Merge pull request #162 from andrewheberle/haproxy-1.16.3

Update HAProxy chart to 1.16.3

charts/haproxy/haproxy/1.16.300/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/haproxy/haproxy/1.16.300/Chart.yaml

@@ -0,0 +1,25 @@
+annotations:
+  catalog.cattle.io/certified: partner
+  catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
+  catalog.cattle.io/release-name: haproxy
+apiVersion: v2
+appVersion: 1.6.7
+description: A Helm chart for HAProxy Kubernetes Ingress Controller
+home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
+icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
+keywords:
+- ingress
+- haproxy
+kubeVersion: '>=1.12.0-0'
+maintainers:
+- email: mmhedhbi@haproxy.com
+  name: Moemen Mhedhbi
+- email: bassmann@haproxy.com
+  name: Baptiste Assmann
+- email: dkorunic@haproxy.com
+  name: Dinko Korunic
+name: haproxy
+sources:
+- https://github.com/haproxytech/kubernetes-ingress
+type: application
+version: 1.16.300

charts/haproxy/haproxy/1.16.300/README.md

@@ -0,0 +1,264 @@
+# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy")
+
+## HAProxy Kubernetes Ingress Controller
+
+An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration.
+
+Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/kubernetes/latest/).
+
+Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md).
+
+## Introduction
+
+This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+### Prerequisites
+
+- Kubernetes 1.12+
+- Helm 2.9+
+
+## Before you begin
+
+### Setup a Kubernetes Cluster
+
+The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides.
+
+For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/).
+
+### Install Helm
+
+Get the latest [Helm release](https://github.com/helm/helm#install).
+
+### Add Helm chart repo
+
+Once you have Helm installed, add the repo as follows:
+
+```console
+helm repo add haproxytech https://haproxytech.github.io/helm-charts
+
+helm repo update
+```
+
+## Install the chart
+
+To install the chart with Helm v3 as _my-release_ deployment:
+
+```console
+helm install my-release haproxytech/kubernetes-ingress
+```
+
+**_NOTE_**: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter:
+
+```console
+helm install haproxytech/kubernetes-ingress \
+  --name my-release
+```
+
+### Installing with unique name
+
+To auto-generate controller and its resources names when installing, use the following:
+
+```console
+helm install haproxytech/kubernetes-ingress \
+  --generate-name
+```
+
+### Installing from a private registry
+
+To install the chart using a private registry for controller into a separate namespace _prod_.
+
+**_NOTE_**: Helm v3 requires namespace to be precreated (eg. with `kubectl create namespace prod`)
+
+```console
+helm install my-ingress haproxytech/kubernetes-ingress  \
+  --namespace prod \
+  --set controller.image.tag=SOMETAG \
+  --set controller.imageCredentials.registry=myregistry.domain.com \
+  --set controller.imageCredentials.username=MYUSERNAME \
+  --set controller.imageCredentials.password=MYPASSWORD
+```
+
+Alternatively, use a pre-configured (existing) imagePullSecret in the same namespace:
+
+```console
+helm install my-ingress haproxytech/kubernetes-ingress  \
+  --namespace prod \
+  --set controller.image.tag=SOMETAG \
+  --set controller.existingImagePullSecret name-of-existing-image-pull-secret
+```
+
+### Using values from YAML file
+
+As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm:
+
+_mylb.yaml_:
+
+```yaml
+controller:
+  kind: DaemonSet
+  ingressClass: haproxy
+  service:
+    type: LoadBalancer
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+      service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
+```
+
+And invoking Helm becomes (compare to the previous example):
+
+```console
+helm install my-ingress -f mylb.yml haproxytech/kubernetes-ingress
+```
+
+A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) :
+
+```yaml
+controller:
+  service:
+    tcpPorts:
+      - name: mysql
+        port: 3306
+        targetPort: 3306
+  extraArgs:
+    - --configmap-tcp-services=default/tcp
+```
+
+### Installing as DaemonSet
+
+Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well:
+
+```console
+helm install my-ingress haproxytech/kubernetes-ingress \
+  --set controller.kind=DaemonSet
+```
+
+### Installing in multi-ingress environment
+
+It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers):
+
+```console
+helm install my-ingress haproxytech/kubernetes-ingress \
+  --set controller.kind=DaemonSet \
+  --set controller.ingressClass=haproxy
+```
+
+**_NOTE_**: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation.
+
+### Installing with service annotations
+
+On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however:
+
+```console
+helm install my-ingress haproxytech/kubernetes-ingress \
+  --set controller.kind=DaemonSet \
+  --set controller.ingressClass=haproxy \
+  --set controller.service.type=LoadBalancer \
+  --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \
+  --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true"
+```
+
+**_NOTE_**: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string.
+
+### Installing with Horizontal Pod Autoscaler (HPA)
+
+[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count for the controller:
+
+```console
+helm install my-ingress haproxytech/kubernetes-ingress \
+  --set controller.autoscaling.enabled=true
+```
+
+### Installing the ServiceMonitor
+
+If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs.
+
+```console
+helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+
+helm install prometheus prometheus-community/kube-prometheus-stack \
+  --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
+  --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
+
+helm install my-ingress haproxytech/kubernetes-ingress \
+  --set controller.serviceMonitor.enabled=true
+```
+
+### Installing with Kubernetes Event-driven Autoscaling (KEDA)
+
+[KEDA](https://keda.sh/docs/2.3/concepts/scaling-deployments/) is an improved scaling solution built on top of HPA which allows autoscaling criteria based on information from any event source including Prometheus metrics collected from HAProxy native Prometheus Exporter.
+
+To enable KEDA, you will also need to install Prometheus Operator and ServiceMonitor enabled (serverAddress has to match `prometheus-kube-prometheus-prometheus` service IP):
+
+_mykeda.yaml_:
+
+```yaml
+controller:
+  kind: Deployment
+  serviceMonitor:
+    enabled: true
+  keda:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    triggers:
+      - type: prometheus
+        metadata:
+          serverAddress: http://10.96.206.247:9090
+          metricName: haproxy_frontend_current_sessions
+          threshold: "100"
+          query: sum(rate(haproxy_frontend_current_sessions{proxy="http"}[2m]))
+```
+
+Note: Other options to trigger scaling can be found in Prometheus [native exporter documentation](https://github.com/haproxy/haproxy/blob/master/addons/promex/README), but some ideas are:
+
+- `haproxy_process_idle_time_percent`
+- `haproxy_frontend_current_sessions`
+- `haproxy_backend_current_queue`
+
+And to install:
+
+```console
+helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+helm repo add kedacore https://kedacore.github.io/charts
+
+helm repo update
+
+helm install prometheus prometheus-community/kube-prometheus-stack \
+  --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
+  --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
+
+kubectl create namespace keda
+helm install keda kedacore/keda --namespace keda
+
+helm install mytest haproxytech/kubernetes-ingress -f mykeda.yaml
+```
+
+## Upgrading the chart
+
+To upgrade the _my-release_ deployment:
+
+```console
+helm upgrade my-release haproxytech/kubernetes-ingress
+```
+
+## Uninstalling the chart
+
+To uninstall/delete the _my-release_ deployment:
+
+```console
+helm delete my-release
+```
+
+## Debugging
+
+It is possible to generate a set of YAML files for testing/debugging:
+
+```console
+helm install my-release haproxytech/kubernetes-ingress \
+  --debug \
+  --dry-run
+```
+
+## Contributing
+
+We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution.

