `contour.service.nodePorts.xds` | Node port for HTTP | `""` | +| `contour.service.clusterIP` | Contour service Cluster IP | `""` | +| `contour.service.loadBalancerIP` | Contour service Load Balancer IP | `""` | +| `contour.service.loadBalancerSourceRanges` | Contour service Load Balancer sources | `[]` | +| `contour.service.externalTrafficPolicy` | Contour service external traffic policy | `Cluster` | +| `contour.service.annotations` | Additional custom annotations for Contour service | `{}` | +| `contour.service.extraPorts` | Extra port to expose on Contour service | `[]` | +| `contour.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `contour.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `contour.initContainers` | Attach additional init containers to Contour pods | `[]` | +| `contour.sidecars` | Add additional sidecar containers to the Contour pods | `[]` | +| `contour.extraVolumes` | Array to add extra volumes | `[]` | +| `contour.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `contour.extraEnvVars` | Array containing extra env vars to be added to all Contour containers | `[]` | +| `contour.extraEnvVarsCM` | ConfigMap containing extra env vars to be added to all Contour containers | `""` | +| `contour.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Contour containers | `""` | +| `contour.ingressClass.name` | Name of the ingress class to route through this controller. | `""` | +| `contour.ingressClass.create` | Whether to create or not the IngressClass resource | `true` | +| `contour.ingressClass.default` | Mark IngressClass resource as default for cluster | `true` | +| `contour.debug` | Enable Contour debug log level | `false` | +| `contour.kubernetesDebug` | Contour kubernetes debug log level, Default 0, minimum 0, maximum 9. | `0` | +| `contour.rootNamespaces` | Restrict Contour to searching these namespaces for root ingress routes. | `""` | + + +### Envoy parameters + +| Name | Description | Value | +| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `envoy.enabled` | Envoy Proxy creation | `true` | +| `envoy.image.registry` | Envoy Proxy image registry | `docker.io` | +| `envoy.image.repository` | Envoy Proxy image repository | `bitnami/envoy` | +| `envoy.image.tag` | Envoy Proxy image tag (immutable tags are recommended) | `1.21.1-debian-10-r55` | +| `envoy.image.pullPolicy` | Envoy image pull policy | `IfNotPresent` | +| `envoy.image.pullSecrets` | Envoy image pull secrets | `[]` | +| `envoy.priorityClassName` | Priority class assigned to the pods | `""` | +| `envoy.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `envoy.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `envoy.extraArgs` | Extra arguments passed to Envoy container | `[]` | +| `envoy.hostAliases` | Add deployment host aliases | `[]` | +| `envoy.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | +| `envoy.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | +| `envoy.command` | Override default command | `[]` | +| `envoy.args` | Override default args | `[]` | +| `envoy.shutdownManager.enabled` | Contour shutdownManager sidecar | `true` | +| `envoy.shutdownManager.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | +| `envoy.shutdownManager.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | +| `envoy.kind` | Install as deployment or daemonset | `daemonset` | +| `envoy.replicaCount` | Desired number of Controller pods | `1` | +| `envoy.lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | +| `envoy.updateStrategy` | Strategy to use to update Pods | `{}` | +| `envoy.minReadySeconds` | The minimum number of seconds for which a newly created Pod should be ready | `0` | +| `envoy.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `envoy.autoscaling.enabled` | Enable autoscaling for Controller | `false` | +| `envoy.autoscaling.minReplicas` | Minimum number of Controller replicas | `1` | +| `envoy.autoscaling.maxReplicas` | Maximum number of Controller replicas | `11` | +| `envoy.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `envoy.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `envoy.podAffinityPreset` | Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `envoy.podAntiAffinityPreset` | Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `envoy.nodeAffinityPreset.type` | Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `envoy.nodeAffinityPreset.key` | Envoy Node label key to match Ignored if `affinity` is set. | `""` | +| `envoy.nodeAffinityPreset.values` | Envoy Node label values to match. Ignored if `affinity` is set. | `[]` | +| `envoy.affinity` | Affinity for Envoy pod assignment | `{}` | +| `envoy.nodeSelector` | Node labels for Envoy pod assignment | `{}` | +| `envoy.tolerations` | Tolerations for Envoy pod assignment | `[]` | +| `envoy.podAnnotations` | Envoy Pod annotations | `{}` | +| `envoy.podLabels` | Extra labels for Envoy pods | `{}` | +| `envoy.podSecurityContext.enabled` | Envoy Pod securityContext | `false` | +| `envoy.podSecurityContext.fsGroup` | User ID for the for the mounted volumes | `0` | +| `envoy.podSecurityContext.sysctls` | Array of sysctl options to allow | `[]` | +| `envoy.containerSecurityContext.enabled` | Envoy Container securityContext | `true` | +| `envoy.containerSecurityContext.runAsUser` | User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) | `1001` | +| `envoy.containerSecurityContext.runAsNonRoot` | Run as non root | `true` | +| `envoy.hostNetwork` | Envoy Pod host network access | `false` | +| `envoy.dnsPolicy` | Envoy Pod Dns Policy's DNS Policy | `ClusterFirst` | +| `envoy.tlsExistingSecret` | Name of the existingSecret to be use in Envoy deployment | `""` | +| `envoy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `envoy.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` | +| `envoy.serviceAccount.automountServiceAccountToken` | Whether to auto mount API credentials for a service account | `false` | +| `envoy.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `envoy.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `envoy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `envoy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `envoy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `envoy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `envoy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `envoy.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | +| `envoy.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | +| `envoy.readinessProbe.periodSeconds` | How often to perform the probe | `3` | +| `envoy.readinessProbe.timeoutSeconds` | When the probe times out | `1` | +| `envoy.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `envoy.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `envoy.startupProbe.enabled` | Enable/disable the startup probe | `false` | +| `envoy.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `15` | +| `envoy.startupProbe.periodSeconds` | How often to perform the probe | `10` | +| `envoy.startupProbe.timeoutSeconds` | When the probe times out | `5` | +| `envoy.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `envoy.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `envoy.customLivenessProbe` | Override default liveness probe | `{}` | +| `envoy.customReadinessProbe` | Override default readiness probe | `{}` | +| `envoy.customStartupProbe` | Override default startup probe | `{}` | +| `envoy.terminationGracePeriodSeconds` | Envoy termination grace period in seconds | `300` | +| `envoy.logLevel` | Envoy log level | `info` | +| `envoy.service.targetPorts` | Map the controller service HTTP/HTTPS port | `{}` | +| `envoy.service.type` | Type of Envoy service to create | `LoadBalancer` | +| `envoy.service.externalTrafficPolicy` | Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer | `Local` | +| `envoy.service.labels` | Labels to add to te envoy service | `{}` | +| `envoy.service.clusterIP` | Internal envoy cluster service IP | `""` | +| `envoy.service.externalIPs` | Envoy service external IP addresses | `[]` | +| `envoy.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | +| `envoy.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | +| `envoy.service.ipFamilyPolicy` | , support SingleStack, PreferDualStack and RequireDualStack | `""` | +| `envoy.service.annotations` | Annotations for Envoy service | `{}` | +| `envoy.service.ports.http` | Sets service http port | `80` | +| `envoy.service.ports.https` | Sets service https port | `443` | +| `envoy.service.nodePorts.http` | HTTP Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | +| `envoy.service.nodePorts.https` | HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | +| `envoy.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `envoy.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `envoy.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `envoy.useHostPort` | Enable/disable `hostPort` for TCP/80 and TCP/443 | `true` | +| `envoy.useHostIP` | Enable/disable `hostIP` | `false` | +| `envoy.hostPorts.http` | Sets `hostPort` http port | `80` | +| `envoy.hostPorts.https` | Sets `hostPort` https port | `443` | +| `envoy.hostIPs.http` | Sets `hostIP` http IP | `127.0.0.1` | +| `envoy.hostIPs.https` | Sets `hostIP` https IP | `127.0.0.1` | +| `envoy.containerPorts.http` | Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `8080` | +| `envoy.containerPorts.https` | Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `8443` | +| `envoy.initContainers` | Attach additional init containers to Envoy pods | `[]` | +| `envoy.sidecars` | Add additional sidecar containers to the Envoy pods | `[]` | +| `envoy.extraVolumes` | Array to add extra volumes | `[]` | +| `envoy.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `envoy.extraEnvVars` | Array containing extra env vars to be added to all Envoy containers | `[]` | +| `envoy.extraEnvVarsCM` | ConfigMap containing extra env vars to be added to all Envoy containers | `""` | +| `envoy.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Envoy containers | `""` | + + +### Default backend parameters + +| Name | Description | Value | +| ------------------------------------------------------ | ---------------------------------------------------------------------------------------------------- | ------------------------ | +| `defaultBackend.enabled` | Enable a default backend based on NGINX | `false` | +| `defaultBackend.image.registry` | Default backend image registry | `docker.io` | +| `defaultBackend.image.repository` | Default backend image name | `bitnami/nginx` | +| `defaultBackend.image.tag` | Default backend image tag | `1.21.6-debian-10-r81` | +| `defaultBackend.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `defaultBackend.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `defaultBackend.extraArgs` | Additional command line arguments to pass to NGINX container | `{}` | +| `defaultBackend.lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | +| `defaultBackend.extraEnvVars` | Array containing extra env vars to be added to all Contour containers | `[]` | +| `defaultBackend.extraEnvVarsCM` | ConfigMap containing extra env vars to be added to all Contour containers | `""` | +| `defaultBackend.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Contour containers | `""` | +| `defaultBackend.extraVolumes` | Array to add extra volumes | `[]` | +| `defaultBackend.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `defaultBackend.initContainers` | Attach additional init containers to the http backend pods | `[]` | +| `defaultBackend.sidecars` | Add additional sidecar containers to the default backend | `[]` | +| `defaultBackend.containerPorts.http` | Set http port inside Contour pod | `8001` | +| `defaultBackend.updateStrategy` | Strategy to use to update Pods | `{}` | +| `defaultBackend.command` | Override default command | `[]` | +| `defaultBackend.args` | Override default args | `[]` | +| `defaultBackend.hostAliases` | Add deployment host aliases | `[]` | +| `defaultBackend.replicaCount` | Desired number of default backend pods | `1` | +| `defaultBackend.podSecurityContext.enabled` | Default backend Pod securityContext | `true` | +| `defaultBackend.podSecurityContext.fsGroup` | Set Default backend Pod's Security Context fsGroup | `1001` | +| `defaultBackend.containerSecurityContext.enabled` | Default backend container securityContext | `true` | +| `defaultBackend.containerSecurityContext.runAsUser` | User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) | `1001` | +| `defaultBackend.containerSecurityContext.runAsNonRoot` | Run as non root | `true` | +| `defaultBackend.resources.limits` | The resources limits for the Default backend container | `{}` | +| `defaultBackend.resources.requests` | The requested resources for the Default backend container | `{}` | +| `defaultBackend.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `defaultBackend.livenessProbe.httpGet` | Path, port and scheme for the livenessProbe | `{}` | +| `defaultBackend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `defaultBackend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `defaultBackend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `defaultBackend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `defaultBackend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `defaultBackend.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `defaultBackend.readinessProbe.httpGet` | Path, port and scheme for the readinessProbe | `{}` | +| `defaultBackend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `defaultBackend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `defaultBackend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `defaultBackend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `defaultBackend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `defaultBackend.startupProbe.enabled` | Enable/disable the startup probe | `false` | +| `defaultBackend.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `15` | +| `defaultBackend.startupProbe.periodSeconds` | How often to perform the probe | `10` | +| `defaultBackend.startupProbe.timeoutSeconds` | When the probe times out | `5` | +| `defaultBackend.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `defaultBackend.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `defaultBackend.customLivenessProbe` | Override default liveness probe, it overrides the default one (evaluated as a template) | `{}` | +| `defaultBackend.customReadinessProbe` | Override default readiness probe, it overrides the default one (evaluated as a template) | `{}` | +| `defaultBackend.customStartupProbe` | Override default startup probe | `{}` | +| `defaultBackend.podLabels` | Extra labels for Controller pods | `{}` | +| `defaultBackend.podAnnotations` | Annotations for Controller pods | `{}` | +| `defaultBackend.priorityClassName` | Priority class assigned to the pods | `""` | +| `defaultBackend.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `defaultBackend.terminationGracePeriodSeconds` | In seconds, time the given to the default backend pod needs to terminate gracefully | `60` | +| `defaultBackend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `defaultBackend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `defaultBackend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `defaultBackend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `defaultBackend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `defaultBackend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `defaultBackend.affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | +| `defaultBackend.nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | +| `defaultBackend.tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | +| `defaultBackend.service.type` | Service type | `ClusterIP` | +| `defaultBackend.service.ports.http` | Service port | `80` | +| `defaultBackend.service.annotations` | Annotations to add to the service | `{}` | +| `defaultBackend.pdb.create` | Enable Pod Disruption Budget configuration | `false` | +| `defaultBackend.pdb.minAvailable` | Minimum number/percentage of Default backend pods that should remain scheduled | `1` | +| `defaultBackend.pdb.maxUnavailable` | Maximum number/percentage of Default backend pods that should remain scheduled | `""` | +| `ingress.enabled` | Ingress configuration enabled | `false` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.certManager` | Add annotations for cert-manager | `false` | +| `ingress.annotations` | Annotations to be added to the web ingress. | `{}` | +| `ingress.hostname` | Hostname for the Ingress object | `contour.local` | +| `ingress.path` | The Path to Concourse | `/` | +| `ingress.rulesOverride` | Ingress rules override | `[]` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.extraPaths` | Add additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.tls` | TLS configuration. | `false` | +| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | +| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | + + +### Metrics parameters + +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------ | +| `metrics.serviceMonitor.namespace` | Specify if the servicemonitors will be deployed into a different namespace (blank deploys into same namespace as chart) | `""` | +| `metrics.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` | +| `metrics.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | +| `metrics.serviceMonitor.interval` | Specify the scrape interval if not specified use default prometheus scrapeIntervall, the Prometheus default scrape interval is used. | `""` | +| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` | +| `metrics.serviceMonitor.relabelings` | Specify general relabeling. | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.selector` | Specify honorLabels parameter to add the scrape endpoint | `{}` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | + + +### Other parameters + +| Name | Description | Value | +| ------------------- | -------------------------------------------------------------------------------------------------------------------- | ------ | +| `rbac.create` | Create the RBAC roles for API accessibility | `true` | +| `rbac.rules` | Custom RBAC rules to set | `[]` | +| `tlsExistingSecret` | Name of the existingSecret to be use in both contour and envoy. If it is not nil `contour.certgen` will be disabled. | `""` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console $ helm install my-release \ - --set envoy.readynessProbe.successThreshold=5 \ + --set envoy.readinessProbe.successThreshold=5 \ bitnami/contour ``` -The above command sets the `envoy.readynessProbe.successThreshold` to `5`. - +The above command sets the `envoy.readinessProbe.successThreshold` to `5`. ## Configuration and installation details @@ -150,7 +434,7 @@ It is strongly recommended to use immutable tags in a production environment. Th Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. -To configure [Contour](https://projectcontour.io) please look into the configuration section [Contour Configuration](https://github.com/projectcontour/contour/blob/master/site/docs/v1.2.1/configuration.md). +To configure [Contour](https://projectcontour.io) please look into the configuration section [Contour Configuration](https://projectcontour.io/docs/main/configuration/). ### Example Quickstart Contour Confiuration @@ -173,6 +457,12 @@ configInline: tls: # minimum TLS version that Contour will negotiate # minimum-protocol-version: "1.1" + # Defines the Kubernetes name/namespace matching a secret to use + # as the fallback certificate when requests which don't match the + # SNI defined for a vhost. + fallback-certificate: + # name: fallback-secret-name + # namespace: projectcontour # The following config shows the defaults for the leader election. # leaderelection: # configmap-name: leader-elect @@ -208,17 +498,180 @@ configInline: # - "upstream_service_time" # - "user_agent" # - "x_forwarded_for" + # + # default-http-versions: + # - "HTTP/2" + # - "HTTP/1.1" + # + # The following shows the default proxy timeout settings. + # timeouts: + # request-timeout: infinity + # connection-idle-timeout: 60s + # stream-idle-timeout: 5m + # max-connection-duration: infinity + # connection-shutdown-grace-period: 5s ``` ### Deploying Contour with an AWS NLB -By default, Contour is launched with a AWS Classic ELB. To launch contour backed by a NLB, please set [these settings](https://github.com/projectcontour/contour/tree/master/examples/contour#deploying-with-host-networking-enabled-for-envoy): +By default, Contour is launched with an AWS Classic ELB. To launch contour backed by a NLB, please set [these settings](https://github.com/projectcontour/contour/tree/master/examples/contour#deploying-with-host-networking-enabled-for-envoy): ```yaml envoy: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet service: annotations: service.beta.kubernetes.io/aws-load-balancer-type: nlb + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX + + containerPorts: + http: 80 + https: 80 +``` + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +Please carefully read through the guide "Upgrading Contour" at https://projectcontour.io/resources/upgrading/. + +### To 7.0.0 + +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. + +Affected values: + +- `prometheus` renamed as `metrics`. +- `serviceMonitor.labels` renamed as `serviceMonitor.selector`. +- `service.port` renamed as `service.ports.xds`. +- `service.nodePort` renamed as `service.nodePorts.xds`. +- `contour.updateStrategy` and `worker.updateStrategy` changed from String type (previously default to 'rollingUpdate') to Object type, allowing users to configure other updateStrategy parameters, similar to other charts. + +### To 6.0.0 + +This version updates the chart to use Contour's latest release, `1.19.0`. Among other features, this new version introduces support for new kinds of CRDs: `ContourConfiguration` and `ContourDeployment`. For further information on new features, please refer to the [official release notes](https://github.com/projectcontour/contour/releases/tag/v1.19.0) for this version. + +Additionally, exisiting CRDs have been syncronised with the official [Contour repository](https://github.com/projectcontour/contour/blob/main/examples/render/contour.yaml) + +**Considerations when upgrading to this version** + +If you are installing a fresh chart, you can ignore this section. + +If you are upgrading from 5.x of this Helm chart, this is a breaking change as the new CRDs will not overwrite the existing ones. Therefore, you will need to delete the CRDs and let the chart recreate them. Make sure to back up any existing CRs (`kubectl get -o yaml extensionservice,httpproxy,tlscertificatedelegation -A > backup.yaml`) unless you have other ways of recreating them. + +### To 5.2.0 + +This version bumps the Envoy container from 1.17.X to 1.19.X; this Envoy version is officially supported by Contour since 1.18.0, see https://github.com/projectcontour/contour/releases/tag/v1.18.0 + +### To 5.0.0 + +In this version it was synchronized CRD with the official [Contour repository](https://github.com/projectcontour/contour/blob/main/examples/render/contour.yaml) + +**Considerations when upgrading to this version** + +If you are installing a fresh chart, you can ignore this section. + +If you are upgrading from 4.x of this Helm chart, this is a breaking change as the new CRDs will not overwrite the existing ones. Therefore, you will need to delete the CRDs and let the chart recreate them. Make sure to back up any existing CRs (`kubectl get -o yaml extensionservice,httpproxy,tlscertificatedelegation -A > backup.yaml`) unless you have other ways of recreating them. + +### To 4.0.0 + +The 4.0 version of this chart introduces changes to handle Contour CRD upgrades. While Helm 3.x introduced the `crd` folder to place CRDs, Helm explicitly does not handle the [CRD upgrade scenario](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). + +**What changes were introduced in this major version?** + +- The `resources` directory was added that contains all the Contour CRDs, which are imported by the `templates/00-crds.yaml` manifest on installation and upgrade. +- If you do not wish for this chart to manage Contour CRDs, set the flag `contour.manageCRDs` to `false` when running Helm. + +**Considerations when upgrading to this version** + +If you are installing a fresh chart, or if you are upgrading from a 4.x version of this chart, you can ignore this section. + +If you are upgrading from 3.x of this Helm chart, this is a breaking change as the new CRDs will not overwrite the existing ones. Therefore, you will need to delete the CRDs and let the chart recreate them. Make sure to back up any existing CRs (`kubectl get -o yaml extensionservice,httpproxy,tlscertificatedelegation -A > backup.yaml`) unless you have other ways of recreating them. + +If required, back up your existing Custom Resources: + +```console +$ kubectl get -o yaml extensionservice,httpproxy,tlscertificatedelegation -A > backup.yaml +``` + +Delete the existing Contour CRDs. Note that this step will *also delete* the associated CRs and impact availability until the upgrade is complete and the backup restored: + +```console +$ kubectl delete extensionservices.projectcontour.io +$ kubectl delete httpproxies.projectcontour.io +$ kubectl delete tlscertificatedelegations.projectcontour.io +``` + +Upgrade the Contour chart with the release name `my-release`: + +```console +$ helm upgrade my-release bitnami/contour +``` + +If you made a backup earlier, restore the objects: + +```console +$ kubectl apply -f backup.yaml ``` + +### To 3.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Move dependency information from the *requirements.yaml* to the *Chart.yaml* +- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +### To 2.0.0 + +Most important changes are: + +- Using helm hooks to generate new TLS certificates for gRPC calls between Contour and Envoy. This enables us to use the same container image for the contour controller and the certgen job without upgrade issues due to JobSpec immutability. +- Rename parameter `contour.createCustomResource` to `contour.installCRDs` +- Sync CRDs with [upstream project examples](https://github.com/projectcontour/contour/tree/main/examples/contour). Please remember that helm does not touch existing CRDs. As of today, the most reliable way to update the CRDs is, to do it outside helm (Use `--skip-crds` when using helm v3 and `--set contour.installCRDs=false` when using helm v2). Read [Upgrading Contour](https://projectcontour.io/resources/upgrading/) and execute the following `kubectl` command before helm upgrade: + +```console +$ kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-{{version}}/examples/contour/01-crds.yaml +``` + +This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/examples/locked/vendor/helm-chart/charts/common/.helmignore b/examples/locked/vendor/helm-chart/charts/common/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/examples/locked/vendor/helm-chart/charts/common/Chart.yaml b/examples/locked/vendor/helm-chart/charts/common/Chart.yaml new file mode 100644 index 00000000..c8cf26e4 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.13.1 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 1.14.1 diff --git a/examples/locked/vendor/helm-chart/charts/common/README.md b/examples/locked/vendor/helm-chart/charts/common/README.md new file mode 100644 index 00000000..a98aab37 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/README.md @@ -0,0 +1,348 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 1.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | +| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|--------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_affinities.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_affinities.tpl new file mode 100644 index 00000000..189ea403 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_capabilities.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_capabilities.tpl new file mode 100644 index 00000000..9d9b7600 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_capabilities.tpl @@ -0,0 +1,154 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_errors.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_errors.tpl new file mode 100644 index 00000000..a79cc2e3 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_images.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_images.tpl new file mode 100644 index 00000000..42ffbc72 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_ingress.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_ingress.tpl new file mode 100644 index 00000000..8caf73a6 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_labels.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_labels.tpl new file mode 100644 index 00000000..252066c7 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_names.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_names.tpl new file mode 100644 index 00000000..c8574d17 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_names.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_secrets.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_secrets.tpl new file mode 100644 index 00000000..a53fb44f --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_secrets.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_storage.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_storage.tpl new file mode 100644 index 00000000..60e2a844 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_tplvalues.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_tplvalues.tpl new file mode 100644 index 00000000..2db16685 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_utils.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_utils.tpl new file mode 100644 index 00000000..ea083a24 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/_warnings.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/_warnings.tpl new file mode 100644 index 00000000..ae10fa41 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/validations/_cassandra.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 00000000..ded1ae3b --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/validations/_mariadb.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 00000000..b6906ff7 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/validations/_mongodb.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 00000000..a071ea4d --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/validations/_postgresql.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 00000000..164ec0d0 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/validations/_redis.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_redis.tpl new file mode 100644 index 00000000..5d72959b --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/templates/validations/_validations.tpl b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_validations.tpl new file mode 100644 index 00000000..9a814cf4 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/examples/locked/vendor/helm-chart/charts/common/values.yaml b/examples/locked/vendor/helm-chart/charts/common/values.yaml new file mode 100644 index 00000000..f2df68e5 --- /dev/null +++ b/examples/locked/vendor/helm-chart/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/examples/locked/vendor/helm-chart/crds/httpproxies.yaml b/examples/locked/vendor/helm-chart/crds/httpproxies.yaml deleted file mode 100644 index 7758319f..00000000 --- a/examples/locked/vendor/helm-chart/crds/httpproxies.yaml +++ /dev/null @@ -1,774 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.9 - name: httpproxies.projectcontour.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.virtualhost.fqdn - description: Fully qualified domain name - name: FQDN - type: string - - JSONPath: .spec.virtualhost.tls.secretName - description: Secret with TLS credentials - name: TLS Secret - type: string - - JSONPath: .status.currentStatus - description: The current status of the HTTPProxy - name: Status - type: string - - JSONPath: .status.description - description: Description of the current status - name: Status Description - type: string - group: projectcontour.io - names: - kind: HTTPProxy - listKind: HTTPProxyList - plural: httpproxies - shortNames: - - proxy - - proxies - singular: httpproxy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: HTTPProxy is an Ingress CRD specification - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HTTPProxySpec defines the spec of the CRD. - properties: - includes: - description: Includes allow for specific routing configuration to be - appended to another HTTPProxy in another namespace. - items: - description: Include describes a set of policies that can be applied - to an HTTPProxy in a namespace. - properties: - conditions: - description: Conditions are a set of routing properties that is - applied to an HTTPProxy in a namespace. - items: - description: Condition are policies that are applied on top - of HTTPProxies. One of Prefix or Header must be provided. - properties: - header: - description: Header specifies the header condition to match. - properties: - contains: - description: Contains specifies a substring that must - be present in the header value. - type: string - exact: - description: Exact specifies a string that the header - value must be equal to. - type: string - name: - description: Name is the name of the header to match - against. Name is required. Header names are case insensitive. - type: string - notcontains: - description: NotContains specifies a substring that - must not be present in the header value. - type: string - notexact: - description: NoExact specifies a string that the header - value must not be equal to. The condition is true - if the header has any other value. - type: string - present: - description: Present specifies that condition is true - when the named header is present, regardless of its - value. Note that setting Present to false does not - make the condition true if the named header is absent. - type: boolean - required: - - name - type: object - prefix: - description: Prefix defines a prefix match for a request. - type: string - type: object - type: array - name: - description: Name of the HTTPProxy - type: string - namespace: - description: Namespace of the HTTPProxy to include. Defaults to - the current namespace if not supplied. - type: string - required: - - name - type: object - type: array - routes: - description: Routes are the ingress routes. If TCPProxy is present, - Routes is ignored. - items: - description: Route contains the set of routes for a virtual host. - properties: - conditions: - description: Conditions are a set of routing properties that is - applied to an HTTPProxy in a namespace. - items: - description: Condition are policies that are applied on top - of HTTPProxies. One of Prefix or Header must be provided. - properties: - header: - description: Header specifies the header condition to match. - properties: - contains: - description: Contains specifies a substring that must - be present in the header value. - type: string - exact: - description: Exact specifies a string that the header - value must be equal to. - type: string - name: - description: Name is the name of the header to match - against. Name is required. Header names are case insensitive. - type: string - notcontains: - description: NotContains specifies a substring that - must not be present in the header value. - type: string - notexact: - description: NoExact specifies a string that the header - value must not be equal to. The condition is true - if the header has any other value. - type: string - present: - description: Present specifies that condition is true - when the named header is present, regardless of its - value. Note that setting Present to false does not - make the condition true if the named header is absent. - type: boolean - required: - - name - type: object - prefix: - description: Prefix defines a prefix match for a request. - type: string - type: object - type: array - enableWebsockets: - description: Enables websocket support for the route. - type: boolean - healthCheckPolicy: - description: The health check policy for this route. - properties: - healthyThresholdCount: - description: The number of healthy health checks required - before a host is marked healthy - format: int64 - minimum: 0 - type: integer - host: - description: The value of the host header in the HTTP health - check request. If left empty (default value), the name "contour-envoy-healthcheck" - will be used. - type: string - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - path: - description: HTTP endpoint used to perform health checks on - upstream service - type: string - timeoutSeconds: - description: The time to wait (seconds) for a health check - response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int64 - minimum: 0 - type: integer - required: - - path - type: object - loadBalancerPolicy: - description: The load balancing policy for this route. - properties: - strategy: - description: Strategy specifies the policy used to balance - requests across the pool of backend pods. Valid policy names - are `Random`, `RoundRobin`, `WeightedLeastRequest`, `Random` - and `Cookie`. If an unknown strategy name is specified or - no policy is supplied, the default `RoundRobin` policy is - used. - type: string - type: object - pathRewritePolicy: - description: The policy for rewriting the path of the request - URL after the request has been routed to a Service. - properties: - replacePrefix: - description: ReplacePrefix describes how the path prefix should - be replaced. - items: - description: ReplacePrefix describes a path prefix replacement. - properties: - prefix: - description: "Prefix specifies the URL path prefix to - be replaced. \n If Prefix is specified, it must exactly - match the Condition prefix that is rendered by the - chain of including HTTPProxies and only that path - prefix will be replaced by Replacement. This allows - HTTPProxies that are included through multiple roots - to only replace specific path prefixes, leaving others - unmodified. \n If Prefix is not specified, all routing - prefixes rendered by the include chain will be replaced." - minLength: 1 - type: string - replacement: - description: Replacement is the string that the routing - path prefix will be replaced with. This must not be - empty. - minLength: 1 - type: string - required: - - replacement - type: object - type: array - type: object - permitInsecure: - description: Allow this path to respond to insecure requests over - HTTP which are normally not permitted when a `virtualhost.tls` - block is present. - type: boolean - requestHeadersPolicy: - description: The policy for managing request headers during proxying - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values that - will be set in the HTTP header. If the header does not exist - it will be added, otherwise it will be overwritten with - the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - responseHeadersPolicy: - description: The policy for managing response headers during proxying - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values that - will be set in the HTTP header. If the header does not exist - it will be added, otherwise it will be overwritten with - the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - retryPolicy: - description: The retry policy for this route. - properties: - count: - description: NumRetries is maximum allowed number of retries. - If not supplied, the number of retries is one. - format: int64 - minimum: 0 - type: integer - perTryTimeout: - description: PerTryTimeout specifies the timeout per retry - attempt. Ignored if NumRetries is not supplied. - type: string - type: object - services: - description: Services are the services to proxy traffic. - items: - description: Service defines an Kubernetes Service to proxy - traffic. - properties: - mirror: - description: If Mirror is true the Service will receive - a read only mirror of the traffic for this route. - type: boolean - name: - description: Name is the name of Kubernetes service to proxy - traffic. Names defined here will be used to look up corresponding - endpoints which contain the ips to route. - type: string - port: - description: Port (defined as Integer) to proxy traffic - to since a service can have multiple defined. - type: integer - protocol: - description: Protocol may be used to specify (or override) - the protocol used to reach this Service. Values may be - tls, h2, h2c. If omitted, protocol-selection falls back - on Service annotations. - enum: - - h2 - - h2c - - tls - type: string - requestHeadersPolicy: - description: The policy for managing request headers during - proxying - properties: - remove: - description: Remove specifies a list of HTTP header - names to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header - does not exist it will be added, otherwise it will - be overwritten with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - responseHeadersPolicy: - description: The policy for managing response headers during - proxying - properties: - remove: - description: Remove specifies a list of HTTP header - names to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header - does not exist it will be added, otherwise it will - be overwritten with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - validation: - description: UpstreamValidation defines how to verify the - backend service's certificate - properties: - caSecret: - description: Name of the Kubernetes secret be used to - validate the certificate presented by the backend - type: string - subjectName: - description: Key which is expected to be present in - the 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - minItems: 1 - type: array - timeoutPolicy: - description: The timeout policy for this route. - properties: - idle: - description: Timeout after which, if there are no active requests - for this route, the connection between Envoy and the backend - or Envoy and the external client will be closed. If not - specified, there is no per-route idle timeout. - type: string - response: - description: Timeout for receiving a response from the server - after processing a request from client. If not supplied, - the timeout duration is undefined. - type: string - type: object - required: - - services - type: object - type: array - tcpproxy: - description: TCPProxy holds TCP proxy information. - properties: - healthCheckPolicy: - description: The health check policy for this tcp proxy - properties: - healthyThresholdCount: - description: The number of healthy health checks required before - a host is marked healthy - format: int32 - type: integer - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - timeoutSeconds: - description: The time to wait (seconds) for a health check response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int32 - type: integer - type: object - include: - description: Include specifies that this tcpproxy should be delegated - to another HTTPProxy. - properties: - name: - description: Name of the child HTTPProxy - type: string - namespace: - description: Namespace of the HTTPProxy to include. Defaults - to the current namespace if not supplied. - type: string - required: - - name - type: object - includes: - description: "IncludesDeprecated allow for specific routing configuration - to be appended to another HTTPProxy in another namespace. \n Exists - due to a mistake when developing HTTPProxy and the field was marked - plural when it should have been singular. This field should stay - to not break backwards compatibility to v1 users." - properties: - name: - description: Name of the child HTTPProxy - type: string - namespace: - description: Namespace of the HTTPProxy to include. Defaults - to the current namespace if not supplied. - type: string - required: - - name - type: object - loadBalancerPolicy: - description: The load balancing policy for the backend services. - properties: - strategy: - description: Strategy specifies the policy used to balance requests - across the pool of backend pods. Valid policy names are `Random`, - `RoundRobin`, `WeightedLeastRequest`, `Random` and `Cookie`. - If an unknown strategy name is specified or no policy is supplied, - the default `RoundRobin` policy is used. - type: string - type: object - services: - description: Services are the services to proxy traffic - items: - description: Service defines an Kubernetes Service to proxy traffic. - properties: - mirror: - description: If Mirror is true the Service will receive a - read only mirror of the traffic for this route. - type: boolean - name: - description: Name is the name of Kubernetes service to proxy - traffic. Names defined here will be used to look up corresponding - endpoints which contain the ips to route. - type: string - port: - description: Port (defined as Integer) to proxy traffic to - since a service can have multiple defined. - type: integer - protocol: - description: Protocol may be used to specify (or override) - the protocol used to reach this Service. Values may be tls, - h2, h2c. If omitted, protocol-selection falls back on Service - annotations. - enum: - - h2 - - h2c - - tls - type: string - requestHeadersPolicy: - description: The policy for managing request headers during - proxying - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header does - not exist it will be added, otherwise it will be overwritten - with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - responseHeadersPolicy: - description: The policy for managing response headers during - proxying - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header does - not exist it will be added, otherwise it will be overwritten - with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - validation: - description: UpstreamValidation defines how to verify the - backend service's certificate - properties: - caSecret: - description: Name of the Kubernetes secret be used to - validate the certificate presented by the backend - type: string - subjectName: - description: Key which is expected to be present in the - 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - minItems: 1 - type: array - required: - - services - type: object - virtualhost: - description: Virtualhost appears at most once. If it is present, the - object is considered to be a "root". - properties: - fqdn: - description: The fully qualified domain name of the root of the - ingress tree all leaves of the DAG rooted at this object relate - to the fqdn - type: string - tls: - description: If present describes tls properties. The SNI names - that will be matched on are described in fqdn, the tls.secretName - secret must contain a matching certificate - properties: - clientValidation: - description: "ClientValidation defines how to verify the client - certificate when an external client establishes a TLS connection - to Envoy. \n This setting: \n 1. Enables TLS client certificate - validation. 