diff --git a/assets/jenkins/jenkins-5.2.1.tgz b/assets/jenkins/jenkins-5.2.1.tgz new file mode 100644 index 000000000..a6f240861 Binary files /dev/null and b/assets/jenkins/jenkins-5.2.1.tgz differ diff --git a/assets/kong/kong-2.39.0.tgz b/assets/kong/kong-2.39.0.tgz new file mode 100644 index 000000000..ce43c2f06 Binary files /dev/null and b/assets/kong/kong-2.39.0.tgz differ diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md index bb823c254..2e48eb2d5 100644 --- a/charts/jenkins/jenkins/CHANGELOG.md +++ b/charts/jenkins/jenkins/CHANGELOG.md @@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The changelog until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 5.2.1 + +Update `jenkins/jenkins` to version `2.452.2-jdk17` + ## 5.2.0 Add `agent.inheritYamlMergeStrategy` to allow configuring this setting on the default agent pod template. diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml index 6032fa171..b817daa1d 100644 --- a/charts/jenkins/jenkins/Chart.yaml +++ b/charts/jenkins/jenkins/Chart.yaml @@ -1,10 +1,10 @@ annotations: artifacthub.io/category: integration-delivery artifacthub.io/changes: | - - Add `agent.inheritYamlMergeStrategy` to allow configuring this setting on the default agent pod template. + - Update `jenkins/jenkins` to version `2.452.2-jdk17` artifacthub.io/images: | - name: jenkins - image: docker.io/jenkins/jenkins:2.452.1-jdk17 + image: docker.io/jenkins/jenkins:2.452.2-jdk17 - name: k8s-sidecar image: docker.io/kiwigrid/k8s-sidecar:1.27.4 - name: inbound-agent @@ -22,7 +22,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.14-0' catalog.cattle.io/release-name: jenkins apiVersion: v2 -appVersion: 2.452.1 +appVersion: 2.452.2 description: 'Jenkins - Build great things at any scale! As the leading open source automation server, Jenkins provides over 1800 plugins to support building, deploying and automating any project. ' @@ -50,4 +50,4 @@ sources: - https://github.com/maorfr/kube-tasks - https://github.com/jenkinsci/configuration-as-code-plugin type: application -version: 5.2.0 +version: 5.2.1 diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md index 7d06c93e8..24da47d2d 100644 --- a/charts/kong/kong/CHANGELOG.md +++ b/charts/kong/kong/CHANGELOG.md @@ -1,5 +1,31 @@ # Changelog +## 2.39.0 + +### Changes + +* Updated handling of `session_conf_secret` to accommodate Kong 3.6. + It can now be omitted [when using OIDC](https://docs.konghq.com/gateway/3.6.x/kong-manager/auth/oidc/migrate/). + [#1033](https://github.com/Kong/charts/pull/1033) +* Setting a Service's `servicePort` to 0 now disables that port on the Service, + for use when the external Service and container listens should differ, such + as when terminating TLS at a LoadBalancer. + [#1021](https://github.com/Kong/charts/pull/1021) +* Added an `ingressController.admissionWebhook.filterSecrets` option. When + enabled, the webhook will only validate Secrets that have one of the + recognized KIC labels: + + * `konghq.com/credential: <"key-auth", "jwt", etc. credential types>` + * `konghq.com/validate: <"plugin", "custom">` + + Earlier versions checked all Secrets and did not require labels, interfering + with non-KIC labels. Requires KIC 3.0+. + [#1061](https://github.com/Kong/charts/pull/1061) +* Add RBAC policy rules for Custom Entities + [#1081](https://github.com/Kong/charts/pull/1081) +* Bumped default `kong/kubernetes-ingress-controller` image tag to 3.2. + [#1085](https://github.com/Kong/charts/pull/1085) + ## 2.38.0 ### Changes diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml index 3805e9790..ce2b0fdba 100644 --- a/charts/kong/kong/Chart.yaml +++ b/charts/kong/kong/Chart.yaml @@ -18,4 +18,4 @@ maintainers: name: kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.38.0 +version: 2.39.0 diff --git a/charts/kong/kong/README.md b/charts/kong/kong/README.md index 3c5f3da05..b6d92c1b7 100644 --- a/charts/kong/kong/README.md +++ b/charts/kong/kong/README.md @@ -751,6 +751,7 @@ section of `values.yaml` file: | watchNamespaces | List of namespaces to watch. Watches all namespaces if empty | [] | | admissionWebhook.enabled | Whether to enable the validating admission webhook | true | | admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Ignore | +| admissionWebhook.filterSecrets | Limit the webhook to only Secrets with the appropriate KIC validation labels. | false | | admissionWebhook.port | The port the ingress controller will listen on for admission webhooks | 8080 | | admissionWebhook.address | The address the ingress controller will listen on for admission webhooks, if not 0.0.0.0 | | | admissionWebhook.annotations | Annotations for the Validation Webhook Configuration | | diff --git a/charts/kong/kong/ci/.chartsnap.yaml b/charts/kong/kong/ci/.chartsnap.yaml index 110e0b269..b5a7c27fe 100644 --- a/charts/kong/kong/ci/.chartsnap.yaml +++ b/charts/kong/kong/ci/.chartsnap.yaml @@ -24,3 +24,5 @@ dynamicFields: name: chartsnap-kong-validations jsonPath: - /webhooks/0/clientConfig/caBundle + - /webhooks/1/clientConfig/caBundle + - /webhooks/2/clientConfig/caBundle diff --git a/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap b/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap index f7853bdc5..748bd26b8 100644 --- a/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap +++ b/charts/kong/kong/ci/__snapshots__/admin-api-service-clusterip-values.snap @@ -1,371 +1,367 @@ -[admin-api-service-clusterip-values] -SnapShot = """ -- object: - apiVersion: apps/v1 - kind: Deployment +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + kong.yml: | + _format_version: "1.1" + services: + - name: example.com + url: http://example.com + routes: + - name: example + paths: + - "/example" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-custom-dbless-config + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-admin + namespace: default +spec: + ports: + - name: kong-admin-tls + port: 8444 + protocol: TCP + targetPort: 8444 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + checksum/dbless.config: 626be043e4a43b0d55af934d06216254abe132b29af82450379439ecd927219a + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - checksum/dbless.config: 626be043e4a43b0d55af934d06216254abe132b29af82450379439ecd927219a - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_DECLARATIVE_CONFIG - value: /kong_dbless/kong.yml - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8444 - name: admin-tls - protocol: TCP - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - mountPath: /kong_dbless/ - name: kong-custom-dbless-config-volume - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_DECLARATIVE_CONFIG - value: /kong_dbless/kong.yml - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - mountPath: /kong_dbless/ - name: kong-custom-dbless-config-volume - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - name: chartsnap-kong-custom-dbless-config - name: kong-custom-dbless-config-volume -- object: - apiVersion: v1 - data: - kong.yml: | - _format_version: \"1.1\" - services: - - name: example.com - url: http://example.com - routes: - - name: example - paths: - - \"/example\" - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-custom-dbless-config - namespace: default -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-admin - namespace: default - spec: - ports: - - name: kong-admin-tls - port: 8444 + automountServiceAccountToken: false + containers: + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8444 + name: admin-tls protocol: TCP - targetPort: 8444 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: ClusterIP -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 8443 + name: proxy-tls protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 8100 + name: status protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default -""" + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + name: chartsnap-kong-custom-dbless-config + name: kong-custom-dbless-config-volume diff --git a/charts/kong/kong/ci/__snapshots__/custom-entities-rbac-3.2-values.snap b/charts/kong/kong/ci/__snapshots__/custom-entities-rbac-3.2-values.snap new file mode 100644 index 000000000..3b49062db --- /dev/null +++ b/charts/kong/kong/ci/__snapshots__/custom-entities-rbac-3.2-values.snap @@ -0,0 +1,975 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: "false" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/nightly-ingress-controller:2024-06-09 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: cstatus + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap b/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap index 70b631e1d..7ab6423f2 100644 --- a/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap +++ b/charts/kong/kong/ci/__snapshots__/custom-labels-values.snap @@ -1,920 +1,983 @@ -[custom-labels-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + acme.com/some-key: some-value + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + acme.com/some-key: some-value + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - acme.com/some-key: some-value - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - acme.com/some-key: some-value - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - acme.com/some-key: some-value - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/default-values.snap b/charts/kong/kong/ci/__snapshots__/default-values.snap index 0733fed1f..1fb080f57 100644 --- a/charts/kong/kong/ci/__snapshots__/default-values.snap +++ b/charts/kong/kong/ci/__snapshots__/default-values.snap @@ -1,912 +1,975 @@ -[default-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ANONYMOUS_REPORTS - value: \"false\" - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: "false" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap index 3de415c6f..0907c01a3 100644 --- a/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap +++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-1-values.snap @@ -1,941 +1,1004 @@ -[kong-ingress-1-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + name: kong.proxy.example.secret +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - rules: - - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: / - pathType: ImplementationSpecific - tls: - - hosts: null - secretName: kong.proxy.example.secret -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - kind: Secret - metadata: - name: kong.proxy.example.secret - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + rules: + - http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific + tls: + - hosts: null + secretName: kong.proxy.example.secret +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap index 456a42147..cd6c9e1db 100644 --- a/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap +++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-2-values.snap @@ -1,943 +1,1006 @@ -[kong-ingress-2-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + name: kong.proxy.example.secret +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - rules: - - host: proxy.kong.example - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - proxy.kong.example - secretName: kong.proxy.example.secret -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - kind: Secret - metadata: - name: kong.proxy.example.secret - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - proxy.kong.example + secretName: kong.proxy.example.secret +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap index 7c37f2363..2c57a46bc 100644 --- a/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap +++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-3-values.snap @@ -1,930 +1,993 @@ -[kong-ingress-3-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - rules: - - host: proxy.kong.example - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: / - pathType: ImplementationSpecific -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap index 0a8f0fb27..c960594ec 100644 --- a/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap +++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-4-values.snap @@ -1,983 +1,1046 @@ -[kong-ingress-4-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + name: kong.proxy.example.secret +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1ZQ0NRREVtWjF0cnJwaURqQU5CZ2txaGtpRzl3MEJBUXNGQURDQmdERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhGekFWCkJnTlZCQU1NRGlvdWEyOXVaeTVsZUdGdGNHeGxNQjRYRFRJek1EWXlPVEE0TVRjek4xb1hEVE16TURZeU5qQTQKTVRjek4xb3dnWUF4Q3pBSkJnTlZCQVlUQWxoWU1SSXdFQVlEVlFRSURBbFRkR0YwWlU1aGJXVXhFVEFQQmdOVgpCQWNNQ0VOcGRIbE9ZVzFsTVJRd0VnWURWUVFLREF0RGIyMXdZVzU1VG1GdFpURWJNQmtHQTFVRUN3d1NRMjl0CmNHRnVlVk5sWTNScGIyNU9ZVzFsTVJjd0ZRWURWUVFEREE0cUxtdHZibWN1WlhoaGJYQnNaVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDlSR1g1VytsRW8wcGg2eTJqeHN6TGZOcjMvNlpFOQpPR0pPMGl1WmpwRml2dHBya24ydDlqYTRaNUdYOGh4NUczS1FsRkhrVFBmV01BWmUzdldINTF0alZzYjZwY2UwCjlkMUo4WXNxWkh5RHVlUzBrS3RUbEFmc0F5MnVjL3ZvUUdmOTdZeUI2TlJ4TEJmNHBnSVJ4eHpGM3o0Q1ZOSTgKTzE5Ym1PYVo1Vkk1QWZpbENSMUI1ekxuN2VoeEJHOHhTQmRtQUg0eWFob2t5RXk2a0ZtRzJCaEtJWjdsL1BZYQpqbU1yQ3cwekRVampvblBublZTWTkxL0EwNUJVTVk5OEZsME00QVV5T1V3enBaajhqMXhLMTNqUVlGeXJwUHQwCklHNUdLR044akVCcnRkdGVlcGZIdFZuekFWYnhoT0hkcXZoUWhrSDJDSGVwOStIQkNIL25VL1VDQXdFQUFUQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQkcxVVYyUFRJekhrNEt4cjBHT0NXalhjTTdKUU9hbUJQM3dZSCswRgpyc09YUG9IOHVLV25XYjhSSGE1MDhMenU4MGNzS1lYcnZ4SEhDcmcxdXJjRnl3bnNMaUtMNGhsQklTd2ZMNzFFClVXODhQdGYyWTdjTnJZRzNLc2MvMWVpait1RWd5bVdCbjkraVYzbzE5VERwRjlZZWZwYzNUUDJqMGhNUHcwMlgKa1gzSlh3b250NnBQaDhlQjhXRU1OZkF5NzZmb0lMcytVd0Fjck56QkpjSVZSTERoZWFNMFNFd0xCNUpuaWZ5ZwplRE1aSE56MkhLais0NU1wTzFOSDBtd3ZJRTRLQjNITUNSSlMybmZFbWVMcFdCMWpmZTV6T2o1bWhTeS82M0RVCldDQll1aUhtelFWaGxJS21lQzBlVmd3bGtkMTFrUDRNM1hoWnB6V09aQ1BoaGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQy9VUmwrVnZwUktOS1kKZXN0bzhiTXkzemE5LyttUlBUaGlUdElybVk2UllyN2FhNUo5cmZZMnVHZVJsL0ljZVJ0eWtKUlI1RXozMWpBRwpYdDcxaCtkYlkxYkcrcVhIdFBYZFNmR0xLbVI4Zzdua3RKQ3JVNVFIN0FNdHJuUDc2RUJuL2UyTWdlalVjU3dYCitLWUNFY2NjeGQ4K0FsVFNQRHRmVzVqbW1lVlNPUUg0cFFrZFFlY3k1KzNvY1FSdk1VZ1haZ0IrTW1vYUpNaE0KdXBCWmh0Z1lTaUdlNWZ6MkdvNWpLd3NOTXcxSTQ2Sno1NTFVbVBkZndOT1FWREdQZkJaZERPQUZNamxNTTZXWQovSTljU3RkNDBHQmNxNlQ3ZENCdVJpaGpmSXhBYTdYYlhucVh4N1ZaOHdGVzhZVGgzYXI0VUlaQjlnaDNxZmZoCndRaC81MVAxQWdNQkFBRUNnZ0VCQUlCZ0l3TXJ5ZnY3c0pTd2tSMXlVaFNvdzByckZnZG5WUlppWFpUMERUNXgKVEMrMFR6QVdNMGkwcElxRnN1aDRPM3E4bVVuNkw4dDk1ZXZnYlN2RWJmSmN6alhtcXFjL1BsdW02blcvbEg0WQp4Znc1VFhvcE13Tzkwc1FzYzVkdFdRcHUwWitlN0dUaEsvMUowOXMvb3FRa0FwRFJiNmxDMFhSRE9tNUNoaWFNCi95Z2M2dGUzUHkrRXpzSmRMRm9YWndFQnVQWTB2KzlBclhpNmlUMllaN1ZacE9iZzQxcm1ocHNObTFLNmdJajUKZFZKNGZYa2Z5V0hsSmJBYzVTRDkrVWMrTGFjUEcxSjVJUWx6eTM0WlM0ZG9VQ2lmODZuVHFzSnFVTU1sNXYxcAp3SFFUZFI2MkdnWnRPM1grOU4vdHE3SExqU0tHY0JEd3E4bEM4QXZ0VHdFQ2dZRUErWWpVdzI1em42aWhjaXFpCmo3dDJiQVdLdzdlbng1RXFzU25ZOG1PYzR2TDdNa1YyN2ZhYXp1cW8wUEtOeWJOa1grUlhIMDN4S0NDd0x0N0UKLzRDUlFHMGNkQmhBQ2szMkpadllrQmxESUZ3VmtnMHVnNGk4Snp6VjVCT2hEeWdwZUhJTDVVTkx2eGJDbVh6MAo1bXNYRktPYW1HYkFCbE9KTEZsR1R4WWdzeWtDZ1lFQXhFWWI0dFVmRmhiTmpJTUMyd1hFRXdWZkJYOFJqNzVqCjN6SkwxV3o4YWxUQmxFemZYOTZiNmg3VjFNT1NHcmlabFJ1cGpEaUFsUkhPZytDSXlPbmdISFkwd2xTaHNmemQKSDluL2dOdUZsanFuQkF3OVpaSW9hbE1zUVVER3RLSnVIejhEYzlVNzRFMGM3WldQWk1Ub0pNdFV2Zkl5T0pZSgpQODh1YnYvam4rMENnWUJaNmpzNFhKRmZRNFZCUFNtc2Z4RXg1V0ZXR3RSakxlVGpSNy83djNjbHRBWmQyL2Y1CjBUV0JQNzhxNDJ2QjlWbEMwR1d3U3dhTnZoR2VJZmw4VTVpRFRZM0dLNExQODcyeFdaSFVnclhVY0RuNWtiUmsKQXg1QlNVT05WcUZmYzhwVnMwcWtCdmJCV1hNdm1YNHBsUWNSRWM3QUFhNUoyVW9CWi8zVXU1VjIyUUtCZ0ZnVQpKanQ2N0lKYkpVN2pGQXI1NFcydndWNlVFV3R5UXh0TVZOK29FdlljcHVwSVBRMm10azB3SFVGbnFrODNmQ1IvCnoyeFBodFJlczFCWEdNc2d1U1BNb0F4OU1qclBnT1BrVGxhakxLV29HSDhtaHY3bndoOUV4OTFZbGxORmVTbW8KZTRJbHRNTUpsK3UrYkNVS2dDclMzR3FKSDZScElDbDBiaC85MFVaWkFvR0FaUEsrdldLQ0N6aHNhSnVWak1VSQpiTEJlMi9CM0xxTVBhakFLTjVTNU9GYlpBZm5NeE9BT1lnd25iWmdpZGVkcVk2QkIyLytVVGt4MW1IUjhKcmpGCnRyN20wS2VvRFY4dmQxSENvSkF3b2hqQ1B6SkJhSW9WYWNkRFNsMDNIOVFEck4yd0RFYUxoWFBlVkRoNGZ2NmQKa3d6V3FZWUlETzRKQlp5L21Wa0t4NFU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + name: kong.proxy.example.secret2 +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - rules: - - host: proxy.kong.example - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: / - pathType: ImplementationSpecific - - host: proxy2.kong.example - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: /foo - pathType: Prefix - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: /bar - pathType: Prefix - - host: proxy3.kong.example - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: /baz - pathType: Prefix - tls: - - hosts: - - proxy.kong.example - secretName: proxy.kong.example.secret - - hosts: - - proxy2.kong.example - - proxy3.kong.example - secretName: proxy.kong.example.secret2 -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - kind: Secret - metadata: - name: kong.proxy.example.secret - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1ZQ0NRREVtWjF0cnJwaURqQU5CZ2txaGtpRzl3MEJBUXNGQURDQmdERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhGekFWCkJnTlZCQU1NRGlvdWEyOXVaeTVsZUdGdGNHeGxNQjRYRFRJek1EWXlPVEE0TVRjek4xb1hEVE16TURZeU5qQTQKTVRjek4xb3dnWUF4Q3pBSkJnTlZCQVlUQWxoWU1SSXdFQVlEVlFRSURBbFRkR0YwWlU1aGJXVXhFVEFQQmdOVgpCQWNNQ0VOcGRIbE9ZVzFsTVJRd0VnWURWUVFLREF0RGIyMXdZVzU1VG1GdFpURWJNQmtHQTFVRUN3d1NRMjl0CmNHRnVlVk5sWTNScGIyNU9ZVzFsTVJjd0ZRWURWUVFEREE0cUxtdHZibWN1WlhoaGJYQnNaVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDlSR1g1VytsRW8wcGg2eTJqeHN6TGZOcjMvNlpFOQpPR0pPMGl1WmpwRml2dHBya24ydDlqYTRaNUdYOGh4NUczS1FsRkhrVFBmV01BWmUzdldINTF0alZzYjZwY2UwCjlkMUo4WXNxWkh5RHVlUzBrS3RUbEFmc0F5MnVjL3ZvUUdmOTdZeUI2TlJ4TEJmNHBnSVJ4eHpGM3o0Q1ZOSTgKTzE5Ym1PYVo1Vkk1QWZpbENSMUI1ekxuN2VoeEJHOHhTQmRtQUg0eWFob2t5RXk2a0ZtRzJCaEtJWjdsL1BZYQpqbU1yQ3cwekRVampvblBublZTWTkxL0EwNUJVTVk5OEZsME00QVV5T1V3enBaajhqMXhLMTNqUVlGeXJwUHQwCklHNUdLR044akVCcnRkdGVlcGZIdFZuekFWYnhoT0hkcXZoUWhrSDJDSGVwOStIQkNIL25VL1VDQXdFQUFUQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQkcxVVYyUFRJekhrNEt4cjBHT0NXalhjTTdKUU9hbUJQM3dZSCswRgpyc09YUG9IOHVLV25XYjhSSGE1MDhMenU4MGNzS1lYcnZ4SEhDcmcxdXJjRnl3bnNMaUtMNGhsQklTd2ZMNzFFClVXODhQdGYyWTdjTnJZRzNLc2MvMWVpait1RWd5bVdCbjkraVYzbzE5VERwRjlZZWZwYzNUUDJqMGhNUHcwMlgKa1gzSlh3b250NnBQaDhlQjhXRU1OZkF5NzZmb0lMcytVd0Fjck56QkpjSVZSTERoZWFNMFNFd0xCNUpuaWZ5ZwplRE1aSE56MkhLais0NU1wTzFOSDBtd3ZJRTRLQjNITUNSSlMybmZFbWVMcFdCMWpmZTV6T2o1bWhTeS82M0RVCldDQll1aUhtelFWaGxJS21lQzBlVmd3bGtkMTFrUDRNM1hoWnB6V09aQ1BoaGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQy9VUmwrVnZwUktOS1kKZXN0bzhiTXkzemE5LyttUlBUaGlUdElybVk2UllyN2FhNUo5cmZZMnVHZVJsL0ljZVJ0eWtKUlI1RXozMWpBRwpYdDcxaCtkYlkxYkcrcVhIdFBYZFNmR0xLbVI4Zzdua3RKQ3JVNVFIN0FNdHJuUDc2RUJuL2UyTWdlalVjU3dYCitLWUNFY2NjeGQ4K0FsVFNQRHRmVzVqbW1lVlNPUUg0cFFrZFFlY3k1KzNvY1FSdk1VZ1haZ0IrTW1vYUpNaE0KdXBCWmh0Z1lTaUdlNWZ6MkdvNWpLd3NOTXcxSTQ2Sno1NTFVbVBkZndOT1FWREdQZkJaZERPQUZNamxNTTZXWQovSTljU3RkNDBHQmNxNlQ3ZENCdVJpaGpmSXhBYTdYYlhucVh4N1ZaOHdGVzhZVGgzYXI0VUlaQjlnaDNxZmZoCndRaC81MVAxQWdNQkFBRUNnZ0VCQUlCZ0l3TXJ5ZnY3c0pTd2tSMXlVaFNvdzByckZnZG5WUlppWFpUMERUNXgKVEMrMFR6QVdNMGkwcElxRnN1aDRPM3E4bVVuNkw4dDk1ZXZnYlN2RWJmSmN6alhtcXFjL1BsdW02blcvbEg0WQp4Znc1VFhvcE13Tzkwc1FzYzVkdFdRcHUwWitlN0dUaEsvMUowOXMvb3FRa0FwRFJiNmxDMFhSRE9tNUNoaWFNCi95Z2M2dGUzUHkrRXpzSmRMRm9YWndFQnVQWTB2KzlBclhpNmlUMllaN1ZacE9iZzQxcm1ocHNObTFLNmdJajUKZFZKNGZYa2Z5V0hsSmJBYzVTRDkrVWMrTGFjUEcxSjVJUWx6eTM0WlM0ZG9VQ2lmODZuVHFzSnFVTU1sNXYxcAp3SFFUZFI2MkdnWnRPM1grOU4vdHE3SExqU0tHY0JEd3E4bEM4QXZ0VHdFQ2dZRUErWWpVdzI1em42aWhjaXFpCmo3dDJiQVdLdzdlbng1RXFzU25ZOG1PYzR2TDdNa1YyN2ZhYXp1cW8wUEtOeWJOa1grUlhIMDN4S0NDd0x0N0UKLzRDUlFHMGNkQmhBQ2szMkpadllrQmxESUZ3VmtnMHVnNGk4Snp6VjVCT2hEeWdwZUhJTDVVTkx2eGJDbVh6MAo1bXNYRktPYW1HYkFCbE9KTEZsR1R4WWdzeWtDZ1lFQXhFWWI0dFVmRmhiTmpJTUMyd1hFRXdWZkJYOFJqNzVqCjN6SkwxV3o4YWxUQmxFemZYOTZiNmg3VjFNT1NHcmlabFJ1cGpEaUFsUkhPZytDSXlPbmdISFkwd2xTaHNmemQKSDluL2dOdUZsanFuQkF3OVpaSW9hbE1zUVVER3RLSnVIejhEYzlVNzRFMGM3WldQWk1Ub0pNdFV2Zkl5T0pZSgpQODh1YnYvam4rMENnWUJaNmpzNFhKRmZRNFZCUFNtc2Z4RXg1V0ZXR3RSakxlVGpSNy83djNjbHRBWmQyL2Y1CjBUV0JQNzhxNDJ2QjlWbEMwR1d3U3dhTnZoR2VJZmw4VTVpRFRZM0dLNExQODcyeFdaSFVnclhVY0RuNWtiUmsKQXg1QlNVT05WcUZmYzhwVnMwcWtCdmJCV1hNdm1YNHBsUWNSRWM3QUFhNUoyVW9CWi8zVXU1VjIyUUtCZ0ZnVQpKanQ2N0lKYkpVN2pGQXI1NFcydndWNlVFV3R5UXh0TVZOK29FdlljcHVwSVBRMm10azB3SFVGbnFrODNmQ1IvCnoyeFBodFJlczFCWEdNc2d1U1BNb0F4OU1qclBnT1BrVGxhakxLV29HSDhtaHY3bndoOUV4OTFZbGxORmVTbW8KZTRJbHRNTUpsK3UrYkNVS2dDclMzR3FKSDZScElDbDBiaC85MFVaWkFvR0FaUEsrdldLQ0N6aHNhSnVWak1VSQpiTEJlMi9CM0xxTVBhakFLTjVTNU9GYlpBZm5NeE9BT1lnd25iWmdpZGVkcVk2QkIyLytVVGt4MW1IUjhKcmpGCnRyN20wS2VvRFY4dmQxSENvSkF3b2hqQ1B6SkJhSW9WYWNkRFNsMDNIOVFEck4yd0RFYUxoWFBlVkRoNGZ2NmQKa3d6V3FZWUlETzRKQlp5L21Wa0t4NFU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - kind: Secret - metadata: - name: kong.proxy.example.secret2 - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific + - host: proxy2.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: /foo + pathType: Prefix + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: /bar + pathType: Prefix + - host: proxy3.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: /baz + pathType: Prefix + tls: + - hosts: + - proxy.kong.example + secretName: proxy.kong.example.secret + - hosts: + - proxy2.kong.example + - proxy3.kong.example + secretName: proxy.kong.example.secret2 +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/kong-ingress-5-3.1-rbac-values.snap b/charts/kong/kong/ci/__snapshots__/kong-ingress-5-3.1-rbac-values.snap index 4eb6e9861..3cd488adf 100644 --- a/charts/kong/kong/ci/__snapshots__/kong-ingress-5-3.1-rbac-values.snap +++ b/charts/kong/kong/ci/__snapshots__/kong-ingress-5-3.1-rbac-values.snap @@ -1,912 +1,959 @@ -['kong-ingress-5-3.1-rbac-values'] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ANONYMOUS_REPORTS - value: \"false\" - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: "false" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.1.