charts/haproxy/haproxy/1.16.300/app-readme.md

@@ -0,0 +1,8 @@
+# HAProxy
+[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment.
+
+# HAProxy Enterprise
+[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/)  is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code.
+
+## Introduction
+This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager.

charts/haproxy/haproxy/1.16.300/ci/daemonset-customconfig-values.yaml

@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  config:
+    rate-limit: "ON"

charts/haproxy/haproxy/1.16.300/ci/daemonset-customnodeport-values.yaml

@@ -0,0 +1,7 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: NodePort
+    ports:
+      8000: 10000
+      8001: 10001

charts/haproxy/haproxy/1.16.300/ci/daemonset-default-values.yaml

@@ -0,0 +1,2 @@
+controller:
+  kind: DaemonSet

charts/haproxy/haproxy/1.16.300/ci/daemonset-disableddefaultbackend-values.yaml

@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+defaultBackend:
+  enabled: false

charts/haproxy/haproxy/1.16.300/ci/daemonset-disabledsecretconfig-values.yaml

@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  defaultTLSSecret:
+    enabled: false

charts/haproxy/haproxy/1.16.300/ci/daemonset-enableports-values.yaml

@@ -0,0 +1,7 @@
+controller:
+  kind: DaemonSet
+  service:
+    enablePorts:
+      http: false
+      https: true
+      stat: false

charts/haproxy/haproxy/1.16.300/ci/daemonset-extraargs-values.yaml

@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  extraArgs:
+    - --namespace-whitelist=default

charts/haproxy/haproxy/1.16.300/ci/daemonset-extraenvs-values.yaml

@@ -0,0 +1,7 @@
+controller:
+  kind: DaemonSet
+  extraEnvs:
+    - name: TEST_STR1
+      value: foo
+    - name: TEST_STR2
+      value: baz

charts/haproxy/haproxy/1.16.300/ci/daemonset-hostport-values.yaml

@@ -0,0 +1,8 @@
+controller:
+  kind: DaemonSet
+  daemonset:
+    useHostPort: true
+    hostPorts:
+      http: 80
+      https: 443
+      stat: 1024

charts/haproxy/haproxy/1.16.300/ci/daemonset-ingressclass-values.yaml

@@ -0,0 +1,6 @@
+controller:
+  kind: DaemonSet
+  ingressClass: haproxy
+  ingressClassResource:
+    enabled: true
+    default: true

charts/haproxy/haproxy/1.16.300/ci/daemonset-nodeport-values.yaml

@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  service:
+    type: NodePort

charts/haproxy/haproxy/1.16.300/ci/daemonset-publishservice-values.yaml

@@ -0,0 +1,5 @@
+controller:
+  kind: DaemonSet
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

charts/haproxy/haproxy/1.16.300/ci/daemonset-serviceannotation-values.yaml

@@ -0,0 +1,5 @@
+controller:
+  kind: DaemonSet
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