2. Requires clients to present a TLS certificate - (i.e. not optional validation). 3. Specifies how the client - certificate will be validated." - properties: - caSecret: - description: Name of a Kubernetes secret that contains a - CA certificate bundle. The client certificate must validate - against the certificates in the bundle. - minLength: 1 - type: string - required: - - caSecret - type: object - enableFallbackCertificate: - description: EnableFallbackCertificate defines if the vhost - should allow a default certificate to be applied which handles - all requests which don't match the SNI defined in this vhost. - type: boolean - minimumProtocolVersion: - description: Minimum TLS version this vhost should negotiate - type: string - passthrough: - description: If Passthrough is set to true, the SecretName will - be ignored and the encrypted handshake will be passed through - to the backing cluster. - type: boolean - secretName: - description: required, the name of a secret in the current namespace - type: string - type: object - required: - - fqdn - type: object - type: object - status: - description: Status reports the current state of the HTTPProxy. - properties: - currentStatus: - type: string - description: - type: string - loadBalancer: - description: LoadBalancer contains the current status of the load balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a load-balancer - ingress point: traffic intended for the service should be sent - to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points that - are IP based (typically GCE or OpenStack load-balancers) - type: string - type: object - type: array - type: object - type: object - required: - - metadata - - spec - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/examples/locked/vendor/helm-chart/crds/ingressroutes.yaml b/examples/locked/vendor/helm-chart/crds/ingressroutes.yaml deleted file mode 100644 index e227b3a9..00000000 --- a/examples/locked/vendor/helm-chart/crds/ingressroutes.yaml +++ /dev/null @@ -1,373 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.9 - name: ingressroutes.contour.heptio.com -spec: - additionalPrinterColumns: - - JSONPath: .spec.virtualhost.fqdn - description: Fully qualified domain name - name: FQDN - type: string - - JSONPath: .spec.virtualhost.tls.secretName - description: Secret with TLS credentials - name: TLS Secret - type: string - - JSONPath: .spec.routes[0].match - description: First routes defined - name: First route - type: string - - JSONPath: .status.currentStatus - description: The current status of the HTTPProxy - name: Status - type: string - - JSONPath: .status.description - description: Description of the current status - name: Status Description - type: string - group: contour.heptio.com - names: - kind: IngressRoute - listKind: IngressRouteList - plural: ingressroutes - singular: ingressroute - scope: Namespaced - subresources: {} - validation: - openAPIV3Schema: - description: IngressRoute is an Ingress CRD specificiation - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressRouteSpec defines the spec of the CRD - properties: - routes: - description: Routes are the ingress routes. If TCPProxy is present, - Routes is ignored. - items: - description: Route contains the set of routes for a virtual host - properties: - delegate: - description: Delegate specifies that this route should be delegated - to another IngressRoute - properties: - name: - description: Name of the IngressRoute - type: string - namespace: - description: Namespace of the IngressRoute. Defaults to the - current namespace if not supplied. - type: string - required: - - name - type: object - enableWebsockets: - description: Enables websocket support for the route - type: boolean - match: - description: Match defines the prefix match - type: string - permitInsecure: - description: Allow this path to respond to insecure requests over - HTTP which are normally not permitted when a `virtualhost.tls` - block is present. - type: boolean - prefixRewrite: - description: Indicates that during forwarding, the matched prefix - (or path) should be swapped with this value - type: string - retryPolicy: - description: The retry policy for this route - properties: - count: - description: NumRetries is maximum allowed number of retries. - If not supplied, the number of retries is one. - format: int64 - minimum: 0 - type: integer - perTryTimeout: - description: PerTryTimeout specifies the timeout per retry - attempt. Ignored if NumRetries is not supplied. - type: string - type: object - services: - description: Services are the services to proxy traffic - items: - description: Service defines an upstream to proxy traffic to - properties: - healthCheck: - description: HealthCheck defines optional healthchecks on - the upstream service - properties: - healthyThresholdCount: - description: The number of healthy health checks required - before a host is marked healthy - format: int64 - minimum: 0 - type: integer - host: - description: The value of the host header in the HTTP - health check request. If left empty (default value), - the name "contour-envoy-healthcheck" will be used. - type: string - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - path: - description: HTTP endpoint used to perform health checks - on upstream service - type: string - timeoutSeconds: - description: The time to wait (seconds) for a health - check response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int64 - minimum: 0 - type: integer - required: - - path - type: object - name: - description: Name is the name of Kubernetes service to proxy - traffic. Names defined here will be used to look up corresponding - endpoints which contain the ips to route. - type: string - port: - description: Port (defined as Integer) to proxy traffic - to since a service can have multiple defined - type: integer - strategy: - description: LB Algorithm to apply (see https://github.com/projectcontour/contour/blob/master/design/ingressroute-design.md#load-balancing) - type: string - validation: - description: UpstreamValidation defines how to verify the - backend service's certificate - properties: - caSecret: - description: Name of the Kubernetes secret be used to - validate the certificate presented by the backend - type: string - subjectName: - description: Key which is expected to be present in - the 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - type: array - timeoutPolicy: - description: The timeout policy for this route - properties: - request: - description: Timeout for receiving a response from the server - after processing a request from client. If not supplied - the timeout duration is undefined. - type: string - type: object - required: - - match - type: object - type: array - tcpproxy: - description: TCPProxy holds TCP proxy information. - properties: - delegate: - description: Delegate specifies that this tcpproxy should be delegated - to another IngressRoute - properties: - name: - description: Name of the IngressRoute - type: string - namespace: - description: Namespace of the IngressRoute. Defaults to the - current namespace if not supplied. - type: string - required: - - name - type: object - services: - description: Services are the services to proxy traffic - items: - description: Service defines an upstream to proxy traffic to - properties: - healthCheck: - description: HealthCheck defines optional healthchecks on - the upstream service - properties: - healthyThresholdCount: - description: The number of healthy health checks required - before a host is marked healthy - format: int64 - minimum: 0 - type: integer - host: - description: The value of the host header in the HTTP - health check request. If left empty (default value), - the name "contour-envoy-healthcheck" will be used. - type: string - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - path: - description: HTTP endpoint used to perform health checks - on upstream service - type: string - timeoutSeconds: - description: The time to wait (seconds) for a health check - response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int64 - minimum: 0 - type: integer - required: - - path - type: object - name: - description: Name is the name of Kubernetes service to proxy - traffic. Names defined here will be used to look up corresponding - endpoints which contain the ips to route. - type: string - port: - description: Port (defined as Integer) to proxy traffic to - since a service can have multiple defined - type: integer - strategy: - description: LB Algorithm to apply (see https://github.com/projectcontour/contour/blob/master/design/ingressroute-design.md#load-balancing) - type: string - validation: - description: UpstreamValidation defines how to verify the - backend service's certificate - properties: - caSecret: - description: Name of the Kubernetes secret be used to - validate the certificate presented by the backend - type: string - subjectName: - description: Key which is expected to be present in the - 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - type: array - type: object - virtualhost: - description: Virtualhost appears at most once. If it is present, the - object is considered to be a "root". - properties: - fqdn: - description: The fully qualified domain name of the root of the - ingress tree all leaves of the DAG rooted at this object relate - to the fqdn - type: string - tls: - description: If present describes tls properties. The SNI names - that will be matched on are described in fqdn, the tls.secretName - secret must contain a matching certificate - properties: - minimumProtocolVersion: - description: Minimum TLS version this vhost should negotiate - type: string - passthrough: - description: If Passthrough is set to true, the SecretName will - be ignored and the encrypted handshake will be passed through - to the backing cluster. - type: boolean - secretName: - description: required, the name of a secret in the current namespace - type: string - type: object - required: - - fqdn - type: object - type: object - status: - description: Status reports the current state of the HTTPProxy. - properties: - currentStatus: - type: string - description: - type: string - loadBalancer: - description: LoadBalancer contains the current status of the load balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a load-balancer - ingress point: traffic intended for the service should be sent - to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points that - are IP based (typically GCE or OpenStack load-balancers) - type: string - type: object - type: array - type: object - type: object - required: - - metadata - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/examples/locked/vendor/helm-chart/crds/tlscertificatedeligations.yaml b/examples/locked/vendor/helm-chart/crds/tlscertificatedeligations.yaml deleted file mode 100644 index 91508e72..00000000 --- a/examples/locked/vendor/helm-chart/crds/tlscertificatedeligations.yaml +++ /dev/null @@ -1,152 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.9 - name: tlscertificatedelegations.contour.heptio.com -spec: - group: contour.heptio.com - names: - kind: TLSCertificateDelegation - listKind: TLSCertificateDelegationList - plural: tlscertificatedelegations - singular: tlscertificatedelegation - scope: Namespaced - validation: - openAPIV3Schema: - description: TLSCertificateDelegation is an TLS Certificate Delegation CRD specificiation. - See design/tls-certificate-delegation.md for details. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSCertificateDelegationSpec defines the spec of the CRD - properties: - delegations: - items: - description: CertificateDelegation maps the authority to reference - a secret in the current namespace to a set of namespaces. - properties: - secretName: - description: required, the name of a secret in the current namespace. - type: string - targetNamespaces: - description: required, the namespaces the authority to reference - the the secret will be delegated to. If TargetNamespaces is - nil or empty, the CertificateDelegation' is ignored. If the - TargetNamespace list contains the character, "*" the secret - will be delegated to all namespaces. - items: - type: string - type: array - required: - - secretName - - targetNamespaces - type: object - type: array - required: - - delegations - type: object - required: - - metadata - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.9 - name: tlscertificatedelegations.projectcontour.io -spec: - group: projectcontour.io - names: - kind: TLSCertificateDelegation - listKind: TLSCertificateDelegationList - plural: tlscertificatedelegations - shortNames: - - tlscerts - singular: tlscertificatedelegation - scope: Namespaced - validation: - openAPIV3Schema: - description: TLSCertificateDelegation is an TLS Certificate Delegation CRD specificiation. - See design/tls-certificate-delegation.md for details. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSCertificateDelegationSpec defines the spec of the CRD - properties: - delegations: - items: - description: CertificateDelegation maps the authority to reference - a secret in the current namespace to a set of namespaces. - properties: - secretName: - description: required, the name of a secret in the current namespace. - type: string - targetNamespaces: - description: required, the namespaces the authority to reference - the the secret will be delegated to. If TargetNamespaces is - nil or empty, the CertificateDelegation' is ignored. If the - TargetNamespace list contains the character, "*" the secret - will be delegated to all namespaces. - items: - type: string - type: array - required: - - secretName - - targetNamespaces - type: object - type: array - required: - - delegations - type: object - required: - - metadata - - spec - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/examples/locked/vendor/helm-chart/resources/contourconfiguration.yaml b/examples/locked/vendor/helm-chart/resources/contourconfiguration.yaml new file mode 100644 index 00000000..8a62b53b --- /dev/null +++ b/examples/locked/vendor/helm-chart/resources/contourconfiguration.yaml @@ -0,0 +1,913 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + name: contourconfigurations.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: ContourConfiguration + listKind: ContourConfigurationList + plural: contourconfigurations + shortNames: + - contourconfig + singular: contourconfiguration + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContourConfiguration is the schema for a Contour instance. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ContourConfigurationSpec represents a configuration of a + Contour controller. It contains most of all the options that can be + customized, the other remaining options being command line flags. + properties: + debug: + default: + kubernetesLogLevel: 0 + logLevel: info + description: Debug contains parameters to enable debug logging and + debug interfaces inside Contour. + properties: + address: + description: Defines the Contour debug address interface. + type: string + kubernetesLogLevel: + default: 0 + description: "KubernetesDebugLogLevel defines the log level which + Contour will use when outputting Kubernetes specific log information. + \n Details: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md" + maximum: 9 + minimum: 0 + type: integer + logLevel: + description: DebugLogLevel defines the log level which Contour + will use when outputting log information. + enum: + - info + - debug + type: string + port: + description: Defines the Contour debug address port. + type: integer + required: + - logLevel + type: object + enableExternalNameService: + default: false + description: EnableExternalNameService allows processing of ExternalNameServices + Defaults to disabled for security reasons. + type: boolean + envoy: + default: + cluster: + dnsLookupFamily: auto + defaultHTTPVersions: + - HTTP/1.1 + - HTTP/2 + health: + address: 0.0.0.0 + port: 8002 + http: + accessLog: /dev/stdout + address: 0.0.0.0 + port: 8080 + https: + accessLog: /dev/stdout + address: 0.0.0.0 + port: 8443 + listener: + connectionBalancer: "" + disableAllowChunkedLength: false + tls: + cipherSuites: + - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' + - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + minimumProtocolVersion: "1.2" + useProxyProtocol: false + logging: + accessLogFormat: envoy + metrics: + address: 0.0.0.0 + port: 8002 + network: + adminPort: 9001 + service: + name: envoy + namespace: projectcontour + description: Envoy contains parameters for Envoy as well as how to + optionally configure a managed Envoy fleet. + properties: + clientCertificate: + description: ClientCertificate defines the namespace/name of the + Kubernetes secret containing the client certificate and private + key to be used when establishing TLS connection to upstream + cluster. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + cluster: + description: Cluster holds various configurable Envoy cluster + values that can be set in the config file. + properties: + dnsLookupFamily: + default: auto + description: "DNSLookupFamily defines how external names are + looked up When configured as V4, the DNS resolver will only + perform a lookup for addresses in the IPv4 family. If V6 + is configured, the DNS resolver will only perform a lookup + for addresses in the IPv6 family. If AUTO is configured, + the DNS resolver will first perform a lookup for addresses + in the IPv6 family and fallback to a lookup for addresses + in the IPv4 family. Note: This only applies to externalName + clusters. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily + for more information." + enum: + - auto + - v4 + - v6 + type: string + required: + - dnsLookupFamily + type: object + defaultHTTPVersions: + description: DefaultHTTPVersions defines the default set of HTTPS + versions the proxy should accept. HTTP versions are strings + of the form "HTTP/xx". Supported versions are "HTTP/1.1" and + "HTTP/2". + items: + description: HTTPVersionType is the name of a supported HTTP + version. + enum: + - HTTP/1.1 + - HTTP/2 + type: string + type: array + health: + default: + address: 0.0.0.0 + port: 8002 + description: Health defines the endpoint Envoy uses to serve health + checks. + properties: + address: + description: Defines the health address interface. + minLength: 1 + type: string + port: + description: Defines the health port. + type: integer + required: + - address + - port + type: object + http: + default: + accessLog: /dev/stdout + address: 0.0.0.0 + port: 8080 + description: Defines the HTTP Listener for Envoy. + properties: + accessLog: + description: AccessLog defines where Envoy logs are outputted + for this listener. + type: string + address: + description: Defines an Envoy Listener Address. + minLength: 1 + type: string + port: + description: Defines an Envoy listener Port. + type: integer + required: + - accessLog + - address + - port + type: object + https: + default: + accessLog: /dev/stdout + address: 0.0.0.0 + port: 8443 + description: Defines the HTTP Listener for Envoy. + properties: + accessLog: + description: AccessLog defines where Envoy logs are outputted + for this listener. + type: string + address: + description: Defines an Envoy Listener Address. + minLength: 1 + type: string + port: + description: Defines an Envoy listener Port. + type: integer + required: + - accessLog + - address + - port + type: object + listener: + description: Listener hold various configurable Envoy listener + values. + properties: + connectionBalancer: + description: ConnectionBalancer. If the value is exact, the + listener will use the exact connection balancer See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig + for more information. + enum: + - "" + - exact + type: string + disableAllowChunkedLength: + description: 'DisableAllowChunkedLength disables the RFC-compliant + Envoy behavior to strip the "Content-Length" header if "Transfer-Encoding: + chunked" is also set. This is an emergency off-switch to + revert back to Envoy''s default behavior in case of failures. + Please file an issue if failures are encountered. See: https://github.com/projectcontour/contour/issues/3221' + type: boolean + tls: + description: TLS holds various configurable Envoy TLS listener + values. + properties: + cipherSuites: + description: "CipherSuites defines the TLS ciphers to + be supported by Envoy TLS listeners when negotiating + TLS 1.2. Ciphers are validated against the set that + Envoy supports by default. This parameter should only + be used by advanced users. Note that these will be ignored + when TLS 1.3 is in use. \n See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters + Note: This list is a superset of what is valid for stock + Envoy builds and those using BoringSSL FIPS." + items: + enum: + - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' + - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - AES128-GCM-SHA256 + - AES128-SHA + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - AES256-GCM-SHA384 + - AES256-SHA + type: string + type: array + minimumProtocolVersion: + description: MinimumProtocolVersion is the minimum TLS + version this vhost should negotiate. Valid options are + `1.2` (default) and `1.3`. + enum: + - "1.2" + - "1.3" + type: string + required: + - cipherSuites + - minimumProtocolVersion + type: object + useProxyProtocol: + description: Use PROXY protocol for all listeners. + type: boolean + required: + - connectionBalancer + - disableAllowChunkedLength + - tls + - useProxyProtocol + type: object + logging: + description: Logging defines how Envoy's logs can be configured. + properties: + accessLogFormat: + description: AccessLogFormat sets the global access log format. + Valid options are 'envoy' or 'json' + enum: + - envoy + - json + type: string + accessLogFormatString: + description: AccessLogFormatString sets the access log format + when format is set to `envoy`. When empty, Envoy's default + format is used. + type: string + jsonFields: + description: AccessLogFields sets the fields that JSON logging + will output when AccessLogFormat is json. + items: + type: string + type: array + required: + - accessLogFormat + type: object + metrics: + default: + address: 0.0.0.0 + port: 8002 + description: Metrics defines the endpoint Envoy uses to serve + metrics. + properties: + address: + description: Defines the metrics address interface. + maxLength: 253 + minLength: 1 + type: string + port: + description: Defines the metrics port. + type: integer + tls: + description: TLS holds TLS file config details. Metrics and + health endpoints cannot have same port number when metrics + is served over HTTPS. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + keyFile: + description: Client key filename. + type: string + type: object + required: + - address + - port + type: object + network: + description: Network holds various configurable Envoy network + values. + properties: + adminPort: + default: 9001 + description: Configure the port used to access the Envoy Admin + interface. If configured to port "0" then the admin interface + is disabled. + type: integer + numTrustedHops: + description: "XffNumTrustedHops defines the number of additional + ingress proxy hops from the right side of the x-forwarded-for + HTTP header to trust when determining the origin client’s + IP address. \n See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops + for more information." + format: int32 + type: integer + required: + - adminPort + type: object + service: + default: + name: envoy + namespace: projectcontour + description: Service holds Envoy service parameters for setting + Ingress status. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + timeouts: + description: Timeouts holds various configurable timeouts that + can be set in the config file. + properties: + connectionIdleTimeout: + description: "ConnectionIdleTimeout defines how long the proxy + should wait while there are no active requests (for HTTP/1.1) + or streams (for HTTP/2) before terminating an HTTP connection. + Set to \"infinity\" to disable the timeout entirely. \n + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout + for more information." + type: string + connectionShutdownGracePeriod: + description: "ConnectionShutdownGracePeriod defines how long + the proxy will wait between sending an initial GOAWAY frame + and a second, final GOAWAY frame when terminating an HTTP/2 + connection. During this grace period, the proxy will continue + to respond to new streams. After the final GOAWAY frame + has been sent, the proxy will refuse new streams. \n See + https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout + for more information." + type: string + delayedCloseTimeout: + description: "DelayedCloseTimeout defines how long envoy will + wait, once connection close processing has been initiated, + for the downstream peer to close the connection before Envoy + closes the socket associated with the connection. \n Setting + this timeout to 'infinity' will disable it, equivalent to + setting it to '0' in Envoy. Leaving it unset will result + in the Envoy default value being used. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout + for more information." + type: string + maxConnectionDuration: + description: "MaxConnectionDuration defines the maximum period + of time after an HTTP connection has been established from + the client to the proxy before it is closed by the proxy, + regardless of whether there has been activity or not. Omit + or set to \"infinity\" for no max duration. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration + for more information." + type: string + requestTimeout: + description: "RequestTimeout sets the client request timeout + globally for Contour. Note that this is a timeout for the + entire request, not an idle timeout. Omit or set to \"infinity\" + to disable the timeout entirely. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout + for more information." + type: string + streamIdleTimeout: + description: "StreamIdleTimeout defines how long the proxy + should wait while there is no request activity (for HTTP/1.1) + or stream activity (for HTTP/2) before terminating the HTTP + request or stream. Set to \"infinity\" to disable the timeout + entirely. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout + for more information." + type: string + type: object + required: + - cluster + - defaultHTTPVersions + - http + - https + - listener + - logging + - metrics + - network + - service + type: object + gateway: + description: Gateway contains parameters for the gateway-api Gateway + that Contour is configured to serve traffic. + properties: + controllerName: + default: projectcontour.io/projectcontour/contour + description: ControllerName is used to determine whether Contour + should reconcile a GatewayClass. The string takes the form of + "projectcontour.io//contour". If unset, the gatewayclass + controller will not be started. + type: string + required: + - controllerName + type: object + health: + default: + address: 0.0.0.0 + port: 8000 + description: Health defines the endpoints Contour uses to serve health + checks. + properties: + address: + description: Defines the health address interface. + minLength: 1 + type: string + port: + description: Defines the health port. + type: integer + required: + - address + - port + type: object + httpproxy: + default: + disablePermitInsecure: false + description: HTTPProxy defines parameters on HTTPProxy. + properties: + disablePermitInsecure: + description: DisablePermitInsecure disables the use of the permitInsecure + field in HTTPProxy. + type: boolean + fallbackCertificate: + description: FallbackCertificate defines the namespace/name of + the Kubernetes secret to use as fallback when a non-SNI request + is received. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + rootNamespaces: + description: Restrict Contour to searching these namespaces for + root ingress routes. + items: + type: string + type: array + required: + - disablePermitInsecure + type: object + ingress: + description: Ingress contains parameters for ingress options. + properties: + className: + description: Ingress Class Name Contour should use. + type: string + statusAddress: + description: Address to set in Ingress object status. + type: string + type: object + metrics: + default: + address: 0.0.0.0 + port: 8000 + description: Metrics defines the endpoint Contour uses to serve metrics. + properties: + address: + description: Defines the metrics address interface. + maxLength: 253 + minLength: 1 + type: string + port: + description: Defines the metrics port. + type: integer + tls: + description: TLS holds TLS file config details. Metrics and health + endpoints cannot have same port number when metrics is served + over HTTPS. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + keyFile: + description: Client key filename. + type: string + type: object + required: + - address + - port + type: object + policy: + description: Policy specifies default policy applied if not overridden + by the user + properties: + applyToIngress: + description: ApplyToIngress determines if the Policies will apply + to ingress objects + type: boolean + requestHeaders: + description: RequestHeadersPolicy defines the request headers + set/removed on all routes + properties: + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + responseHeaders: + description: ResponseHeadersPolicy defines the response headers + set/removed on all routes + properties: + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + rateLimitService: + description: RateLimitService optionally holds properties of the Rate + Limit Service to be used for global rate limiting. + properties: + domain: + description: Domain is passed to the Rate Limit Service. + type: string + enableXRateLimitHeaders: + description: "EnableXRateLimitHeaders defines whether to include + the X-RateLimit headers X-RateLimit-Limit, X-RateLimit-Remaining, + and X-RateLimit-Reset (as defined by the IETF Internet-Draft + linked below), on responses to clients when the Rate Limit Service + is consulted for a request. \n ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html" + type: boolean + extensionService: + description: ExtensionService identifies the extension service + defining the RLS. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + failOpen: + description: FailOpen defines whether to allow requests to proceed + when the Rate Limit Service fails to respond with a valid rate + limit decision within the timeout defined on the extension service. + type: boolean + required: + - domain + - enableXRateLimitHeaders + - failOpen + type: object + xdsServer: + default: + address: 0.0.0.0 + port: 8001 + tls: + caFile: /certs/ca.crt + certFile: /certs/tls.crt + insecure: false + keyFile: /certs/tls.key + type: contour + description: XDSServer contains parameters for the xDS server. + properties: + address: + description: Defines the xDS gRPC API address which Contour will + serve. + minLength: 1 + type: string + port: + description: Defines the xDS gRPC API port which Contour will + serve. + type: integer + tls: + description: TLS holds TLS file config details. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + insecure: + description: Allow serving the xDS gRPC API without TLS. + type: boolean + keyFile: + description: Client key filename. + type: string + required: + - insecure + type: object + type: + description: Defines the XDSServer to use for `contour serve`. + enum: + - contour + - envoy + type: string + required: + - address + - port + - type + type: object + type: object + status: + description: ContourConfigurationStatus defines the observed state of + a ContourConfiguration resource. + properties: + conditions: + description: "Conditions contains the current status of the Contour + resource. \n Contour will update a single condition, `Valid`, that + is in normal-true polarity. \n Contour will not modify any other + Conditions set in this block, in case some other controller wants + to add a Condition." + items: + description: "DetailedCondition is an extension of the normal Kubernetes + conditions, with two extra fields to hold sub-conditions, which + provide more detailed reasons for the state (True or False) of + the condition. \n `errors` holds information about sub-conditions + which are fatal to that condition and render its state False. + \n `warnings` holds information about sub-conditions which are + not fatal to that condition and do not force the state to be False. + \n Remember that Conditions have a type, a status, and a reason. + \n The type is the type of the condition, the most important one + in this CRD set is `Valid`. `Valid` is a positive-polarity condition: + when it is `status: true` there are no problems. \n In more detail, + `status: true` means that the object is has been ingested into + Contour with no errors. `warnings` may still be present, and will + be indicated in the Reason field. There must be zero entries in + the `errors` slice in this case. \n `Valid`, `status: false` means + that the object has had one or more fatal errors during processing + into Contour. The details of the errors will be present under + the `errors` field. There must be at least one error in the `errors` + slice if `status` is `false`. \n For DetailedConditions of types + other than `Valid`, the Condition must be in the negative polarity. + When they have `status` `true`, there is an error. There must + be at least one entry in the `errors` Subcondition slice. When + they have `status` `false`, there are no serious errors, and there + must be zero entries in the `errors` slice. In either case, there + may be entries in the `warnings` slice. \n Regardless of the polarity, + the `reason` and `message` fields must be updated with either + the detail of the reason (if there is one and only one entry in + total across both the `errors` and `warnings` slices), or `MultipleReasons` + if there is more than one entry." + properties: + errors: + description: "Errors contains a slice of relevant error subconditions + for this object. \n Subconditions are expected to appear when + relevant (when there is a error), and disappear when not relevant. + An empty slice here indicates no errors." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + warnings: + description: "Warnings contains a slice of relevant warning + subconditions for this object. \n Subconditions are expected + to appear when relevant (when there is a warning), and disappear + when not relevant. An empty slice here indicates no warnings." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/examples/locked/vendor/helm-chart/resources/contourdeployments.yaml b/examples/locked/vendor/helm-chart/resources/contourdeployments.yaml new file mode 100644 index 00000000..aac931bc --- /dev/null +++ b/examples/locked/vendor/helm-chart/resources/contourdeployments.yaml @@ -0,0 +1,933 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: contourdeployments.