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/proxy-appprotocol-values.snap b/charts/kong/kong/ci/__snapshots__/proxy-appprotocol-values.snap index c53f0066f..9cb18f784 100644 --- a/charts/kong/kong/ci/__snapshots__/proxy-appprotocol-values.snap +++ b/charts/kong/kong/ci/__snapshots__/proxy-appprotocol-values.snap @@ -1,908 +1,971 @@ -[proxy-appprotocol-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - appProtocol: http + name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - appProtocol: https + name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - appProtocol: http - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - appProtocol: https - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/service-account.snap b/charts/kong/kong/ci/__snapshots__/service-account.snap index acfde1ef4..e1fa460c2 100644 --- a/charts/kong/kong/ci/__snapshots__/service-account.snap +++ b/charts/kong/kong/ci/__snapshots__/service-account.snap @@ -1,906 +1,969 @@ -[service-account] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: my-kong-sa + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: my-kong-sa + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: my-kong-sa + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: my-kong-sa-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: my-kong-sa-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: my-kong-sa-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: my-kong-sa - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: my-kong-sa-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: my-kong-sa - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: my-kong-sa - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: my-kong-sa-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: my-kong-sa + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: my-kong-sa-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: my-kong-sa + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap b/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap index 2f242db10..0eada3ee6 100644 --- a/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap +++ b/charts/kong/kong/ci/__snapshots__/single-image-default-values.snap @@ -1,912 +1,975 @@ -[single-image-default-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ANONYMOUS_REPORTS - value: \"false\" - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.4.1 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.4.1 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: "false" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 10255 + name: cmetrics protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 10254 + name: cstatus protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.4.1 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.4.1 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap b/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap index f16c309cb..6e2115997 100644 --- a/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap @@ -1,311 +1,307 @@ -['test-enterprise-version-3.4.0.0-values'] -SnapShot = """ -- object: - apiVersion: apps/v1 - kind: Deployment +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong/kong-gateway:3.4.0.0 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong/kong-gateway:3.4.0.0 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong/kong-gateway:3.4.0.0 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 8443 + name: proxy-tls protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 8100 + name: status protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default -""" + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong/kong-gateway:3.4.0.0 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace diff --git a/charts/kong/kong/ci/__snapshots__/test1-values.snap b/charts/kong/kong/ci/__snapshots__/test1-values.snap index 8f5070eb0..a18b03401 100644 --- a/charts/kong/kong/ci/__snapshots__/test1-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test1-values.snap @@ -1,999 +1,1062 @@ -[test1-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + environment: test + helm.sh/chart: kong-2.39.0 + version: "3.6" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: "false" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_HEADER + value: foo:bar + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: cstatus + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - mountPath: /tmp/foo + name: tmpdir + readOnly: true + - mountPath: /tmp/controller + name: controllerdir + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http://admin.kong.example + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http://admin.kong.example + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /tmp/foo + name: tmpdir + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http://admin.kong.example + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http://admin.kong.example + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - command: + - /bin/sh + - -c + - "true" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + volumeMounts: + - mountPath: /tmp/foo + name: tmpdir + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: controllerdir +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + target: + averageUtilization: 80 + type: Utilization + type: Resource + minReplicas: 2 + scaleTargetRef: apiVersion: apps/v1 kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - spec: - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - environment: test - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ANONYMOUS_REPORTS - value: \"false\" - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_HEADER - value: foo:bar - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - mountPath: /tmp/foo - name: tmpdir - readOnly: true - - mountPath: /tmp/controller - name: controllerdir - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http://admin.kong.example - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http://admin.kong.example - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - mountPath: /tmp/foo - name: tmpdir - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http://admin.kong.example - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http://admin.kong.example - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - command: - - /bin/sh - - -c - - \"true\" - image: bash:latest - name: bash - resources: - limits: - cpu: 100m - memory: 64Mi - requests: - cpu: 100m - memory: 64Mi - volumeMounts: - - mountPath: /tmp/foo - name: tmpdir - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair - - emptyDir: {} - name: tmpdir - - emptyDir: {} - name: controllerdir -- object: - apiVersion: autoscaling/v2 - kind: HorizontalPodAutoscaler - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - spec: - maxReplicas: 5 - metrics: - - resource: - name: cpu - target: - averageUtilization: 80 - type: Utilization - type: Resource - minReplicas: 2 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: chartsnap-kong -- object: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - rules: - - host: proxy.kong.example - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: / - pathType: ImplementationSpecific -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 - protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 - protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + name: chartsnap-kong +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default -""" + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None diff --git a/charts/kong/kong/ci/__snapshots__/test2-values.snap b/charts/kong/kong/ci/__snapshots__/test2-values.snap index 641245925..245c49d31 100644 --- a/charts/kong/kong/ci/__snapshots__/test2-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test2-values.snap @@ -1,2138 +1,2201 @@ -[test2-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + password: a29uZw== + postgres-password: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default +type: Opaque +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + test-env: test +kind: ConfigMap +metadata: + name: env-config +--- +apiVersion: v1 +data: + wait.sh: | + until timeout 2 bash -c "9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}" + do echo "waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}" + sleep 2 + done +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-bash-wait-for-postgres + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-default + namespace: default +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-default + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong-default +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + name: chartsnap-postgresql-hl + namespace: default +spec: + clusterIP: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default +spec: + ports: + - name: tcp-postgresql + nodePort: null + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + - name: stream-9000 + port: 9000 + protocol: TCP + targetPort: 9000 + - name: stream-9001 + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None - timeoutSeconds: 5 -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ANONYMOUS_REPORTS - value: \"false\" - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - - name: CONTROLLER_WATCH_NAMESPACE - value: default - - name: TZ - value: Europe/Berlin - envFrom: - - configMapRef: - name: env-config - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - - name: KONG_NGINX_DAEMON - value: \"off\" - envFrom: - - configMapRef: - name: env-config - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 9000 - name: stream-9000 - protocol: TCP - - containerPort: 9001 - name: stream-9001 - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - envFrom: - - configMapRef: - name: env-config - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - command: - - /bin/sh - - -c - - \"true\" - image: bash:latest - name: bash - resources: - limits: - cpu: 100m - memory: 64Mi - requests: - cpu: 100m - memory: 64Mi - - args: - - /bin/bash - - -c - - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - envFrom: - - configMapRef: - name: env-config - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: wait-for-db - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - defaultMode: 493 - name: chartsnap-kong-bash-wait-for-postgres - name: chartsnap-kong-bash-wait-for-postgres - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: apps/v1 - kind: StatefulSet + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: "false" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + - name: CONTROLLER_WATCH_NAMESPACE + value: default + - name: TZ + value: Europe/Berlin + envFrom: + - configMapRef: + name: env-config + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: cstatus + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: "off" + envFrom: + - configMapRef: + name: env-config + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 9000 + name: stream-9000 + protocol: TCP + - containerPort: 9001 + name: stream-9001 + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + envFrom: + - configMapRef: + name: env-config + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - command: + - /bin/sh + - -c + - "true" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + - args: + - /bin/bash + - -c + - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + envFrom: + - configMapRef: + name: env-config + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: wait-for-db + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + serviceName: chartsnap-postgresql-hl + template: metadata: - annotations: null - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - name: chartsnap-postgresql - namespace: default + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: postgresql - serviceName: chartsnap-postgresql-hl - template: - metadata: - annotations: null - labels: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: app.kubernetes.io/component: primary app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - name: chartsnap-postgresql - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: postgresql - namespaces: - - default - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: \"false\" - - name: POSTGRESQL_PORT_NUMBER - value: \"5432\" - - name: POSTGRESQL_VOLUME_DIR - value: /bitnami/postgresql - - name: PGDATA - value: /bitnami/postgresql/data - - name: POSTGRES_USER - value: kong - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres-password - name: chartsnap-postgresql - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: POSTGRES_DB - value: kong - - name: POSTGRESQL_ENABLE_LDAP - value: \"no\" - - name: POSTGRESQL_ENABLE_TLS - value: \"no\" - - name: POSTGRESQL_LOG_HOSTNAME - value: \"false\" - - name: POSTGRESQL_LOG_CONNECTIONS - value: \"false\" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: \"false\" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: \"off\" - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: error - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit - image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432 - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: postgresql - ports: - - containerPort: 5432 - name: tcp-postgresql - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - securityContext: - runAsUser: 1001 - volumeMounts: - - mountPath: /dev/shm - name: dshm - - mountPath: /bitnami/postgresql - name: data - hostIPC: false - hostNetwork: false - initContainers: null - securityContext: - fsGroup: 1001 - serviceAccountName: default - volumes: - - emptyDir: - medium: Memory - name: dshm - updateStrategy: - rollingUpdate: {} - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi -- object: - apiVersion: batch/v1 - kind: Job + namespaces: + - default + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: /bitnami/postgresql + - name: PGDATA + value: /bitnami/postgresql/data + - name: POSTGRES_USER + value: kong + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: chartsnap-postgresql + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: POSTGRES_DB + value: kong + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + - name: POSTGRESQL_ENABLE_TLS + value: "no" + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "kong" -d "dbname=kong" -h 127.0.0.1 -p 5432 + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: postgresql + ports: + - containerPort: 5432 + name: tcp-postgresql + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "kong" -d "dbname=kong" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1001 + volumeMounts: + - mountPath: /dev/shm + name: dshm + - mountPath: /bitnami/postgresql + name: data + hostIPC: false + hostNetwork: false + initContainers: null + securityContext: + fsGroup: 1001 + serviceAccountName: default + volumes: + - emptyDir: + medium: Memory + name: dshm + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + labels: + app.kubernetes.io/component: init-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-init-migrations + namespace: default +spec: + backoffLimit: null + template: metadata: - annotations: - argocd.argoproj.io/hook: Sync - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation - labels: - app.kubernetes.io/component: init-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-init-migrations - namespace: default + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: init-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: kong-init-migrations spec: - backoffLimit: null - template: - metadata: - annotations: - kuma.io/service-account-token-volume: chartsnap-kong-token - sidecar.istio.io/inject: \"false\" - labels: - app.kubernetes.io/component: init-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: kong-init-migrations - spec: - automountServiceAccountToken: false - containers: - - args: - - kong - - migrations - - bootstrap - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - - name: KONG_NGINX_DAEMON - value: \"off\" - envFrom: - - configMapRef: - name: env-config - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: kong-migrations - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - /bin/sh - - -c - - \"true\" - image: bash:latest - name: bash - resources: - limits: - cpu: 100m - memory: 64Mi - requests: - cpu: 100m - memory: 64Mi - - command: - - bash - - /wait_postgres/wait.sh - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - - name: KONG_NGINX_DAEMON - value: \"off\" - envFrom: - - configMapRef: - name: env-config - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: wait-for-postgres - resources: {} - volumeMounts: - - mountPath: /wait_postgres - name: chartsnap-kong-bash-wait-for-postgres - restartPolicy: OnFailure - securityContext: {} - serviceAccountName: chartsnap-kong - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - defaultMode: 493 - name: chartsnap-kong-bash-wait-for-postgres - name: chartsnap-kong-bash-wait-for-postgres - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: batch/v1 - kind: Job - metadata: - annotations: - helm.sh/hook: post-upgrade - helm.sh/hook-delete-policy: before-hook-creation - labels: - app.kubernetes.io/component: post-upgrade-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-post-upgrade-migrations - namespace: default - spec: - backoffLimit: null - template: - metadata: - annotations: - kuma.io/service-account-token-volume: chartsnap-kong-token - sidecar.istio.io/inject: \"false\" - labels: - app.kubernetes.io/component: post-upgrade-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: kong-post-upgrade-migrations - spec: - automountServiceAccountToken: false - containers: - - args: - - kong - - migrations - - finish - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - - name: KONG_NGINX_DAEMON - value: \"off\" - envFrom: - - configMapRef: - name: env-config - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: kong-post-upgrade-migrations - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - /bin/sh - - -c - - \"true\" - image: bash:latest - name: bash - resources: - limits: - cpu: 100m - memory: 64Mi - requests: - cpu: 100m - memory: 64Mi - - command: - - bash - - /wait_postgres/wait.sh - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - - name: KONG_NGINX_DAEMON - value: \"off\" - envFrom: - - configMapRef: - name: env-config - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: wait-for-postgres - resources: {} - volumeMounts: - - mountPath: /wait_postgres - name: chartsnap-kong-bash-wait-for-postgres - restartPolicy: OnFailure - securityContext: {} - serviceAccountName: chartsnap-kong - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - defaultMode: 493 - name: chartsnap-kong-bash-wait-for-postgres - name: chartsnap-kong-bash-wait-for-postgres - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: batch/v1 - kind: Job - metadata: - annotations: - argocd.argoproj.io/hook: Sync - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation - helm.sh/hook: pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation - labels: - app.kubernetes.io/component: pre-upgrade-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-pre-upgrade-migrations - namespace: default - spec: - backoffLimit: null - template: - metadata: - annotations: - kuma.io/service-account-token-volume: chartsnap-kong-token - sidecar.istio.io/inject: \"false\" - labels: - app.kubernetes.io/component: pre-upgrade-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: kong-pre-upgrade-migrations - spec: - automountServiceAccountToken: false - containers: - - args: - - kong - - migrations - - up - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - - name: KONG_NGINX_DAEMON - value: \"off\" - envFrom: - - configMapRef: - name: env-config - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: kong-upgrade-migrations - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - /bin/sh - - -c - - \"true\" - image: bash:latest - name: bash - resources: - limits: - cpu: 100m - memory: 64Mi - requests: - cpu: 100m - memory: 64Mi - - command: - - bash - - /wait_postgres/wait.sh - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - - name: KONG_NGINX_DAEMON - value: \"off\" - envFrom: - - configMapRef: - name: env-config - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: wait-for-postgres - resources: {} - volumeMounts: - - mountPath: /wait_postgres - name: chartsnap-kong-bash-wait-for-postgres - restartPolicy: OnFailure - securityContext: {} - serviceAccountName: chartsnap-kong - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - defaultMode: 493 - name: chartsnap-kong-bash-wait-for-postgres - name: chartsnap-kong-bash-wait-for-postgres - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - rules: - - host: proxy.kong.example - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: / - pathType: ImplementationSpecific -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - bootstrap + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: "off" + envFrom: + - configMapRef: + name: env-config + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: kong-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - /bin/sh + - -c + - "true" + image: bash:latest + name: bash resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-default - namespace: default - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-default - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong-default - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - wait.sh: | - until timeout 2 bash -c \"9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}\" - do echo \"waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}\" - sleep 2 - done - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-bash-wait-for-postgres - namespace: default -- object: - apiVersion: v1 - data: - test-env: test - kind: ConfigMap - metadata: - name: env-config -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - password: a29uZw== - postgres-password: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - name: chartsnap-postgresql - namespace: default - type: Opaque -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 - protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 - protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 - protocol: TCP - targetPort: 8443 - - name: stream-9000 - port: 9000 - protocol: TCP - targetPort: 9000 - - name: stream-9001 - port: 9001 - protocol: TCP - targetPort: 9001 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: "off" + envFrom: + - configMapRef: + name: env-config + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: Service - metadata: - annotations: null - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - name: chartsnap-postgresql + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + timeoutSeconds: 5 + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: tcp-postgresql - nodePort: null - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: postgresql - sessionAffinity: None - type: ClusterIP -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - service.alpha.kubernetes.io/tolerate-unready-endpoints: \"true\" - name: chartsnap-postgresql-hl + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/validate + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + timeoutSeconds: 5 + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default - spec: - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - publishNotReadyAddresses: true - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: postgresql - type: ClusterIP -- object: - apiVersion: v1 - kind: ServiceAccount + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None + timeoutSeconds: 5 +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/component: post-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-post-upgrade-migrations + namespace: default +spec: + backoffLimit: null + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default -""" + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: post-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: kong-post-upgrade-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - finish + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: "off" + envFrom: + - configMapRef: + name: env-config + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: kong-post-upgrade-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - /bin/sh + - -c + - "true" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: "off" + envFrom: + - configMapRef: + name: env-config + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/component: pre-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-pre-upgrade-migrations + namespace: default +spec: + backoffLimit: null + template: + metadata: + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: pre-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: kong-pre-upgrade-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - up + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: "off" + envFrom: + - configMapRef: + name: env-config + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: kong-upgrade-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - /bin/sh + - -c + - "true" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: "off" + envFrom: + - configMapRef: + name: env-config + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair diff --git a/charts/kong/kong/ci/__snapshots__/test3-values.snap b/charts/kong/kong/ci/__snapshots__/test3-values.snap index 07233ea33..ae46710b9 100644 --- a/charts/kong/kong/ci/__snapshots__/test3-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test3-values.snap @@ -1,369 +1,365 @@ -[test3-values] -SnapShot = """ -- object: - apiVersion: apps/v1 - kind: Deployment +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + kong.yml: | + _format_version: "1.1" + services: + - name: example.com + url: http://example.com + routes: + - name: example + paths: + - "/example" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-custom-dbless-config + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_DECLARATIVE_CONFIG - value: /kong_dbless/kong.yml - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - mountPath: /kong_dbless/ - name: kong-custom-dbless-config-volume - - mountPath: /opt/tmp - name: tmpdir - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_DECLARATIVE_CONFIG - value: /kong_dbless/kong.yml - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - mountPath: /kong_dbless/ - name: kong-custom-dbless-config-volume - - command: - - /bin/sh - - -c - - \"true\" - image: bash:latest - name: bash - resources: - limits: - cpu: 100m - memory: 64Mi - requests: - cpu: 100m - memory: 64Mi - volumeMounts: - - mountPath: /opt/tmp - name: tmpdir - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - name: chartsnap-kong-custom-dbless-config - name: kong-custom-dbless-config-volume - - emptyDir: {} - name: tmpdir -- object: - apiVersion: v1 - data: - kong.yml: | - _format_version: \"1.1\" - services: - - name: example.com - url: http://example.com - routes: - - name: example - paths: - - \"/example\" - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-custom-dbless-config - namespace: default -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 8443 + name: proxy-tls protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 8100 + name: status protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default -""" + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + - mountPath: /opt/tmp + name: tmpdir + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + - command: + - /bin/sh + - -c + - "true" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + volumeMounts: + - mountPath: /opt/tmp + name: tmpdir + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + name: chartsnap-kong-custom-dbless-config + name: kong-custom-dbless-config-volume + - emptyDir: {} + name: tmpdir diff --git a/charts/kong/kong/ci/__snapshots__/test4-values.snap b/charts/kong/kong/ci/__snapshots__/test4-values.snap index 31f738f57..7df3b588f 100644 --- a/charts/kong/kong/ci/__snapshots__/test4-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test4-values.snap @@ -1,386 +1,382 @@ -[test4-values] -SnapShot = """ -- object: - apiVersion: apps/v1 - kind: Deployment +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + kong.yml: | + _format_version: "1.1" + services: + - name: example.com + url: http://example.com + routes: + - name: example + paths: + - "/example" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-custom-dbless-config + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + - name: stream-9000 + port: 9000 + protocol: TCP + targetPort: 9000 + - name: stream-9001 + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - template: - metadata: - annotations: - checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_DECLARATIVE_CONFIG - value: /kong_dbless/kong.yml - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 9000 - name: stream-9000 - protocol: TCP - - containerPort: 9001 - name: stream-9001 - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - mountPath: /kong_dbless/ - name: kong-custom-dbless-config-volume - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: \"off\" - - name: KONG_DECLARATIVE_CONFIG - value: /kong_dbless/kong.yml - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - mountPath: /kong_dbless/ - name: kong-custom-dbless-config-volume - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - name: chartsnap-kong-custom-dbless-config - name: kong-custom-dbless-config-volume -- object: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - rules: - - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: / - pathType: ImplementationSpecific -- object: - apiVersion: v1 - data: - kong.yml: | - _format_version: \"1.1\" - services: - - name: example.com - url: http://example.com - routes: - - name: example - paths: - - \"/example\" - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-custom-dbless-config - namespace: default -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 + automountServiceAccountToken: false + containers: + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 + - containerPort: 8443 + name: proxy-tls protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 + - containerPort: 9000 + name: stream-9000 protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 + - containerPort: 9001 + name: stream-9001 protocol: TCP - targetPort: 8443 - - name: stream-9000 - port: 9000 + - containerPort: 8100 + name: status protocol: TCP - targetPort: 9000 - - name: stream-9001 - port: 9001 - protocol: TCP - targetPort: 9001 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default -""" + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + name: chartsnap-kong-custom-dbless-config + name: kong-custom-dbless-config-volume +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + rules: + - http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific diff --git a/charts/kong/kong/ci/__snapshots__/test5-values.snap b/charts/kong/kong/ci/__snapshots__/test5-values.snap index 2d3f4ba41..f030e430c 100644 --- a/charts/kong/kong/ci/__snapshots__/test5-values.snap +++ b/charts/kong/kong/ci/__snapshots__/test5-values.snap @@ -1,2015 +1,2078 @@ -[test5-values] -SnapShot = """ -- object: - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +data: + password: a29uZw== + postgres-password: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default +type: Opaque +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook-keypair + namespace: default +type: kubernetes.io/tls +--- +apiVersion: v1 +data: + wait.sh: | + until timeout 2 bash -c "9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}" + do echo "waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}" + sleep 2 + done +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-bash-wait-for-postgres + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong +subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + name: chartsnap-postgresql-hl + namespace: default +spec: + clusterIP: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default +spec: + ports: + - name: tcp-postgresql + nodePort: null + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validation-webhook + namespace: default +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-manager + namespace: default +spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + enable-metrics: "true" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validations - namespace: default - webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - caBundle: '###DYNAMIC_FIELD###' - service: - name: chartsnap-kong-validation-webhook - namespace: default - failurePolicy: Ignore - name: validations.kong.konghq.com - objectSelector: - matchExpressions: - - key: owner - operator: NotIn - values: - - helm - rules: - - apiGroups: - - configuration.konghq.com - apiVersions: - - '*' - operations: - - CREATE - - UPDATE - resources: - - kongconsumers - - kongplugins - - kongclusterplugins - - kongingresses - - apiGroups: - - \"\" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - secrets - - services - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - - apiGroups: - - gateway.networking.k8s.io - apiVersions: - - v1alpha2 - - v1beta1 - - v1 - operations: - - CREATE - - UPDATE - resources: - - gateways - - httproutes - sideEffects: None -- object: - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + version: "3.6" spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: - kuma.io/gateway: enabled - kuma.io/service-account-token-volume: chartsnap-kong-token - traffic.sidecar.istio.io/includeInboundPorts: \"\" - labels: - app: chartsnap-kong - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - version: \"3.6\" - spec: - automountServiceAccountToken: false - containers: - - args: null - env: - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN - value: 0.0.0.0:8080 - - name: CONTROLLER_ANONYMOUS_REPORTS - value: \"false\" - - name: CONTROLLER_ELECTION_ID - value: kong-ingress-controller-leader-kong - - name: CONTROLLER_INGRESS_CLASS - value: kong - - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY - value: \"true\" - - name: CONTROLLER_KONG_ADMIN_URL - value: https://localhost:8444 - - name: CONTROLLER_PUBLISH_SERVICE - value: default/chartsnap-kong-proxy - image: kong/kubernetes-ingress-controller:3.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: ingress-controller - ports: - - containerPort: 8080 - name: webhook - protocol: TCP - - containerPort: 10255 - name: cmetrics - protocol: TCP - - containerPort: 10254 - name: cstatus - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /admission-webhook - name: webhook-cert - readOnly: true - - mountPath: /var/run/secrets/kubernetes.io/serviceaccount - name: chartsnap-kong-token - readOnly: true - - env: - - name: CLIENT_ID - value: exampleId - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - kong - - quit - - --wait=15 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: proxy - ports: - - containerPort: 8000 - name: proxy - protocol: TCP - - containerPort: 8443 - name: proxy-tls - protocol: TCP - - containerPort: 8100 - name: status - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /status/ready - port: status - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - rm - - -vrf - - $KONG_PREFIX/pids - env: - - name: CLIENT_ID - value: exampleId - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: clear-stale-pid - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - - args: - - /bin/bash - - -c - - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop - env: - - name: CLIENT_ID - value: exampleId - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: wait-for-db - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - securityContext: {} - serviceAccountName: chartsnap-kong - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - defaultMode: 493 - name: chartsnap-kong-bash-wait-for-postgres - name: chartsnap-kong-bash-wait-for-postgres - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: apps/v1 - kind: StatefulSet + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: "false" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: "true" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: cstatus + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - args: + - /bin/bash + - -c + - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: wait-for-db + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + serviceName: chartsnap-postgresql-hl + template: metadata: - annotations: null - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - name: chartsnap-postgresql - namespace: default + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: postgresql - serviceName: chartsnap-postgresql-hl - template: - metadata: - annotations: null - labels: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: app.kubernetes.io/component: primary app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - name: chartsnap-postgresql - spec: - affinity: - nodeAffinity: null - podAffinity: null - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: postgresql - namespaces: - - default - topologyKey: kubernetes.io/hostname - weight: 1 - containers: - - env: - - name: BITNAMI_DEBUG - value: \"false\" - - name: POSTGRESQL_PORT_NUMBER - value: \"5432\" - - name: POSTGRESQL_VOLUME_DIR - value: /bitnami/postgresql - - name: PGDATA - value: /bitnami/postgresql/data - - name: POSTGRES_USER - value: kong - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgres-password - name: chartsnap-postgresql - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: POSTGRES_DB - value: kong - - name: POSTGRESQL_ENABLE_LDAP - value: \"no\" - - name: POSTGRESQL_ENABLE_TLS - value: \"no\" - - name: POSTGRESQL_LOG_HOSTNAME - value: \"false\" - - name: POSTGRESQL_LOG_CONNECTIONS - value: \"false\" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: \"false\" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: \"off\" - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: error - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit - image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432 - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: postgresql - ports: - - containerPort: 5432 - name: tcp-postgresql - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - securityContext: - runAsUser: 1001 - volumeMounts: - - mountPath: /dev/shm - name: dshm - - mountPath: /bitnami/postgresql - name: data - hostIPC: false - hostNetwork: false - initContainers: null - securityContext: - fsGroup: 1001 - serviceAccountName: default - volumes: - - emptyDir: - medium: Memory - name: dshm - updateStrategy: - rollingUpdate: {} - type: RollingUpdate - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi -- object: - apiVersion: batch/v1 - kind: Job + namespaces: + - default + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: /bitnami/postgresql + - name: PGDATA + value: /bitnami/postgresql/data + - name: POSTGRES_USER + value: kong + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: chartsnap-postgresql + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: POSTGRES_DB + value: kong + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + - name: POSTGRESQL_ENABLE_TLS + value: "no" + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "kong" -d "dbname=kong" -h 127.0.0.1 -p 5432 + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: postgresql + ports: + - containerPort: 5432 + name: tcp-postgresql + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "kong" -d "dbname=kong" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1001 + volumeMounts: + - mountPath: /dev/shm + name: dshm + - mountPath: /bitnami/postgresql + name: data + hostIPC: false + hostNetwork: false + initContainers: null + securityContext: + fsGroup: 1001 + serviceAccountName: default + volumes: + - emptyDir: + medium: Memory + name: dshm + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + labels: + app.kubernetes.io/component: init-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-init-migrations + namespace: default +spec: + backoffLimit: null + template: metadata: - annotations: - argocd.argoproj.io/hook: Sync - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation - labels: - app.kubernetes.io/component: init-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-init-migrations - namespace: default + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: init-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: kong-init-migrations spec: - backoffLimit: null - template: - metadata: - annotations: - kuma.io/service-account-token-volume: chartsnap-kong-token - sidecar.istio.io/inject: \"false\" - labels: - app.kubernetes.io/component: init-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: kong-init-migrations - spec: - automountServiceAccountToken: false - containers: - - args: - - kong - - migrations - - bootstrap - env: - - name: CLIENT_ID - value: exampleId - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: kong-migrations - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - bash - - /wait_postgres/wait.sh - env: - - name: CLIENT_ID - value: exampleId - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: wait-for-postgres - resources: {} - volumeMounts: - - mountPath: /wait_postgres - name: chartsnap-kong-bash-wait-for-postgres - restartPolicy: OnFailure - securityContext: {} - serviceAccountName: chartsnap-kong - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - defaultMode: 493 - name: chartsnap-kong-bash-wait-for-postgres - name: chartsnap-kong-bash-wait-for-postgres - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: batch/v1 - kind: Job - metadata: - annotations: - helm.sh/hook: post-upgrade - helm.sh/hook-delete-policy: before-hook-creation - labels: - app.kubernetes.io/component: post-upgrade-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-post-upgrade-migrations - namespace: default - spec: - backoffLimit: null - template: - metadata: - annotations: - kuma.io/service-account-token-volume: chartsnap-kong-token - sidecar.istio.io/inject: \"false\" - labels: - app.kubernetes.io/component: post-upgrade-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: kong-post-upgrade-migrations - spec: - automountServiceAccountToken: false - containers: - - args: - - kong - - migrations - - finish - env: - - name: CLIENT_ID - value: exampleId - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: kong-post-upgrade-migrations - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - bash - - /wait_postgres/wait.sh - env: - - name: CLIENT_ID - value: exampleId - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: wait-for-postgres - resources: {} - volumeMounts: - - mountPath: /wait_postgres - name: chartsnap-kong-bash-wait-for-postgres - restartPolicy: OnFailure - securityContext: {} - serviceAccountName: chartsnap-kong - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - defaultMode: 493 - name: chartsnap-kong-bash-wait-for-postgres - name: chartsnap-kong-bash-wait-for-postgres - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: batch/v1 - kind: Job - metadata: - annotations: - argocd.argoproj.io/hook: Sync - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation - helm.sh/hook: pre-upgrade - helm.sh/hook-delete-policy: before-hook-creation - labels: - app.kubernetes.io/component: pre-upgrade-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-pre-upgrade-migrations - namespace: default - spec: - backoffLimit: null - template: - metadata: - annotations: - kuma.io/service-account-token-volume: chartsnap-kong-token - sidecar.istio.io/inject: \"false\" - labels: - app.kubernetes.io/component: pre-upgrade-migrations - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: kong-pre-upgrade-migrations - spec: - automountServiceAccountToken: false - containers: - - args: - - kong - - migrations - - up - env: - - name: CLIENT_ID - value: exampleId - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: kong-upgrade-migrations - resources: {} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /kong_prefix/ - name: chartsnap-kong-prefix-dir - - mountPath: /tmp - name: chartsnap-kong-tmp - initContainers: - - command: - - bash - - /wait_postgres/wait.sh - env: - - name: CLIENT_ID - value: exampleId - - name: KONG_ADMIN_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_API_URI - value: http:// - - name: KONG_ADMIN_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_GUI_ACCESS_LOG - value: /dev/stdout - - name: KONG_ADMIN_GUI_API_URL - value: http:// - - name: KONG_ADMIN_GUI_ERROR_LOG - value: /dev/stderr - - name: KONG_ADMIN_LISTEN - value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl - - name: KONG_ANONYMOUS_REPORTS - value: \"off\" - - name: KONG_CLUSTER_LISTEN - value: \"off\" - - name: KONG_DATABASE - value: postgres - - name: KONG_KIC - value: \"on\" - - name: KONG_LUA_PACKAGE_PATH - value: /opt/?.lua;/opt/?/init.lua;; - - name: KONG_NGINX_WORKER_PROCESSES - value: \"2\" - - name: KONG_PG_HOST - value: chartsnap-postgresql - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: chartsnap-postgresql - - name: KONG_PG_PORT - value: \"5432\" - - name: KONG_PORTAL_API_ACCESS_LOG - value: /dev/stdout - - name: KONG_PORTAL_API_ERROR_LOG - value: /dev/stderr - - name: KONG_PORT_MAPS - value: 80:8000, 443:8443 - - name: KONG_PREFIX - value: /kong_prefix/ - - name: KONG_PROXY_ACCESS_LOG - value: /dev/stdout - - name: KONG_PROXY_ERROR_LOG - value: /dev/stderr - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl - - name: KONG_PROXY_STREAM_ACCESS_LOG - value: /dev/stdout basic - - name: KONG_PROXY_STREAM_ERROR_LOG - value: /dev/stderr - - name: KONG_ROUTER_FLAVOR - value: traditional - - name: KONG_STATUS_ACCESS_LOG - value: \"off\" - - name: KONG_STATUS_ERROR_LOG - value: /dev/stderr - - name: KONG_STATUS_LISTEN - value: 0.0.0.0:8100, [::]:8100 - - name: KONG_STREAM_LISTEN - value: \"off\" - - name: KONG_NGINX_DAEMON - value: \"off\" - image: kong:3.6 - imagePullPolicy: IfNotPresent - name: wait-for-postgres - resources: {} - volumeMounts: - - mountPath: /wait_postgres - name: chartsnap-kong-bash-wait-for-postgres - restartPolicy: OnFailure - securityContext: {} - serviceAccountName: chartsnap-kong - volumes: - - emptyDir: - sizeLimit: 256Mi - name: chartsnap-kong-prefix-dir - - emptyDir: - sizeLimit: 1Gi - name: chartsnap-kong-tmp - - name: chartsnap-kong-token - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - - configMap: - defaultMode: 493 - name: chartsnap-kong-bash-wait-for-postgres - name: chartsnap-kong-bash-wait-for-postgres - - name: webhook-cert - secret: - secretName: chartsnap-kong-validation-webhook-keypair -- object: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - rules: - - host: proxy.kong.example - http: - paths: - - backend: - service: - name: chartsnap-kong-proxy - port: - number: 443 - path: / - pathType: ImplementationSpecific -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - rules: - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongupstreampolicies/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumergroups/status - verbs: - - get - - patch - - update - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - secrets - verbs: - - list - - watch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - \"\" - resources: - - services/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - ingressclassparameterses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - udpingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - konglicenses/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongvaults/status - verbs: - - get - - patch - - update - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/status - verbs: - - get - - patch - - update - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - rules: - - apiGroups: - - \"\" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - \"\" - resourceNames: - - kong-ingress-controller-leader-kong-kong - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - \"\" - resources: - - configmaps - verbs: - - create - - apiGroups: - - \"\" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - \"\" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - \"\" - resources: - - services - verbs: - - get -- object: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chartsnap-kong - subjects: - - kind: ServiceAccount - name: chartsnap-kong - namespace: default -- object: - apiVersion: v1 - data: - wait.sh: | - until timeout 2 bash -c \"9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}\" - do echo \"waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}\" - sleep 2 - done - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-bash-wait-for-postgres - namespace: default -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-ca-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - tls.crt: '###DYNAMIC_FIELD###' - tls.key: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-validation-webhook-keypair - namespace: default - type: kubernetes.io/tls -- object: - apiVersion: v1 - data: - password: a29uZw== - postgres-password: '###DYNAMIC_FIELD###' - kind: Secret - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - name: chartsnap-postgresql - namespace: default - type: Opaque -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-manager - namespace: default - spec: - ports: - - name: kong-manager - port: 8002 - protocol: TCP - targetPort: 8002 - - name: kong-manager-tls - port: 8445 - protocol: TCP - targetPort: 8445 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: NodePort -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - enable-metrics: \"true\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong-proxy - namespace: default - spec: - ports: - - name: kong-proxy - port: 80 - protocol: TCP - targetPort: 8000 - - name: kong-proxy-tls - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: kong - type: LoadBalancer -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - bootstrap + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: kong-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-proxy + namespace: default +spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-validations + namespace: default +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: webhook - port: 443 - protocol: TCP - targetPort: webhook - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 -- object: - apiVersion: v1 - kind: Service - metadata: - annotations: null - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - name: chartsnap-postgresql + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: konghq.com/credential + operator: Exists + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default - spec: - ports: - - name: tcp-postgresql - nodePort: null - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: postgresql - sessionAffinity: None - type: ClusterIP -- object: - apiVersion: v1 - kind: Service - metadata: - labels: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.9.13 - service.alpha.kubernetes.io/tolerate-unready-endpoints: \"true\" - name: chartsnap-postgresql-hl + failurePolicy: Ignore + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook namespace: default - spec: - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - publishNotReadyAddresses: true - selector: - app.kubernetes.io/component: primary - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/name: postgresql - type: ClusterIP -- object: - apiVersion: v1 - kind: ServiceAccount + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/component: post-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-post-upgrade-migrations + namespace: default +spec: + backoffLimit: null + template: metadata: - labels: - app.kubernetes.io/instance: chartsnap - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kong - app.kubernetes.io/version: \"3.6\" - helm.sh/chart: kong-2.38.0 - name: chartsnap-kong - namespace: default -""" + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: post-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: kong-post-upgrade-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - finish + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: kong-post-upgrade-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/component: pre-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: chartsnap-kong-pre-upgrade-migrations + namespace: default +spec: + backoffLimit: null + template: + metadata: + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: pre-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: "3.6" + helm.sh/chart: kong-2.39.0 + name: kong-pre-upgrade-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - up + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: kong-upgrade-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: "off" + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: "on" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "2" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: "5432" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair diff --git a/charts/kong/kong/ci/custom-entities-rbac-3.2-values.yaml b/charts/kong/kong/ci/custom-entities-rbac-3.2-values.yaml new file mode 100644 index 000000000..c3206b8d2 --- /dev/null +++ b/charts/kong/kong/ci/custom-entities-rbac-3.2-values.yaml @@ -0,0 +1,19 @@ +env: + anonymous_reports: "off" + +ingressController: + env: + anonymous_reports: "false" + image: + repository: kong/nightly-ingress-controller + tag: "2024-06-09" + # Unreleased yet so use the nightly and the effective semver + effectiveSemver: "3.2" + +readinessProbe: + httpGet: + path: "/status" + port: status + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 diff --git a/charts/kong/kong/ci/test2-values.yaml b/charts/kong/kong/ci/test2-values.yaml index ba77b5cb7..ddcc6fd9f 100644 --- a/charts/kong/kong/ci/test2-values.yaml +++ b/charts/kong/kong/ci/test2-values.yaml @@ -9,6 +9,7 @@ ingressController: admissionWebhook: enabled: true timeoutSeconds: 5 + filterSecrets: true env: anonymous_reports: "false" envFrom: diff --git a/charts/kong/kong/templates/_helpers.tpl b/charts/kong/kong/templates/_helpers.tpl index 2dab58695..c3528b486 100644 --- a/charts/kong/kong/templates/_helpers.tpl +++ b/charts/kong/kong/templates/_helpers.tpl @@ -210,6 +210,7 @@ spec: ports: {{- if .http }} {{- if .http.enabled }} + {{- if ne ( .http.servicePort | toString ) "0" }} - name: kong-{{ .serviceName }} port: {{ .http.servicePort }} targetPort: {{ .http.containerPort }} @@ -222,6 +223,7 @@ spec: protocol: TCP {{- end }} {{- end }} + {{- end }} {{- if .tls.enabled }} - name: kong-{{ .serviceName }}-tls port: {{ .tls.servicePort }} @@ -329,8 +331,10 @@ Parameters: takes a service (e.g. .Values.proxy) as its argument and returns KON {{- $portMaps := list -}} {{- if .http.enabled -}} + {{- if ne (.http.servicePort | toString ) "0" -}} {{- $portMaps = append $portMaps (printf "%d:%d" (int64 .http.servicePort) (int64 .http.containerPort)) -}} {{- end -}} + {{- end -}} {{- if .tls.enabled -}} {{- $portMaps = append $portMaps (printf "%d:%d" (int64 .tls.servicePort) (int64 .tls.containerPort)) -}} @@ -1115,8 +1119,10 @@ the template that it itself is using form the above sections. {{- $_ := set $autoEnv "KONG_ADMIN_GUI_AUTH_CONF" $guiAuthConf -}} {{- end }} - {{- $guiSessionConf := include "secretkeyref" (dict "name" .Values.enterprise.rbac.session_conf_secret "key" "admin_gui_session_conf") -}} - {{- $_ := set $autoEnv "KONG_ADMIN_GUI_SESSION_CONF" $guiSessionConf -}} + {{- if .Values.enterprise.rbac.session_conf_secret }} + {{- $guiSessionConf := include "secretkeyref" (dict "name" .Values.enterprise.rbac.session_conf_secret "key" "admin_gui_session_conf") -}} + {{- $_ := set $autoEnv "KONG_ADMIN_GUI_SESSION_CONF" $guiSessionConf -}} + {{- end }} {{- end }} {{- if .Values.enterprise.smtp.enabled }} @@ -1284,6 +1290,24 @@ role sets used in the charts. Updating these requires separating out cluster resource roles into their separate templates. */}} {{- define "kong.kubernetesRBACRules" -}} +{{- if (semverCompare ">= 3.2.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }} +- apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update +{{- end }} {{- if and (semverCompare ">= 3.1.0" (include "kong.effectiveVersion" .Values.ingressController.image)) (contains (print .Values.ingressController.env.feature_gates) "KongServiceFacade=true") }} - apiGroups: diff --git a/charts/kong/kong/templates/admission-webhook.yaml b/charts/kong/kong/templates/admission-webhook.yaml index 979f1c0ab..1f121eff0 100644 --- a/charts/kong/kong/templates/admission-webhook.yaml +++ b/charts/kong/kong/templates/admission-webhook.yaml @@ -41,6 +41,91 @@ metadata: {{- end }} {{- end }} webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.ingressController.admissionWebhook.certificate.provided }} + caBundle: {{ b64enc $caCert }} + {{- else }} + {{- if .Values.ingressController.admissionWebhook.certificate.caBundle }} + caBundle: {{ b64enc .Values.ingressController.admissionWebhook.certificate.caBundle }} + {{- end }} + {{- end }} + service: + name: {{ template "kong.service.validationWebhook" . }} + namespace: {{ template "kong.namespace" . }} + failurePolicy: {{ .Values.ingressController.admissionWebhook.failurePolicy }} + matchPolicy: Equivalent + name: secrets.credentials.validation.ingress-controller.konghq.com + {{- with .Values.ingressController.admissionWebhook.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingressController.admissionWebhook.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + objectSelector: + matchExpressions: + - key: "konghq.com/credential" + operator: "Exists" + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + {{- if not .Values.ingressController.admissionWebhook.certificate.provided }} + caBundle: {{ b64enc $caCert }} + {{- else }} + {{- if .Values.ingressController.admissionWebhook.certificate.caBundle }} + caBundle: {{ b64enc .Values.ingressController.admissionWebhook.certificate.caBundle }} + {{- end }} + {{- end }} + service: + name: {{ template "kong.service.validationWebhook" . }} + namespace: {{ template "kong.namespace" . }} + failurePolicy: {{ .Values.ingressController.admissionWebhook.failurePolicy }} + matchPolicy: Equivalent + name: secrets.plugins.validation.ingress-controller.konghq.com + {{- with .Values.ingressController.admissionWebhook.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingressController.admissionWebhook.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + {{- if .Values.ingressController.admissionWebhook.filterSecrets }} + objectSelector: + matchExpressions: + - key: "konghq.com/validate" + operator: "Exists" + {{- else }} + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + {{- end }} + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + sideEffects: None - name: validations.kong.konghq.com {{- with .Values.ingressController.admissionWebhook.namespaceSelector }} namespaceSelector: @@ -75,18 +160,15 @@ webhooks: {{- if (semverCompare ">= 2.8.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }} - kongingresses {{- end }} +{{- if (semverCompare ">= 3.0.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }} - apiGroups: - '' apiVersions: - 'v1' operations: -{{- if (semverCompare ">= 2.12.1" (include "kong.effectiveVersion" .Values.ingressController.image)) }} - CREATE -{{- end }} - UPDATE resources: - - secrets -{{- if (semverCompare ">= 3.0.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }} - services {{- end }} {{- if (semverCompare ">= 2.12.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }} diff --git a/charts/kong/kong/values.yaml b/charts/kong/kong/values.yaml index cb1bb6493..3e3cc507e 100644 --- a/charts/kong/kong/values.yaml +++ b/charts/kong/kong/values.yaml @@ -297,6 +297,9 @@ proxy: http: # Enable plaintext HTTP listen for the proxy enabled: true + # Set the servicePort: 0 to skip exposing in the service but still + # let the port open in container to allow https to http mapping for + # tls terminated at LB. servicePort: 80 containerPort: 8000 # Set a nodePort which is available if service type is NodePort @@ -529,7 +532,7 @@ ingressController: enabled: true image: repository: kong/kubernetes-ingress-controller - tag: "3.1" + tag: "3.2" # Optionally set a semantic version for version-gated features. This can normally # be left unset. You only need to set this if your tag is not a semver string, # such as when you are using a "next" tag. Set this to the effective semantic @@ -579,6 +582,7 @@ ingressController: admissionWebhook: enabled: true + filterSecrets: false failurePolicy: Ignore port: 8080 certificate: @@ -1028,7 +1032,9 @@ enterprise: # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key # The key value must be a secret configuration, following the example at # https://docs.konghq.com/enterprise/latest/kong-manager/authentication/sessions - session_conf_secret: kong-session-config + # If using 3.6+ and OIDC, session configuration is instead handled in the auth configuration, + # and this field can be left empty. + session_conf_secret: "" # CHANGEME # If admin_gui_auth is not set to basic-auth, provide a secret name which # has an admin_gui_auth_conf key containing the plugin config JSON admin_gui_auth_conf_secret: CHANGEME-admin-gui-auth-conf-secret diff --git a/index.yaml b/index.yaml index 536385cff..8e04a7e7b 100644 --- a/index.yaml +++ b/index.yaml @@ -12894,6 +12894,63 @@ entries: - assets/intel/intel-device-plugins-sgx-0.26.1.tgz version: 0.26.1 jenkins: + - annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/changes: | + - Update `jenkins/jenkins` to version `2.452.2-jdk17` + artifacthub.io/images: | + - name: jenkins + image: docker.io/jenkins/jenkins:2.452.2-jdk17 + - name: k8s-sidecar + image: docker.io/kiwigrid/k8s-sidecar:1.27.4 + - name: inbound-agent + image: jenkins/inbound-agent:3248.v65ecb_254c298-1 + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins + - name: Jenkins + url: https://www.jenkins.io/ + - name: support + url: https://github.com/jenkinsci/helm-charts/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jenkins + catalog.cattle.io/kube-version: '>=1.14-0' + catalog.cattle.io/release-name: jenkins + apiVersion: v2 + appVersion: 2.452.2 + created: "2024-06-13T00:55:41.447429009Z" + description: 'Jenkins - Build great things at any scale! As the leading open source + automation server, Jenkins provides over 1800 plugins to support building, deploying + and automating any project. ' + digest: 07ea04b20c75e1e6eb78cdd2a33adb7175f5fb845951fc91e4a5a19f28790150 + home: https://www.jenkins.io/ + icon: https://get.jenkins.io/art/jenkins-logo/logo.svg + keywords: + - jenkins + - ci + - devops + maintainers: + - email: maor.friedman@redhat.com + name: maorfr + - email: mail@torstenwalter.de + name: torstenwalter + - email: garridomota@gmail.com + name: mogaal + - email: wmcdona89@gmail.com + name: wmcdona89 + - email: timjacomb1@gmail.com + name: timja + name: jenkins + sources: + - https://github.com/jenkinsci/jenkins + - https://github.com/jenkinsci/docker-inbound-agent + - https://github.com/maorfr/kube-tasks + - https://github.com/jenkinsci/configuration-as-code-plugin + type: application + urls: + - assets/jenkins/jenkins-5.2.1.tgz + version: 5.2.1 - annotations: artifacthub.io/category: integration-delivery artifacthub.io/changes: | @@ -16780,6 +16837,31 @@ entries: - assets/clastix/kamaji-console-0.0.3.tgz version: 0.0.3 kong: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.6" + created: "2024-06-13T00:55:42.391314087Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: 2227de5b83bafbecfa969cd6e52d48a6151722c8c6ca2cb3622a6706cb89b4d4 + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: team-k8s@konghq.com + name: team-k8s-bot + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.39.0.tgz + version: 2.39.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kong Gateway