charts/haproxy/haproxy/1.16.300/ci/deployment-customconfig-values.yaml

@@ -0,0 +1,3 @@
+controller:
+  config:
+    rate-limit: "ON"

charts/haproxy/haproxy/1.16.300/ci/deployment-customnodeport-values.yaml

@@ -0,0 +1,6 @@
+controller:
+  service:
+    type: NodePort
+    ports:
+      8000: 10000
+      8001: 10001

charts/haproxy/haproxy/1.16.300/ci/deployment-default-values.yaml

@@ -0,0 +1 @@
+#

charts/haproxy/haproxy/1.16.300/ci/deployment-disableddefaultbackend-values.yaml

@@ -0,0 +1,2 @@
+defaultBackend:
+  enabled: false

charts/haproxy/haproxy/1.16.300/ci/deployment-disabledsecretconfig-values.yaml

@@ -0,0 +1,3 @@
+controller:
+  defaultTLSSecret:
+    enabled: false

charts/haproxy/haproxy/1.16.300/ci/deployment-enableports-values.yaml

@@ -0,0 +1,6 @@
+controller:
+  service:
+    enablePorts:
+      http: false
+      https: true
+      stat: false

charts/haproxy/haproxy/1.16.300/ci/deployment-extraargs-values.yaml

@@ -0,0 +1,3 @@
+controller:
+  extraArgs:
+    - --namespace-whitelist=default

charts/haproxy/haproxy/1.16.300/ci/deployment-extraenvs-values.yaml

@@ -0,0 +1,6 @@
+controller:
+  extraEnvs:
+    - name: TEST_STR1
+      value: foo
+    - name: TEST_STR2
+      value: baz

charts/haproxy/haproxy/1.16.300/ci/deployment-hpa-values.yaml

@@ -0,0 +1,14 @@
+controller:
+  kind: Deployment
+  autoscaling:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+defaultBackend:
+  autoscaling:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 2
+    targetCPUUtilizationPercentage: 50

charts/haproxy/haproxy/1.16.300/ci/deployment-ingressclass-values.yaml

@@ -0,0 +1,5 @@
+controller:
+  ingressClass: haproxy
+  ingressClassResource:
+    enabled: true
+    default: true

charts/haproxy/haproxy/1.16.300/ci/deployment-nodeport-values.yaml

@@ -0,0 +1,3 @@
+controller:
+  service:
+    type: NodePort

charts/haproxy/haproxy/1.16.300/ci/deployment-psp-values.yaml

@@ -0,0 +1,2 @@
+podSecurityPolicy:
+  enabled: true

charts/haproxy/haproxy/1.16.300/ci/deployment-publishservice-values.yaml

@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+  publishService:
+    enabled: true

charts/haproxy/haproxy/1.16.300/ci/deployment-replicacount-unset.yaml

@@ -0,0 +1,5 @@
+controller:
+    replicaCount: null
+
+defaultBackend:
+    replicaCount: null

charts/haproxy/haproxy/1.16.300/questions.yml

@@ -0,0 +1,72 @@
+questions:
+- variable: imageDefault
+  default: true
+  description: "Use default Docker image"
+  label: Use Default Image
+  type: boolean
+  group: "Settings"
+  show_subquestion_if: false
+  subquestions:
+  - variable: controller.image.tag
+    default: "1.6.7"
+    description: "HAProxy Ingress Controller Tag"
+    type: string
+    label: HAProxy Ingress Controller Tag
+- variable: controller.kind
+  type: enum
+  options:
+    - "DaemonSet"
+    - "Deployment"
+  default: "Deployment"
+  description: "Deployment Type"
+  label: Deployment Type
+  group: "Settings"
+- variable: controller.service.type
+  type: enum
+  options:
+    - "LoadBalancer"
+    - "NodePort"
+  default: "NodePort"
+  description: "Service Type for HAProxy Ingress Controller"
+  label: Service Type
+  group: "Settings"
+- variable: controller.ingressClass
+  default: ""
+  description: "Ingress Class for targeting this controller"
+  label: Ingress Class
+  type: string
+  group: "Settings"
+- variable: controller.defaultTLSSecret.secret
+  default: ""
+  description: "Default TLS certificate secret"
+  label: TLS Certificate Secret
+  type: string
+  group: "Settings"
+- variable: enableEnterprise
+  default: false
+  description: "Use HAProxy Enterprise"
+  label: Enable
+  type: boolean
+  group: "HAProxy Enterprise"
+  show_subquestion_if: true
+  subquestions:
+  - variable: controller.imageCredentials.registry
+    type: string
+    default: "kubernetes-registry.haproxy.com"
+    description: "HAProxy Enterprise Registtry"
+    label: Registry
+  - variable: controller.image.repository
+    type: string
+    default: "kubernetes-registry.haproxy.com/hapee-ingress"
+    description: "HAProxy Enterprise Registry"
+    label: Repository
+  - variable: controller.imageCredentials.username
+    type: string
+    default: "MYUSERNAME"
+    description: "HAProxy Enterprise Username"
+    label: Username
+  - variable: controller.imageCredentials.password
+    type: string
+    default: "MYPASSWORD"
+    description: "HAProxy Enterprise Password"
+    label: Password 