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: ContourDeployment + listKind: ContourDeploymentList + plural: contourdeployments + shortNames: + - contourdeploy + singular: contourdeployment + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContourDeployment is the schema for a Contour Deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ContourDeploymentSpec defines the parameters of how a Contour + instance should be configured. + properties: + config: + description: Config is the config that the instances of Contour are + to utilize. + properties: + debug: + default: + kubernetesLogLevel: 0 + logLevel: info + description: Debug contains parameters to enable debug logging + and debug interfaces inside Contour. + properties: + address: + description: Defines the Contour debug address interface. + type: string + kubernetesLogLevel: + default: 0 + description: "KubernetesDebugLogLevel defines the log level + which Contour will use when outputting Kubernetes specific + log information. \n Details: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md" + maximum: 9 + minimum: 0 + type: integer + logLevel: + description: DebugLogLevel defines the log level which Contour + will use when outputting log information. + enum: + - info + - debug + type: string + port: + description: Defines the Contour debug address port. + type: integer + required: + - logLevel + type: object + enableExternalNameService: + default: false + description: EnableExternalNameService allows processing of ExternalNameServices + Defaults to disabled for security reasons. + type: boolean + envoy: + default: + cluster: + dnsLookupFamily: auto + defaultHTTPVersions: + - HTTP/1.1 + - HTTP/2 + health: + address: 0.0.0.0 + port: 8002 + http: + accessLog: /dev/stdout + address: 0.0.0.0 + port: 8080 + https: + accessLog: /dev/stdout + address: 0.0.0.0 + port: 8443 + listener: + connectionBalancer: "" + disableAllowChunkedLength: false + tls: + cipherSuites: + - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' + - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + minimumProtocolVersion: "1.2" + useProxyProtocol: false + logging: + accessLogFormat: envoy + metrics: + address: 0.0.0.0 + port: 8002 + network: + adminPort: 9001 + service: + name: envoy + namespace: projectcontour + description: Envoy contains parameters for Envoy as well as how + to optionally configure a managed Envoy fleet. + properties: + clientCertificate: + description: ClientCertificate defines the namespace/name + of the Kubernetes secret containing the client certificate + and private key to be used when establishing TLS connection + to upstream cluster. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + cluster: + description: Cluster holds various configurable Envoy cluster + values that can be set in the config file. + properties: + dnsLookupFamily: + default: auto + description: "DNSLookupFamily defines how external names + are looked up When configured as V4, the DNS resolver + will only perform a lookup for addresses in the IPv4 + family. If V6 is configured, the DNS resolver will only + perform a lookup for addresses in the IPv6 family. If + AUTO is configured, the DNS resolver will first perform + a lookup for addresses in the IPv6 family and fallback + to a lookup for addresses in the IPv4 family. Note: + This only applies to externalName clusters. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily + for more information." + enum: + - auto + - v4 + - v6 + type: string + required: + - dnsLookupFamily + type: object + defaultHTTPVersions: + description: DefaultHTTPVersions defines the default set of + HTTPS versions the proxy should accept. HTTP versions are + strings of the form "HTTP/xx". Supported versions are "HTTP/1.1" + and "HTTP/2". + items: + description: HTTPVersionType is the name of a supported + HTTP version. + enum: + - HTTP/1.1 + - HTTP/2 + type: string + type: array + health: + default: + address: 0.0.0.0 + port: 8002 + description: Health defines the endpoint Envoy uses to serve + health checks. + properties: + address: + description: Defines the health address interface. + minLength: 1 + type: string + port: + description: Defines the health port. + type: integer + required: + - address + - port + type: object + http: + default: + accessLog: /dev/stdout + address: 0.0.0.0 + port: 8080 + description: Defines the HTTP Listener for Envoy. + properties: + accessLog: + description: AccessLog defines where Envoy logs are outputted + for this listener. + type: string + address: + description: Defines an Envoy Listener Address. + minLength: 1 + type: string + port: + description: Defines an Envoy listener Port. + type: integer + required: + - accessLog + - address + - port + type: object + https: + default: + accessLog: /dev/stdout + address: 0.0.0.0 + port: 8443 + description: Defines the HTTP Listener for Envoy. + properties: + accessLog: + description: AccessLog defines where Envoy logs are outputted + for this listener. + type: string + address: + description: Defines an Envoy Listener Address. + minLength: 1 + type: string + port: + description: Defines an Envoy listener Port. + type: integer + required: + - accessLog + - address + - port + type: object + listener: + description: Listener hold various configurable Envoy listener + values. + properties: + connectionBalancer: + description: ConnectionBalancer. If the value is exact, + the listener will use the exact connection balancer + See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig + for more information. + enum: + - "" + - exact + type: string + disableAllowChunkedLength: + description: 'DisableAllowChunkedLength disables the RFC-compliant + Envoy behavior to strip the "Content-Length" header + if "Transfer-Encoding: chunked" is also set. This is + an emergency off-switch to revert back to Envoy''s default + behavior in case of failures. Please file an issue if + failures are encountered. See: https://github.com/projectcontour/contour/issues/3221' + type: boolean + tls: + description: TLS holds various configurable Envoy TLS + listener values. + properties: + cipherSuites: + description: "CipherSuites defines the TLS ciphers + to be supported by Envoy TLS listeners when negotiating + TLS 1.2. Ciphers are validated against the set that + Envoy supports by default. This parameter should + only be used by advanced users. Note that these + will be ignored when TLS 1.3 is in use. \n See: + https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters + Note: This list is a superset of what is valid for + stock Envoy builds and those using BoringSSL FIPS." + items: + enum: + - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' + - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - AES128-GCM-SHA256 + - AES128-SHA + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - AES256-GCM-SHA384 + - AES256-SHA + type: string + type: array + minimumProtocolVersion: + description: MinimumProtocolVersion is the minimum + TLS version this vhost should negotiate. Valid options + are `1.2` (default) and `1.3`. + enum: + - "1.2" + - "1.3" + type: string + required: + - cipherSuites + - minimumProtocolVersion + type: object + useProxyProtocol: + description: Use PROXY protocol for all listeners. + type: boolean + required: + - connectionBalancer + - disableAllowChunkedLength + - tls + - useProxyProtocol + type: object + logging: + description: Logging defines how Envoy's logs can be configured. + properties: + accessLogFormat: + description: AccessLogFormat sets the global access log + format. Valid options are 'envoy' or 'json' + enum: + - envoy + - json + type: string + accessLogFormatString: + description: AccessLogFormatString sets the access log + format when format is set to `envoy`. When empty, Envoy's + default format is used. + type: string + jsonFields: + description: AccessLogFields sets the fields that JSON + logging will output when AccessLogFormat is json. + items: + type: string + type: array + required: + - accessLogFormat + type: object + metrics: + default: + address: 0.0.0.0 + port: 8002 + description: Metrics defines the endpoint Envoy uses to serve + metrics. + properties: + address: + description: Defines the metrics address interface. + maxLength: 253 + minLength: 1 + type: string + port: + description: Defines the metrics port. + type: integer + tls: + description: TLS holds TLS file config details. Metrics + and health endpoints cannot have same port number when + metrics is served over HTTPS. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + keyFile: + description: Client key filename. + type: string + type: object + required: + - address + - port + type: object + network: + description: Network holds various configurable Envoy network + values. + properties: + adminPort: + default: 9001 + description: Configure the port used to access the Envoy + Admin interface. If configured to port "0" then the + admin interface is disabled. + type: integer + numTrustedHops: + description: "XffNumTrustedHops defines the number of + additional ingress proxy hops from the right side of + the x-forwarded-for HTTP header to trust when determining + the origin client’s IP address. \n See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops + for more information." + format: int32 + type: integer + required: + - adminPort + type: object + service: + default: + name: envoy + namespace: projectcontour + description: Service holds Envoy service parameters for setting + Ingress status. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + timeouts: + description: Timeouts holds various configurable timeouts + that can be set in the config file. + properties: + connectionIdleTimeout: + description: "ConnectionIdleTimeout defines how long the + proxy should wait while there are no active requests + (for HTTP/1.1) or streams (for HTTP/2) before terminating + an HTTP connection. Set to \"infinity\" to disable the + timeout entirely. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout + for more information." + type: string + connectionShutdownGracePeriod: + description: "ConnectionShutdownGracePeriod defines how + long the proxy will wait between sending an initial + GOAWAY frame and a second, final GOAWAY frame when terminating + an HTTP/2 connection. During this grace period, the + proxy will continue to respond to new streams. After + the final GOAWAY frame has been sent, the proxy will + refuse new streams. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout + for more information." + type: string + delayedCloseTimeout: + description: "DelayedCloseTimeout defines how long envoy + will wait, once connection close processing has been + initiated, for the downstream peer to close the connection + before Envoy closes the socket associated with the connection. + \n Setting this timeout to 'infinity' will disable it, + equivalent to setting it to '0' in Envoy. Leaving it + unset will result in the Envoy default value being used. + \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout + for more information." + type: string + maxConnectionDuration: + description: "MaxConnectionDuration defines the maximum + period of time after an HTTP connection has been established + from the client to the proxy before it is closed by + the proxy, regardless of whether there has been activity + or not. Omit or set to \"infinity\" for no max duration. + \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration + for more information." + type: string + requestTimeout: + description: "RequestTimeout sets the client request timeout + globally for Contour. Note that this is a timeout for + the entire request, not an idle timeout. Omit or set + to \"infinity\" to disable the timeout entirely. \n + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout + for more information." + type: string + streamIdleTimeout: + description: "StreamIdleTimeout defines how long the proxy + should wait while there is no request activity (for + HTTP/1.1) or stream activity (for HTTP/2) before terminating + the HTTP request or stream. Set to \"infinity\" to disable + the timeout entirely. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout + for more information." + type: string + type: object + required: + - cluster + - defaultHTTPVersions + - http + - https + - listener + - logging + - metrics + - network + - service + type: object + gateway: + description: Gateway contains parameters for the gateway-api Gateway + that Contour is configured to serve traffic. + properties: + controllerName: + default: projectcontour.io/projectcontour/contour + description: ControllerName is used to determine whether Contour + should reconcile a GatewayClass. The string takes the form + of "projectcontour.io//contour". If unset, the + gatewayclass controller will not be started. + type: string + required: + - controllerName + type: object + health: + default: + address: 0.0.0.0 + port: 8000 + description: Health defines the endpoints Contour uses to serve + health checks. + properties: + address: + description: Defines the health address interface. + minLength: 1 + type: string + port: + description: Defines the health port. + type: integer + required: + - address + - port + type: object + httpproxy: + default: + disablePermitInsecure: false + description: HTTPProxy defines parameters on HTTPProxy. + properties: + disablePermitInsecure: + description: DisablePermitInsecure disables the use of the + permitInsecure field in HTTPProxy. + type: boolean + fallbackCertificate: + description: FallbackCertificate defines the namespace/name + of the Kubernetes secret to use as fallback when a non-SNI + request is received. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + rootNamespaces: + description: Restrict Contour to searching these namespaces + for root ingress routes. + items: + type: string + type: array + required: + - disablePermitInsecure + type: object + ingress: + description: Ingress contains parameters for ingress options. + properties: + className: + description: Ingress Class Name Contour should use. + type: string + statusAddress: + description: Address to set in Ingress object status. + type: string + type: object + metrics: + default: + address: 0.0.0.0 + port: 8000 + description: Metrics defines the endpoint Contour uses to serve + metrics. + properties: + address: + description: Defines the metrics address interface. + maxLength: 253 + minLength: 1 + type: string + port: + description: Defines the metrics port. + type: integer + tls: + description: TLS holds TLS file config details. Metrics and + health endpoints cannot have same port number when metrics + is served over HTTPS. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + keyFile: + description: Client key filename. + type: string + type: object + required: + - address + - port + type: object + policy: + description: Policy specifies default policy applied if not overridden + by the user + properties: + applyToIngress: + description: ApplyToIngress determines if the Policies will + apply to ingress objects + type: boolean + requestHeaders: + description: RequestHeadersPolicy defines the request headers + set/removed on all routes + properties: + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + responseHeaders: + description: ResponseHeadersPolicy defines the response headers + set/removed on all routes + properties: + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + rateLimitService: + description: RateLimitService optionally holds properties of the + Rate Limit Service to be used for global rate limiting. + properties: + domain: + description: Domain is passed to the Rate Limit Service. + type: string + enableXRateLimitHeaders: + description: "EnableXRateLimitHeaders defines whether to include + the X-RateLimit headers X-RateLimit-Limit, X-RateLimit-Remaining, + and X-RateLimit-Reset (as defined by the IETF Internet-Draft + linked below), on responses to clients when the Rate Limit + Service is consulted for a request. \n ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html" + type: boolean + extensionService: + description: ExtensionService identifies the extension service + defining the RLS. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + failOpen: + description: FailOpen defines whether to allow requests to + proceed when the Rate Limit Service fails to respond with + a valid rate limit decision within the timeout defined on + the extension service. + type: boolean + required: + - domain + - enableXRateLimitHeaders + - failOpen + type: object + xdsServer: + default: + address: 0.0.0.0 + port: 8001 + tls: + caFile: /certs/ca.crt + certFile: /certs/tls.crt + insecure: false + keyFile: /certs/tls.key + type: contour + description: XDSServer contains parameters for the xDS server. + properties: + address: + description: Defines the xDS gRPC API address which Contour + will serve. + minLength: 1 + type: string + port: + description: Defines the xDS gRPC API port which Contour will + serve. + type: integer + tls: + description: TLS holds TLS file config details. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + insecure: + description: Allow serving the xDS gRPC API without TLS. + type: boolean + keyFile: + description: Client key filename. + type: string + required: + - insecure + type: object + type: + description: Defines the XDSServer to use for `contour serve`. + enum: + - contour + - envoy + type: string + required: + - address + - port + - type + type: object + type: object + replicas: + default: 2 + description: Replicas is the desired number of Contour replicas. If + unset, defaults to 2. + format: int32 + minimum: 0 + type: integer + required: + - config + type: object + status: + description: ContourDeploymentStatus defines the observed state of a ContourDeployment + resource. + properties: + conditions: + description: "Conditions contains the current status of the Contour + resource. \n Contour will update a single condition, `Valid`, that + is in normal-true polarity. \n Contour will not modify any other + Conditions set in this block, in case some other controller wants + to add a Condition." + items: + description: "DetailedCondition is an extension of the normal Kubernetes + conditions, with two extra fields to hold sub-conditions, which + provide more detailed reasons for the state (True or False) of + the condition. \n `errors` holds information about sub-conditions + which are fatal to that condition and render its state False. + \n `warnings` holds information about sub-conditions which are + not fatal to that condition and do not force the state to be False. + \n Remember that Conditions have a type, a status, and a reason. + \n The type is the type of the condition, the most important one + in this CRD set is `Valid`. `Valid` is a positive-polarity condition: + when it is `status: true` there are no problems. \n In more detail, + `status: true` means that the object is has been ingested into + Contour with no errors. `warnings` may still be present, and will + be indicated in the Reason field. There must be zero entries in + the `errors` slice in this case. \n `Valid`, `status: false` means + that the object has had one or more fatal errors during processing + into Contour. The details of the errors will be present under + the `errors` field. There must be at least one error in the `errors` + slice if `status` is `false`. \n For DetailedConditions of types + other than `Valid`, the Condition must be in the negative polarity. + When they have `status` `true`, there is an error. There must + be at least one entry in the `errors` Subcondition slice. When + they have `status` `false`, there are no serious errors, and there + must be zero entries in the `errors` slice. In either case, there + may be entries in the `warnings` slice. \n Regardless of the polarity, + the `reason` and `message` fields must be updated with either + the detail of the reason (if there is one and only one entry in + total across both the `errors` and `warnings` slices), or `MultipleReasons` + if there is more than one entry." + properties: + errors: + description: "Errors contains a slice of relevant error subconditions + for this object. \n Subconditions are expected to appear when + relevant (when there is a error), and disappear when not relevant. + An empty slice here indicates no errors." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + warnings: + description: "Warnings contains a slice of relevant warning + subconditions for this object. \n Subconditions are expected + to appear when relevant (when there is a warning), and disappear + when not relevant. An empty slice here indicates no warnings." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/examples/locked/vendor/helm-chart/resources/extensionservices.yaml b/examples/locked/vendor/helm-chart/resources/extensionservices.yaml new file mode 100644 index 00000000..ba51fa02 --- /dev/null +++ b/examples/locked/vendor/helm-chart/resources/extensionservices.yaml @@ -0,0 +1,399 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + name: extensionservices.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: ExtensionService + listKind: ExtensionServiceList + plural: extensionservices + shortNames: + - extensionservice + - extensionservices + singular: extensionservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ExtensionService is the schema for the Contour extension services + API. An ExtensionService resource binds a network service to the Contour + API so that Contour API features can be implemented by collaborating components. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ExtensionServiceSpec defines the desired state of an ExtensionService + resource. + properties: + loadBalancerPolicy: + description: The policy for load balancing GRPC service requests. + Note that the `Cookie` and `RequestHash` load balancing strategies + cannot be used here. + properties: + requestHashPolicies: + description: RequestHashPolicies contains a list of hash policies + to apply when the `RequestHash` load balancing strategy is chosen. + If an element of the supplied list of hash policies is invalid, + it will be ignored. If the list of hash policies is empty after + validation, the load balancing strategy will fall back the the + default `RoundRobin`. + items: + description: RequestHashPolicy contains configuration for an + individual hash policy on a request attribute. + properties: + hashSourceIP: + description: HashSourceIP should be set to true when request + source IP hash based load balancing is desired. It must + be the only hash option field set, otherwise this request + hash policy object will be ignored. + type: boolean + headerHashOptions: + description: HeaderHashOptions should be set when request + header hash based load balancing is desired. It must be + the only hash option field set, otherwise this request + hash policy object will be ignored. + properties: + headerName: + description: HeaderName is the name of the HTTP request + header that will be used to calculate the hash key. + If the header specified is not present on a request, + no hash will be produced. + minLength: 1 + type: string + type: object + terminal: + description: Terminal is a flag that allows for short-circuiting + computing of a hash for a given request. If set to true, + and the request attribute specified in the attribute hash + options is present, no further hash policies will be used + to calculate a hash for the request. + type: boolean + type: object + type: array + strategy: + description: Strategy specifies the policy used to balance requests + across the pool of backend pods. Valid policy names are `Random`, + `RoundRobin`, `WeightedLeastRequest`, `Cookie`, and `RequestHash`. + If an unknown strategy name is specified or no policy is supplied, + the default `RoundRobin` policy is used. + type: string + type: object + protocol: + description: Protocol may be used to specify (or override) the protocol + used to reach this Service. Values may be h2 or h2c. If omitted, + protocol-selection falls back on Service annotations. + enum: + - h2 + - h2c + type: string + protocolVersion: + description: This field sets the version of the GRPC protocol that + Envoy uses to send requests to the extension service. Since Contour + always uses the v3 Envoy API, this is currently fixed at "v3". However, + other protocol options will be available in future. + enum: + - v3 + type: string + services: + description: Services specifies the set of Kubernetes Service resources + that receive GRPC extension API requests. If no weights are specified + for any of the entries in this array, traffic will be spread evenly + across all the services. Otherwise, traffic is balanced proportionally + to the Weight field in each entry. + items: + description: ExtensionServiceTarget defines an Kubernetes Service + to target with extension service traffic. + properties: + name: + description: Name is the name of Kubernetes service that will + accept service traffic. + type: string + port: + description: Port (defined as Integer) to proxy traffic to since + a service can have multiple defined. + exclusiveMaximum: true + maximum: 65536 + minimum: 1 + type: integer + weight: + description: Weight defines proportion of traffic to balance + to the Kubernetes Service. + format: int32 + type: integer + required: + - name + - port + type: object + minItems: 1 + type: array + timeoutPolicy: + description: The timeout policy for requests to the services. + properties: + idle: + description: Timeout for how long the proxy should wait while + there is no activity during single request/response (for HTTP/1.1) + or stream (for HTTP/2). Timeout will not trigger while HTTP/1.1 + connection is idle between two consecutive requests. If not + specified, there is no per-route idle timeout, though a connection + manager-wide stream_idle_timeout default of 5m still applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + response: + description: Timeout for receiving a response from the server + after processing a request from client. If not supplied, Envoy's + default value of 15s applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + type: object + validation: + description: UpstreamValidation defines how to verify the backend + service's certificate + properties: + caSecret: + description: Name or namespaced name of the Kubernetes secret + used to validate the certificate presented by the backend + type: string + subjectName: + description: Key which is expected to be present in the 'subjectAltName' + of the presented certificate + type: string + required: + - caSecret + - subjectName + type: object + required: + - services + type: object + status: + description: ExtensionServiceStatus defines the observed state of an ExtensionService + resource. + properties: + conditions: + description: "Conditions contains the current status of the ExtensionService + resource. \n Contour will update a single condition, `Valid`, that + is in normal-true polarity. \n Contour will not modify any other + Conditions set in this block, in case some other controller wants + to add a Condition." + items: + description: "DetailedCondition is an extension of the normal Kubernetes + conditions, with two extra fields to hold sub-conditions, which + provide more detailed reasons for the state (True or False) of + the condition. \n `errors` holds information about sub-conditions + which are fatal to that condition and render its state False. + \n `warnings` holds information about sub-conditions which are + not fatal to that condition and do not force the state to be False. + \n Remember that Conditions have a type, a status, and a reason. + \n The type is the type of the condition, the most important one + in this CRD set is `Valid`. `Valid` is a positive-polarity condition: + when it is `status: true` there are no problems. \n In more detail, + `status: true` means that the object is has been ingested into + Contour with no errors. `warnings` may still be present, and will + be indicated in the Reason field. There must be zero entries in + the `errors` slice in this case. \n `Valid`, `status: false` means + that the object has had one or more fatal errors during processing + into Contour. The details of the errors will be present under + the `errors` field. There must be at least one error in the `errors` + slice if `status` is `false`. \n For DetailedConditions of types + other than `Valid`, the Condition must be in the negative polarity. + When they have `status` `true`, there is an error. There must + be at least one entry in the `errors` Subcondition slice. When + they have `status` `false`, there are no serious errors, and there + must be zero entries in the `errors` slice. In either case, there + may be entries in the `warnings` slice. \n Regardless of the polarity, + the `reason` and `message` fields must be updated with either + the detail of the reason (if there is one and only one entry in + total across both the `errors` and `warnings` slices), or `MultipleReasons` + if there is more than one entry." + properties: + errors: + description: "Errors contains a slice of relevant error subconditions + for this object. \n Subconditions are expected to appear when + relevant (when there is a error), and disappear when not relevant. + An empty slice here indicates no errors." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + warnings: + description: "Warnings contains a slice of relevant warning + subconditions for this object. \n Subconditions are expected + to appear when relevant (when there is a warning), and disappear + when not relevant. An empty slice here indicates no warnings." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/examples/locked/vendor/helm-chart/resources/httpproxies.yaml b/examples/locked/vendor/helm-chart/resources/httpproxies.yaml new file mode 100644 index 00000000..9b8471d7 --- /dev/null +++ b/examples/locked/vendor/helm-chart/resources/httpproxies.yaml @@ -0,0 +1,2038 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + name: httpproxies.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: HTTPProxy + listKind: HTTPProxyList + plural: httpproxies + shortNames: + - proxy + - proxies + singular: httpproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Fully qualified domain name + jsonPath: .spec.virtualhost.fqdn + name: FQDN + type: string + - description: Secret with TLS credentials + jsonPath: .spec.virtualhost.tls.secretName + name: TLS Secret + type: string + - description: The current status of the HTTPProxy + jsonPath: .status.currentStatus + name: Status + type: string + - description: Description of the current status + jsonPath: .status.description + name: Status Description + type: string + name: v1 + schema: + openAPIV3Schema: + description: HTTPProxy is an Ingress CRD specification. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HTTPProxySpec defines the spec of the CRD. + properties: + includes: + description: Includes allow for specific routing configuration to + be included from another HTTPProxy, possibly in another namespace. + items: + description: Include describes a set of policies that can be applied + to an HTTPProxy in a namespace. + properties: + conditions: + description: 'Conditions are a set of rules that are applied + to included HTTPProxies. In effect, they are added onto the + Conditions of included HTTPProxy Route structs. When applied, + they are merged using AND, with one exception: There can be + only one Prefix MatchCondition per Conditions slice. More + than one Prefix, or contradictory Conditions, will make the + include invalid.' + items: + description: MatchCondition are a general holder for matching + rules for HTTPProxies. One of Prefix or Header must be provided. + properties: + header: + description: Header specifies the header condition to + match. + properties: + contains: + description: Contains specifies a substring that must + be present in the header value. + type: string + exact: + description: Exact specifies a string that the header + value must be equal to. + type: string + name: + description: Name is the name of the header to match + against. Name is required. Header names are case + insensitive. + type: string + notcontains: + description: NotContains specifies a substring that + must not be present in the header value. + type: string + notexact: + description: NoExact specifies a string that the header + value must not be equal to. The condition is true + if the header has any other value. + type: string + notpresent: + description: NotPresent specifies that condition is + true when the named header is not present. Note + that setting NotPresent to false does not make the + condition true if the named header is present. + type: boolean + present: + description: Present specifies that condition is true + when the named header is present, regardless of + its value. Note that setting Present to false does + not make the condition true if the named header + is absent. + type: boolean + required: + - name + type: object + prefix: + description: Prefix defines a prefix match for a request. + type: string + type: object + type: array + name: + description: Name of the HTTPProxy + type: string + namespace: + description: Namespace of the HTTPProxy to include. Defaults + to the current namespace if not supplied. + type: string + required: + - name + type: object + type: array + ingressClassName: + description: IngressClassName optionally specifies the ingress class + to use for this HTTPProxy. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when that annotation is + set, it is given precedence over this field. + type: string + routes: + description: Routes are the ingress routes. If TCPProxy is present, + Routes is ignored. + items: + description: Route contains the set of routes for a virtual host. + properties: + authPolicy: + description: AuthPolicy updates the authorization policy that + was set on the root HTTPProxy object for client requests that + match this route. + properties: + context: + additionalProperties: + type: string + description: Context is a set of key/value pairs that are + sent to the authentication server in the check request. + If a context is provided at an enclosing scope, the entries + are merged such that the inner scope overrides matching + keys from the outer scope. + type: object + disabled: + description: When true, this field disables client request + authentication for the scope of the policy. + type: boolean + type: object + conditions: + description: 'Conditions are a set of rules that are applied + to a Route. When applied, they are merged using AND, with + one exception: There can be only one Prefix MatchCondition + per Conditions slice. More than one Prefix, or contradictory + Conditions, will make the route invalid.' + items: + description: MatchCondition are a general holder for matching + rules for HTTPProxies. One of Prefix or Header must be provided. + properties: + header: + description: Header specifies the header condition to + match. + properties: + contains: + description: Contains specifies a substring that must + be present in the header value. + type: string + exact: + description: Exact specifies a string that the header + value must be equal to. + type: string + name: + description: Name is the name of the header to match + against. Name is required. Header names are case + insensitive. + type: string + notcontains: + description: NotContains specifies a substring that + must not be present in the header value. + type: string + notexact: + description: NoExact specifies a string that the header + value must not be equal to. The condition is true + if the header has any other value. + type: string + notpresent: + description: NotPresent specifies that condition is + true when the named header is not present. Note + that setting NotPresent to false does not make the + condition true if the named header is present. + type: boolean + present: + description: Present specifies that condition is true + when the named header is present, regardless of + its value. Note that setting Present to false does + not make the condition true if the named header + is absent. + type: boolean + required: + - name + type: object + prefix: + description: Prefix defines a prefix match for a request. + type: string + type: object + type: array + cookieRewritePolicies: + description: The policies for rewriting Set-Cookie header attributes. + Note that rewritten cookie names must be unique in this list. + Order rewrite policies are specified in does not matter. + items: + properties: + domainRewrite: + description: DomainRewrite enables rewriting the Set-Cookie + Domain element. If not set, Domain will not be rewritten. + properties: + value: + description: Value is the value to rewrite the Domain + attribute to. For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - value + type: object + name: + description: Name is the name of the cookie for which + attributes will be rewritten. + maxLength: 4096 + minLength: 1 + pattern: ^[^()<>@,;:\\"\/[\]?={} \t\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + pathRewrite: + description: PathRewrite enables rewriting the Set-Cookie + Path element. If not set, Path will not be rewritten. + properties: + value: + description: Value is the value to rewrite the Path + attribute to. For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[^;\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + required: + - value + type: object + sameSite: + description: SameSite enables rewriting the Set-Cookie + SameSite element. If not set, SameSite attribute will + not be rewritten. + enum: + - Strict + - Lax + - None + type: string + secure: + description: Secure enables rewriting the Set-Cookie Secure + element. If not set, Secure attribute will not be rewritten. + type: boolean + required: + - name + type: object + type: array + enableWebsockets: + description: Enables websocket support for the route. + type: boolean + healthCheckPolicy: + description: The health check policy for this route. + properties: + healthyThresholdCount: + description: The number of healthy health checks required + before a host is marked healthy + format: int64 + minimum: 0 + type: integer + host: + description: The value of the host header in the HTTP health + check request. If left empty (default value), the name + "contour-envoy-healthcheck" will be used. + type: string + intervalSeconds: + description: The interval (seconds) between health checks + format: int64 + type: integer + path: + description: HTTP endpoint used to perform health checks + on upstream service + type: string + timeoutSeconds: + description: The time to wait (seconds) for a health check + response + format: int64 + type: integer + unhealthyThresholdCount: + description: The number of unhealthy health checks required + before a host is marked unhealthy + format: int64 + minimum: 0 + type: integer + required: + - path + type: object + loadBalancerPolicy: + description: The load balancing policy for this route. + properties: + requestHashPolicies: + description: RequestHashPolicies contains a list of hash + policies to apply when the `RequestHash` load balancing + strategy is chosen. If an element of the supplied list + of hash policies is invalid, it will be ignored. If the + list of hash policies is empty after validation, the load + balancing strategy will fall back the the default `RoundRobin`. + items: + description: RequestHashPolicy contains configuration + for an individual hash policy on a request attribute. + properties: + hashSourceIP: + description: HashSourceIP should be set to true when + request source IP hash based load balancing is desired. + It must be the only hash option field set, otherwise + this request hash policy object will be ignored. + type: boolean + headerHashOptions: + description: HeaderHashOptions should be set when + request header hash based load balancing is desired. + It must be the only hash option field set, otherwise + this request hash policy object will be ignored. + properties: + headerName: + description: HeaderName is the name of the HTTP + request header that will be used to calculate + the hash key. If the header specified is not + present on a request, no hash will be produced. + minLength: 1 + type: string + type: object + terminal: + description: Terminal is a flag that allows for short-circuiting + computing of a hash for a given request. If set + to true, and the request attribute specified in + the attribute hash options is present, no further + hash policies will be used to calculate a hash for + the request. + type: boolean + type: object + type: array + strategy: + description: Strategy specifies the policy used to balance + requests across the pool of backend pods. Valid policy + names are `Random`, `RoundRobin`, `WeightedLeastRequest`, + `Cookie`, and `RequestHash`. If an unknown strategy name + is specified or no policy is supplied, the default `RoundRobin` + policy is used. + type: string + type: object + pathRewritePolicy: + description: The policy for rewriting the path of the request + URL after the request has been routed to a Service. + properties: + replacePrefix: + description: ReplacePrefix describes how the path prefix + should be replaced. + items: + description: ReplacePrefix describes a path prefix replacement. + properties: + prefix: + description: "Prefix specifies the URL path prefix + to be replaced. \n If Prefix is specified, it must + exactly match the MatchCondition prefix that is + rendered by the chain of including HTTPProxies and + only that path prefix will be replaced by Replacement. + This allows HTTPProxies that are included through + multiple roots to only replace specific path prefixes, + leaving others unmodified. \n If Prefix is not specified, + all routing prefixes rendered by the include chain + will be replaced." + minLength: 1 + type: string + replacement: + description: Replacement is the string that the routing + path prefix will be replaced with. This must not + be empty. + minLength: 1 + type: string + required: + - replacement + type: object + type: array + type: object + permitInsecure: + description: Allow this path to respond to insecure requests + over HTTP which are normally not permitted when a `virtualhost.tls` + block is present. + type: boolean + rateLimitPolicy: + description: The policy for rate limiting on the route. + properties: + global: + description: Global defines global rate limiting parameters, + i.e. parameters defining descriptors that are sent to + an external rate limit service (RLS) for a rate limit + decision on each request. + properties: + descriptors: + description: Descriptors defines the list of descriptors + that will be generated and sent to the rate limit + service. Each descriptor contains 1+ key-value pair + entries. + items: + description: RateLimitDescriptor defines a list of + key-value pair generators. + properties: + entries: + description: Entries is the list of key-value + pair generators. + items: + description: RateLimitDescriptorEntry is a key-value + pair generator. Exactly one field on this + struct must be non-nil. + properties: + genericKey: + description: GenericKey defines a descriptor + entry with a static key and value. + properties: + key: + description: Key defines the key of + the descriptor entry. If not set, + the key is set to "generic_key". + type: string + value: + description: Value defines the value + of the descriptor entry. + minLength: 1 + type: string + type: object + remoteAddress: + description: RemoteAddress defines a descriptor + entry with a key of "remote_address" and + a value equal to the client's IP address + (from x-forwarded-for). + type: object + requestHeader: + description: RequestHeader defines a descriptor + entry that's populated only if a given + header is present on the request. The + descriptor key is static, and the descriptor + value is equal to the value of the header. + properties: + descriptorKey: + description: DescriptorKey defines the + key to use on the descriptor entry. + minLength: 1 + type: string + headerName: + description: HeaderName defines the + name of the header to look for on + the request. + minLength: 1 + type: string + type: object + requestHeaderValueMatch: + description: RequestHeaderValueMatch defines + a descriptor entry that's populated if + the request's headers match a set of 1+ + match criteria. The descriptor key is + "header_match", and the descriptor value + is static. + properties: + expectMatch: + default: true + description: ExpectMatch defines whether + the request must positively match + the match criteria in order to generate + a descriptor entry (i.e. true), or + not match the match criteria in order + to generate a descriptor entry (i.e. + false). The default is true. + type: boolean + headers: + description: Headers is a list of 1+ + match criteria to apply against the + request to determine whether to populate + the descriptor entry or not. + items: + description: HeaderMatchCondition + specifies how to conditionally match + against HTTP headers. The Name field + is required, but only one of the + remaining fields should be be provided. + properties: + contains: + description: Contains specifies + a substring that must be present + in the header value. + type: string + exact: + description: Exact specifies a + string that the header value + must be equal to. + type: string + name: + description: Name is the name + of the header to match against. + Name is required. Header names + are case insensitive. + type: string + notcontains: + description: NotContains specifies + a substring that must not be + present in the header value. + type: string + notexact: + description: NoExact specifies + a string that the header value + must not be equal to. The condition + is true if the header has any + other value. + type: string + notpresent: + description: NotPresent specifies + that condition is true when + the named header is not present. + Note that setting NotPresent + to false does not make the condition + true if the named header is + present. + type: boolean + present: + description: Present specifies + that condition is true when + the named header is present, + regardless of its value. Note + that setting Present to false + does not make the condition + true if the named header is + absent. + type: boolean + required: + - name + type: object + minItems: 1 + type: array + value: + description: Value defines the value + of the descriptor entry. + minLength: 1 + type: string + type: object + type: object + minItems: 1 + type: array + type: object + minItems: 1 + type: array + type: object + local: + description: Local defines local rate limiting parameters, + i.e. parameters for rate limiting that occurs within each + Envoy pod as requests are handled. + properties: + burst: + description: Burst defines the number of requests above + the requests per unit that should be allowed within + a short period of time. + format: int32 + type: integer + requests: + description: Requests defines how many requests per + unit of time should be allowed before rate limiting + occurs. + format: int32 + minimum: 1 + type: integer + responseHeadersToAdd: + description: ResponseHeadersToAdd is an optional list + of response headers to set when a request is rate-limited. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + responseStatusCode: + description: ResponseStatusCode is the HTTP status code + to use for responses to rate-limited requests. Codes + must be in the 400-599 range (inclusive). If not specified, + the Envoy default of 429 (Too Many Requests) is used. + format: int32 + maximum: 599 + minimum: 400 + type: integer + unit: + description: Unit defines the period of time within + which requests over the limit will be rate limited. + Valid values are "second", "minute" and "hour". + enum: + - second + - minute + - hour + type: string + required: + - requests + - unit + type: object + type: object + requestHeadersPolicy: + description: The policy for managing request headers during + proxying. + properties: + remove: + description: Remove specifies a list of HTTP header names + to remove. + items: + type: string + type: array + set: + description: Set specifies a list of HTTP header values + that will be set in the HTTP header. If the header does + not exist it will be added, otherwise it will be overwritten + with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + requestRedirectPolicy: + description: RequestRedirectPolicy defines an HTTP redirection. + properties: + hostname: + description: Hostname is the precise hostname to be used + in the value of the `Location` header in the response. + When empty, the hostname of the request is used. No wildcards + are allowed. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: "Path allows for redirection to a different + path from the original on the request. The path must start + with a leading slash. \n Note: Only one of Path or Prefix + can be defined." + pattern: ^\/.*$ + type: string + port: + description: Port is the port to be used in the value of + the `Location` header in the response. When empty, port + (if specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + prefix: + description: "Prefix defines the value to swap the matched + prefix or path with. The prefix must start with a leading + slash. \n Note: Only one of Path or Prefix can be defined." + pattern: ^\/.*$ + type: string + scheme: + description: Scheme is the scheme to be used in the value + of the `Location` header in the response. When empty, + the scheme of the request is used. + enum: + - http + - https + type: string + statusCode: + default: 302 + description: StatusCode is the HTTP status code to be used + in response. + enum: + - 301 + - 302 + type: integer + type: object + responseHeadersPolicy: + description: The policy for managing response headers during + proxying. Rewriting the 'Host' header is not supported. + properties: + remove: + description: Remove specifies a list of HTTP header names + to remove. + items: + type: string + type: array + set: + description: Set specifies a list of HTTP header values + that will be set in the HTTP header. If the header does + not exist it will be added, otherwise it will be overwritten + with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + retryPolicy: + description: The retry policy for this route. + properties: + count: + default: 1 + description: NumRetries is maximum allowed number of retries. + If set to -1, then retries are disabled. If set to 0 or + not supplied, the value is set to the Envoy default of + 1. + format: int64 + minimum: -1 + type: integer + perTryTimeout: + description: PerTryTimeout specifies the timeout per retry + attempt. Ignored if NumRetries is not supplied. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + retriableStatusCodes: + description: "RetriableStatusCodes specifies the HTTP status + codes that should be retried. \n This field is only respected + when you include `retriable-status-codes` in the `RetryOn` + field." + items: + format: int32 + type: integer + type: array + retryOn: + description: "RetryOn specifies the conditions on which + to retry a request. \n Supported [HTTP conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on): + \n - `5xx` - `gateway-error` - `reset` - `connect-failure` + - `retriable-4xx` - `refused-stream` - `retriable-status-codes` + - `retriable-headers` \n Supported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on): + \n - `cancelled` - `deadline-exceeded` - `internal` - + `resource-exhausted` - `unavailable`" + items: + description: RetryOn is a string type alias with validation + to ensure that the value is valid. + enum: + - 5xx + - gateway-error + - reset + - connect-failure + - retriable-4xx + - refused-stream + - retriable-status-codes + - retriable-headers + - cancelled + - deadline-exceeded + - internal + - resource-exhausted + - unavailable + type: string + type: array + type: object + services: + description: Services are the services to proxy traffic. + items: + description: Service defines an Kubernetes Service to proxy + traffic. + properties: + cookieRewritePolicies: + description: The policies for rewriting Set-Cookie header + attributes. + items: + properties: + domainRewrite: + description: DomainRewrite enables rewriting the + Set-Cookie Domain element. If not set, Domain + will not be rewritten. + properties: + value: + description: Value is the value to rewrite the + Domain attribute to. For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - value + type: object + name: + description: Name is the name of the cookie for + which attributes will be rewritten. + maxLength: 4096 + minLength: 1 + pattern: ^[^()<>@,;:\\"\/[\]?={} \t\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + pathRewrite: + description: PathRewrite enables rewriting the Set-Cookie + Path element. If not set, Path will not be rewritten. + properties: + value: + description: Value is the value to rewrite the + Path attribute to. For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[^;\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + required: + - value + type: object + sameSite: + description: SameSite enables rewriting the Set-Cookie + SameSite element. If not set, SameSite attribute + will not be rewritten. + enum: + - Strict + - Lax + - None + type: string + secure: + description: Secure enables rewriting the Set-Cookie + Secure element. If not set, Secure attribute will + not be rewritten. + type: boolean + required: + - name + type: object + type: array + mirror: + description: If Mirror is true the Service will receive + a read only mirror of the traffic for this route. + type: boolean + name: + description: Name is the name of Kubernetes service to + proxy traffic. Names defined here will be used to look + up corresponding endpoints which contain the ips to + route. + type: string + port: + description: Port (defined as Integer) to proxy traffic + to since a service can have multiple defined. + exclusiveMaximum: true + maximum: 65536 + minimum: 1 + type: integer + protocol: + description: Protocol may be used to specify (or override) + the protocol used to reach this Service. Values may + be tls, h2, h2c. If omitted, protocol-selection falls + back on Service annotations. + enum: + - h2 + - h2c + - tls + type: string + requestHeadersPolicy: + description: The policy for managing request headers during + proxying. Rewriting the 'Host' header is not supported. + properties: + remove: + description: Remove specifies a list of HTTP header + names to remove. + items: + type: string + type: array + set: + description: Set specifies a list of HTTP header values + that will be set in the HTTP header. If the header + does not exist it will be added, otherwise it will + be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a + header specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + responseHeadersPolicy: + description: The policy for managing response headers + during proxying. Rewriting the 'Host' header is not + supported. + properties: + remove: + description: Remove specifies a list of HTTP header + names to remove. + items: + type: string + type: array + set: + description: Set specifies a list of HTTP header values + that will be set in the HTTP header. If the header + does not exist it will be added, otherwise it will + be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a + header specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + validation: + description: UpstreamValidation defines how to verify + the backend service's certificate + properties: + caSecret: + description: Name or namespaced name of the Kubernetes + secret used to validate the certificate presented + by the backend + type: string + subjectName: + description: Key which is expected to be present in + the 'subjectAltName' of the presented certificate + type: string + required: + - caSecret + - subjectName + type: object + weight: + description: Weight defines percentage of traffic to balance + traffic + format: int64 + minimum: 0 + type: integer + required: + - name + - port + type: object + type: array + timeoutPolicy: + description: The timeout policy for this route. + properties: + idle: + description: Timeout for how long the proxy should wait + while there is no activity during single request/response + (for HTTP/1.1) or stream (for HTTP/2). Timeout will not + trigger while HTTP/1.1 connection is idle between two + consecutive requests. If not specified, there is no per-route + idle timeout, though a connection manager-wide stream_idle_timeout + default of 5m still applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + response: + description: Timeout for receiving a response from the server + after processing a request from client. If not supplied, + Envoy's default value of 15s applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + type: object + type: object + type: array + tcpproxy: + description: TCPProxy holds TCP proxy information. + properties: + healthCheckPolicy: + description: The health check policy for this tcp proxy + properties: + healthyThresholdCount: + description: The number of healthy health checks required + before a host is marked healthy + format: int32 + type: integer + intervalSeconds: + description: The interval (seconds) between health checks + format: int64 + type: integer + timeoutSeconds: + description: The time to wait (seconds) for a health check + response + format: int64 + type: integer + unhealthyThresholdCount: + description: The number of unhealthy health checks required + before a host is marked unhealthy + format: int32 + type: integer + type: object + include: + description: Include specifies that this tcpproxy should be delegated + to another HTTPProxy. + properties: + name: + description: Name of the child HTTPProxy + type: string + namespace: + description: Namespace of the HTTPProxy to include. Defaults + to the current namespace if not supplied. + type: string + required: + - name + type: object + includes: + description: "IncludesDeprecated allow for specific routing configuration + to be appended to another HTTPProxy in another namespace. \n + Exists due to a mistake when developing HTTPProxy and the field + was marked plural when it should have been singular. This field + should stay to not break backwards compatibility to v1 users." + properties: + name: + description: Name of the child HTTPProxy + type: string + namespace: + description: Namespace of the HTTPProxy to include. Defaults + to the current namespace if not supplied. + type: string + required: + - name + type: object + loadBalancerPolicy: + description: The load balancing policy for the backend services. + Note that the `Cookie` and `RequestHash` load balancing strategies + cannot be used here. + properties: + requestHashPolicies: + description: RequestHashPolicies contains a list of hash policies + to apply when the `RequestHash` load balancing strategy + is chosen. If an element of the supplied list of hash policies + is invalid, it will be ignored. If the list of hash policies + is empty after validation, the load balancing strategy will + fall back the the default `RoundRobin`. + items: + description: RequestHashPolicy contains configuration for + an individual hash policy on a request attribute. + properties: + hashSourceIP: + description: HashSourceIP should be set to true when + request source IP hash based load balancing is desired. + It must be the only hash option field set, otherwise + this request hash policy object will be ignored. + type: boolean + headerHashOptions: + description: HeaderHashOptions should be set when request + header hash based load balancing is desired. It must + be the only hash option field set, otherwise this + request hash policy object will be ignored. + properties: + headerName: + description: HeaderName is the name of the HTTP + request header that will be used to calculate + the hash key. If the header specified is not present + on a request, no hash will be produced. + minLength: 1 + type: string + type: object + terminal: + description: Terminal is a flag that allows for short-circuiting + computing of a hash for a given request. If set to + true, and the request attribute specified in the attribute + hash options is present, no further hash policies + will be used to calculate a hash for the request. + type: boolean + type: object + type: array + strategy: + description: Strategy specifies the policy used to balance + requests across the pool of backend pods. Valid policy names + are `Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`, + and `RequestHash`. If an unknown strategy name is specified + or no policy is supplied, the default `RoundRobin` policy + is used. + type: string + type: object + services: + description: Services are the services to proxy traffic + items: + description: Service defines an Kubernetes Service to proxy + traffic. + properties: + cookieRewritePolicies: + description: The policies for rewriting Set-Cookie header + attributes. + items: + properties: + domainRewrite: + description: DomainRewrite enables rewriting the Set-Cookie + Domain element. If not set, Domain will not be rewritten. + properties: + value: + description: Value is the value to rewrite the + Domain attribute to. For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - value + type: object + name: + description: Name is the name of the cookie for which + attributes will be rewritten. + maxLength: 4096 + minLength: 1 + pattern: ^[^()<>@,;:\\"\/[\]?={} \t\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + pathRewrite: + description: PathRewrite enables rewriting the Set-Cookie + Path element. If not set, Path will not be rewritten. + properties: + value: + description: Value is the value to rewrite the + Path attribute to. For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[^;\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + required: + - value + type: object + sameSite: + description: SameSite enables rewriting the Set-Cookie + SameSite element. If not set, SameSite attribute + will not be rewritten. + enum: + - Strict + - Lax + - None + type: string + secure: + description: Secure enables rewriting the Set-Cookie + Secure element. If not set, Secure attribute will + not be rewritten. + type: boolean + required: + - name + type: object + type: array + mirror: + description: If Mirror is true the Service will receive + a read only mirror of the traffic for this route. + type: boolean + name: + description: Name is the name of Kubernetes service to proxy + traffic. Names defined here will be used to look up corresponding + endpoints which contain the ips to route. + type: string + port: + description: Port (defined as Integer) to proxy traffic + to since a service can have multiple defined. + exclusiveMaximum: true + maximum: 65536 + minimum: 1 + type: integer + protocol: + description: Protocol may be used to specify (or override) + the protocol used to reach this Service. Values may be + tls, h2, h2c. If omitted, protocol-selection falls back + on Service annotations. + enum: + - h2 + - h2c + - tls + type: string + requestHeadersPolicy: + description: The policy for managing request headers during + proxying. Rewriting the 'Host' header is not supported. + properties: + remove: + description: Remove specifies a list of HTTP header + names to remove. + items: + type: string + type: array + set: + description: Set specifies a list of HTTP header values + that will be set in the HTTP header. If the header + does not exist it will be added, otherwise it will + be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + responseHeadersPolicy: + description: The policy for managing response headers during + proxying. Rewriting the 'Host' header is not supported. + properties: + remove: + description: Remove specifies a list of HTTP header + names to remove. + items: + type: string + type: array + set: + description: Set specifies a list of HTTP header values + that will be set in the HTTP header. If the header + does not exist it will be added, otherwise it will + be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + validation: + description: UpstreamValidation defines how to verify the + backend service's certificate + properties: + caSecret: + description: Name or namespaced name of the Kubernetes + secret used to validate the certificate presented + by the backend + type: string + subjectName: + description: Key which is expected to be present in + the 'subjectAltName' of the presented certificate + type: string + required: + - caSecret + - subjectName + type: object + weight: + description: Weight defines percentage of traffic to balance + traffic + format: int64 + minimum: 0 + type: integer + required: + - name + - port + type: object + type: array + type: object + virtualhost: + description: Virtualhost appears at most once. If it is present, the + object is considered to be a "root" HTTPProxy. + properties: + authorization: + description: This field configures an extension service to perform + authorization for this virtual host. Authorization can only + be configured on virtual hosts that have TLS enabled. If the + TLS configuration requires client certificate validation, the + client certificate is always included in the authentication + check request. + properties: + authPolicy: + description: AuthPolicy sets a default authorization policy + for client requests. This policy will be used unless overridden + by individual routes. + properties: + context: + additionalProperties: + type: string + description: Context is a set of key/value pairs that + are sent to the authentication server in the check request. + If a context is provided at an enclosing scope, the + entries are merged such that the inner scope overrides + matching keys from the outer scope. + type: object + disabled: + description: When true, this field disables client request + authentication for the scope of the policy. + type: boolean + type: object + extensionRef: + description: ExtensionServiceRef specifies the extension resource + that will authorize client requests. + properties: + apiVersion: + description: API version of the referent. If this field + is not specified, the default "projectcontour.io/v1alpha1" + will be used + minLength: 1 + type: string + name: + description: "Name of the referent. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + minLength: 1 + type: string + namespace: + description: "Namespace of the referent. If this field + is not specifies, the namespace of the resource that + targets the referent will be used. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + minLength: 1 + type: string + type: object + failOpen: + description: If FailOpen is true, the client request is forwarded + to the upstream service even if the authorization server + fails to respond. This field should not be set in most cases. + It is intended for use only while migrating applications + from internal authorization to Contour external authorization. + type: boolean + responseTimeout: + description: ResponseTimeout configures maximum time to wait + for a check response from the authorization server. Timeout + durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", + "h". The string "infinity" is also a valid input and specifies + no timeout. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + withRequestBody: + description: WithRequestBody specifies configuration for sending + the client request's body to authorization server. + properties: + allowPartialMessage: + description: If AllowPartialMessage is true, then Envoy + will buffer the body until MaxRequestBytes are reached. + type: boolean + maxRequestBytes: + default: 1024 + description: MaxRequestBytes sets the maximum size of + message body ExtAuthz filter will hold in-memory. + format: int32 + minimum: 1 + type: integer + packAsBytes: + description: If PackAsBytes is true, the body sent to + Authorization Server is in raw bytes. + type: boolean + type: object + required: + - extensionRef + type: object + corsPolicy: + description: Specifies the cross-origin policy to apply to the + VirtualHost. + properties: + allowCredentials: + description: Specifies whether the resource allows credentials. + type: boolean + allowHeaders: + description: AllowHeaders specifies the content for the *access-control-allow-headers* + header. + items: + description: CORSHeaderValue specifies the value of the + string headers returned by a cross-domain request. + pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ + type: string + type: array + allowMethods: + description: AllowMethods specifies the content for the *access-control-allow-methods* + header. + items: + description: CORSHeaderValue specifies the value of the + string headers returned by a cross-domain request. + pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ + type: string + type: array + allowOrigin: + description: AllowOrigin specifies the origins that will be + allowed to do CORS requests. "*" means allow any origin. + items: + type: string + type: array + exposeHeaders: + description: ExposeHeaders Specifies the content for the *access-control-expose-headers* + header. + items: + description: CORSHeaderValue specifies the value of the + string headers returned by a cross-domain request. + pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ + type: string + type: array + maxAge: + description: MaxAge indicates for how long the results of + a preflight request can be cached. MaxAge durations are + expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", + "h". Only positive values are allowed while 0 disables the + cache requiring a preflight OPTIONS check for all cross-origin + requests. + type: string + required: + - allowMethods + - allowOrigin + type: object + fqdn: + description: The fully qualified domain name of the root of the + ingress tree all leaves of the DAG rooted at this object relate + to the fqdn. + pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + rateLimitPolicy: + description: The policy for rate limiting on the virtual host. + properties: + global: + description: Global defines global rate limiting parameters, + i.e. parameters defining descriptors that are sent to an + external rate limit service (RLS) for a rate limit decision + on each request. + properties: + descriptors: + description: Descriptors defines the list of descriptors + that will be generated and sent to the rate limit service. + Each descriptor contains 1+ key-value pair entries. + items: + description: RateLimitDescriptor defines a list of key-value + pair generators. + properties: + entries: + description: Entries is the list of key-value pair + generators. + items: + description: RateLimitDescriptorEntry is a key-value + pair generator. Exactly one field on this struct + must be non-nil. + properties: + genericKey: + description: GenericKey defines a descriptor + entry with a static key and value. + properties: + key: + description: Key defines the key of the + descriptor entry. If not set, the key + is set to "generic_key". + type: string + value: + description: Value defines the value of + the descriptor entry. + minLength: 1 + type: string + type: object + remoteAddress: + description: RemoteAddress defines a descriptor + entry with a key of "remote_address" and + a value equal to the client's IP address + (from x-forwarded-for). + type: object + requestHeader: + description: RequestHeader defines a descriptor + entry that's populated only if a given header + is present on the request. The descriptor + key is static, and the descriptor value + is equal to the value of the header. + properties: + descriptorKey: + description: DescriptorKey defines the + key to use on the descriptor entry. + minLength: 1 + type: string + headerName: + description: HeaderName defines the name + of the header to look for on the request. + minLength: 1 + type: string + type: object + requestHeaderValueMatch: + description: RequestHeaderValueMatch defines + a descriptor entry that's populated if the + request's headers match a set of 1+ match + criteria. The descriptor key is "header_match", + and the descriptor value is static. + properties: + expectMatch: + default: true + description: ExpectMatch defines whether + the request must positively match the + match criteria in order to generate + a descriptor entry (i.e. true), or not + match the match criteria in order to + generate a descriptor entry (i.e. false). + The default is true. + type: boolean + headers: + description: Headers is a list of 1+ match + criteria to apply against the request + to determine whether to populate the + descriptor entry or not. + items: + description: HeaderMatchCondition specifies + how to conditionally match against + HTTP headers. The Name field is required, + but only one of the remaining fields + should be be provided. + properties: + contains: + description: Contains specifies + a substring that must be present + in the header value. + type: string + exact: + description: Exact specifies a string + that the header value must be + equal to. + type: string + name: + description: Name is the name of + the header to match against. Name + is required. Header names are + case insensitive. + type: string + notcontains: + description: NotContains specifies + a substring that must not be present + in the header value. + type: string + notexact: + description: NoExact specifies a + string that the header value must + not be equal to. The condition + is true if the header has any + other value. + type: string + notpresent: + description: NotPresent specifies + that condition is true when the + named header is not present. Note + that setting NotPresent to false + does not make the condition true + if the named header is present. + type: boolean + present: + description: Present specifies that + condition is true when the named + header is present, regardless + of its value. Note that setting + Present to false does not make + the condition true if the named + header is absent. + type: boolean + required: + - name + type: object + minItems: 1 + type: array + value: + description: Value defines the value of + the descriptor entry. + minLength: 1 + type: string + type: object + type: object + minItems: 1 + type: array + type: object + minItems: 1 + type: array + type: object + local: + description: Local defines local rate limiting parameters, + i.e. parameters for rate limiting that occurs within each + Envoy pod as requests are handled. + properties: + burst: + description: Burst defines the number of requests above + the requests per unit that should be allowed within + a short period of time. + format: int32 + type: integer + requests: + description: Requests defines how many requests per unit + of time should be allowed before rate limiting occurs. + format: int32 + minimum: 1 + type: integer + responseHeadersToAdd: + description: ResponseHeadersToAdd is an optional list + of response headers to set when a request is rate-limited. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + responseStatusCode: + description: ResponseStatusCode is the HTTP status code + to use for responses to rate-limited requests. Codes + must be in the 400-599 range (inclusive). If not specified, + the Envoy default of 429 (Too Many Requests) is used. + format: int32 + maximum: 599 + minimum: 400 + type: integer + unit: + description: Unit defines the period of time within which + requests over the limit will be rate limited. Valid + values are "second", "minute" and "hour". + enum: + - second + - minute + - hour + type: string + required: + - requests + - unit + type: object + type: object + tls: + description: If present the fields describes TLS properties of + the virtual host. The SNI names that will be matched on are + described in fqdn, the tls.secretName secret must contain a + certificate that itself contains a name that matches the FQDN. + properties: + clientValidation: + description: "ClientValidation defines how to verify the client + certificate when an external client establishes a TLS connection + to Envoy. \n This setting: \n 1. Enables TLS client certificate + validation. 2. Specifies how the client certificate will + be validated (i.e. validation required or skipped). \n + Note: Setting client certificate validation to be skipped + should be only used in conjunction with an external authorization + server that performs client validation as Contour will ensure + client certificates are passed along." + properties: + caSecret: + description: Name of a Kubernetes secret that contains + a CA certificate bundle. The client certificate must + validate against the certificates in the bundle. If + specified and SkipClientCertValidation is true, client + certificates will be required on requests. + minLength: 1 + type: string + skipClientCertValidation: + description: SkipClientCertValidation disables downstream + client certificate validation. Defaults to false. This + field is intended to be used in conjunction with external + authorization in order to enable the external authorization + server to validate client certificates. When this field + is set to true, client certificates are requested but + not verified by Envoy. If CACertificate is specified, + client certificates are required on requests, but not + verified. If external authorization is in use, they + are presented to the external authorization server. + type: boolean + type: object + enableFallbackCertificate: + description: EnableFallbackCertificate defines if the vhost + should allow a default certificate to be applied which handles + all requests which don't match the SNI defined in this vhost. + type: boolean + minimumProtocolVersion: + description: MinimumProtocolVersion is the minimum TLS version + this vhost should negotiate. Valid options are `1.2` (default) + and `1.3`. Any other value defaults to TLS 1.2. + type: string + passthrough: + description: Passthrough defines whether the encrypted TLS + handshake will be passed through to the backing cluster. + Either Passthrough or SecretName must be specified, but + not both. + type: boolean + secretName: + description: SecretName is the name of a TLS secret in the + current namespace. Either SecretName or Passthrough must + be specified, but not both. If specified, the named secret + must contain a matching certificate for the virtual host's + FQDN. + type: string + type: object + required: + - fqdn + type: object + type: object + status: + default: + currentStatus: NotReconciled + description: Waiting for controller + description: Status is a container for computed information about the + HTTPProxy. + properties: + conditions: + description: "Conditions contains information about the current status + of the HTTPProxy, in an upstream-friendly container. \n Contour + will update a single condition, `Valid`, that is in normal-true + polarity. That is, when `currentStatus` is `valid`, the `Valid` + condition will be `status: true`, and vice versa. \n Contour will + leave untouched any other Conditions set in this block, in case + some other controller wants to add a Condition. \n If you are another + controller owner and wish to add a condition, you *should* namespace + your condition with a label, like `controller.domain.com/ConditionName`." + items: + description: "DetailedCondition is an extension of the normal Kubernetes + conditions, with two extra fields to hold sub-conditions, which + provide more detailed reasons for the state (True or False) of + the condition. \n `errors` holds information about sub-conditions + which are fatal to that condition and render its state False. + \n `warnings` holds information about sub-conditions which are + not fatal to that condition and do not force the state to be False. + \n Remember that Conditions have a type, a status, and a reason. + \n The type is the type of the condition, the most important one + in this CRD set is `Valid`. `Valid` is a positive-polarity condition: + when it is `status: true` there are no problems. \n In more detail, + `status: true` means that the object is has been ingested into + Contour with no errors. `warnings` may still be present, and will + be indicated in the Reason field. There must be zero entries in + the `errors` slice in this case. \n `Valid`, `status: false` means + that the object has had one or more fatal errors during processing + into Contour. The details of the errors will be present under + the `errors` field. There must be at least one error in the `errors` + slice if `status` is `false`. \n For DetailedConditions of types + other than `Valid`, the Condition must be in the negative polarity. + When they have `status` `true`, there is an error. There must + be at least one entry in the `errors` Subcondition slice. When + they have `status` `false`, there are no serious errors, and there + must be zero entries in the `errors` slice. In either case, there + may be entries in the `warnings` slice. \n Regardless of the polarity, + the `reason` and `message` fields must be updated with either + the detail of the reason (if there is one and only one entry in + total across both the `errors` and `warnings` slices), or `MultipleReasons` + if there is more than one entry." + properties: + errors: + description: "Errors contains a slice of relevant error subconditions + for this object. \n Subconditions are expected to appear when + relevant (when there is a error), and disappear when not relevant. + An empty slice here indicates no errors." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + warnings: + description: "Warnings contains a slice of relevant warning + subconditions for this object. \n Subconditions are expected + to appear when relevant (when there is a warning), and disappear + when not relevant. An empty slice here indicates no warnings." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentStatus: + type: string + description: + type: string + loadBalancer: + description: LoadBalancer contains the current status of the load + balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the + load-balancer. Traffic intended for the service should be sent + to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a + load-balancer ingress point: traffic intended for the service + should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points + that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points + that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports + If used, every port defined in the service should have + an entry in it + items: + properties: + error: + description: 'Error is to record the problem with + the service port The format of the error shall comply + with the following rules: - built-in error values + shall be specified in this file and those shall + use CamelCase names - cloud provider specific + error values must have names that comply with the format + foo.example.com/CamelCase. --- The regex it matches + is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service + port of which status is recorded here The supported + values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/examples/locked/vendor/helm-chart/resources/tlscertificatedeligations.yaml b/examples/locked/vendor/helm-chart/resources/tlscertificatedeligations.yaml new file mode 100644 index 00000000..148fff31 --- /dev/null +++ b/examples/locked/vendor/helm-chart/resources/tlscertificatedeligations.yaml @@ -0,0 +1,289 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + name: tlscertificatedelegations.