diff --git a/assets/kuma/kuma-2.7.1.tgz b/assets/kuma/kuma-2.7.1.tgz new file mode 100644 index 000000000..61b7d9c9c Binary files /dev/null and b/assets/kuma/kuma-2.7.1.tgz differ diff --git a/assets/ngrok/kubernetes-ingress-controller-0.12.4.tgz b/assets/ngrok/kubernetes-ingress-controller-0.12.4.tgz new file mode 100644 index 000000000..92549cf9b Binary files /dev/null and b/assets/ngrok/kubernetes-ingress-controller-0.12.4.tgz differ diff --git a/charts/kuma/kuma/Chart.yaml b/charts/kuma/kuma/Chart.yaml index 78965468c..f8e3643fd 100644 --- a/charts/kuma/kuma/Chart.yaml +++ b/charts/kuma/kuma/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/namespace: kuma-system catalog.cattle.io/release-name: kuma apiVersion: v2 -appVersion: 2.7.0 +appVersion: 2.7.1 description: A Helm chart for the Kuma Control Plane home: https://github.com/kumahq/kuma icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg @@ -23,4 +23,4 @@ maintainers: url: https://github.com/michaelbeaumont name: kuma type: application -version: 2.7.0 +version: 2.7.1 diff --git a/charts/kuma/kuma/README.md b/charts/kuma/kuma/README.md index f58153fc9..ed97d8979 100644 --- a/charts/kuma/kuma/README.md +++ b/charts/kuma/kuma/README.md @@ -2,7 +2,7 @@ A Helm chart for the Kuma Control Plane -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.7.0](https://img.shields.io/badge/Version-2.7.0-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.7.1](https://img.shields.io/badge/Version-2.7.1-informational?style=flat-square) ![AppVersion: 2.7.1](https://img.shields.io/badge/AppVersion-2.7.1-informational?style=flat-square) **Homepage:** @@ -94,6 +94,7 @@ A Helm chart for the Kuma Control Plane | controlPlane.admissionServerPort | int | `5443` | Define a new server port for the admission controller. Recommended to set in combination with hostNetwork to prevent multiple port bindings on the same port (like Calico in AWS EKS). | | controlPlane.podSecurityContext | object | `{"runAsNonRoot":true}` | Security context at the pod level for control plane. | | controlPlane.containerSecurityContext | object | `{"readOnlyRootFilesystem":true}` | Security context at the container level for control plane. | +| controlPlane.supportGatewaySecretsInAllNamespaces | bool | `false` | If true, then control plane can support TLS secrets for builtin gateway outside of mesh system namespace. The downside is that control plane requires permission to read Secrets in all namespaces. | | cni.enabled | bool | `false` | Install Kuma with CNI instead of proxy init container | | cni.chained | bool | `false` | Install CNI in chained mode | | cni.netDir | string | `"/etc/cni/multus/net.d"` | Set the CNI install directory | diff --git a/charts/kuma/kuma/templates/_helpers.tpl b/charts/kuma/kuma/templates/_helpers.tpl index c4e9c6a05..7715ce2d7 100644 --- a/charts/kuma/kuma/templates/_helpers.tpl +++ b/charts/kuma/kuma/templates/_helpers.tpl @@ -299,6 +299,10 @@ env: {{- end }} - name: KUMA_PLUGIN_POLICIES_ENABLED value: {{ include "kuma.pluginPoliciesEnabled" . | quote }} +{{- if .Values.controlPlane.supportGatewaySecretsInAllNamespaces }} +- name: KUMA_RUNTIME_KUBERNETES_SUPPORT_GATEWAY_SECRETS_IN_ALL_NAMESPACES + value: true +{{- end }} {{- end }} {{- define "kuma.controlPlane.tls.general.caSecretName" -}} diff --git a/charts/kuma/kuma/templates/cp-rbac.yaml b/charts/kuma/kuma/templates/cp-rbac.yaml index 5306a3097..52e246314 100644 --- a/charts/kuma/kuma/templates/cp-rbac.yaml +++ b/charts/kuma/kuma/templates/cp-rbac.yaml @@ -29,11 +29,20 @@ rules: - pods - configmaps - nodes +{{- if .Values.controlPlane.supportGatewaySecretsInAllNamespaces }} - secrets +{{- end }} verbs: - get - list - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch - apiGroups: - "apps" resources: diff --git a/charts/kuma/kuma/templates/gateway-class.yaml b/charts/kuma/kuma/templates/gateway-class.yaml index 860f17c50..cf1ae305d 100644 --- a/charts/kuma/kuma/templates/gateway-class.yaml +++ b/charts/kuma/kuma/templates/gateway-class.yaml @@ -1,3 +1,4 @@ +{{- if and (eq .Values.controlPlane.environment "kubernetes") (eq .Values.controlPlane.mode "zone") }} {{- if .Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1/GatewayClass" }} --- apiVersion: gateway.networking.k8s.io/v1 @@ -15,3 +16,4 @@ metadata: spec: controllerName: "gateways.kuma.io/controller" {{- end }} +{{- end }} diff --git a/charts/kuma/kuma/values.yaml b/charts/kuma/kuma/values.yaml index 1f0764afc..6fedf821a 100644 --- a/charts/kuma/kuma/values.yaml +++ b/charts/kuma/kuma/values.yaml @@ -321,6 +321,10 @@ controlPlane: containerSecurityContext: readOnlyRootFilesystem: true + # -- If true, then control plane can support TLS secrets for builtin gateway outside of mesh system namespace. + # The downside is that control plane requires permission to read Secrets in all namespaces. + supportGatewaySecretsInAllNamespaces: false + cni: # -- Install Kuma with CNI instead of proxy init container enabled: false diff --git a/charts/ngrok/kubernetes-ingress-controller/CHANGELOG.md b/charts/ngrok/kubernetes-ingress-controller/CHANGELOG.md index 15933ebe9..3bd8d855a 100644 --- a/charts/ngrok/kubernetes-ingress-controller/CHANGELOG.md +++ b/charts/ngrok/kubernetes-ingress-controller/CHANGELOG.md @@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.12.4 + +- Add the `apiURL` value. + This sets the ngrok API endpoint used by the controller. + It corresponds to the `--api-url` argument to the manager binary. + +- Update to version 0.10.4 of the ingress controller. + See its changes [here](../../CHANGELOG.md#0104). + ## 0.12.1 - Update to version 0.10.1 of the ingress controller, which includes: diff --git a/charts/ngrok/kubernetes-ingress-controller/Chart.lock b/charts/ngrok/kubernetes-ingress-controller/Chart.lock index e59e89238..b0d32a35b 100644 --- a/charts/ngrok/kubernetes-ingress-controller/Chart.lock +++ b/charts/ngrok/kubernetes-ingress-controller/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.19.0 -digest: sha256:9d633ce0386ef6e5855933e3b4144996795219b3dcbc920b5eda03565c91b1f6 -generated: "2024-03-15T11:15:37.790716635-05:00" + version: 2.19.1 +digest: sha256:8b1a425b039469d9fd0b0b48bd825df70bdcbe6f62e1f83b8c06653bfc472943 +generated: "2024-03-27T10:54:59.497298868-05:00" diff --git a/charts/ngrok/kubernetes-ingress-controller/Chart.yaml b/charts/ngrok/kubernetes-ingress-controller/Chart.yaml index 40d3b18ab..2e6236c6c 100644 --- a/charts/ngrok/kubernetes-ingress-controller/Chart.yaml +++ b/charts/ngrok/kubernetes-ingress-controller/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: ngrok Ingress Controller catalog.cattle.io/release-name: kubernetes-ingress-controller apiVersion: v2 -appVersion: 0.10.3 +appVersion: 0.10.4 dependencies: - name: common repository: file://./charts/common @@ -22,4 +22,4 @@ keywords: name: kubernetes-ingress-controller sources: - https://github.com/ngrok/kubernetes-ingress-controller -version: 0.12.3 +version: 0.12.4 diff --git a/charts/ngrok/kubernetes-ingress-controller/README.md b/charts/ngrok/kubernetes-ingress-controller/README.md index 5091e7137..1d47f5ede 100644 --- a/charts/ngrok/kubernetes-ingress-controller/README.md +++ b/charts/ngrok/kubernetes-ingress-controller/README.md @@ -64,7 +64,8 @@ To uninstall the chart: | `credentials.apiKey` | Your ngrok API key. If provided, it will be will be written to the secret and the authtoken must be provided as well. | `""` | | `credentials.authtoken` | Your ngrok authtoken. If provided, it will be will be written to the secret and the apiKey must be provided as well. | `""` | | `region` | ngrok region to create tunnels in. Defaults to connect to the closest geographical region. | `""` | -| `serverAddr` | This is the URL of the ngrok server to connect to. You should set this if you are using a custom ingress URL. | `""` | +| `serverAddr` | This is the address of the ngrok server to connect to. You should set this if you are using a custom ingress address. | `""` | +| `apiURL` | This is the URL of the ngrok API. You should set this if you are using a custom API URL. | `""` | | `metaData` | This is a map of key/value pairs that will be added as meta data to all ngrok api resources created | `{}` | | `affinity` | Affinity for the controller pod assignment | `{}` | | `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | diff --git a/charts/ngrok/kubernetes-ingress-controller/charts/common/Chart.yaml b/charts/ngrok/kubernetes-ingress-controller/charts/common/Chart.yaml index f86ccd23a..8d0e54694 100644 --- a/charts/ngrok/kubernetes-ingress-controller/charts/common/Chart.yaml +++ b/charts/ngrok/kubernetes-ingress-controller/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.19.0 +appVersion: 2.19.1 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.19.0 +version: 2.19.1 diff --git a/charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_resources.tpl b/charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_resources.tpl index d90f8752d..030fa1a99 100644 --- a/charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_resources.tpl +++ b/charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_resources.tpl @@ -11,7 +11,7 @@ These presets are for basic testing and not meant to be used in production {{ include "common.resources.preset" (dict "type" "nano") -}} */}} {{- define "common.resources.preset" -}} -{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} {{- $presets := dict "nano" (dict "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") @@ -34,11 +34,11 @@ These presets are for basic testing and not meant to be used in production "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi") ) "xlarge" (dict - "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi") + "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi") "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi") ) "2xlarge" (dict - "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi") + "requests" (dict "cpu" "1.5" "memory" "4096Mi" "ephemeral-storage" "50Mi") "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi") ) }} @@ -47,4 +47,4 @@ These presets are for basic testing and not meant to be used in production {{- else -}} {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/ngrok/kubernetes-ingress-controller/templates/controller-deployment.yaml b/charts/ngrok/kubernetes-ingress-controller/templates/controller-deployment.yaml index d1f7642a9..366776cf8 100644 --- a/charts/ngrok/kubernetes-ingress-controller/templates/controller-deployment.yaml +++ b/charts/ngrok/kubernetes-ingress-controller/templates/controller-deployment.yaml @@ -28,6 +28,9 @@ spec: prometheus.io/path: /metrics prometheus.io/port: '8080' prometheus.io/scrape: 'true' + checksum/controller-role: {{ include (print $.Template.BasePath "/rbac/role.yaml") . | sha256sum }} + checksum/rbac: {{ include (print $.Template.BasePath "/controller-rbac.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/credentials-secret.yaml") . | sha256sum }} labels: {{- include "kubernetes-ingress-controller.selectorLabels" . | nindent 8 }} {{- if .Values.podLabels }} @@ -61,6 +64,9 @@ spec: {{- if .Values.region }} - --region={{ .Values.region}} {{- end }} + {{- if .Values.apiURL }} + - --api-url={{ .Values.apiURL}} + {{- end }} {{- if .Values.serverAddr }} - --server-addr={{ .Values.serverAddr}} {{- end }} diff --git a/charts/ngrok/kubernetes-ingress-controller/values.yaml b/charts/ngrok/kubernetes-ingress-controller/values.yaml index 40854b591..71f1adcc4 100644 --- a/charts/ngrok/kubernetes-ingress-controller/values.yaml +++ b/charts/ngrok/kubernetes-ingress-controller/values.yaml @@ -67,9 +67,12 @@ credentials: ## @param region ngrok region to create tunnels in. Defaults to connect to the closest geographical region. region: "" -## @param serverAddr This is the URL of the ngrok server to connect to. You should set this if you are using a custom ingress URL. +## @param serverAddr This is the address of the ngrok server to connect to. You should set this if you are using a custom ingress address. serverAddr: "" +## @param apiURL This is the URL of the ngrok API. You should set this if you are using a custom API URL. +apiURL: "" + ## @param metaData This is a map of key/value pairs that will be added as meta data to all ngrok api resources created metaData: {} diff --git a/index.yaml b/index.yaml index d773fddac..6ebb735da 100644 --- a/index.yaml +++ b/index.yaml @@ -32206,6 +32206,35 @@ entries: - assets/kubemq/kubemq-crds-2.3.7.tgz version: 2.3.7 kubernetes-ingress-controller: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: ngrok Ingress Controller + catalog.cattle.io/release-name: kubernetes-ingress-controller + apiVersion: v2 + appVersion: 0.10.4 + created: "2024-04-24T00:52:02.821080173Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: A Kubernetes ingress controller built using ngrok. + digest: eee2f79ed343620ac426b65da3a752a70203847da6f9ad10da5c80a79f043f9b + home: https://ngrok.com + icon: https://assets-global.website-files.com/63ed4bc7a4b189da942a6b8c/6411ffa0b395a44345ed2b1a_Frame%201.svg + keywords: + - ngrok + - networking + - ingress + - edge + - api gateway + name: kubernetes-ingress-controller + sources: + - https://github.com/ngrok/kubernetes-ingress-controller + urls: + - assets/ngrok/kubernetes-ingress-controller-0.12.4.tgz + version: 0.12.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: ngrok Ingress Controller @@ -33044,6 +33073,36 @@ entries: - assets/avesha/kubeslice-worker-0.4.5.tgz version: 0.4.5 kuma: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kuma + catalog.cattle.io/namespace: kuma-system + catalog.cattle.io/release-name: kuma + apiVersion: v2 + appVersion: 2.7.1 + created: "2024-04-24T00:52:02.041129376Z" + description: A Helm chart for the Kuma Control Plane + digest: e62533c6525e4c0e3d464bb54680db107d53d9a6eeedf808110864e7129ee1a5 + home: https://github.com/kumahq/kuma + icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg + keywords: + - service mesh + - control plane + maintainers: + - email: jakub.dyszkiewicz@konghq.com + name: Jakub Dyszkiewicz + url: https://github.com/jakubdyszkiewicz + - email: charly.molter@konghq.com + name: Charly Molter + url: https://github.com/lahabana + - email: michael.beaumont@konghq.com + name: Mike Beaumont + url: https://github.com/michaelbeaumont + name: kuma + type: application + urls: + - assets/kuma/kuma-2.7.1.tgz + version: 2.7.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kuma