charts/haproxy/haproxy/1.16.300/templates/NOTES.txt

@@ -0,0 +1,67 @@
+HAProxy Kubernetes Ingress Controller has been successfully installed.
+
+Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}".
+Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type.
+{{- if .Values.rbac.create}}
+RBAC authorization is enabled.
+{{- else}}
+RBAC authorization is disabled.
+{{- end}}
+{{- if .Values.controller.ingressClass}}
+Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for
+Ingress resource.
+{{- end}}
+
+Service ports mapped are:
+{{- if eq .Values.controller.kind "Deployment" }}
+{{- range $key, $value := .Values.controller.containerPort }}
+  - name: {{ $key }}
+    containerPort: {{ $value }}
+    protocol: TCP
+{{- end }}
+{{- end }}
+{{- if eq .Values.controller.kind "DaemonSet" }}
+{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
+{{- range $key, $value := .Values.controller.containerPort }}
+  - name: {{ $key }}
+    containerPort: {{ $value }}
+    protocol: TCP
+    hostPort: {{ index $hostPorts $key | default $value }}
+{{- end }}
+{{- end }}
+
+Node IP can be found with:
+  $ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}"
+
+The following ingress resource routes traffic to pods that match the following:
+  * service name: web
+  * client's Host header: webdemo.com
+  * path begins with /
+
+  ---
+  apiVersion: networking.k8s.io/v1beta1
+  kind: Ingress
+  metadata:
+    name: web-ingress
+    namespace: default
+  spec:
+    rules:
+    - host: webdemo.com
+      http:
+        paths:
+        - path: /
+          backend:
+            serviceName: web
+            servicePort: 80
+
+In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it
+with helm chart option controller.ingressClass.
+
+For more examples and up to date documentation, please visit:
+  * Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
+  * Controller documentation: https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/
+  * Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
+  * Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
+
+
+

charts/haproxy/haproxy/1.16.300/templates/_helpers.tpl

@@ -0,0 +1,130 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubernetes-ingress.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubernetes-ingress.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubernetes-ingress.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Encode an imagePullSecret string.
+*/}}
+{{- define "kubernetes-ingress.imagePullSecret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }}
+{{- end }}
+
+{{/*
+Generate default certificate for HAProxy.
+*/}}
+{{- define "kubernetes-ingress.gen-certs" -}}
+{{- $ca := genCA "kubernetes-ingress-ca" 365 -}}
+{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}}
+{{- $cert := genSignedCert $cn nil nil 365 $ca -}}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end -}}
+
+{{/*
+Create the name of the controller service account to use.
+*/}}
+{{- define "kubernetes-ingress.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
+*/}}
+{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}}
+{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}}
+    {{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.defaultBackend.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified default backend name.
+*/}}
+{{- define "kubernetes-ingress.defaultBackend.fullname" -}}
+{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified default cert secret name.
+*/}}
+{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}}
+{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct the path for the publish-service.
+By default this will use the <namespace>/<service-name> matching the controller's service name.
+Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride`
+*/}}
+{{- define "kubernetes-ingress.publishServicePath" -}}
+{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}}
+{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }}
+{{- print $servicePath | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct the syslog-server annotation
+*/}}
+{{- define "kubernetes-ingress.syslogServer" -}}
+{{- range $key, $val := .Values.controller.logging.traffic -}}
+{{- printf "%s:%s, " $key $val }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified ServiceMonitor name.
+*/}}
+{{- define "kubernetes-ingress.serviceMonitorName" -}}
+{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* vim: set filetype=mustache: */}}

charts/haproxy/haproxy/1.16.300/templates/clusterrole.yaml

@@ -0,0 +1,60 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - services
+  - namespaces
+  - events
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - "extensions"
+  - "networking.k8s.io"
+  resources:
+  - ingresses
+  - ingresses/status
+  - ingressclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - "extensions"
+  - "networking.k8s.io"
+  resources:
+  - ingresses/status
+  verbs:
+  - update
+{{- end -}}

charts/haproxy/haproxy/1.16.300/templates/clusterrolebinding.yaml

@@ -0,0 +1,37 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "kubernetes-ingress.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "kubernetes-ingress.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}
+

charts/haproxy/haproxy/1.16.300/templates/controller-configmap.yaml

@@ -0,0 +1,34 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+data:
+{{- if .Values.controller.logging.traffic }}
+  syslog-server: {{ template "kubernetes-ingress.syslogServer" . }}
+{{- end }}
+{{- if .Values.controller.config }}
+{{ toYaml .Values.controller.config | indent 2 }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-daemonset.yaml