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: TLSCertificateDelegation + listKind: TLSCertificateDelegationList + plural: tlscertificatedelegations + shortNames: + - tlscerts + singular: tlscertificatedelegation + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: TLSCertificateDelegation is an TLS Certificate Delegation CRD + specification. See design/tls-certificate-delegation.md for details. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSCertificateDelegationSpec defines the spec of the CRD + properties: + delegations: + items: + description: CertificateDelegation maps the authority to reference + a secret in the current namespace to a set of namespaces. + properties: + secretName: + description: required, the name of a secret in the current namespace. + type: string + targetNamespaces: + description: required, the namespaces the authority to reference + the the secret will be delegated to. If TargetNamespaces is + nil or empty, the CertificateDelegation' is ignored. If the + TargetNamespace list contains the character, "*" the secret + will be delegated to all namespaces. + items: + type: string + type: array + required: + - secretName + - targetNamespaces + type: object + type: array + required: + - delegations + type: object + status: + description: TLSCertificateDelegationStatus allows for the status of the + delegation to be presented to the user. + properties: + conditions: + description: "Conditions contains information about the current status + of the HTTPProxy, in an upstream-friendly container. \n Contour + will update a single condition, `Valid`, that is in normal-true + polarity. That is, when `currentStatus` is `valid`, the `Valid` + condition will be `status: true`, and vice versa. \n Contour will + leave untouched any other Conditions set in this block, in case + some other controller wants to add a Condition. \n If you are another + controller owner and wish to add a condition, you *should* namespace + your condition with a label, like `controller.domain.com\\ConditionName`." + items: + description: "DetailedCondition is an extension of the normal Kubernetes + conditions, with two extra fields to hold sub-conditions, which + provide more detailed reasons for the state (True or False) of + the condition. \n `errors` holds information about sub-conditions + which are fatal to that condition and render its state False. + \n `warnings` holds information about sub-conditions which are + not fatal to that condition and do not force the state to be False. + \n Remember that Conditions have a type, a status, and a reason. + \n The type is the type of the condition, the most important one + in this CRD set is `Valid`. `Valid` is a positive-polarity condition: + when it is `status: true` there are no problems. \n In more detail, + `status: true` means that the object is has been ingested into + Contour with no errors. `warnings` may still be present, and will + be indicated in the Reason field. There must be zero entries in + the `errors` slice in this case. \n `Valid`, `status: false` means + that the object has had one or more fatal errors during processing + into Contour. The details of the errors will be present under + the `errors` field. There must be at least one error in the `errors` + slice if `status` is `false`. \n For DetailedConditions of types + other than `Valid`, the Condition must be in the negative polarity. + When they have `status` `true`, there is an error. There must + be at least one entry in the `errors` Subcondition slice. When + they have `status` `false`, there are no serious errors, and there + must be zero entries in the `errors` slice. In either case, there + may be entries in the `warnings` slice. \n Regardless of the polarity, + the `reason` and `message` fields must be updated with either + the detail of the reason (if there is one and only one entry in + total across both the `errors` and `warnings` slices), or `MultipleReasons` + if there is more than one entry." + properties: + errors: + description: "Errors contains a slice of relevant error subconditions + for this object. \n Subconditions are expected to appear when + relevant (when there is a error), and disappear when not relevant. + An empty slice here indicates no errors." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + warnings: + description: "Warnings contains a slice of relevant warning + subconditions for this object. \n Subconditions are expected + to appear when relevant (when there is a warning), and disappear + when not relevant. An empty slice here indicates no warnings." + items: + description: "SubCondition is a Condition-like type intended + for use as a subcondition inside a DetailedCondition. \n + It contains a subset of the Condition fields. \n It is intended + for warnings and errors, so `type` names should use abnormal-true + polarity, that is, they should be of the form \"ErrorPresent: + true\". \n The expected lifecycle for these errors is that + they should only be present when the error or warning is, + and should be removed when they are not relevant." + properties: + message: + description: "Message is a human readable message indicating + details about the transition. \n This may be an empty + string." + maxLength: 32768 + type: string + reason: + description: "Reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. \n The value + should be a CamelCase string. \n This field may not + be empty." + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + \n This must be in abnormal-true polarity, that is, + `ErrorFound` or `controller.io/ErrorFound`. \n The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/examples/locked/vendor/helm-chart/templates/00-crds.yaml b/examples/locked/vendor/helm-chart/templates/00-crds.yaml new file mode 100644 index 00000000..b7141ad6 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/00-crds.yaml @@ -0,0 +1,6 @@ +{{ if .Values.contour.manageCRDs }} +{{ range $path, $_ := .Files.Glob "resources/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{ end }} +{{ end }} diff --git a/examples/locked/vendor/helm-chart/templates/NOTES.txt b/examples/locked/vendor/helm-chart/templates/NOTES.txt index 5769a3b4..8aed6dd2 100644 --- a/examples/locked/vendor/helm-chart/templates/NOTES.txt +++ b/examples/locked/vendor/helm-chart/templates/NOTES.txt @@ -1,3 +1,9 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + {{- if eq .Values.envoy.service.type "LoadBalancer" }} 1. Get Contours's load balancer IP/hostname: @@ -5,16 +11,16 @@ You can watch the status by running: - $ kubectl get svc {{ include "contour.fullname" . }} --namespace {{ .Release.Namespace }} -w + $ kubectl get svc {{ include "common.names.fullname" . }}-envoy --namespace {{ include "common.names.namespace" . }} -w Once 'EXTERNAL-IP' is no longer '': - $ kubectl describe svc {{ include "contour.fullname" . }} --namespace {{ .Release.Namespace }} | grep Ingress | awk '{print $3}' + $ kubectl describe svc {{ include "common.names.fullname" . }}-envoy --namespace {{ include "common.names.namespace" . }} | grep Ingress | awk '{print $3}' 2. Configure DNS records corresponding to Kubernetes ingress resources to point to the load balancer IP/hostname found in step 1 {{- end }} {{- if eq .Values.envoy.service.type "NodePort" }} -{{- if (and (not (empty .Values.envoy.service.nodePorts.https)) (not (empty .Values.envoy.service.nodePorts.http)))}} +{{- if (and (not (empty .Values.envoy.service.nodePorts.https)) (not (empty .Values.envoy.service.nodePorts.http))) }} 1. Contour is listening on the following ports on the host machine: http - {{ .Values.envoy.service.nodePorts.http }} @@ -22,9 +28,13 @@ {{- else }} 1. Contour has been started. You can find out the port numbers being used by Contour by running: - $ kubectl describe svc {{ include "contour.fullname" . }} --namespace {{ .Release.Namespace }} + $ kubectl describe svc {{ include "common.names.fullname" . }} --namespace {{ include "common.names.namespace" . }} {{- end }} 2. Configure DNS records corresponding to Kubernetes ingress resources to point to the NODE_IP/NODE_HOST -{{- end }} \ No newline at end of file +{{- end }} + +{{- include "contour.validateValues" . }} +{{- include "common.warnings.rollingTag" .Values.contour.image }} +{{- include "common.warnings.rollingTag" .Values.envoy.image }} diff --git a/examples/locked/vendor/helm-chart/templates/_helpers.tpl b/examples/locked/vendor/helm-chart/templates/_helpers.tpl index f5deb066..b60c2b68 100644 --- a/examples/locked/vendor/helm-chart/templates/_helpers.tpl +++ b/examples/locked/vendor/helm-chart/templates/_helpers.tpl @@ -1,213 +1,117 @@ {{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "contour.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} {{/* -Return the proper contour image name -*/}} -{{- define "contour.image" -}} -{{- $registryName := .Values.contour.image.registry -}} -{{- $repositoryName := .Values.contour.image.repository -}} -{{- $tag := .Values.contour.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option +Create the name of the envoy service account to use */}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} +{{- define "envoy.envoyServiceAccountName" -}} +{{- if .Values.contour.serviceAccount.create -}} + {{ default (printf "%s-envoy" (include "common.names.fullname" .)) .Values.envoy.serviceAccount.name }} {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{ default "default" .Values.envoy.serviceAccount.name }} {{- end -}} {{- end -}} {{/* -Return the proper envoy image name -*/}} -{{- define "envoy.image" -}} -{{- $registryName := .Values.envoy.image.registry -}} -{{- $repositoryName := .Values.envoy.image.repository -}} -{{- $tag := .Values.envoy.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option +Create the name of the contour service account to use */}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} +{{- define "contour.contourServiceAccountName" -}} +{{- if .Values.contour.serviceAccount.create -}} + {{ default (printf "%s-contour" (include "common.names.fullname" .)) .Values.contour.serviceAccount.name }} {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "contour.labels" -}} -app.kubernetes.io/name: {{ include "contour.name" . }} -helm.sh/chart: {{ include "contour.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} + {{ default "default" .Values.contour.serviceAccount.name }} {{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "contour.matchLabels" -}} -app.kubernetes.io/name: {{ include "contour.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} - {{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. +Create the name of the contour-certgen service account to use */}} -{{- define "contour.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- define "contour.contourCertGenServiceAccountName" -}} +{{- if .Values.contour.certgen.serviceAccount.create -}} + {{ default (printf "%s-contour-certgen" (include "common.names.fullname" .)) .Values.contour.certgen.serviceAccount.name }} {{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} + {{ default "default" .Values.contour.certgen.serviceAccount.name }} {{- end -}} {{- end -}} {{/* -Create chart name and version as used by the chart label. +Whether to enabled contour-certgen or not */}} -{{- define "contour.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- define "contour.contour-certgen.enabled" -}} +{{- if and (not .Values.tlsExistingSecret) (or (not .Values.contour.tlsExistingSecret) (not .Values.envoy.tlsExistingSecret)) -}} + true +{{- else -}}{{- end -}} {{- end -}} {{/* -Return the proper Docker Image Registry Secret Names +Contour certs secret name */}} -{{- define "contour.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.contour.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.contour.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if .Values.contour.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.contour.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} +{{- define "contour.contour.certs-secret.name" -}} +{{- $existingSecret := default .Values.tlsExistingSecret .Values.contour.tlsExistingSecret -}} +{{- $name := default "contourcert" $existingSecret -}} +{{- printf "%s" $name -}} {{- end -}} {{/* -Return the proper Docker Image Registry Secret Names +Envoy certs secret name */}} -{{- define "envoy.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.envoy.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.envoy.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if .Values.envoy.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.envoy.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} +{{- define "contour.envoy.certs-secret.name" -}} +{{- $existingSecret := default .Values.tlsExistingSecret .Values.envoy.tlsExistingSecret -}} +{{- $name := default "envoycert" $existingSecret -}} +{{- printf "%s" $name -}} {{- end -}} - {{/* -Create the name of the envoy service account to use +Create the name of the settings ConfigMap to use. */}} -{{- define "envoy.envoyServiceAccountName" -}} -{{- if .Values.contour.serviceAccount.create -}} - {{ default (printf "%s-envoy" (include "contour.fullname" .)) .Values.envoy.serviceAccount.name }} +{{- define "contour.configMapName" -}} +{{- if .Values.configInline -}} + {{ include "common.names.fullname" . }} {{- else -}} - {{ default "default" .Values.envoy.serviceAccount.name }} + {{ .Values.existingConfigMap }} {{- end -}} {{- end -}} {{/* -Create the name of the contour service account to use +Compile all warnings into a single message, and call fail. */}} -{{- define "contour.contourServiceAccountName" -}} -{{- if .Values.contour.serviceAccount.create -}} - {{ default (printf "%s-contour" (include "contour.fullname" .)) .Values.contour.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.contour.serviceAccount.name }} +{{- define "contour.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "contour.validateValues.envoy.kind" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} {{- end -}} {{- end -}} -{{/* -Create the name of the contour-certgen service account to use -*/}} -{{- define "contour.contourCertGenServiceAccountName" -}} -{{- if .Values.contour.certgen.serviceAccount.create -}} - {{ default (printf "%s-contour-certgen" (include "contour.fullname" .)) .Values.contour.certgen.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.contour.certgen.serviceAccount.name }} +{{/* Validate values of Contour - must provide a valid Envoy kind */}} +{{- define "contour.validateValues.envoy.kind" -}} +{{- if and .Values.envoy.enabled (ne .Values.envoy.kind "deployment") (ne .Values.envoy.kind "daemonset") -}} +contour: envoy.kind + Invalid envoy.kind selected. Valid values are "daemonset" and + "deployment". Please set a valid kind (--set envoy.kind="xxxx") {{- end -}} {{- end -}} -{{/* -Create the name of the settings ConfigMap to use. -*/}} -{{- define "contour.configMapName" -}} -{{- if .Values.configInline -}} - {{ include "contour.fullname" . }} +{{/* Create the name of the IngressClass to use. */}} +{{- define "contour.ingressClassName" -}} +{{- $ingressClass := .Values.contour.ingressClass }} +{{- if kindIs "string" $ingressClass -}} + {{ default "contour" $ingressClass }} +{{- else if kindIs "map" $ingressClass -}} + {{ default "contour" $ingressClass.name }} {{- else -}} - {{ .Values.existingConfigMap }} + contour {{- end -}} {{- end -}} -{{/* -Renders a value that contains template. -Usage: -{{ include "contour.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "contour.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} +{{/* Whether the name of the ingress class is defined or not */}} +{{- define "contour.isIngressClassNameDefined" -}} +{{- $ingressClass := .Values.contour.ingressClass -}} +{{- if kindIs "string" $ingressClass -}} + true +{{- else if and (kindIs "map" $ingressClass) ($ingressClass.name) -}} + true +{{- end -}} {{- end -}} diff --git a/examples/locked/vendor/helm-chart/templates/certgen/job.yaml b/examples/locked/vendor/helm-chart/templates/certgen/job.yaml new file mode 100644 index 00000000..e381d935 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/certgen/job.yaml @@ -0,0 +1,80 @@ +{{- if and .Values.contour.enabled (include "contour.contour-certgen.enabled" .) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.names.fullname" . }}-contour-certgen + namespace: {{ include "common.names.namespace" . | quote }} + annotations: + "helm.sh/hook": "pre-install,pre-upgrade" + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour-certgen + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +spec: + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: contour-certgen + spec: + {{- include "common.images.pullSecrets" ( dict "images" (list .Values.contour.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.contour.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.contour.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.contour.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.contour.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.contour.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.contour.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.contour.podSecurityContext.enabled }} + securityContext: {{- omit .Values.contour.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: contour + image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.contour.image.pullPolicy }} + command: + - contour + args: + - certgen + - --kube + - --incluster + - --overwrite + - --secrets-format=compact + - --namespace=$(CONTOUR_NAMESPACE) + - --certificate-lifetime={{ .Values.contour.certgen.certificateLifetime }} + env: + - name: CONTOUR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.contour.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.contour.extraEnvVarsCM .Values.contour.extraEnvVarsSecret }} + envFrom: + {{- if .Values.contour.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.contour.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.contour.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.contour.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + resources: {{ toYaml .Values.contour.resources | nindent 12 }} + restartPolicy: Never + serviceAccountName: {{ include "contour.contourCertGenServiceAccountName" . }} + parallelism: 1 + completions: 1 + backoffLimit: 1 +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/certgen/rbac.yaml b/examples/locked/vendor/helm-chart/templates/certgen/rbac.yaml new file mode 100644 index 00000000..87c207f4 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/certgen/rbac.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.rbac.create .Values.contour.enabled (include "contour.contour-certgen.enabled" .) }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "common.names.fullname" . }}-contour-certgen + namespace: {{ include "common.names.namespace" . | quote }} + annotations: + "helm.sh/hook": "pre-install,pre-upgrade" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour-certgen + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - update +--- +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ include "common.names.fullname" . }}-contour-certgen + namespace: {{ include "common.names.namespace" . | quote }} + annotations: + "helm.sh/hook": "pre-install,pre-upgrade" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour-certgen +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.names.fullname" . }}-contour-certgen +subjects: + - kind: ServiceAccount + name: {{ include "contour.contourCertGenServiceAccountName" . }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/certgen/serviceaccount.yaml b/examples/locked/vendor/helm-chart/templates/certgen/serviceaccount.yaml new file mode 100644 index 00000000..715387b5 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/certgen/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.contour.certgen.serviceAccount.create (include "contour.contour-certgen.enabled" .) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "contour.contourCertGenServiceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour-certgen + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook": "pre-install,pre-upgrade" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.contour.certgen.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.contour.certgen.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.contour.certgen.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/configmap.yaml b/examples/locked/vendor/helm-chart/templates/configmap.yaml deleted file mode 100644 index 4ab465e9..00000000 --- a/examples/locked/vendor/helm-chart/templates/configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.configInline }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "contour.fullname" . }} - labels: {{- include "contour.labels" . | nindent 4}} - app.kubernetes.io/component: contour -data: - contour.yaml: | -{{ include "contour.tplValue" ( dict "value" .Values.configInline "context" $) | indent 4 }} -{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/contour/configmap.yaml b/examples/locked/vendor/helm-chart/templates/contour/configmap.yaml new file mode 100644 index 00000000..6368aa8e --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/contour/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.configInline }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + contour.yaml: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.configInline "context" $) | nindent 4 }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/contour/deployment.yaml b/examples/locked/vendor/helm-chart/templates/contour/deployment.yaml new file mode 100644 index 00000000..c2108e97 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/contour/deployment.yaml @@ -0,0 +1,237 @@ +{{- if .Values.contour.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }}-contour + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.contour.replicaCount }} + {{- if .Values.contour.updateStrategy }} + strategy: {{- toYaml .Values.contour.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: contour + template: + metadata: + {{- if or .Values.configInline .Values.contour.podAnnotations .Values.commonAnnotations }} + annotations: + {{- if .Values.contour.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.contour.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.configInline }} + checksum/config: {{ include (print $.Template.BasePath "/contour/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: contour + {{- if .Values.contour.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.contour.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" ( dict "images" (list .Values.contour.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.contour.priorityClassName }} + priorityClassName: {{ .Values.contour.priorityClassName | quote }} + {{- end }} + {{- if .Values.contour.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.contour.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.contour.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.contour.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.contour.podAffinityPreset "component" "contour" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.contour.podAntiAffinityPreset "component" "contour" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.contour.nodeAffinityPreset.type "key" .Values.contour.nodeAffinityPreset.key "values" .Values.contour.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.contour.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.contour.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.contour.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.contour.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.contour.schedulerName }} + schedulerName: {{ .Values.contour.schedulerName | quote }} + {{- end }} + {{- if .Values.contour.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.contour.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.contour.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.contour.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.contour.initContainers }} + initContainers: {{- include "common.tplvalues.render" ( dict "value" .Values.contour.initContainers "context" $ ) | nindent 6 }} + {{- end }} + containers: + - name: contour + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.contour.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.contour.command "context" $) | nindent 12 }} + {{- else }} + command: + - contour + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.contour.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.contour.args "context" $) | nindent 12 }} + {{- else }} + args: + - serve + - --incluster + - --xds-address=0.0.0.0 + - --xds-port={{ .Values.contour.containerPorts.xds }} + - --http-port={{ .Values.contour.containerPorts.metrics }} + - --envoy-service-http-port={{ .Values.envoy.containerPorts.http }} + - --envoy-service-https-port={{ .Values.envoy.containerPorts.https }} + - --contour-cafile=/certs/ca.crt + - --contour-cert-file=/certs/tls.crt + - --contour-key-file=/certs/tls.key + - --config-path=/config/contour.yaml + {{- if .Values.contour.debug }} + - --debug + {{- end }} + - --kubernetes-debug={{ .Values.contour.kubernetesDebug }} + {{- if (include "contour.isIngressClassNameDefined" .) }} + - --ingress-class-name={{ include "contour.ingressClassName" . }} + {{- end }} + {{- if .Values.contour.rootNamespaces }} + - --root-namespaces={{ .Values.contour.rootNamespaces }} + {{- end }} + {{- if .Values.contour.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.contour.image.pullPolicy }} + ports: + - containerPort: {{ .Values.contour.containerPorts.xds }} + name: xds + protocol: TCP + - containerPort: {{ .Values.contour.containerPorts.metrics }} + name: metrics + protocol: TCP + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.contour.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.contour.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.contour.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.contour.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.contour.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }} + {{- else if .Values.contour.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.contour.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.contour.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.contour.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.contour.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.contour.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.contour.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.contour.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.contour.readinessProbe.failureThreshold }} + {{- else if .Values.contour.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.contour.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.contour.startupProbe.enabled }} + startupProbe: + httpGet: + path: /healthz + port: {{ .Values.contour.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.contour.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.contour.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.contour.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.contour.startupProbe.successThreshold }} + failureThreshold: {{ .Values.contour.startupProbe.failureThreshold }} + {{- else if .Values.contour.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.contour.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + resources: {{ toYaml .Values.contour.resources | nindent 12 }} + volumeMounts: + - name: contourcert + mountPath: /certs + readOnly: true + - name: contour-config + mountPath: /config + readOnly: true + {{- if .Values.contour.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.contour.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + env: + - name: CONTOUR_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.contour.image.debug .Values.diagnosticMode.enabled) | quote }} + {{- if .Values.contour.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.contour.extraEnvVarsCM .Values.contour.extraEnvVarsSecret }} + envFrom: + {{- if .Values.contour.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.contour.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.contour.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.contour.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.contour.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.contour.sidecars "context" $) | nindent 8 }} + {{- end }} + dnsPolicy: ClusterFirst + serviceAccountName: {{ include "contour.contourServiceAccountName" . }} + {{- if .Values.contour.podSecurityContext.enabled }} + securityContext: + fsGroup: {{ .Values.contour.podSecurityContext.fsGroup }} + {{- end }} + volumes: + - name: contourcert + secret: + secretName: {{ include "contour.contour.certs-secret.name" . }} + - name: contour-config + configMap: + name: {{ include "contour.configMapName" . }} + defaultMode: 0644 + items: + - key: contour.yaml + path: contour.yaml + {{- if .Values.contour.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.contour.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/contour/ingressclass.yaml b/examples/locked/vendor/helm-chart/templates/contour/ingressclass.yaml new file mode 100644 index 00000000..c0a2d1ca --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/contour/ingressclass.yaml @@ -0,0 +1,18 @@ +{{ $ingressClass := .Values.contour.ingressClass }} +{{- if kindIs "map" $ingressClass }} +{{- if $ingressClass.create }} +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: {{ include "contour.ingressClassName" . }} + annotations: +{{- if $ingressClass.default }} + ingressclass.kubernetes.io/is-default-class: "true" +{{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour +spec: + controller: {{ printf "projectcontour.io/%s/%s-contour" (include "common.names.namespace" .) (include "common.names.fullname" .) }} +{{- end }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/contour/rbac.yaml b/examples/locked/vendor/helm-chart/templates/contour/rbac.yaml new file mode 100644 index 00000000..b43439b3 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/contour/rbac.yaml @@ -0,0 +1,216 @@ +{{- if and .Values.rbac.create .Values.contour.enabled }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ include "common.names.fullname" . }}-contour + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - create + - get + - update + - apiGroups: + - networking.x-k8s.io + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - tcproutes + - tlsroutes + - udproutes + - referencepolicies + verbs: + - get + - list + - watch + - apiGroups: + - networking.x-k8s.io + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - httproutes/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: + - update + - apiGroups: + - projectcontour.io + resources: + - contourconfigurations + verbs: + - get + - list + - watch + - apiGroups: + - projectcontour.io + resources: + - contourconfigurations/status + verbs: + - create + - get + - update + - apiGroups: + - projectcontour.io + resources: + - extensionservices + verbs: + - get + - list + - watch + - apiGroups: + - projectcontour.io + resources: + - extensionservices/status + verbs: + - create + - get + - update + - apiGroups: + - projectcontour.io + resources: + - httpproxies + - tlscertificatedelegations + verbs: + - get + - list + - watch + - apiGroups: + - projectcontour.io + resources: + - httpproxies/status + verbs: + - create + - get + - update + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +--- +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ include "common.names.fullname" . }}-contour + labels: {{- include "common.labels.standard" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "common.names.fullname" . }}-contour +subjects: + - kind: ServiceAccount + name: {{ include "contour.contourServiceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} +--- +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "common.names.fullname" . }}-contour + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +--- +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ include "common.names.fullname" . }}-contour-role + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.names.fullname" . }}-contour +subjects: + - kind: ServiceAccount + name: {{ include "contour.contourServiceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/contour/service.yaml b/examples/locked/vendor/helm-chart/templates/contour/service.yaml new file mode 100644 index 00000000..08340650 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/contour/service.yaml @@ -0,0 +1,74 @@ +{{- if .Values.contour.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.contour.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.contour.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.contour.service.type }} + {{- if or (eq .Values.contour.service.type "LoadBalancer") (eq .Values.contour.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.contour.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and .Values.contour.service.clusterIP (eq .Values.contour.service.type "ClusterIP") }} + clusterIP: {{ .Values.contour.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.contour.service.type "LoadBalancer") (not (empty .Values.contour.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.contour.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.contour.service.type "LoadBalancer") (not (empty .Values.contour.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.contour.service.loadBalancerIP }} + {{- end }} + {{- if .Values.contour.service.sessionAffinity }} + sessionAffinity: {{ .Values.contour.service.sessionAffinity }} + {{- end }} + {{- if .Values.contour.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.contour.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.contour.service.ports.xds }} + name: tcp-xds + protocol: TCP + targetPort: xds + {{- if (and (or (eq .Values.contour.service.type "NodePort") (eq .Values.contour.service.type "LoadBalancer")) (not (empty .Values.contour.service.nodePorts.xds))) }} + nodePort: {{ .Values.contour.service.nodePorts.xds }} + {{- else if eq .Values.contour.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.contour.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.contour.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: contour +{{- if .Values.metrics.serviceMonitor.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-contour-metrics + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour +spec: + type: ClusterIP + clusterIP: None + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: contour + ports: + - name: metrics + port: {{ .Values.contour.service.ports.metrics }} + protocol: TCP + targetPort: metrics +{{- end }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/contour/serviceaccount.yaml b/examples/locked/vendor/helm-chart/templates/contour/serviceaccount.yaml new file mode 100644 index 00000000..3fcfaf43 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/contour/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.contour.serviceAccount.create .Values.contour.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "contour.contourServiceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.contour.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.contour.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.contour.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +automountServiceAccountToken: {{ .Values.contour.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/contour/servicemonitor.yaml b/examples/locked/vendor/helm-chart/templates/contour/servicemonitor.yaml new file mode 100644 index 00000000..43964ed0 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/contour/servicemonitor.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.metrics.serviceMonitor.enabled .Values.contour.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }}-contour + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: contour + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: contour + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} + {{- end }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/crd-httpproxies.yaml b/examples/locked/vendor/helm-chart/templates/crd-httpproxies.yaml deleted file mode 100644 index 9a81720f..00000000 --- a/examples/locked/vendor/helm-chart/templates/crd-httpproxies.yaml +++ /dev/null @@ -1,782 +0,0 @@ -{{- if and .Values.contour.enabled .Values.contour.createCustomResource }} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.9 - "helm.sh/hook": crd-install - {{- if .Values.contour.customResourceDeletePolicy }} - "helm.sh/hook-delete-policy": {{ .Values.contour.customResourceDeletePolicy }} - {{- end }} - labels: {{- include "contour.labels" . | nindent 4 }} - name: httpproxies.projectcontour.