@@ -0,0 +1,242 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if eq .Values.controller.kind "DaemonSet" }}
+{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}}
+{{- $useHostPort := .Values.controller.daemonset.useHostPort -}}
+{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    {{- if .Values.controller.extraLabels }}
+{{ toYaml .Values.controller.extraLabels | indent 4 }}
+    {{- end }}
+spec:
+  minReadySeconds: 0
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if .Values.controller.podLabels }}
+{{ toYaml .Values.controller.podLabels | indent 8 }}
+        {{- end }}
+      {{- if .Values.controller.podAnnotations }}
+      annotations:
+{{ toYaml .Values.controller.podAnnotations | indent 8 }}
+      {{- end }}
+    spec:
+      serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
+      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
+      {{- if $useHostNetwork }}
+      hostNetwork: true
+      {{- end }}
+{{- if .Values.controller.dnsConfig }}
+      dnsConfig:
+{{ toYaml .Values.controller.dnsConfig | indent 8 }}
+{{- end }}
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+{{- if .Values.controller.imageCredentials.registry }}
+      imagePullSecrets:
+      - name: {{ template "kubernetes-ingress.fullname" . }}
+{{- else if .Values.controller.existingImagePullSecret }}
+      imagePullSecrets:
+      - name: {{ .Values.controller.existingImagePullSecret }}
+{{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+{{- end }}
+      containers:
+        - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
+          image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}"
+          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+          args:
+{{- if .Values.controller.defaultTLSSecret.enabled -}}
+{{- if and .Values.controller.defaultTLSSecret.secret .Values.controller.defaultTLSSecret.secretNamespace }}
+          - --default-ssl-certificate={{ tpl .Values.controller.defaultTLSSecret.secretNamespace . }}/{{ .Values.controller.defaultTLSSecret.secret }}
+{{- else }}
+          - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
+{{- end }}
+{{- end }}
+          - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
+{{- if .Values.defaultBackend.enabled }}
+          - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+{{- end }}
+{{- if .Values.controller.ingressClass }}
+          - --ingress.class={{ .Values.controller.ingressClass }}
+{{- end }}
+{{- if .Values.controller.publishService.enabled }}
+          - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}
+{{- end }}
+{{- if .Values.controller.logging.level }}
+          - --log={{ .Values.controller.logging.level }}
+{{- end }}
+{{- range .Values.controller.extraArgs }}
+          - {{ . }}
+{{- end }}
+          {{- if .Values.controller.unprivileged }}
+          securityContext:
+            runAsUser:  1000
+            runAsGroup: 1000
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+          {{- end }}
+          ports:
+          {{- range $key, $value := .Values.controller.containerPort }}
+            - name: {{ $key }}
+              containerPort: {{ $value }}
+              protocol: TCP
+              {{- if $useHostPort }}
+              hostPort: {{ index $hostPorts $key | default $value }}
+              {{- end }}
+          {{- end }}
+          {{- range .Values.controller.service.tcpPorts }}
+            - name: {{ .name }}-tcp
+              containerPort: {{ .port }}
+              protocol: TCP
+              {{- if $useHostPort }}
+              hostPort: {{ .port }}
+              {{- end }}
+          {{- end }}
+          {{- if .Values.controller.livenessProbe.enabled }}
+          livenessProbe:
+            failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
+            httpGet:
+              path: {{ .Values.controller.livenessProbe.path }}
+              port: {{ .Values.controller.livenessProbe.port }}
+              scheme: {{ .Values.controller.livenessProbe.scheme }}
+            initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.controller.readinessProbe.enabled }}
+          readinessProbe:
+            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
+            httpGet:
+              path: {{ .Values.controller.readinessProbe.path }}
+              port: {{ .Values.controller.readinessProbe.port }}
+              scheme: {{ .Values.controller.readinessProbe.scheme }}
+            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.controller.startupProbe.enabled }}
+          startupProbe:
+            failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
+            httpGet:
+              path: {{ .Values.controller.startupProbe.path }}
+              port: {{ .Values.controller.startupProbe.port }}
+              scheme: {{ .Values.controller.startupProbe.scheme }}
+            initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
+            successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
+          {{- end }}
+          env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          {{- if .Values.controller.extraEnvs -}}
+          {{- toYaml .Values.controller.extraEnvs | nindent 10 }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.controller.resources | nindent 12 }}
+          {{- if .Values.controller.lifecycle }}
+          lifecycle:
+            {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
+{{ tpl .Values.controller.lifecycle . | indent 12 }}
+            {{- else }}
+{{ toYaml .Values.controller.lifecycle | indent 12 }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.controller.extraVolumeMounts }}
+          volumeMounts:
+            {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
+{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
+            {{- else }}
+{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
+            {{- end }}
+          {{- end}}
+        {{- if .Values.controller.extraContainers }}
+          {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
+{{ tpl .Values.controller.extraContainers . | indent 8 }}
+          {{- else }}
+{{ toYaml .Values.controller.extraContainers | indent 8 }}
+          {{- end }}
+        {{- end }}
+      {{- if .Values.controller.extraVolumes }}
+      volumes:
+        {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
+{{ tpl .Values.controller.extraVolumes . | indent 8 }}
+        {{- else }}
+{{ toYaml .Values.controller.extraVolumes | indent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
+      initContainers:
+        {{- if .Values.controller.unprivileged }}
+        - name: sysctl
+          image: busybox:musl
+          command:
+            - /bin/sh
+            - -c
+            - sysctl -w net.ipv4.ip_unprivileged_port_start=0
+          securityContext:
+            privileged: true
+        {{- end }}
+        {{- with.Values.controller.initContainers }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.controller.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.controller.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.controller.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-defaultcertsecret.yaml

@@ -0,0 +1,35 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.controller.defaultTLSSecret.enabled }}
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/tls
+metadata:
+  name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+  annotations:
+    "helm.sh/hook": "pre-install"
+    "helm.sh/hook-delete-policy": "before-hook-creation"
+data:
+{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-deployment.yaml

@@ -0,0 +1,245 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if eq .Values.controller.kind "Deployment" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    {{- if .Values.controller.extraLabels }}
+{{ toYaml .Values.controller.extraLabels | indent 4 }}
+    {{- end }}
+spec:
+  {{- if and (not .Values.controller.autoscaling.enabled) (not .Values.controller.keda.enabled) }}
+  replicas: {{ .Values.controller.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  {{- with .Values.controller.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if .Values.controller.podLabels }}
+{{ toYaml .Values.controller.podLabels | indent 8 }}
+        {{- end }}
+      {{- if .Values.controller.podAnnotations }}
+      annotations:
+{{ toYaml .Values.controller.podAnnotations | indent 8 }}
+      {{- end }}
+    spec:
+      serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
+      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
+{{- with .Values.controller.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+{{- end }}
+{{- if .Values.controller.dnsConfig }}
+      dnsConfig:
+{{ toYaml .Values.controller.dnsConfig | indent 8 }}
+{{- end }}
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+{{- if .Values.controller.imageCredentials.registry }}
+      imagePullSecrets:
+      - name: {{ template "kubernetes-ingress.fullname" . }}
+{{- else if .Values.controller.existingImagePullSecret }}
+      imagePullSecrets:
+      - name: {{ .Values.controller.existingImagePullSecret }}
+{{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+{{- end }}
+      containers:
+        - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
+          image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}"
+          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+          args:
+{{- if .Values.controller.defaultTLSSecret.enabled -}}
+{{- if and .Values.controller.defaultTLSSecret.secret .Values.controller.defaultTLSSecret.secretNamespace }}
+          - --default-ssl-certificate={{ tpl .Values.controller.defaultTLSSecret.secretNamespace . }}/{{ .Values.controller.defaultTLSSecret.secret }}
+{{- else }}
+          - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
+{{- end }}
+{{- end }}
+          - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
+{{- if .Values.defaultBackend.enabled }}
+          - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+{{- end }}
+{{- if .Values.controller.ingressClass }}
+          - --ingress.class={{ .Values.controller.ingressClass }}
+{{- end }}
+{{- if .Values.controller.publishService.enabled }}
+          - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}
+{{- end }}
+{{- if .Values.controller.logging.level }}
+          - --log={{ .Values.controller.logging.level }}
+{{- end }}
+{{- range .Values.controller.extraArgs }}
+          - {{ . }}
+{{- end }}
+          {{- if .Values.controller.unprivileged }}
+          securityContext:
+            runAsUser:  1000
+            runAsGroup: 1000
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+          {{- end }}
+          ports:
+          {{- range $key, $value := .Values.controller.containerPort }}
+            - name: {{ $key }}
+              containerPort: {{ $value }}
+              protocol: TCP
+          {{- end }}
+          {{- range .Values.controller.service.tcpPorts }}
+            - name: {{ .name }}-tcp
+              containerPort: {{ .targetPort }}
+              protocol: TCP
+          {{- end }}
+          {{- if .Values.controller.livenessProbe.enabled }}
+          livenessProbe:
+            failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
+            httpGet:
+              path: {{ .Values.controller.livenessProbe.path }}
+              port: {{ .Values.controller.livenessProbe.port }}
+              scheme: {{ .Values.controller.livenessProbe.scheme }}
+              {{- if .Values.controller.livenessProbe.httpHeaders }}
+              httpHeaders: {{ toYaml .Values.controller.livenessProbe.httpHeaders | nindent 16 }}
+              {{- end }}
+            initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.controller.readinessProbe.enabled }}
+          readinessProbe:
+            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
+            httpGet:
+              path: {{ .Values.controller.readinessProbe.path }}
+              port: {{ .Values.controller.readinessProbe.port }}
+              scheme: {{ .Values.controller.readinessProbe.scheme }}
+              {{- if .Values.controller.readinessProbe.httpHeaders }}
+              httpHeaders: {{ toYaml .Values.controller.readinessProbe.httpHeaders | nindent 16 }}
+              {{- end }}
+            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.controller.startupProbe.enabled }}
+          startupProbe:
+            failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
+            httpGet:
+              path: {{ .Values.controller.startupProbe.path }}
+              port: {{ .Values.controller.startupProbe.port }}
+              scheme: {{ .Values.controller.startupProbe.scheme }}
+              {{- if .Values.controller.startupProbe.httpHeaders }}
+              httpHeaders: {{ toYaml .Values.controller.startupProbe.httpHeaders | nindent 16 }}
+              {{- end }}
+            initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
+            successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
+          {{- end }}
+          env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          {{- if .Values.controller.extraEnvs -}}
+          {{- toYaml .Values.controller.extraEnvs | nindent 10 }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.controller.resources | nindent 12 }}
+          {{- if .Values.controller.lifecycle }}
+          lifecycle:
+            {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
+{{ tpl .Values.controller.lifecycle . | indent 12 }}
+            {{- else }}
+{{ toYaml .Values.controller.lifecycle | indent 12 }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.controller.extraVolumeMounts }}
+          volumeMounts:
+            {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
+{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
+            {{- else }}
+{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
+            {{- end }}
+          {{- end}}
+        {{- if .Values.controller.extraContainers }}
+          {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
+{{ tpl .Values.controller.extraContainers . | indent 8 }}
+          {{- else }}
+{{ toYaml .Values.controller.extraContainers | indent 8 }}
+          {{- end }}
+        {{- end }}
+      {{- if .Values.controller.extraVolumes }}
+      volumes:
+        {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
+{{ tpl .Values.controller.extraVolumes . | indent 8 }}
+        {{- else }}
+{{ toYaml .Values.controller.extraVolumes | indent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
+      initContainers:
+        {{- if .Values.controller.unprivileged }}
+        - name: sysctl
+          image: busybox:musl
+          command:
+            - /bin/sh
+            - -c
+            - sysctl -w net.ipv4.ip_unprivileged_port_start=0
+          securityContext:
+            privileged: true
+        {{- end }}
+        {{- with.Values.controller.initContainers }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.controller.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.controller.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.controller.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-hpa.yaml