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.virtualhost.fqdn - description: Fully qualified domain name - name: FQDN - type: string - - JSONPath: .spec.virtualhost.tls.secretName - description: Secret with TLS credentials - name: TLS Secret - type: string - - JSONPath: .status.currentStatus - description: The current status of the HTTPProxy - name: Status - type: string - - JSONPath: .status.description - description: Description of the current status - name: Status Description - type: string - group: projectcontour.io - names: - kind: HTTPProxy - listKind: HTTPProxyList - plural: httpproxies - shortNames: - - proxy - - proxies - singular: httpproxy - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: HTTPProxy is an Ingress CRD specification - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HTTPProxySpec defines the spec of the CRD. - properties: - includes: - description: Includes allow for specific routing configuration to be - appended to another HTTPProxy in another namespace. - items: - description: Include describes a set of policies that can be applied - to an HTTPProxy in a namespace. - properties: - conditions: - description: Conditions are a set of routing properties that is - applied to an HTTPProxy in a namespace. - items: - description: Condition are policies that are applied on top - of HTTPProxies. One of Prefix or Header must be provided. - properties: - header: - description: Header specifies the header condition to match. - properties: - contains: - description: Contains specifies a substring that must - be present in the header value. - type: string - exact: - description: Exact specifies a string that the header - value must be equal to. - type: string - name: - description: Name is the name of the header to match - against. Name is required. Header names are case insensitive. - type: string - notcontains: - description: NotContains specifies a substring that - must not be present in the header value. - type: string - notexact: - description: NoExact specifies a string that the header - value must not be equal to. The condition is true - if the header has any other value. - type: string - present: - description: Present specifies that condition is true - when the named header is present, regardless of its - value. Note that setting Present to false does not - make the condition true if the named header is absent. - type: boolean - required: - - name - type: object - prefix: - description: Prefix defines a prefix match for a request. - type: string - type: object - type: array - name: - description: Name of the HTTPProxy - type: string - namespace: - description: Namespace of the HTTPProxy to include. Defaults to - the current namespace if not supplied. - type: string - required: - - name - type: object - type: array - routes: - description: Routes are the ingress routes. If TCPProxy is present, - Routes is ignored. - items: - description: Route contains the set of routes for a virtual host. - properties: - conditions: - description: Conditions are a set of routing properties that is - applied to an HTTPProxy in a namespace. - items: - description: Condition are policies that are applied on top - of HTTPProxies. One of Prefix or Header must be provided. - properties: - header: - description: Header specifies the header condition to match. - properties: - contains: - description: Contains specifies a substring that must - be present in the header value. - type: string - exact: - description: Exact specifies a string that the header - value must be equal to. - type: string - name: - description: Name is the name of the header to match - against. Name is required. Header names are case insensitive. - type: string - notcontains: - description: NotContains specifies a substring that - must not be present in the header value. - type: string - notexact: - description: NoExact specifies a string that the header - value must not be equal to. The condition is true - if the header has any other value. - type: string - present: - description: Present specifies that condition is true - when the named header is present, regardless of its - value. Note that setting Present to false does not - make the condition true if the named header is absent. - type: boolean - required: - - name - type: object - prefix: - description: Prefix defines a prefix match for a request. - type: string - type: object - type: array - enableWebsockets: - description: Enables websocket support for the route. - type: boolean - healthCheckPolicy: - description: The health check policy for this route. - properties: - healthyThresholdCount: - description: The number of healthy health checks required - before a host is marked healthy - format: int64 - minimum: 0 - type: integer - host: - description: The value of the host header in the HTTP health - check request. If left empty (default value), the name "contour-envoy-healthcheck" - will be used. - type: string - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - path: - description: HTTP endpoint used to perform health checks on - upstream service - type: string - timeoutSeconds: - description: The time to wait (seconds) for a health check - response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int64 - minimum: 0 - type: integer - required: - - path - type: object - loadBalancerPolicy: - description: The load balancing policy for this route. - properties: - strategy: - description: Strategy specifies the policy used to balance - requests across the pool of backend pods. Valid policy names - are `Random`, `RoundRobin`, `WeightedLeastRequest`, `Random` - and `Cookie`. If an unknown strategy name is specified or - no policy is supplied, the default `RoundRobin` policy is - used. - type: string - type: object - pathRewritePolicy: - description: The policy for rewriting the path of the request - URL after the request has been routed to a Service. - properties: - replacePrefix: - description: ReplacePrefix describes how the path prefix should - be replaced. - items: - description: ReplacePrefix describes a path prefix replacement. - properties: - prefix: - description: "Prefix specifies the URL path prefix to - be replaced. \n If Prefix is specified, it must exactly - match the Condition prefix that is rendered by the - chain of including HTTPProxies and only that path - prefix will be replaced by Replacement. This allows - HTTPProxies that are included through multiple roots - to only replace specific path prefixes, leaving others - unmodified. \n If Prefix is not specified, all routing - prefixes rendered by the include chain will be replaced." - minLength: 1 - type: string - replacement: - description: Replacement is the string that the routing - path prefix will be replaced with. This must not be - empty. - minLength: 1 - type: string - required: - - replacement - type: object - type: array - type: object - permitInsecure: - description: Allow this path to respond to insecure requests over - HTTP which are normally not permitted when a `virtualhost.tls` - block is present. - type: boolean - requestHeadersPolicy: - description: The policy for managing request headers during proxying - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values that - will be set in the HTTP header. If the header does not exist - it will be added, otherwise it will be overwritten with - the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - responseHeadersPolicy: - description: The policy for managing response headers during proxying - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values that - will be set in the HTTP header. If the header does not exist - it will be added, otherwise it will be overwritten with - the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - retryPolicy: - description: The retry policy for this route. - properties: - count: - description: NumRetries is maximum allowed number of retries. - If not supplied, the number of retries is one. - format: int64 - minimum: 0 - type: integer - perTryTimeout: - description: PerTryTimeout specifies the timeout per retry - attempt. Ignored if NumRetries is not supplied. - type: string - type: object - services: - description: Services are the services to proxy traffic. - items: - description: Service defines an Kubernetes Service to proxy - traffic. - properties: - mirror: - description: If Mirror is true the Service will receive - a read only mirror of the traffic for this route. - type: boolean - name: - description: Name is the name of Kubernetes service to proxy - traffic. Names defined here will be used to look up corresponding - endpoints which contain the ips to route. - type: string - port: - description: Port (defined as Integer) to proxy traffic - to since a service can have multiple defined. - type: integer - protocol: - description: Protocol may be used to specify (or override) - the protocol used to reach this Service. Values may be - tls, h2, h2c. If omitted, protocol-selection falls back - on Service annotations. - enum: - - h2 - - h2c - - tls - type: string - requestHeadersPolicy: - description: The policy for managing request headers during - proxying - properties: - remove: - description: Remove specifies a list of HTTP header - names to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header - does not exist it will be added, otherwise it will - be overwritten with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - responseHeadersPolicy: - description: The policy for managing response headers during - proxying - properties: - remove: - description: Remove specifies a list of HTTP header - names to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header - does not exist it will be added, otherwise it will - be overwritten with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - validation: - description: UpstreamValidation defines how to verify the - backend service's certificate - properties: - caSecret: - description: Name of the Kubernetes secret be used to - validate the certificate presented by the backend - type: string - subjectName: - description: Key which is expected to be present in - the 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - minItems: 1 - type: array - timeoutPolicy: - description: The timeout policy for this route. - properties: - idle: - description: Timeout after which, if there are no active requests - for this route, the connection between Envoy and the backend - or Envoy and the external client will be closed. If not - specified, there is no per-route idle timeout. - type: string - response: - description: Timeout for receiving a response from the server - after processing a request from client. If not supplied, - the timeout duration is undefined. - type: string - type: object - required: - - services - type: object - type: array - tcpproxy: - description: TCPProxy holds TCP proxy information. - properties: - healthCheckPolicy: - description: The health check policy for this tcp proxy - properties: - healthyThresholdCount: - description: The number of healthy health checks required before - a host is marked healthy - format: int32 - type: integer - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - timeoutSeconds: - description: The time to wait (seconds) for a health check response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int32 - type: integer - type: object - include: - description: Include specifies that this tcpproxy should be delegated - to another HTTPProxy. - properties: - name: - description: Name of the child HTTPProxy - type: string - namespace: - description: Namespace of the HTTPProxy to include. Defaults - to the current namespace if not supplied. - type: string - required: - - name - type: object - includes: - description: "IncludesDeprecated allow for specific routing configuration - to be appended to another HTTPProxy in another namespace. \n Exists - due to a mistake when developing HTTPProxy and the field was marked - plural when it should have been singular. This field should stay - to not break backwards compatibility to v1 users." - properties: - name: - description: Name of the child HTTPProxy - type: string - namespace: - description: Namespace of the HTTPProxy to include. Defaults - to the current namespace if not supplied. - type: string - required: - - name - type: object - loadBalancerPolicy: - description: The load balancing policy for the backend services. - properties: - strategy: - description: Strategy specifies the policy used to balance requests - across the pool of backend pods. Valid policy names are `Random`, - `RoundRobin`, `WeightedLeastRequest`, `Random` and `Cookie`. - If an unknown strategy name is specified or no policy is supplied, - the default `RoundRobin` policy is used. - type: string - type: object - services: - description: Services are the services to proxy traffic - items: - description: Service defines an Kubernetes Service to proxy traffic. - properties: - mirror: - description: If Mirror is true the Service will receive a - read only mirror of the traffic for this route. - type: boolean - name: - description: Name is the name of Kubernetes service to proxy - traffic. Names defined here will be used to look up corresponding - endpoints which contain the ips to route. - type: string - port: - description: Port (defined as Integer) to proxy traffic to - since a service can have multiple defined. - type: integer - protocol: - description: Protocol may be used to specify (or override) - the protocol used to reach this Service. Values may be tls, - h2, h2c. If omitted, protocol-selection falls back on Service - annotations. - enum: - - h2 - - h2c - - tls - type: string - requestHeadersPolicy: - description: The policy for managing request headers during - proxying - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header does - not exist it will be added, otherwise it will be overwritten - with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - responseHeadersPolicy: - description: The policy for managing response headers during - proxying - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header does - not exist it will be added, otherwise it will be overwritten - with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - validation: - description: UpstreamValidation defines how to verify the - backend service's certificate - properties: - caSecret: - description: Name of the Kubernetes secret be used to - validate the certificate presented by the backend - type: string - subjectName: - description: Key which is expected to be present in the - 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - minItems: 1 - type: array - required: - - services - type: object - virtualhost: - description: Virtualhost appears at most once. If it is present, the - object is considered to be a "root". - properties: - fqdn: - description: The fully qualified domain name of the root of the - ingress tree all leaves of the DAG rooted at this object relate - to the fqdn - type: string - tls: - description: If present describes tls properties. The SNI names - that will be matched on are described in fqdn, the tls.secretName - secret must contain a matching certificate - properties: - clientValidation: - description: "ClientValidation defines how to verify the client - certificate when an external client establishes a TLS connection - to Envoy. \n This setting: \n 1. Enables TLS client certificate - validation. 2. Requires clients to present a TLS certificate - (i.e. not optional validation). 3. Specifies how the client - certificate will be validated." - properties: - caSecret: - description: Name of a Kubernetes secret that contains a - CA certificate bundle. The client certificate must validate - against the certificates in the bundle. - minLength: 1 - type: string - required: - - caSecret - type: object - enableFallbackCertificate: - description: EnableFallbackCertificate defines if the vhost - should allow a default certificate to be applied which handles - all requests which don't match the SNI defined in this vhost. - type: boolean - minimumProtocolVersion: - description: Minimum TLS version this vhost should negotiate - type: string - passthrough: - description: If Passthrough is set to true, the SecretName will - be ignored and the encrypted handshake will be passed through - to the backing cluster. - type: boolean - secretName: - description: required, the name of a secret in the current namespace - type: string - type: object - required: - - fqdn - type: object - type: object - status: - description: Status reports the current state of the HTTPProxy. - properties: - currentStatus: - type: string - description: - type: string - loadBalancer: - description: LoadBalancer contains the current status of the load balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a load-balancer - ingress point: traffic intended for the service should be sent - to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points that - are IP based (typically GCE or OpenStack load-balancers) - type: string - type: object - type: array - type: object - type: object - required: - - metadata - - spec - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/crd-ingressroutes.yaml b/examples/locked/vendor/helm-chart/templates/crd-ingressroutes.yaml deleted file mode 100644 index f727cb70..00000000 --- a/examples/locked/vendor/helm-chart/templates/crd-ingressroutes.yaml +++ /dev/null @@ -1,381 +0,0 @@ -{{- if and .Values.contour.enabled .Values.contour.createCustomResource }} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.9 - "helm.sh/hook": crd-install - {{- if .Values.contour.customResourceDeletePolicy }} - "helm.sh/hook-delete-policy": {{ .Values.contour.customResourceDeletePolicy }} - {{- end }} - labels: {{- include "contour.labels" . | nindent 4 }} - name: ingressroutes.contour.heptio.com -spec: - additionalPrinterColumns: - - JSONPath: .spec.virtualhost.fqdn - description: Fully qualified domain name - name: FQDN - type: string - - JSONPath: .spec.virtualhost.tls.secretName - description: Secret with TLS credentials - name: TLS Secret - type: string - - JSONPath: .spec.routes[0].match - description: First routes defined - name: First route - type: string - - JSONPath: .status.currentStatus - description: The current status of the HTTPProxy - name: Status - type: string - - JSONPath: .status.description - description: Description of the current status - name: Status Description - type: string - group: contour.heptio.com - names: - kind: IngressRoute - listKind: IngressRouteList - plural: ingressroutes - singular: ingressroute - scope: Namespaced - subresources: {} - validation: - openAPIV3Schema: - description: IngressRoute is an Ingress CRD specificiation - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressRouteSpec defines the spec of the CRD - properties: - routes: - description: Routes are the ingress routes. If TCPProxy is present, - Routes is ignored. - items: - description: Route contains the set of routes for a virtual host - properties: - delegate: - description: Delegate specifies that this route should be delegated - to another IngressRoute - properties: - name: - description: Name of the IngressRoute - type: string - namespace: - description: Namespace of the IngressRoute. Defaults to the - current namespace if not supplied. - type: string - required: - - name - type: object - enableWebsockets: - description: Enables websocket support for the route - type: boolean - match: - description: Match defines the prefix match - type: string - permitInsecure: - description: Allow this path to respond to insecure requests over - HTTP which are normally not permitted when a `virtualhost.tls` - block is present. - type: boolean - prefixRewrite: - description: Indicates that during forwarding, the matched prefix - (or path) should be swapped with this value - type: string - retryPolicy: - description: The retry policy for this route - properties: - count: - description: NumRetries is maximum allowed number of retries. - If not supplied, the number of retries is one. - format: int64 - minimum: 0 - type: integer - perTryTimeout: - description: PerTryTimeout specifies the timeout per retry - attempt. Ignored if NumRetries is not supplied. - type: string - type: object - services: - description: Services are the services to proxy traffic - items: - description: Service defines an upstream to proxy traffic to - properties: - healthCheck: - description: HealthCheck defines optional healthchecks on - the upstream service - properties: - healthyThresholdCount: - description: The number of healthy health checks required - before a host is marked healthy - format: int64 - minimum: 0 - type: integer - host: - description: The value of the host header in the HTTP - health check request. If left empty (default value), - the name "contour-envoy-healthcheck" will be used. - type: string - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - path: - description: HTTP endpoint used to perform health checks - on upstream service - type: string - timeoutSeconds: - description: The time to wait (seconds) for a health - check response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int64 - minimum: 0 - type: integer - required: - - path - type: object - name: - description: Name is the name of Kubernetes service to proxy - traffic. Names defined here will be used to look up corresponding - endpoints which contain the ips to route. - type: string - port: - description: Port (defined as Integer) to proxy traffic - to since a service can have multiple defined - type: integer - strategy: - description: LB Algorithm to apply (see https://github.com/projectcontour/contour/blob/master/design/ingressroute-design.md#load-balancing) - type: string - validation: - description: UpstreamValidation defines how to verify the - backend service's certificate - properties: - caSecret: - description: Name of the Kubernetes secret be used to - validate the certificate presented by the backend - type: string - subjectName: - description: Key which is expected to be present in - the 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - type: array - timeoutPolicy: - description: The timeout policy for this route - properties: - request: - description: Timeout for receiving a response from the server - after processing a request from client. If not supplied - the timeout duration is undefined. - type: string - type: object - required: - - match - type: object - type: array - tcpproxy: - description: TCPProxy holds TCP proxy information. - properties: - delegate: - description: Delegate specifies that this tcpproxy should be delegated - to another IngressRoute - properties: - name: - description: Name of the IngressRoute - type: string - namespace: - description: Namespace of the IngressRoute. Defaults to the - current namespace if not supplied. - type: string - required: - - name - type: object - services: - description: Services are the services to proxy traffic - items: - description: Service defines an upstream to proxy traffic to - properties: - healthCheck: - description: HealthCheck defines optional healthchecks on - the upstream service - properties: - healthyThresholdCount: - description: The number of healthy health checks required - before a host is marked healthy - format: int64 - minimum: 0 - type: integer - host: - description: The value of the host header in the HTTP - health check request. If left empty (default value), - the name "contour-envoy-healthcheck" will be used. - type: string - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - path: - description: HTTP endpoint used to perform health checks - on upstream service - type: string - timeoutSeconds: - description: The time to wait (seconds) for a health check - response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int64 - minimum: 0 - type: integer - required: - - path - type: object - name: - description: Name is the name of Kubernetes service to proxy - traffic. Names defined here will be used to look up corresponding - endpoints which contain the ips to route. - type: string - port: - description: Port (defined as Integer) to proxy traffic to - since a service can have multiple defined - type: integer - strategy: - description: LB Algorithm to apply (see https://github.com/projectcontour/contour/blob/master/design/ingressroute-design.md#load-balancing) - type: string - validation: - description: UpstreamValidation defines how to verify the - backend service's certificate - properties: - caSecret: - description: Name of the Kubernetes secret be used to - validate the certificate presented by the backend - type: string - subjectName: - description: Key which is expected to be present in the - 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - type: array - type: object - virtualhost: - description: Virtualhost appears at most once. If it is present, the - object is considered to be a "root". - properties: - fqdn: - description: The fully qualified domain name of the root of the - ingress tree all leaves of the DAG rooted at this object relate - to the fqdn - type: string - tls: - description: If present describes tls properties. The SNI names - that will be matched on are described in fqdn, the tls.secretName - secret must contain a matching certificate - properties: - minimumProtocolVersion: - description: Minimum TLS version this vhost should negotiate - type: string - passthrough: - description: If Passthrough is set to true, the SecretName will - be ignored and the encrypted handshake will be passed through - to the backing cluster. - type: boolean - secretName: - description: required, the name of a secret in the current namespace - type: string - type: object - required: - - fqdn - type: object - type: object - status: - description: Status reports the current state of the HTTPProxy. - properties: - currentStatus: - type: string - description: - type: string - loadBalancer: - description: LoadBalancer contains the current status of the load balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a load-balancer - ingress point: traffic intended for the service should be sent - to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points that - are IP based (typically GCE or OpenStack load-balancers) - type: string - type: object - type: array - type: object - type: object - required: - - metadata - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/crd-tlscertificatedeligations.yaml b/examples/locked/vendor/helm-chart/templates/crd-tlscertificatedeligations.yaml deleted file mode 100644 index cd17a92f..00000000 --- a/examples/locked/vendor/helm-chart/templates/crd-tlscertificatedeligations.yaml +++ /dev/null @@ -1,164 +0,0 @@ -{{- if and .Values.contour.enabled .Values.contour.createCustomResource }} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.9 - "helm.sh/hook": crd-install - {{- if .Values.contour.customResourceDeletePolicy }} - "helm.sh/hook-delete-policy": {{ .Values.contour.customResourceDeletePolicy }} - {{- end }} - labels: {{- include "contour.labels" . | nindent 4 }} - name: tlscertificatedelegations.contour.heptio.com -spec: - group: contour.heptio.com - names: - kind: TLSCertificateDelegation - listKind: TLSCertificateDelegationList - plural: tlscertificatedelegations - singular: tlscertificatedelegation - scope: Namespaced - validation: - openAPIV3Schema: - description: TLSCertificateDelegation is an TLS Certificate Delegation CRD specificiation. - See design/tls-certificate-delegation.md for details. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSCertificateDelegationSpec defines the spec of the CRD - properties: - delegations: - items: - description: CertificateDelegation maps the authority to reference - a secret in the current namespace to a set of namespaces. - properties: - secretName: - description: required, the name of a secret in the current namespace. - type: string - targetNamespaces: - description: required, the namespaces the authority to reference - the the secret will be delegated to. If TargetNamespaces is - nil or empty, the CertificateDelegation' is ignored. If the - TargetNamespace list contains the character, "*" the secret - will be delegated to all namespaces. - items: - type: string - type: array - required: - - secretName - - targetNamespaces - type: object - type: array - required: - - delegations - type: object - required: - - metadata - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.9 - "helm.sh/hook": crd-install - {{- if .Values.contour.customResourceDeletePolicy }} - "helm.sh/hook-delete-policy": {{ .Values.contour.customResourceDeletePolicy }} - {{- end }} - labels: {{- include "contour.labels" . | nindent 4 }} - name: tlscertificatedelegations.projectcontour.io -spec: - group: projectcontour.io - names: - kind: TLSCertificateDelegation - listKind: TLSCertificateDelegationList - plural: tlscertificatedelegations - shortNames: - - tlscerts - singular: tlscertificatedelegation - scope: Namespaced - validation: - openAPIV3Schema: - description: TLSCertificateDelegation is an TLS Certificate Delegation CRD specificiation. - See design/tls-certificate-delegation.md for details. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSCertificateDelegationSpec defines the spec of the CRD - properties: - delegations: - items: - description: CertificateDelegation maps the authority to reference - a secret in the current namespace to a set of namespaces. - properties: - secretName: - description: required, the name of a secret in the current namespace. - type: string - targetNamespaces: - description: required, the namespaces the authority to reference - the the secret will be delegated to. If TargetNamespaces is - nil or empty, the CertificateDelegation' is ignored. If the - TargetNamespace list contains the character, "*" the secret - will be delegated to all namespaces. - items: - type: string - type: array - required: - - secretName - - targetNamespaces - type: object - type: array - required: - - delegations - type: object - required: - - metadata - - spec - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/daemonset.yaml b/examples/locked/vendor/helm-chart/templates/daemonset.yaml deleted file mode 100644 index 791314a7..00000000 --- a/examples/locked/vendor/helm-chart/templates/daemonset.yaml +++ /dev/null @@ -1,180 +0,0 @@ -{{- if .Values.envoy.enabled }} ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "contour.fullname" . }}-envoy - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: envoy -spec: - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 10% - selector: - matchLabels: {{- include "contour.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: envoy - template: - metadata: - labels: {{- include "contour.labels" . | nindent 8 }} - app.kubernetes.io/component: envoy - spec: {{- include "envoy.imagePullSecrets" . | nindent 6 }} - {{- if .Values.envoy.affinity }} - affinity: {{- include "contour.tplValue" (dict "value" .Values.envoy.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.envoy.nodeSelector }} - nodeSelector: {{- include "contour.tplValue" (dict "value" .Values.envoy.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.envoy.affinity }} - affinity: {{- include "contour.tplValue" (dict "value" .Values.envoy.affinity "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.envoy.tolerations}} - tolerations: {{- include "contour.tplValue" (dict "value" .Values.envoy.tolerations "context" $) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.envoy.terminationGracePeriodSeconds }} - hostNetwork: {{ .Values.envoy.hostNetwork }} - dnsPolicy: {{ .Values.envoy.dnsPolicy }} - {{- if .Values.envoy.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.envoy.podSecurityContext.fsGroup }} - {{- if .Values.envoy.podSecurityContext.sysctls }} - sysctls: - {{- toYaml .Values.envoy.podSecurityContext.sysctls | nindent 8 }} - {{- end }} - {{- end }} - containers: - - command: - - contour - args: - - envoy - - shutdown-manager - image: {{ include "contour.image" . }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - lifecycle: - preStop: - httpGet: - path: /shutdown - port: 8090 - scheme: HTTP - {{- if .Values.contour.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: 8090 - initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.contour.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }} - {{- end }} - name: shutdown-manager - - command: - - envoy - args: - - -c - - /config/envoy.json - - --service-cluster $(CONTOUR_NAMESPACE) - - --service-node $(ENVOY_POD_NAME) - - --log-level {{ .Values.envoy.logLevel }} - image: {{ include "envoy.image" . }} - imagePullPolicy: {{ .Values.envoy.image.pullPolicy }} - name: envoy - {{- if .Values.envoy.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.envoy.containerSecurityContext.runAsUser }} - {{- end }} - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: ENVOY_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - ports: - - containerPort: 80 - hostPort: 80 - name: http - protocol: TCP - - containerPort: 443 - hostPort: 443 - name: https - protocol: TCP - - containerPort: 8002 - name: metrics - protocol: TCP - - {{- if .Values.envoy.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /ready - port: 8002 - initialDelaySeconds: {{ .Values.envoy.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.envoy.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.envoy.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.envoy.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.envoy.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.envoy.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /ready - port: 8002 - initialDelaySeconds: {{ .Values.envoy.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.envoy.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.envoy.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.envoy.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.envoy.livenessProbe.failureThreshold }} - {{- end }} - resources: -{{ toYaml .Values.envoy.resources | indent 10 }} - volumeMounts: - - name: envoy-config - mountPath: /config - - name: envoycert - mountPath: /certs - lifecycle: - preStop: - httpGet: - path: /shutdown - port: 8090 - scheme: HTTP - initContainers: - - command: - - contour - args: - - bootstrap - - /config/envoy.json - - --xds-address={{ template "contour.fullname" . }} - - --xds-port=8001 - - --envoy-cafile=/certs/ca.crt - - --envoy-cert-file=/certs/tls.crt - - --envoy-key-file=/certs/tls.key - image: {{ include "contour.image" . }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - name: envoy-initconfig - resources: -{{ toYaml .Values.contour.resources | indent 10 }} - volumeMounts: - - name: envoy-config - mountPath: /config - - name: envoycert - mountPath: /certs - readOnly: true - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - serviceAccountName: {{ include "envoy.envoyServiceAccountName" . }} - volumes: - - name: envoy-config - emptyDir: {} - - name: envoycert - secret: - secretName: envoycert - restartPolicy: Always -{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/default-backend/deployment.yaml b/examples/locked/vendor/helm-chart/templates/default-backend/deployment.yaml new file mode 100644 index 00000000..ca63c123 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/default-backend/deployment.yaml @@ -0,0 +1,178 @@ +{{- if .Values.defaultBackend.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }}-default-backend + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: default-backend + replicas: {{ .Values.defaultBackend.replicaCount }} + {{- if .Values.defaultBackend.updateStrategy }} + strategy: {{- toYaml .Values.defaultBackend.updateStrategy | nindent 4 }} + {{- end }} + template: + metadata: + {{- if or .Values.defaultBackend.podAnnotations .Values.commonAnnotations }} + annotations: + {{- if .Values.defaultBackend.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: default-backend + {{- if .Values.defaultBackend.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" ( dict "images" (list .Values.defaultBackend.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.defaultBackend.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.priorityClassName }} + priorityClassName: {{ .Values.defaultBackend.priorityClassName | quote }} + {{- end }} + {{- if .Values.defaultBackend.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.defaultBackend.podAffinityPreset "component" "default-backend" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.defaultBackend.podAntiAffinityPreset "component" "default-backend" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.defaultBackend.nodeAffinityPreset.type "key" .Values.defaultBackend.nodeAffinityPreset.key "values" .Values.defaultBackend.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.defaultBackend.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.podSecurityContext.enabled }} + securityContext: {{- omit .Values.defaultBackend.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + automountServiceAccountToken: false + serviceAccountName: {{ include "envoy.envoyServiceAccountName" . }} + {{- if .Values.defaultBackend.schedulerName }} + schedulerName: {{ .Values.defaultBackend.schedulerName | quote }} + {{- end }} + {{- if .Values.defaultBackend.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.defaultBackend.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.defaultBackend.initContainers }} + initContainers: {{- include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.initContainers "context" $ ) | nindent 6 }} + {{- end }} + containers: + - name: default-backend + image: {{ include "common.images.image" ( dict "imageRoot" .Values.defaultBackend.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy | quote }} + {{- if .Values.defaultBackend.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.defaultBackend.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.defaultBackend.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.defaultBackend.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.args "context" $) | nindent 12 }} + {{- else }} + args: + {{- range $key, $value := .Values.defaultBackend.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.defaultBackend.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.defaultBackend.extraEnvVars }} + env: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.defaultBackend.extraEnvVarsCM .Values.defaultBackend.extraEnvVarsSecret }} + envFrom: + {{- if .Values.defaultBackend.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.defaultBackend.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.defaultBackend.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }} + {{- else if .Values.defaultBackend.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.defaultBackend.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }} + {{- else if .Values.defaultBackend.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.defaultBackend.startupProbe.enabled }} + startupProbe: + httpGet: + path: / + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.defaultBackend.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.defaultBackend.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.defaultBackend.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.defaultBackend.startupProbe.successThreshold }} + failureThreshold: {{ .Values.defaultBackend.startupProbe.failureThreshold }} + {{- else if .Values.defaultBackend.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.defaultBackend.containerPorts.http }} + protocol: TCP + {{- if .Values.defaultBackend.resources }} + resources: {{- toYaml .Values.defaultBackend.resources | nindent 12 }} + {{- if .Values.defaultBackend.extraVolumeMounts }} + volumeMounts: {{- include "common.tplvalues.render" ( dict "value" .Values.contour.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.defaultBackend.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.defaultBackend.extraVolumes }} + volumes: {{- include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/default-backend/ingress.yaml b/examples/locked/vendor/helm-chart/templates/default-backend/ingress.yaml new file mode 100644 index 00000000..0610d241 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/default-backend/ingress.yaml @@ -0,0 +1,68 @@ +{{- if .Values.defaultBackend.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }}-default-backend + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + kubernetes.io/ingress.class: {{ include "contour.ingressClassName" . }} + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.rulesOverride }} + {{- toYaml .Values.ingress.rulesOverride | nindent 4 }} + {{- else }} + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-default-backend" (include "common.names.fullname" .)) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-default-backend" (include "common.names.fullname" $)) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/default-backend/poddisruptionbudget.yaml b/examples/locked/vendor/helm-chart/templates/default-backend/poddisruptionbudget.yaml new file mode 100644 index 00000000..74813a23 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/default-backend/poddisruptionbudget.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }}-default-backend + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.defaultBackend.pdb.minAvailable }} + minAvailable: {{ .Values.defaultBackend.pdb.minAvailable }} + {{- end }} + {{- if .Values.defaultBackend.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.defaultBackend.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: default-backend +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/default-backend/service.yaml b/examples/locked/vendor/helm-chart/templates/default-backend/service.yaml new file mode 100644 index 00000000..07f4f535 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/default-backend/service.yaml @@ -0,0 +1,30 @@ +{{- if .Values.defaultBackend.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-default-backend + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: default-backend + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.defaultBackend.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.defaultBackend.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.defaultBackend.service.type }} + ports: + - name: http + port: {{ .Values.defaultBackend.service.ports.http }} + protocol: TCP + targetPort: http + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: default-backend +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/default-backend/tls-secrets.yaml b/examples/locked/vendor/helm-chart/templates/default-backend/tls-secrets.yaml new file mode 100644 index 00000000..29e4b7f9 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/default-backend/tls-secrets.yaml @@ -0,0 +1,44 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "odoo-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/deployment.yaml b/examples/locked/vendor/helm-chart/templates/deployment.yaml deleted file mode 100644 index 7611417e..00000000 --- a/examples/locked/vendor/helm-chart/templates/deployment.yaml +++ /dev/null @@ -1,133 +0,0 @@ -{{- if .Values.contour.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "contour.fullname" . }}-contour - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: contour -spec: - replicas: {{ .Values.replicaCount }} - strategy: - type: RollingUpdate - rollingUpdate: - # This value of maxSurge means that during a rolling update - # the new ReplicaSet will be created first. - maxSurge: 50% - selector: - matchLabels: {{- include "contour.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: contour - template: - metadata: - {{- if .Values.configInline }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - labels: {{- include "contour.labels" . | nindent 8 }} - app.kubernetes.io/component: contour - spec: {{- include "contour.imagePullSecrets" . | nindent 6 }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- include "contour.matchLabels" . | nindent 18 }} - app.kubernetes.io/component: contour - topologyKey: kubernetes.io/hostname - weight: 100 - {{- if .Values.contour.affinity }} -{{- include "contour.tplValue" (dict "value" .Values.contour.nodeSelector "context" $) | indent 8 }} - {{- end }} - {{- if .Values.contour.nodeSelector }} - nodeSelector: {{- include "contour.tplValue" (dict "value" .Values.contour.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.contour.affinity }} - affinity: {{- include "contour.tplValue" (dict "value" .Values.contour.affinity "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.contour.tolerations}} - tolerations: {{- include "contour.tplValue" (dict "value" .Values.contour.tolerations "context" $) | nindent 8 }} - {{- end }} - containers: - - command: - - contour - args: - - serve - - --incluster - - --xds-address=0.0.0.0 - - --xds-port=8001 - - --envoy-service-http-port=80 - - --envoy-service-https-port=443 - - --contour-cafile=/certs/ca.crt - - --contour-cert-file=/certs/tls.crt - - --contour-key-file=/certs/tls.key - - --config-path=/config/contour.yaml - {{- if .Values.ingressClass }} - - --ingress-class-name={{ .Values.ingressClass }} - {{- end }} - image: {{ include "contour.image" . }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - name: contour - ports: - - containerPort: 8001 - name: xds - protocol: TCP - - containerPort: 8000 - name: metrics - protocol: TCP - {{- if .Values.contour.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: 8000 - initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.contour.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.contour.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: 8001 - initialDelaySeconds: {{ .Values.contour.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.contour.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.contour.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.contour.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.contour.readinessProbe.failureThreshold }} - {{- end }} - resources: -{{ toYaml .Values.contour.resources | indent 10 }} - volumeMounts: - - name: contourcert - mountPath: /certs - readOnly: true - - name: contour-config - mountPath: /config - readOnly: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - dnsPolicy: ClusterFirst - serviceAccountName: {{ include "contour.contourServiceAccountName" . }} - {{- if .Values.contour.