@@ -0,0 +1,58 @@
+{{/*
+Copyright 2020 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }}
+{{- if not .Values.controller.keda.enabled }}
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "kubernetes-ingress.fullname" . }}
+  minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
+  metrics:
+  {{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.controller.autoscaling.custom }}
+  {{- toYaml .Values.controller.autoscaling.custom | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-ingressclass.yaml

@@ -0,0 +1,42 @@
+{{/*
+Copyright 2021 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.ingressClassResource.enabled) -}}
+{{- if and (semverCompare "=1.18-0" .Capabilities.KubeVersion.GitVersion)  }}
+apiVersion: networking.k8s.io/v1beta1
+{{- else }}
+apiVersion: networking.k8s.io/v1
+{{- end }}
+kind: IngressClass
+metadata:
+  name: {{ .Values.controller.ingressClass }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- if .Values.controller.ingressClassResource.default }}
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: "true"
+{{- end }}
+spec:
+  controller: haproxy.org/ingress-controller
+  {{- if .Values.controller.ingressClassResource.parameters }}
+  parameters:
+{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4 }}
+  {{- end }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-keda.yaml

@@ -0,0 +1,52 @@
+{{/*
+Copyright 2021 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.keda.enabled }}
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+  {{- if .Values.controller.keda.scaledObject.annotations }}
+  annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }}
+  {{- end }}
+spec:
+  scaleTargetRef:
+    name: {{ template "kubernetes-ingress.fullname" . }}
+  pollingInterval: {{ .Values.controller.keda.pollingInterval }}
+  cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }}
+  minReplicaCount: {{ .Values.controller.keda.minReplicas }}
+  maxReplicaCount: {{ .Values.controller.keda.maxReplicas }}
+  triggers:
+{{- with .Values.controller.keda.triggers }}
+{{ toYaml . | indent 2 }}
+{{ end }}
+  advanced:
+    restoreToOriginalReplicaCount: {{ .Values.controller.keda.restoreToOriginalReplicaCount }}
+{{- if .Values.controller.keda.behavior }}
+    horizontalPodAutoscalerConfig:
+      behavior:
+{{ with .Values.controller.keda.behavior -}}
+{{ toYaml . | indent 8 }}
+{{ end }}
+{{- end }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-poddisruptionbudget.yaml

@@ -0,0 +1,40 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.controller.PodDisruptionBudget.enable }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+spec:
+  {{- if .Values.controller.PodDisruptionBudget.maxUnavailable }}
+  maxUnavailable: {{ .Values.controller.PodDisruptionBudget.maxUnavailable }}
+  {{- end }}
+  {{- if .Values.controller.PodDisruptionBudget.minAvailable }}
+  minAvailable: {{ .Values.controller.PodDisruptionBudget.minAvailable }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-podsecuritypolicy.yaml

@@ -0,0 +1,80 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }}
+{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }}
+{{- $useHostPort := .Values.controller.daemonset.useHostPort }}
+{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+{{- if .Values.podSecurityPolicy.annotations }}
+  annotations:
+{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
+{{- end }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'
+    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
+spec:
+  allowPrivilegeEscalation: false
+  allowedCapabilities:
+    - NET_BIND_SERVICE
+  defaultAllowPrivilegeEscalation: false
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      - max: 65535
+        min: 1
+{{- if $useHostNetwork }}
+  hostNetwork: true
+{{- end }}
+{{- if or $useHostPort $useHostNetwork }}
+  hostPorts:
+{{- range $key, $value := .Values.controller.containerPort }}
+  - min: {{ $value }}
+    max: {{ $value }}
+{{- end }}
+{{- range .Values.controller.service.tcpPorts }}
+  - min: {{ .port }}
+    max: {{ .port }}
+{{- end }}
+{{- end }}
+  hostIPC: false
+  hostPID: false
+  privileged: false
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      - max: 65535
+        min: 1
+  volumes:
+    - configMap
+    - downwardAPI
+    - secret
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-pullsecret.yaml

@@ -0,0 +1,32 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.controller.imageCredentials.registry }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-role.yaml

@@ -0,0 +1,38 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+rules:
+- apiGroups: 
+  - "policy"
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+  resourceNames:
+  - {{ template "kubernetes-ingress.fullname" . }}
+{{- end -}}

charts/haproxy/haproxy/1.16.300/templates/controller-rolebinding.yaml

@@ -0,0 +1,37 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "kubernetes-ingress.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "kubernetes-ingress.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/haproxy/haproxy/1.16.300/templates/controller-service.yaml