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.contour.securityContext.runAsUser }} - runAsGroup: {{ .Values.contour.securityContext.runAsGroup }} - fsGroup: {{ .Values.contour.securityContext.fsGroup }} - runAsNonRoot: {{ .Values.contour.securityContext.runAsNonRoot }} - {{- end }} - volumes: - - name: contourcert - secret: - secretName: contourcert - - name: contour-config - configMap: - name: {{ include "contour.configMapName" . }} - defaultMode: 0644 - items: - - key: contour.yaml - path: contour.yaml -{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/envoy/daemonset.yaml b/examples/locked/vendor/helm-chart/templates/envoy/daemonset.yaml new file mode 100644 index 00000000..762ca435 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/envoy/daemonset.yaml @@ -0,0 +1,315 @@ +{{- if and .Values.envoy.enabled (eq .Values.envoy.kind "daemonset") }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "common.names.fullname" . }}-envoy + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: envoy + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.envoy.updateStrategy }} + updateStrategy: {{- toYaml .Values.envoy.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: envoy + template: + metadata: + {{- if or .Values.envoy.podAnnotations .Values.commonAnnotations }} + annotations: + {{- if .Values.envoy.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: envoy + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.envoy.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" ( dict "images" (list .Values.contour.image .Values.envoy.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.envoy.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.envoy.priorityClassName }} + priorityClassName: {{ .Values.envoy.priorityClassName | quote }} + {{- end }} + {{- if .Values.envoy.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.envoy.podAffinityPreset "component" "envoy" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.envoy.podAntiAffinityPreset "component" "envoy" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.envoy.nodeAffinityPreset.type "key" .Values.envoy.nodeAffinityPreset.key "values" .Values.envoy.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.envoy.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.envoy.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.tolerations "context" $) | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.envoy.terminationGracePeriodSeconds }} + hostNetwork: {{ .Values.envoy.hostNetwork }} + dnsPolicy: {{ .Values.envoy.dnsPolicy }} + {{- if .Values.envoy.podSecurityContext.enabled }} + securityContext: + fsGroup: {{ .Values.envoy.podSecurityContext.fsGroup }} + {{- if .Values.envoy.podSecurityContext.sysctls }} + sysctls: + {{- toYaml .Values.envoy.podSecurityContext.sysctls | nindent 8 }} + {{- end }} + {{- end }} + containers: + {{- if .Values.envoy.shutdownManager.enabled }} + - command: + - contour + args: + - envoy + - shutdown-manager + image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.contour.image.pullPolicy }} + {{- if .Values.contour.extraEnvVars }} + env: + {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.contour.extraEnvVarsCM .Values.contour.extraEnvVarsSecret }} + envFrom: + {{- if .Values.contour.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.contour.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.envoy.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.lifecycleHooks "context" $) | nindent 12 }} + {{- else }} + lifecycle: + preStop: + exec: + command: + - contour + - envoy + - shutdown + {{- end }} + {{- if .Values.contour.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: 8090 + initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.contour.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }} + {{- end }} + name: shutdown-manager + resources: {{- toYaml .Values.envoy.shutdownManager.resources | nindent 12 }} + volumeMounts: + - name: envoy-admin + mountPath: /admin + {{- if .Values.envoy.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + - name: envoy + {{- if .Values.envoy.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.command "context" $) | nindent 12 }} + {{- else }} + command: + - envoy + {{- end }} + {{- if .Values.envoy.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /config/envoy.json + - --service-cluster $(CONTOUR_NAMESPACE) + - --service-node $(ENVOY_POD_NAME) + - --log-level {{ .Values.envoy.logLevel }} + {{- if .Values.envoy.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.envoy.image "global" .Values.global ) }} + imagePullPolicy: {{ .Values.envoy.image.pullPolicy }} + {{- if .Values.envoy.containerSecurityContext.enabled }} + securityContext: + runAsUser: {{ .Values.envoy.containerSecurityContext.runAsUser }} + {{- end }} + env: + - name: CONTOUR_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: ENVOY_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + {{- if .Values.envoy.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.envoy.extraEnvVarsCM .Values.envoy.extraEnvVarsSecret }} + envFrom: + {{- if .Values.envoy.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.envoy.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.envoy.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.envoy.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.envoy.containerPorts.http }} + {{- if .Values.envoy.useHostPort }} + hostPort: {{ .Values.envoy.hostPorts.http }} + {{- end }} + {{- if .Values.envoy.useHostIP }} + hostIP: {{ .Values.envoy.hostIPs.http }} + {{- end }} + name: http + protocol: TCP + - containerPort: {{ .Values.envoy.containerPorts.https }} + {{- if .Values.envoy.useHostPort }} + hostPort: {{ .Values.envoy.hostPorts.https }} + {{- end }} + {{- if .Values.envoy.useHostIP }} + hostIP: {{ .Values.envoy.hostIPs.https }} + {{- end }} + name: https + protocol: TCP + - containerPort: 8002 + name: metrics + protocol: TCP + {{- if .Values.envoy.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /ready + port: 8002 + initialDelaySeconds: {{ .Values.envoy.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.envoy.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.envoy.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.envoy.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.envoy.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.envoy.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /ready + port: 8002 + initialDelaySeconds: {{ .Values.envoy.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.envoy.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.envoy.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.envoy.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.envoy.livenessProbe.failureThreshold }} + {{- end }} + resources: {{ toYaml .Values.envoy.resources | nindent 12 }} + volumeMounts: + - name: envoy-config + mountPath: /config + - name: envoycert + mountPath: /certs + - name: envoy-admin + mountPath: /admin + {{- if .Values.envoy.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + lifecycle: + preStop: + {{- if .Values.envoy.shutdownManager.enabled }} + httpGet: + path: /shutdown + port: 8090 + scheme: HTTP + {{- else }} + exec: + command: + - sh + - '-c' + - sleep {{ .Values.envoy.terminationGracePeriodSeconds }}; kill 1 + {{- end }} + {{- if .Values.envoy.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.sidecars "context" $ ) | nindent 8 }} + {{- end }} + initContainers: + - command: + - contour + args: + - bootstrap + - /config/envoy.json + - --xds-address={{ template "common.names.fullname" . }} + - --xds-port={{ .Values.contour.service.ports.xds }} + - --resources-dir=/config/resources + - --envoy-cafile=/certs/ca.crt + - --envoy-cert-file=/certs/tls.crt + - --envoy-key-file=/certs/tls.key + image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.contour.image.pullPolicy }} + name: envoy-initconfig + resources: {{ toYaml .Values.contour.resources | nindent 12 }} + volumeMounts: + - name: envoy-config + mountPath: /config + - name: envoycert + mountPath: /certs + readOnly: true + - name: envoy-admin + mountPath: /admin + {{- if .Values.envoy.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + env: + - name: CONTOUR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.contour.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.contour.extraEnvVarsCM .Values.contour.extraEnvVarsSecret }} + envFrom: + {{- if .Values.contour.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.contour.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.envoy.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.initContainers "context" $ ) | nindent 8 }} + {{- end }} + automountServiceAccountToken: {{ .Values.envoy.serviceAccount.automountServiceAccountToken }} + serviceAccountName: {{ include "envoy.envoyServiceAccountName" . }} + volumes: + - name: envoy-admin + emptyDir: {} + - name: envoy-config + emptyDir: {} + - name: envoycert + secret: + secretName: {{ include "contour.envoy.certs-secret.name" . }} + {{- if .Values.envoy.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + restartPolicy: Always +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/envoy/deployment.yaml b/examples/locked/vendor/helm-chart/templates/envoy/deployment.yaml new file mode 100644 index 00000000..00d0e457 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/envoy/deployment.yaml @@ -0,0 +1,333 @@ +{{- if and .Values.envoy.enabled (eq .Values.envoy.kind "deployment") }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ printf "%s-envoy" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: envoy + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.envoy.autoscaling.enabled }} + replicas: {{ .Values.envoy.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.envoy.revisionHistoryLimit }} + {{- if .Values.envoy.updateStrategy }} + strategy: {{- toYaml .Values.envoy.updateStrategy | nindent 4 }} + {{- end }} + minReadySeconds: {{ .Values.envoy.minReadySeconds }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: envoy + template: + metadata: + {{- if .Values.envoy.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: envoy + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.envoy.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" ( dict "images" (list .Values.contour.image .Values.envoy.image) "global" .Values.global) | nindent 6 }} + {{- if .Values.envoy.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.envoy.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.envoy.podAffinityPreset "component" "envoy" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.envoy.podAntiAffinityPreset "component" "envoy" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.envoy.nodeAffinityPreset.type "key" .Values.envoy.nodeAffinityPreset.key "values" .Values.envoy.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.envoy.priorityClassName }} + priorityClassName: {{ .Values.envoy.priorityClassName | quote }} + {{- end }} + {{- if .Values.envoy.schedulerName }} + schedulerName: {{ .Values.envoy.schedulerName | quote }} + {{- end }} + {{- if .Values.envoy.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.envoy.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.envoy.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.tolerations "context" $) | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.envoy.terminationGracePeriodSeconds }} + hostNetwork: {{ .Values.envoy.hostNetwork }} + dnsPolicy: {{ .Values.envoy.dnsPolicy }} + {{- if .Values.envoy.podSecurityContext.enabled }} + securityContext: + fsGroup: {{ .Values.envoy.podSecurityContext.fsGroup }} + {{- if .Values.envoy.podSecurityContext.sysctls }} + sysctls: + {{- toYaml .Values.envoy.podSecurityContext.sysctls | nindent 8 }} + {{- end }} + {{- end }} + containers: + {{- if .Values.envoy.shutdownManager.enabled }} + - command: + - contour + args: + - envoy + - shutdown-manager + image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.contour.image.pullPolicy }} + {{- if .Values.contour.extraEnvVars }} + env: + {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.contour.extraEnvVarsCM .Values.contour.extraEnvVarsSecret }} + envFrom: + {{- if .Values.contour.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.contour.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + lifecycle: + preStop: + exec: + command: + - contour + - envoy + - shutdown + {{- if .Values.contour.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: 8090 + initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.contour.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }} + {{- end }} + name: shutdown-manager + resources: {{- toYaml .Values.envoy.shutdownManager.resources | nindent 12 }} + volumeMounts: + - name: envoy-admin + mountPath: /admin + {{- if .Values.envoy.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + - name: envoy + {{- if .Values.envoy.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.command "context" $) | nindent 12 }} + {{- else }} + command: + - envoy + {{- end }} + {{- if .Values.envoy.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.args "context" $) | nindent 12 }} + {{- else }} + args: + - -c + - /config/envoy.json + - --service-cluster $(CONTOUR_NAMESPACE) + - --service-node $(ENVOY_POD_NAME) + - --log-level {{ .Values.envoy.logLevel }} + {{- if .Values.envoy.extraArgs }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.extraArgs "context" $) | nindent 12 }} + {{- end }} + {{- end }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.envoy.image "global" .Values.global ) }} + imagePullPolicy: {{ .Values.envoy.image.pullPolicy }} + {{- if .Values.envoy.containerSecurityContext.enabled }} + securityContext: + runAsUser: {{ .Values.envoy.containerSecurityContext.runAsUser }} + {{- end }} + env: + - name: CONTOUR_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: ENVOY_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + {{- if .Values.envoy.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.envoy.extraEnvVarsCM .Values.envoy.extraEnvVarsSecret }} + envFrom: + {{- if .Values.envoy.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.envoy.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.envoy.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.envoy.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.envoy.containerPorts.http }} + {{- if .Values.envoy.useHostPort }} + hostPort: {{ .Values.envoy.hostPorts.http }} + {{- end }} + {{- if .Values.envoy.useHostIP }} + hostIP: {{ .Values.envoy.hostIPs.http }} + {{- end }} + name: http + protocol: TCP + - containerPort: {{ .Values.envoy.containerPorts.https }} + {{- if .Values.envoy.useHostPort }} + hostPort: {{ .Values.envoy.hostPorts.https }} + {{- end }} + {{- if .Values.envoy.useHostIP }} + hostIP: {{ .Values.envoy.hostIPs.https }} + {{- end }} + name: https + protocol: TCP + - containerPort: 8002 + name: metrics + protocol: TCP + {{- if .Values.envoy.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /ready + port: 8002 + initialDelaySeconds: {{ .Values.envoy.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.envoy.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.envoy.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.envoy.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.envoy.readinessProbe.failureThreshold }} + {{- else if .Values.envoy.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.envoy.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /ready + port: 8002 + initialDelaySeconds: {{ .Values.envoy.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.envoy.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.envoy.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.envoy.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.envoy.livenessProbe.failureThreshold }} + {{- else if .Values.envoy.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.envoy.startupProbe.enabled }} + startupProbe: + httpGet: + path: /ready + port: 8002 + initialDelaySeconds: {{ .Values.envoy.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.envoy.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.envoy.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.envoy.startupProbe.successThreshold }} + failureThreshold: {{ .Values.envoy.startupProbe.failureThreshold }} + {{- else if .Values.envoy.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.envoy.resources | nindent 12 }} + volumeMounts: + - name: envoy-config + mountPath: /config + - name: envoycert + mountPath: /certs + - name: envoy-admin + mountPath: /admin + {{- if .Values.envoy.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + lifecycle: + preStop: + {{- if .Values.envoy.shutdownManager.enabled }} + httpGet: + path: /shutdown + port: 8090 + scheme: HTTP + {{- else }} + exec: + command: + - sh + - '-c' + - sleep {{ .Values.envoy.terminationGracePeriodSeconds }}; kill 1 + {{- end }} + {{- if .Values.envoy.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.sidecars "context" $ ) | nindent 8 }} + {{- end }} + initContainers: + - command: + - contour + args: + - bootstrap + - /config/envoy.json + - --xds-address={{ template "common.names.fullname" . }} + - --xds-port={{ .Values.contour.service.ports.xds }} + - --resources-dir=/config/resources + - --envoy-cafile=/certs/ca.crt + - --envoy-cert-file=/certs/tls.crt + - --envoy-key-file=/certs/tls.key + image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.contour.image.pullPolicy }} + name: envoy-initconfig + resources: {{ toYaml .Values.contour.resources | nindent 12 }} + volumeMounts: + - name: envoy-config + mountPath: /config + - name: envoycert + mountPath: /certs + readOnly: true + - name: envoy-admin + mountPath: /admin + {{- if .Values.envoy.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + env: + - name: CONTOUR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.contour.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.contour.extraEnvVarsCM .Values.contour.extraEnvVarsSecret }} + envFrom: + {{- if .Values.contour.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsCM "context" $ ) }} + {{- end }} + {{- if .Values.contour.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} + {{- end }} + {{- end }} + {{- if .Values.envoy.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.initContainers "context" $ ) | nindent 8 }} + {{- end }} + automountServiceAccountToken: {{ .Values.envoy.serviceAccount.automountServiceAccountToken }} + serviceAccountName: {{ include "envoy.envoyServiceAccountName" . }} + volumes: + - name: envoy-admin + emptyDir: {} + - name: envoy-config + emptyDir: {} + - name: envoycert + secret: + secretName: {{ include "contour.envoy.certs-secret.name" . }} + {{- if .Values.envoy.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + restartPolicy: Always +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/envoy/extra-list.yaml b/examples/locked/vendor/helm-chart/templates/envoy/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/envoy/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/envoy/hpa.yaml b/examples/locked/vendor/helm-chart/templates/envoy/hpa.yaml new file mode 100644 index 00000000..05f84cfd --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/envoy/hpa.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.envoy.enabled .Values.envoy.autoscaling.enabled (eq .Values.envoy.kind "deployment") }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "common.names.fullname" . }}-envoy + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: envoy + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "common.names.fullname" . }}-envoy + minReplicas: {{ .Values.envoy.autoscaling.minReplicas }} + maxReplicas: {{ .Values.envoy.autoscaling.maxReplicas }} + metrics: + {{- if .Values.envoy.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.envoy.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.envoy.autoscaling.targetCPU }} + {{- end }} + {{- end }} + {{- if .Values.envoy.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.envoy.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.envoy.autoscaling.targetMemory }} + {{- end }} + {{- end }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/service.yaml b/examples/locked/vendor/helm-chart/templates/envoy/service.yaml similarity index 53% rename from examples/locked/vendor/helm-chart/templates/service.yaml rename to examples/locked/vendor/helm-chart/templates/envoy/service.yaml index 4ff53fca..7b9c1469 100644 --- a/examples/locked/vendor/helm-chart/templates/service.yaml +++ b/examples/locked/vendor/helm-chart/templates/envoy/service.yaml @@ -1,34 +1,19 @@ -{{- if .Values.contour.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "contour.fullname" . }} - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: contour -spec: - ports: - - port: 8001 - name: xds - protocol: TCP - targetPort: 8001 - selector: {{- include "contour.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: contour - type: ClusterIP -{{- end }} {{- if .Values.envoy.enabled }} ---- apiVersion: v1 kind: Service metadata: - name: {{ include "contour.fullname" . }}-envoy - labels: {{- include "contour.labels" . | nindent 4 }} + name: {{ include "common.names.fullname" . }}-envoy + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: envoy {{- if .Values.envoy.service.labels }} - {{- include "contour.tplValue" (dict "value" .Values.envoy.service.labels "context" $) | nindent 4 }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.service.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} annotations: - {{- if (ne (get .Values.envoy.service.annotations "service.beta.kubernetes.io/aws-load-balancer-type") "nlb") }} + {{- if (ne (index .Values.envoy.service.annotations "service.beta.kubernetes.io/aws-load-balancer-type" | toString ) "nlb") }} # This annotation puts the AWS ELB into "TCP" mode so that it does not # do HTTP negotiation for HTTPS connections at the ELB edge. # The downside of this is the remote IP address of all connections will @@ -39,7 +24,10 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp {{- end }} {{- if .Values.envoy.service.annotations }} - {{- include "contour.tplValue" (dict "value" .Values.envoy.service.annotations "context" $) | nindent 4 }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- if .Values.envoy.service.externalTrafficPolicy }} @@ -48,6 +36,12 @@ spec: {{- if not (empty .Values.envoy.service.clusterIP) }} clusterIP: {{ .Values.envoy.service.clusterIP | quote }} {{- end }} + {{- if .Values.envoy.service.sessionAffinity }} + sessionAffinity: {{ .Values.envoy.service.sessionAffinity }} + {{- end }} + {{- if .Values.envoy.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} {{- if .Values.envoy.service.externalIPs }} externalIPs: {{- toYaml .Values.envoy.service.externalIPs | nindent 4 }} {{- end }} @@ -57,11 +51,14 @@ spec: {{- if .Values.envoy.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.envoy.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} + {{- if .Values.envoy.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.envoy.service.ipFamilyPolicy }} + {{- end }} ports: - name: http port: {{ .Values.envoy.service.ports.http }} protocol: TCP - targetPort: http + targetPort: {{ .Values.envoy.service.targetPorts.http }} {{- if and (or (eq .Values.envoy.service.type "NodePort") (eq .Values.envoy.service.type "LoadBalancer")) (not (empty .Values.envoy.service.nodePorts.http)) }} nodePort: {{ .Values.envoy.service.nodePorts.http }} {{- else if eq .Values.envoy.service.type "ClusterIP" }} @@ -70,13 +67,38 @@ spec: - name: https port: {{ .Values.envoy.service.ports.https }} protocol: TCP - targetPort: https + targetPort: {{ .Values.envoy.service.targetPorts.https }} {{- if and (or (eq .Values.envoy.service.type "NodePort") (eq .Values.envoy.service.type "LoadBalancer")) (not (empty .Values.envoy.service.nodePorts.https)) }} nodePort: {{ .Values.envoy.service.nodePorts.https }} {{- else if eq .Values.envoy.service.type "ClusterIP" }} nodePort: null {{- end }} - selector: {{- include "contour.matchLabels" . | nindent 4 }} + {{- if .Values.envoy.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} app.kubernetes.io/component: envoy type: {{ .Values.envoy.service.type }} +{{- if .Values.metrics.serviceMonitor.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-envoy-metrics + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: envoy +spec: + type: ClusterIP + clusterIP: None + {{- if not .Values.envoy.shutdownManager.enabled }} + publishNotReadyAddresses: true + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: envoy + ports: + - name: metrics + port: 8002 + protocol: TCP + targetPort: 8002 +{{- end }} {{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/envoy/serviceaccount.yaml b/examples/locked/vendor/helm-chart/templates/envoy/serviceaccount.yaml new file mode 100644 index 00000000..65fdf043 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/envoy/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.envoy.serviceAccount.create .Values.envoy.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "envoy.envoyServiceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: envoy + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.envoy.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.envoy.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.envoy.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +automountServiceAccountToken: {{ .Values.envoy.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/envoy/servicemonitor.yaml b/examples/locked/vendor/helm-chart/templates/envoy/servicemonitor.yaml new file mode 100644 index 00000000..a83c7e56 --- /dev/null +++ b/examples/locked/vendor/helm-chart/templates/envoy/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.serviceMonitor.enabled .Values.envoy.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }}-envoy + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ include "common.names.namespace" . | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: envoy + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: envoy + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} + endpoints: + - port: metrics + path: /stats/prometheus + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }} + {{- end }} +{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/job.yaml b/examples/locked/vendor/helm-chart/templates/job.yaml deleted file mode 100644 index 8a1553ae..00000000 --- a/examples/locked/vendor/helm-chart/templates/job.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.contour.enabled }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "contour.fullname" . }}-contour-certgen - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: contour-certgen -spec: - ttlSecondsAfterFinished: 0 - template: - metadata: - labels: {{- include "contour.labels" . | nindent 8 }} - app.kubernetes.io/component: contour-certgen - spec: -{{- include "contour.imagePullSecrets" . | nindent 6 }} - {{- with .Values.contour.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.contour.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.contour.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - containers: - - name: contour - image: {{ include "contour.image" . }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - command: - - contour - args: - - certgen - - --kube - - --incluster - - --overwrite - - --secrets-format=compact - - --namespace=$(CONTOUR_NAMESPACE) - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.contour.resources | indent 10 }} - restartPolicy: Never - serviceAccountName: {{ include "contour.contourCertGenServiceAccountName" . }} - {{- if .Values.contour.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.contour.securityContext.runAsUser }} - runAsGroup: {{ .Values.contour.securityContext.runAsGroup }} - fsGroup: {{ .Values.contour.securityContext.fsGroup }} - runAsNonRoot: {{ .Values.contour.securityContext.runAsNonRoot }} - {{- end }} - parallelism: 1 - completions: 1 - backoffLimit: 1 -{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/rbac.yaml b/examples/locked/vendor/helm-chart/templates/rbac.yaml deleted file mode 100644 index 03f88b81..00000000 --- a/examples/locked/vendor/helm-chart/templates/rbac.yaml +++ /dev/null @@ -1,165 +0,0 @@ -{{- if and .Values.rbac.create .Values.contour.enabled }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ include "contour.fullname" .}}:contour - labels: {{- include "contour.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "networking.k8s.io" - resources: - - "ingresses/status" - verbs: - - get - - list - - watch - - patch - - post - - update -- apiGroups: ["contour.heptio.com"] - resources: ["ingressroutes", "tlscertificatedelegations"] - verbs: - - get - - list - - watch - - put - - post - - patch -- apiGroups: ["projectcontour.io"] - resources: ["httpproxies", "tlscertificatedelegations"] - verbs: - - get - - list - - watch - - put - - post - - patch -- apiGroups: - - "projectcontour.io" - resources: - - "httpproxies/status" - verbs: - - update -- apiGroups: ["networking.x.k8s.io"] - resources: ["gatewayclasses", "gateways", "httproutes", "tcproutes"] - verbs: - - get - - list - - watch - - put - - post - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ include "contour.fullname" .}}:contour-leaderelection - labels: {{- include "contour.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ include "contour.fullname" .}}:contour-certgen - labels: {{- include "contour.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - update ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: {{ include "contour.fullname" .}}:contour - labels: {{- include "contour.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "contour.fullname" .}}:contour -subjects: - - kind: ServiceAccount - name: {{ include "contour.contourServiceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "contour.fullname" .}}:contour-leaderelection - labels: {{- include "contour.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "contour.fullname" . }}:contour-leaderelection -subjects: - - kind: ServiceAccount - name: {{ include "contour.contourServiceAccountName" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "contour.fullname" .}}:contour-certgen - labels: {{- include "contour.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "contour.fullname" .}}:contour-certgen -subjects: - - kind: ServiceAccount - name: {{ include "contour.contourCertGenServiceAccountName" . }} -{{- end }} diff --git a/examples/locked/vendor/helm-chart/templates/service-accounts.yaml b/examples/locked/vendor/helm-chart/templates/service-accounts.yaml deleted file mode 100644 index dc06bee0..00000000 --- a/examples/locked/vendor/helm-chart/templates/service-accounts.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.contour.serviceAccount.create .Values.contour.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "contour.contourServiceAccountName" . }} - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: contour -{{- end }} -{{- if .Values.contour.certgen.serviceAccount.create }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "contour.contourCertGenServiceAccountName" . }} - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: contour -{{- end }} -{{- if and .Values.envoy.serviceAccount.create .Values.envoy.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "envoy.envoyServiceAccountName" . }} - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: envoy -{{- end }} \ No newline at end of file diff --git a/examples/locked/vendor/helm-chart/templates/servicemonitor.yaml b/examples/locked/vendor/helm-chart/templates/servicemonitor.yaml deleted file mode 100644 index 491a5392..00000000 --- a/examples/locked/vendor/helm-chart/templates/servicemonitor.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.prometheus.serviceMonitor.enabled }} -{{- if .Values.contour.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "contour.fullname" . }}-contour-metrics - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: contour -spec: - type: ClusterIP - selector: {{- include "contour.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: contour - ports: - - name: metrics - port: 8000 - protocol: TCP - targetPort: 8000 ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "contour.fullname" . }}-contour - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: contour -spec: - jobLabel: {{ .Values.prometheus.serviceMonitor.jobLabel | quote }} - selector: - matchLabels: {{- include "contour.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: contour - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: metrics - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: {{ toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 4 }} - {{- end }} -{{- end }} -{{- if .Values.envoy.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "contour.fullname" . }}-envoy-metrics - labels: {{- include "contour.labels" . | nindent 4 }} - app.kubernetes.io/component: envoy -spec: - type: ClusterIP - selector: {{- include "contour.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: envoy - ports: - - name: metrics - port: 8002 - protocol: TCP - targetPort: 8002 ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "contour.fullname" . }}-envoy - labels: {{- include "contour.labels" . | nindent 4}} - app.kubernetes.io/component: envoy -spec: - jobLabel: {{ .Values.prometheus.serviceMonitor.jobLabel | quote }} - selector: - matchLabels: {{- include "contour.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: envoy - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: metrics - path: /stats/prometheus - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: {{ toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/examples/locked/vendor/helm-chart/values-production.yaml b/examples/locked/vendor/helm-chart/values-production.yaml deleted file mode 100644 index 44a9e442..00000000 --- a/examples/locked/vendor/helm-chart/values-production.yaml +++ /dev/null @@ -1,355 +0,0 @@ -## Default values for contour. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. -## - -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName - -## To configure Contour, you must specify ONE of the following two -## options. -# -## existingConfigMap specifies the name of an externally-defined -## ConfigMap to use as the configuration. Helm will not manage the -## contents of this ConfigMap, it is your responsibility to create it. -# -# existingConfigMap: contour -# -## configInline specifies Contour's configuration directly, in yaml -## format. When configInline is used, Helm manages Contour's -## configuration ConfigMap as part of the release, and -## existingConfigMap is ignored. -## Refer to https://projectcontour.io/docs/v1.2.1/configuration/ for -## available options. -## Evaluated as a template -# -configInline: - # should contour expect to be running inside a k8s cluster - # incluster: true - # - # path to kubeconfig (if not running inside a k8s cluster) - # kubeconfig: /path/to/.kube/config - # - # Client request timeout to be passed to Envoy - # as the connection manager request_timeout. - # Defaults to 0, which Envoy interprets as disabled. - # Note that this is the timeout for the whole request, - # not an idle timeout. - # request-timeout: 0s - # disable ingressroute permitInsecure field - disablePermitInsecure: false - tls: - # minimum TLS version that Contour will negotiate - # minimum-protocol-version: "1.1" - # The following config shows the defaults for the leader election. - ## This needs to be edited by when you deploy to a namespace other than projectcontour - ## - leaderelection: - # configmap-name: leader-elect - configmap-namespace: '{{ .Release.Namespace }}' - ### Logging options - # Default setting - accesslog-format: envoy - # To enable JSON logging in Envoy - # accesslog-format: json - # The default fields that will be logged are specified below. - # To customise this list, just add or remove entries. - # The canonical list is available at - # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields - # json-fields: - # - "@timestamp" - # - "authority" - # - "bytes_received" - # - "bytes_sent" - # - "downstream_local_address" - # - "downstream_remote_address" - # - "duration" - # - "method" - # - "path" - # - "protocol" - # - "request_id" - # - "requested_server_name" - # - "response_code" - # - "response_flags" - # - "uber_trace_id" - # - "upstream_cluster" - # - "upstream_host" - # - "upstream_local_address" - # - "upstream_service_time" - # - "user_agent" - # - "x_forwarded_for" - -## Name of the ingress class to route through this controller -## -# ingressClass: contour - -## String to partially override contour.fullname include (will maintain the release name) -## -# nameOverride: - -## String to fully override contour.fullname template -## -# fullnameOverride: - -## Number of contour Pod replicas -## -replicaCount: 2 - -rbac: - # create specifies whether to install and use RBAC rules. - create: true - -contour: - enabled: true - image: - registry: docker.io - repository: bitnami/contour - tag: 1.8.0-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Contour container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## ref: https://projectcontour.io/guides/resource-limits/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - # cpu: 400m - # memory: 250Mi - requests: {} - # cpu: 100m - # memory: 25Mi - - ## Create Contour CRDs - ## - createCustomResource: true - - ## Contour CRD deletion policy - ## ref: https://v3.helm.sh/docs/topics/charts_hooks/ - ## - # customResourceDeletePolicy: before-hook-creation - - ## Node labels for pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Tolerations for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - - ## Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - - ## Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template - name: "" - - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - - securityContext: - enabled: true - runAsNonRoot: true - runAsUser: 1001 - runAsGroup: 1001 - - certgen: - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template - name: "" - -envoy: - enabled: true - image: - registry: docker.io - repository: bitnami/envoy - tag: 1.15.0-debian-10-r27 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Envoy container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## ref: https://projectcontour.io/guides/resource-limits/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - - limits: {} - # cpu: 400m - # memory: 250Mi - requests: {} - # cpu: 100m - # memory: 25Mi - ## Node labels for pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Tolerations for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - - ## Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - - ## Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - - ## Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## - podSecurityContext: - enabled: false - - ## Envoy container security context - envoy needs to run as root to bind to 80, 443 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## - containerSecurityContext: - enabled: true - runAsUser: 0 - - ## Pod host network access - ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces - ## - hostNetwork: false - - ## Pod's DNS Policy - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy - ## - dnsPolicy: ClusterFirst - - serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template - name: "" - - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 3 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - - terminationGracePeriodSeconds: 300 - - logLevel: info - - ## Envoy Service properties - ## - service: - ## Service type - ## - type: LoadBalancer - externalTrafficPolicy: Local - # clusterIP: "" - # externalIPs: [] - # loadBalancerIP: "" - # loadBalancerSourceRanges: [] - - ## Service annotations - ## - annotations: {} - - ports: - ## HTTP Port - ## - http: 80 - ## HTTPS Port - ## - https: 443 - - ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - http: "" - https: "" - -prometheus: - # Prometheus Operator service monitors - serviceMonitor: - # enable support for Prometheus Operator - enabled: false - # Job label for scrape target - jobLabel: "app.kubernetes.io/name" - # Scrape interval. If not set, the Prometheus default scrape interval is used. - interval: "" - metricRelabelings: [] - relabelings: [] diff --git a/examples/locked/vendor/helm-chart/values.yaml b/examples/locked/vendor/helm-chart/values.yaml index 59f0924d..f87902ee 100644 --- a/examples/locked/vendor/helm-chart/values.yaml +++ b/examples/locked/vendor/helm-chart/values.yaml @@ -1,177 +1,279 @@ -## Default values for contour. -## This is a YAML-formatted file. -## Declare variables to be passed into your templates. - +## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -## To configure Contour, you must specify ONE of the following two -## options. -# -## existingConfigMap specifies the name of an externally-defined -## ConfigMap to use as the configuration. Helm will not manage the -## contents of this ConfigMap, it is your responsibility to create it. -# -# existingConfigMap: contour -# -## configInline specifies Contour's configuration directly, in yaml -## format. When configInline is used, Helm manages Contour's -## configuration ConfigMap as part of the release, and -## existingConfigMap is ignored. -## Refer to https://projectcontour.io/docs/v1.2.1/configuration/ for -## available options. -## Evaluated as a template -# -configInline: - # should contour expect to be running inside a k8s cluster - # incluster: true - # - # path to kubeconfig (if not running inside a k8s cluster) - # kubeconfig: /path/to/.kube/config - # - # Client request timeout to be passed to Envoy - # as the connection manager request_timeout. - # Defaults to 0, which Envoy interprets as disabled. - # Note that this is the timeout for the whole request, - # not an idle timeout. - # request-timeout: 0s - # disable ingressroute permitInsecure field - disablePermitInsecure: false - tls: - # minimum TLS version that Contour will negotiate - # minimum-protocol-version: "1.1" - # The following config shows the defaults for the leader election. - ## This needs to be edited by when you deploy to a namespace other than projectcontour - leaderelection: - # configmap-name: leader-elect - configmap-namespace: '{{ .Release.Namespace }}' - ### Logging options - # Default setting - accesslog-format: envoy - # To enable JSON logging in Envoy - # accesslog-format: json - # The default fields that will be logged are specified below. - # To customise this list, just add or remove entries. - # The canonical list is available at - # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields - # json-fields: - # - "@timestamp" - # - "authority" - # - "bytes_received" - # - "bytes_sent" - # - "downstream_local_address" - # - "downstream_remote_address" - # - "duration" - # - "method" - # - "path" - # - "protocol" - # - "request_id" - # - "requested_server_name" - # - "response_code" - # - "response_flags" - # - "uber_trace_id" - # - "upstream_cluster" - # - "upstream_host" - # - "upstream_local_address" - # - "upstream_service_time" - # - "user_agent" - # - "x_forwarded_for" +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets [array] Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" -## Name of the ingress class to route through this controller +## @section Common parameters ## -# ingressClass: contour -## String to partially override contour.fullname include (will maintain the release name) +## @param nameOverride String to partially override contour.fullname include (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override contour.fullname template +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ## -# nameOverride: +kubeVersion: "" +## @param extraDeploy [array] Array of extra objects to deploy with the release +## +extraDeploy: [] +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} -## String to fully override contour.fullname template +## Diagnostic mode in the deployment ## -# fullnameOverride: +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command [array] Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args [array] Args to override all containers in the deployment + ## + args: + - infinity -## Number of contour Pod replicas +## @section Contour parameters ## -replicaCount: 2 -rbac: - # create specifies whether to install and use RBAC rules. - create: true +## To configure Contour, you must specify ONE of the following two options. +## @param existingConfigMap Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`) +## Helm will not manage the contents of this ConfigMap, it is your responsibility to create it. +## e.g: +## existingConfigMap: contour +## +existingConfigMap: "" +## @param configInline [object] Specifies Contour's configuration directly in YAML format +## When configInline is used, Helm manages Contour's configuration ConfigMap as +## part of the release, and existingConfigMap is ignored. +## Refer to https://projectcontour.io/docs/latest/configuration for available options. +## +configInline: + disablePermitInsecure: false + tls: + fallback-certificate: {} + leaderelection: + configmap-namespace: '{{ include "common.names.namespace" . }}' + envoy-service-name: '{{ include "common.names.fullname" . }}-envoy' + accesslog-format: envoy contour: + ## @param contour.enabled Contour Deployment creation. + ## enabled: true + ## @param contour.image.registry Contour image registry + ## @param contour.image.repository Contour image name + ## @param contour.image.tag Contour image tag + ## @param contour.image.pullPolicy Contour Image pull policy + ## @param contour.image.pullSecrets [array] Contour Image pull secrets + ## @param contour.image.debug Enable image debug mode + ## image: registry: docker.io repository: bitnami/contour - tag: 1.8.0-debian-10-r0 + tag: 1.20.1-debian-10-r53 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - + pullSecrets: [] + debug: false + ## @param contour.replicaCount Number of Contour Pod replicas + ## + replicaCount: 1 + ## @param contour.priorityClassName Priority class assigned to the pods + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + ## + priorityClassName: "" + ## @param contour.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param contour.terminationGracePeriodSeconds In seconds, time the given to the Contour pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param contour.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## The value is evaluated as a template + ## + topologySpreadConstraints: [] + ## Configures the ports the Envoy proxy listens on + ## @param contour.containerPorts.xds Set xds port inside Contour pod + ## @param contour.containerPorts.metrics Set metrics port inside Contour pod + ## + containerPorts: + xds: 8001 + metrics: 8000 + ## @param contour.hostAliases [array] Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param contour.updateStrategy Strategy to use to update Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: {} + ## @param contour.extraArgs [array] Extra arguments passed to Contour container + ## + extraArgs: [] ## Contour container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://projectcontour.io/guides/resource-limits/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param contour.resources.limits [object] Specify resource limits which the container is not allowed to succeed. + ## @param contour.resources.requests [object] Specify resource requests which the container needs to spawn. ## resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 400m + ## memory: 258Mi + ## limits: {} - # cpu: 400m - # memory: 250Mi + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 25Mi + ## requests: {} - # cpu: 100m - # memory: 25Mi - - ## Create Contour CRDs - createCustomResource: true - - ## Contour CRD deletion policy - ## ref: https://v3.helm.sh/docs/topics/charts_hooks/ + ## @param contour.manageCRDs Manage the creation, upgrade and deletion of Contour CRDs. ## - # customResourceDeletePolicy: before-hook-creation - - ## Node labels for pod assignment + manageCRDs: true + ## @param contour.podAffinityPreset Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param contour.podAntiAffinityPreset Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## @param contour.podLabels [object] Extra labels for Contour pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param contour.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup. + ## + lifecycleHooks: {} + ## @param contour.customLivenessProbe Override default liveness probe + ## + customLivenessProbe: {} + ## @param contour.customReadinessProbe Override default readiness probe + ## + customReadinessProbe: {} + ## @param contour.customStartupProbe Override default startup probe + ## + customStartupProbe: {} + ## Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## @param contour.nodeAffinityPreset.type Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## @param contour.nodeAffinityPreset.key Contour Node label key to match Ignored if `affinity` is set. + ## @param contour.nodeAffinityPreset.values [array] Contour Node label values to match. Ignored if `affinity` is set. + ## + nodeAffinityPreset: + type: "" + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param contour.command Override default command + ## + command: [] + ## @param contour.args Override default args + ## + args: [] + ## @param contour.affinity [object] Affinity for Contour pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param contour.nodeSelector [object] Node labels for Contour pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - - ## Tolerations for pod assignment + ## @param contour.tolerations [array] Tolerations for Contour pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - - ## Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - - ## Pod annotations + ## @param contour.podAnnotations [object] Contour Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - + ## @param contour.serviceAccount.create Create a serviceAccount for the Contour pod + ## @param contour.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template + ## @param contour.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## @param contour.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. + ## serviceAccount: - # Specifies whether a ServiceAccount should be created create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template name: "" - + automountServiceAccountToken: true + annotations: {} + ## Contour Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param contour.podSecurityContext.enabled Default backend Pod securityContext + ## @param contour.podSecurityContext.fsGroup Set Default backend Pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Envoy container security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param contour.containerSecurityContext.enabled Envoy Container securityContext + ## @param contour.containerSecurityContext.runAsUser User ID for the Contour container (to change this, http and https containerPorts must be set to >1024) + ## @param contour.containerSecurityContext.runAsNonRoot Run as non root + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## @param contour.livenessProbe.enabled Enable/disable the Liveness probe + ## @param contour.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param contour.livenessProbe.periodSeconds How often to perform the probe + ## @param contour.livenessProbe.timeoutSeconds When the probe times out + ## @param contour.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. + ## @param contour.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. + ## livenessProbe: enabled: true initialDelaySeconds: 120 @@ -179,7 +281,13 @@ contour: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 - + ## @param contour.readinessProbe.enabled Enable/disable the readiness probe + ## @param contour.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param contour.readinessProbe.periodSeconds How often to perform the probe + ## @param contour.readinessProbe.timeoutSeconds When the probe times out + ## @param contour.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. + ## @param contour.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. + ## readinessProbe: enabled: true initialDelaySeconds: 15 @@ -187,105 +295,389 @@ contour: timeoutSeconds: 5 failureThreshold: 3 successThreshold: 1 - - securityContext: - enabled: true - runAsNonRoot: true - runAsUser: 1001 - runAsGroup: 1001 - + ## @param contour.startupProbe.enabled Enable/disable the startup probe + ## @param contour.startupProbe.initialDelaySeconds Delay before startup probe is initiated + ## @param contour.startupProbe.periodSeconds How often to perform the probe + ## @param contour.startupProbe.timeoutSeconds When the probe times out + ## @param contour.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. + ## @param contour.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. + ## + startupProbe: + enabled: false + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## Contour certgen configs + ## certgen: + ## @param contour.certgen.serviceAccount.create Create a serviceAccount for the Contour pod + ## @param contour.certgen.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template + ## @param contour.certgen.serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## @param contour.certgen.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. + ## serviceAccount: - # Specifies whether a ServiceAccount should be created create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template name: "" + automountServiceAccountToken: true + annotations: {} + ## @param contour.certgen.certificateLifetime Generated certificate lifetime (in days). + ## + certificateLifetime: 365 + ## @param contour.tlsExistingSecret Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled. + ## It will override `tlsExistingSecret` + ## + tlsExistingSecret: "" + ## Contour Service properties + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## + service: + ## @param contour.service.type Service type + ## + type: ClusterIP + ## @param contour.service.ports.xds Contour service xds port + ## @param contour.service.ports.metrics Contour service xds port + ## + ports: + xds: 8001 + metrics: 8000 + ## Node ports to expose + ## @param contour.service.nodePorts.xds Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + xds: "" + ## @param contour.service.clusterIP Contour service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param contour.service.loadBalancerIP Contour service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param contour.service.loadBalancerSourceRanges Contour service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param contour.service.externalTrafficPolicy Contour service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param contour.service.annotations Additional custom annotations for Contour service + ## + annotations: {} + ## @param contour.service.extraPorts Extra port to expose on Contour service + ## + extraPorts: [] + ## @param contour.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param contour.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param contour.initContainers [array] Attach additional init containers to Contour pods + ## For example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param contour.sidecars [array] Add additional sidecar containers to the Contour pods + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param contour.extraVolumes [array] Array to add extra volumes + ## + extraVolumes: [] + ## @param contour.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes) + ## + extraVolumeMounts: [] + ## @param contour.extraEnvVars [array] Array containing extra env vars to be added to all Contour containers + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + ## + extraEnvVars: [] + ## @param contour.extraEnvVarsCM ConfigMap containing extra env vars to be added to all Contour containers + ## + extraEnvVarsCM: "" + ## @param contour.extraEnvVarsSecret Secret containing extra env vars to be added to all Contour containers + ## + extraEnvVarsSecret: "" + ## @param contour.ingressClass.name Name of the ingress class to route through this controller. + ## @param contour.ingressClass.create Whether to create or not the IngressClass resource + ## @param contour.ingressClass.default Mark IngressClass resource as default for cluster + ## + ## DEPRECATED: Use a map instead + ## You can use the the 'contour.ingressClass' as a string to indicate the ingress + ## class name. This will skip the creation of an IngressClass resource. + ## e.g: + ## ingressClass: contour + ## + ingressClass: + name: "" + create: true + default: true + + ## @param contour.debug Enable Contour debug log level + ## + debug: false + + ## @param contour.kubernetesDebug Contour kubernetes debug log level, Default 0, minimum 0, maximum 9. + kubernetesDebug: 0 + + ## @param contour.rootNamespaces Restrict Contour to searching these namespaces for root ingress routes. + rootNamespaces: "" + +## @section Envoy parameters +## envoy: + ## @param envoy.enabled Envoy Proxy creation + ## enabled: true + ## Bitnami Envoy image + ## ref: https://hub.docker.com/r/bitnami/envoy/tags/ + ## @param envoy.image.registry Envoy Proxy image registry + ## @param envoy.image.repository Envoy Proxy image repository + ## @param envoy.image.tag Envoy Proxy image tag (immutable tags are recommended) + ## @param envoy.image.pullPolicy Envoy image pull policy + ## @param envoy.image.pullSecrets [array] Envoy image pull secrets + ## image: registry: docker.io repository: bitnami/envoy - tag: 1.15.0-debian-10-r27 + tag: 1.21.1-debian-10-r55 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - + pullSecrets: [] + ## @param envoy.priorityClassName Priority class assigned to the pods + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + ## + priorityClassName: "" + ## @param envoy.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param envoy.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## The value is evaluated as a template + ## + topologySpreadConstraints: [] + ## @param envoy.extraArgs [array] Extra arguments passed to Envoy container + ## + extraArgs: [] + ## @param envoy.hostAliases [array] Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] ## Envoy container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## ref: https://projectcontour.io/guides/resource-limits/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param envoy.resources.limits [object] Specify resource limits which the container is not allowed to succeed. + ## @param envoy.resources.requests [object] Specify resource requests which the container needs to spawn. ## resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - + ## Example: + ## limits: + ## cpu: 400m + ## memory: 250Mi + ## limits: {} - # cpu: 400m - # memory: 250Mi + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 25Mi + ## requests: {} - # cpu: 100m - # memory: 25Mi - ## Node labels for pod assignment + ## @param envoy.command Override default command + ## + command: [] + ## @param envoy.args Override default args + ## + args: [] + ## @param envoy.shutdownManager.enabled Contour shutdownManager sidecar + ## @param envoy.shutdownManager.resources.limits [object] Specify resource limits which the container is not allowed to succeed. + ## @param envoy.shutdownManager.resources.requests [object] Specify resource requests which the container needs to spawn. + ## + shutdownManager: + enabled: true + resources: + ## Example: + ## limits: + ## cpu: 50m + ## memory: 32Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 10m + ## memory: 16Mi + ## + requests: {} + ## @param envoy.kind Install as deployment or daemonset + ## + kind: daemonset + ## @param envoy.replicaCount Desired number of Controller pods + ## + replicaCount: 1 + ## @param envoy.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup. + ## + lifecycleHooks: {} + ## @param envoy.updateStrategy [object] Strategy to use to update Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 10% + ## @param envoy.minReadySeconds The minimum number of seconds for which a newly created Pod should be ready + ## + minReadySeconds: 0 + ## @param envoy.revisionHistoryLimit The number of old history to retain to allow rollback + ## + revisionHistoryLimit: 10 + ## Controller Autoscaling configuration + ## @param envoy.autoscaling.enabled Enable autoscaling for Controller + ## @param envoy.autoscaling.minReplicas Minimum number of Controller replicas + ## @param envoy.autoscaling.maxReplicas Maximum number of Controller replicas + ## @param envoy.autoscaling.targetCPU Target CPU utilization percentage + ## @param envoy.autoscaling.targetMemory Target Memory utilization percentage + ## + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 11 + targetCPU: "" + targetMemory: "" + ## @param envoy.podAffinityPreset Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + ## @param envoy.podAntiAffinityPreset Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: "" + ## Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## @param envoy.nodeAffinityPreset.type Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## @param envoy.nodeAffinityPreset.key Envoy Node label key to match Ignored if `affinity` is set. + ## @param envoy.nodeAffinityPreset.values [array] Envoy Node label values to match. Ignored if `affinity` is set. + ## + nodeAffinityPreset: + type: "" + key: "" + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param envoy.affinity [object] Affinity for Envoy pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param envoy.nodeSelector [object] Node labels for Envoy pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - - ## Tolerations for pod assignment + ## @param envoy.tolerations [array] Tolerations for Envoy pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - - ## Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - - ## Pod annotations + ## @param envoy.podAnnotations [object] Envoy Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - + ## @param envoy.podLabels Extra labels for Envoy pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} ## Pod security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param envoy.podSecurityContext.enabled Envoy Pod securityContext + ## @param envoy.podSecurityContext.fsGroup User ID for the for the mounted volumes + ## @param envoy.podSecurityContext.sysctls Array of sysctl options to allow ## podSecurityContext: + fsGroup: 0 + sysctls: [] enabled: false - - ## Envoy container security context - envoy needs to run as root to bind to 80, 443 + ## Envoy container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param envoy.containerSecurityContext.enabled Envoy Container securityContext + ## @param envoy.containerSecurityContext.runAsUser User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) + ## @param envoy.containerSecurityContext.runAsNonRoot Run as non root ## containerSecurityContext: enabled: true - runAsUser: 0 - - ## Pod host network access + runAsUser: 1001 + runAsNonRoot: true + ## @param envoy.hostNetwork Envoy Pod host network access ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces ## hostNetwork: false - - ## Pod's DNS Policy + ## @param envoy.dnsPolicy Envoy Pod Dns Policy's DNS Policy ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy ## dnsPolicy: ClusterFirst - + ## @param envoy.tlsExistingSecret Name of the existingSecret to be use in Envoy deployment + ## + tlsExistingSecret: "" + ## @param envoy.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param envoy.serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template + ## @param envoy.serviceAccount.automountServiceAccountToken Whether to auto mount API credentials for a service account + ## @param envoy.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server + ## serviceAccount: - # Specifies whether a ServiceAccount should be created create: true - # The name of the ServiceAccount to use. If not set and create is - # true, a name is generated using the fullname template name: "" - + automountServiceAccountToken: false + annotations: {} + ## @param envoy.livenessProbe.enabled Enable livenessProbe + ## @param envoy.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param envoy.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param envoy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param envoy.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param envoy.livenessProbe.successThreshold Success threshold for livenessProbe + ## livenessProbe: enabled: true initialDelaySeconds: 120 @@ -293,7 +685,13 @@ envoy: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 - + ## @param envoy.readinessProbe.enabled Enable/disable the readiness probe + ## @param envoy.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param envoy.readinessProbe.periodSeconds How often to perform the probe + ## @param envoy.readinessProbe.timeoutSeconds When the probe times out + ## @param envoy.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. + ## @param envoy.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. + ## readinessProbe: enabled: true initialDelaySeconds: 10 @@ -301,50 +699,594 @@ envoy: timeoutSeconds: 1 failureThreshold: 3 successThreshold: 1 - + ## @param envoy.startupProbe.enabled Enable/disable the startup probe + ## @param envoy.startupProbe.initialDelaySeconds Delay before startup probe is initiated + ## @param envoy.startupProbe.periodSeconds How often to perform the probe + ## @param envoy.startupProbe.timeoutSeconds When the probe times out + ## @param envoy.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. + ## @param envoy.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. + ## + startupProbe: + enabled: false + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## @param envoy.customLivenessProbe Override default liveness probe + ## + customLivenessProbe: {} + ## @param envoy.customReadinessProbe Override default readiness probe + ## + customReadinessProbe: {} + ## @param envoy.customStartupProbe Override default startup probe + ## + customStartupProbe: {} + ## @param envoy.terminationGracePeriodSeconds Envoy termination grace period in seconds + ## terminationGracePeriodSeconds: 300 - + ## @param envoy.logLevel Envoy log level + ## logLevel: info - ## Envoy Service properties ## service: - ## Service type + ## @param envoy.service.targetPorts [object] Map the controller service HTTP/HTTPS port + ## + targetPorts: + http: http + https: https + ## @param envoy.service.type Type of Envoy service to create ## type: LoadBalancer + ## @param envoy.service.externalTrafficPolicy Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer + ## externalTrafficPolicy: Local - # clusterIP: "" - # externalIPs: [] - # loadBalancerIP: "" - # loadBalancerSourceRanges: [] - - ## Service annotations + ## @param envoy.service.labels Labels to add to te envoy service + ## + labels: {} + ## @param envoy.service.clusterIP Internal envoy cluster service IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param envoy.service.externalIPs [array] Envoy service external IP addresses + ## + externalIPs: [] + ## @param envoy.service.loadBalancerIP IP address to assign to load balancer (if supported) + ## + loadBalancerIP: "" + ## @param envoy.service.loadBalancerSourceRanges [array] List of IP CIDRs allowed access to load balancer (if supported) + ## + loadBalancerSourceRanges: [] + ## @param envoy.service.ipFamilyPolicy [string], support SingleStack, PreferDualStack and RequireDualStack + ## + ipFamilyPolicy: "" + ## @param envoy.service.annotations [object] Annotations for Envoy service ## annotations: {} - ports: - ## HTTP Port + ## @param envoy.service.ports.http Sets service http port ## http: 80 - ## HTTPS Port + ## @param envoy.service.ports.https Sets service https port ## https: 443 - ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## @param envoy.service.nodePorts.http HTTP Port. If `envoy.service.type` is NodePort and this is non-empty + ## @param envoy.service.nodePorts.https HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty ## nodePorts: http: "" https: "" + ## @param envoy.service.extraPorts [array] Extra ports to expose (normally used with the `sidecar` value) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## + extraPorts: [] + ## @param envoy.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param envoy.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param envoy.useHostPort Enable/disable `hostPort` for TCP/80 and TCP/443 + ## + useHostPort: true + ## @param envoy.useHostIP Enable/disable `hostIP` + ## + useHostIP: false + ## @param envoy.hostPorts.http Sets `hostPort` http port + ## @param envoy.hostPorts.https Sets `hostPort` https port + ## + hostPorts: + http: 80 + https: 443 + ## @param envoy.hostIPs.http Sets `hostIP` http IP + ## @param envoy.hostIPs.https Sets `hostIP` https IP + ## + hostIPs: + http: 127.0.0.1 + https: 127.0.0.1 + ## Configures the ports the Envoy proxy listens on + ## @param envoy.containerPorts.http Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user) + ## @param envoy.containerPorts.https Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user) + ## + containerPorts: + http: 8080 + https: 8443 + ## @param envoy.initContainers [array] Attach additional init containers to Envoy pods + ## For example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param envoy.sidecars Add additional sidecar containers to the Envoy pods + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param envoy.extraVolumes [array] Array to add extra volumes + ## + extraVolumes: [] + ## @param envoy.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes) + ## + extraVolumeMounts: [] + ## @param envoy.extraEnvVars [array] Array containing extra env vars to be added to all Envoy containers + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + ## + extraEnvVars: [] + ## @param envoy.extraEnvVarsCM ConfigMap containing extra env vars to be added to all Envoy containers + ## + extraEnvVarsCM: "" + ## @param envoy.extraEnvVarsSecret Secret containing extra env vars to be added to all Envoy containers + ## + extraEnvVarsSecret: "" -prometheus: - # Prometheus Operator service monitors +## @section Default backend parameters +## + +## Default 404 backend +## +defaultBackend: + ## @param defaultBackend.enabled Enable a default backend based on NGINX + ## + enabled: false + ## Bitnami NGINX image + ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ + ## @param defaultBackend.image.registry Default backend image registry + ## @param defaultBackend.image.repository Default backend image name + ## @param defaultBackend.image.tag Default backend image tag + ## @param defaultBackend.image.pullPolicy Image pull policy + ## @param defaultBackend.image.pullSecrets [array] Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/nginx + tag: 1.21.6-debian-10-r81 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param defaultBackend.extraArgs [object] Additional command line arguments to pass to NGINX container + ## + extraArgs: {} + ## @param defaultBackend.lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup. + ## + lifecycleHooks: {} + ## @param defaultBackend.extraEnvVars [array] Array containing extra env vars to be added to all Contour containers + ## For example: + ## extraEnvVars: + ## - name: MY_ENV_VAR + ## value: env_var_value + ## + extraEnvVars: [] + ## @param defaultBackend.extraEnvVarsCM ConfigMap containing extra env vars to be added to all Contour containers + ## + extraEnvVarsCM: "" + ## @param defaultBackend.extraEnvVarsSecret Secret containing extra env vars to be added to all Contour containers + ## + extraEnvVarsSecret: "" + ## @param defaultBackend.extraVolumes [array] Array to add extra volumes + ## + extraVolumes: [] + ## @param defaultBackend.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes) + ## + extraVolumeMounts: [] + ## @param defaultBackend.initContainers [array] Attach additional init containers to the http backend pods + ## For example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## + initContainers: [] + ## @param defaultBackend.sidecars [array] Add additional sidecar containers to the default backend + ## Example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## Configures the ports the http backend listens on + ## @param defaultBackend.containerPorts.http Set http port inside Contour pod + ## + containerPorts: + http: 8001 + ## @param defaultBackend.updateStrategy Strategy to use to update Pods + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: {} + ## @param defaultBackend.command Override default command + ## + command: [] + ## @param defaultBackend.args Override default args + ## + args: [] + ## @param defaultBackend.hostAliases [array] Add deployment host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param defaultBackend.replicaCount Desired number of default backend pods + ## + replicaCount: 1 + ## Default backend pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param defaultBackend.podSecurityContext.enabled Default backend Pod securityContext + ## @param defaultBackend.podSecurityContext.fsGroup Set Default backend Pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Default backend containers' Security Context (only main container) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultBackend.containerSecurityContext.enabled Default backend container securityContext + ## @param defaultBackend.containerSecurityContext.runAsUser User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) + ## @param defaultBackend.containerSecurityContext.runAsNonRoot Run as non root + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## Default backend containers' resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + ## @param defaultBackend.resources.limits [object] The resources limits for the Default backend container + ## @param defaultBackend.resources.requests [object] The requested resources for the Default backend container + ## + resources: + ## Example: + ## limits: + ## cpu: 250m + ## memory: 256Mi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 250m + ## memory: 256Mi + ## + requests: {} + ## Default backend containers' liveness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param defaultBackend.livenessProbe.enabled Enable livenessProbe + ## @param defaultBackend.livenessProbe.httpGet [object] Path, port and scheme for the livenessProbe + ## @param defaultBackend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param defaultBackend.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param defaultBackend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param defaultBackend.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param defaultBackend.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + ## Default backend containers' readiness probe. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param defaultBackend.readinessProbe.enabled Enable readinessProbe + ## @param defaultBackend.readinessProbe.httpGet [object] Path, port and scheme for the readinessProbe + ## @param defaultBackend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param defaultBackend.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param defaultBackend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param defaultBackend.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param defaultBackend.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 0 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + ## @param defaultBackend.startupProbe.enabled Enable/disable the startup probe + ## @param defaultBackend.startupProbe.initialDelaySeconds Delay before startup probe is initiated + ## @param defaultBackend.startupProbe.periodSeconds How often to perform the probe + ## @param defaultBackend.startupProbe.timeoutSeconds When the probe times out + ## @param defaultBackend.startupProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. + ## @param defaultBackend.startupProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. + ## + startupProbe: + enabled: false + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## @param defaultBackend.customLivenessProbe [object] Override default liveness probe, it overrides the default one (evaluated as a template) + ## + customLivenessProbe: {} + ## @param defaultBackend.customReadinessProbe [object] Override default readiness probe, it overrides the default one (evaluated as a template) + ## + customReadinessProbe: {} + ## @param defaultBackend.customStartupProbe Override default startup probe + ## + customStartupProbe: {} + ## @param defaultBackend.podLabels [object] Extra labels for Controller pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param defaultBackend.podAnnotations [object] Annotations for Controller pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param defaultBackend.priorityClassName Priority class assigned to the pods + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + ## + priorityClassName: "" + ## @param defaultBackend.schedulerName Name of the k8s scheduler (other than default) + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param defaultBackend.terminationGracePeriodSeconds In seconds, time the given to the default backend pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: 60 + ## @param defaultBackend.topologySpreadConstraints Topology Spread Constraints for pod assignment + ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## The value is evaluated as a template + ## + topologySpreadConstraints: [] + ## @param defaultBackend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + ## @param defaultBackend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## @param defaultBackend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## @param defaultBackend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. + ## @param defaultBackend.nodeAffinityPreset.values [array] Node label values to match. Ignored if `affinity` is set. + ## + nodeAffinityPreset: + type: "" + key: "" + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param defaultBackend.affinity [object] Affinity for pod assignment. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: defaultBackend.podAffinityPreset, defaultBackend.podAntiAffinityPreset, and defaultBackend.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param defaultBackend.nodeSelector [object] Node labels for pod assignment. Evaluated as a template. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param defaultBackend.tolerations [array] Tolerations for pod assignment. Evaluated as a template. + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Default backend Service parameters + ## @param defaultBackend.service.type Service type + ## @param defaultBackend.service.ports.http Service port + ## @param defaultBackend.service.annotations Annotations to add to the service + ## + service: + type: ClusterIP + ports: + http: 80 + annotations: {} + ## PodDisruptionBudget for default backend + ## Default backend Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## @param defaultBackend.pdb.create Enable Pod Disruption Budget configuration + ## @param defaultBackend.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled + ## @param defaultBackend.pdb.maxUnavailable Maximum number/percentage of Default backend pods that should remain scheduled + ## + pdb: + create: false + minAvailable: 1 + maxUnavailable: "" + +## Ingress parameters +## +ingress: + ## @param ingress.enabled Ingress configuration enabled + ## Ref: https://kubernetes.io/docs/user-guide/ingress/ + ## + ## Enable Ingress. + ## + enabled: false + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.certManager Add annotations for cert-manager + ## + certManager: false + ## @param ingress.annotations Annotations to be added to the web ingress. + ## Example: + ## kubernetes.io/ingress.class: nginx + ## kubernetes.io/tls-acme: 'true' + ## + annotations: {} + ## Either `hosts` or `rulesOverride` must be provided if Ingress is enabled. + ## `hosts` sets up the Ingress with default rules per provided hostname. + ## @param ingress.hostname Hostname for the Ingress object + ## + hostname: contour.local + ## @param ingress.path The Path to Concourse + ## + path: / + ## @param ingress.rulesOverride Ingress rules override + ## Either `hosts` or `rulesOverride` must be provided if Ingress is enabled. + ## `rulesOverride` allows the user to define the full set of ingress rules, for more complex Ingress setups. + ## + rulesOverride: [] + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## + ingressClassName: "" + ## @param ingress.extraPaths Add additional arbitrary paths that may need to be added to the ingress under the main host. + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## + extraPaths: [] + ## @param ingress.tls TLS configuration. + ## Secrets must be manually created in the namespace. + ## Example: + ## - secretName: concourse-web-tls + ## hosts: + ## - concourse.domain.com + ## + tls: false + ## @param ingress.pathType Ingress Path type + ## + pathType: ImplementationSpecific + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: concourse.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - concourse.local + ## secretName: concourse.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## Example: + ## - name: concourse.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + +## @section Metrics parameters +## + +## Prometheus Operator service monitors +## @param metrics.serviceMonitor.namespace Specify if the servicemonitors will be deployed into a different namespace (blank deploys into same namespace as chart) +## @param metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator. +## @param metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator +## @param metrics.serviceMonitor.interval Specify the scrape interval if not specified use default prometheus scrapeIntervall, the Prometheus default scrape interval is used. +## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics. +## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling. +## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint +## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended +## @param metrics.serviceMonitor.selector Specify honorLabels parameter to add the scrape endpoint +## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor +## +metrics: serviceMonitor: - # enable support for Prometheus Operator + namespace: "" enabled: false - # Job label for scrape target jobLabel: "app.kubernetes.io/name" - # Scrape interval. If not set, the Prometheus default scrape interval is used. interval: "" metricRelabelings: [] relabelings: [] + honorLabels: false + scrapeTimeout: "" + selector: {} + labels: {} + +## @section Other parameters +## + +## @param rbac.create Create the RBAC roles for API accessibility +## +rbac: + create: true + ## @param rbac.rules [array] Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] +## @param tlsExistingSecret Name of the existingSecret to be use in both contour and envoy. If it is not nil `contour.certgen` will be disabled. +## +tlsExistingSecret: ""