@@ -0,0 +1,101 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.controller.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- if .Values.controller.service.labels }}
+{{ toYaml .Values.controller.service.labels | indent 4 }}
+{{- end }}
+  annotations:
+{{- range $key, $value := .Values.controller.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+{{- end }}
+spec:
+  {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }}
+  type: {{ .Values.controller.service.type }}
+  {{- if .Values.controller.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
+  {{- end }}
+  {{- if .Values.controller.service.healthCheckNodePort }}
+  healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
+  {{- end }}
+  ports:
+  {{- if .Values.controller.service.enablePorts.http }}
+    - name: http
+      port: {{ .Values.controller.service.ports.http }}
+      protocol: TCP
+      targetPort: {{ .Values.controller.service.targetPorts.http }}
+    {{- if .Values.controller.service.nodePorts.http }}
+      nodePort: {{ .Values.controller.service.nodePorts.http }}
+    {{- end }}
+  {{- end }}
+  {{- if .Values.controller.service.enablePorts.https }}
+    - name: https
+      port: {{ .Values.controller.service.ports.https }}
+      protocol: TCP
+      targetPort: {{ .Values.controller.service.targetPorts.https }}
+    {{- if .Values.controller.service.nodePorts.https }}
+      nodePort: {{ .Values.controller.service.nodePorts.https }}
+    {{- end }}
+  {{- end }}
+  {{- if .Values.controller.service.enablePorts.stat }}
+    - name: stat
+      port: {{ .Values.controller.service.ports.stat }}
+      protocol: TCP
+      targetPort: {{ .Values.controller.service.targetPorts.stat }}
+    {{- if .Values.controller.service.nodePorts.stat }}
+      nodePort: {{ .Values.controller.service.nodePorts.stat }}
+    {{- end }}
+  {{- end }}
+  {{- range .Values.controller.service.tcpPorts }}
+    - name: {{ .name }}-tcp
+      port: {{ .port }}
+      protocol: TCP
+      targetPort: {{ .targetPort }}
+    {{- if .nodePort }}
+      nodePort: {{ .nodePort }}
+    {{- end }}
+  {{- end }}
+  selector:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  {{- if .Values.controller.service.sessionAffinity }}
+  sessionAffinity: {{ .Values.controller.service.sessionAffinity }}
+  {{- end }}
+  externalIPs:
+{{- if .Values.controller.service.externalIPs }}
+{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
+{{- end -}}
+{{- if (eq .Values.controller.service.type "LoadBalancer") }}
+{{- if .Values.controller.service.loadBalancerIP }}
+  loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
+{{- end }}
+{{- if .Values.controller.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/controller-serviceaccount.yaml

@@ -0,0 +1,29 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if or .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "kubernetes-ingress.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- end -}}

charts/haproxy/haproxy/1.16.300/templates/controller-servicemonitor.yaml

@@ -0,0 +1,41 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.controller.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "kubernetes-ingress.serviceMonitorName" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    {{- if .Values.controller.serviceMonitor.extraLabels }}
+    {{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    {{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/default-backend-deployment.yaml

@@ -0,0 +1,85 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.defaultBackend.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+spec:
+  {{- if not .Values.defaultBackend.autoscaling.enabled }}
+  replicas: {{ .Values.defaultBackend.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if .Values.defaultBackend.podLabels }}
+{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
+        {{- end }}
+      {{- if .Values.defaultBackend.podAnnotations }}
+      annotations:
+{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }}
+      {{- end }}
+    spec:
+{{- with .Values.defaultBackend.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+{{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+{{- end }}
+      containers:
+        - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }}
+          image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
+          imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.defaultBackend.containerPort }}
+              protocol: TCP
+          {{- if .Values.defaultBackend.extraEnvs }}
+          env:
+            {{- toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.defaultBackend.resources | nindent 12 }}
+      {{- with .Values.defaultBackend.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.defaultBackend.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
+      terminationGracePeriodSeconds: 60
+    {{- with .Values.defaultBackend.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/default-backend-hpa.yaml

@@ -0,0 +1,56 @@
+{{/*
+Copyright 2020 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }}
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
+  metrics:
+  {{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.defaultBackend.autoscaling.custom }}
+  {{- toYaml .Values.defaultBackend.autoscaling.custom | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/default-backend-podsecuritypolicy.yaml

@@ -0,0 +1,64 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+{{- if .Values.podSecurityPolicy.annotations }}
+  annotations:
+{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
+{{- end }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+  name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'
+    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
+spec:
+  allowPrivilegeEscalation: false
+  allowedCapabilities:
+    - NET_BIND_SERVICE
+  defaultAllowPrivilegeEscalation: false
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      - max: 65535
+        min: 1
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  privileged: false
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      - max: 65535
+        min: 1
+  volumes:
+    - configMap
+    - downwardAPI
+    - secret
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/default-backend-role.yaml

@@ -0,0 +1,38 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+rules:
+- apiGroups: 
+  - "policy"
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+  resourceNames:
+  - {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+{{- end -}}

charts/haproxy/haproxy/1.16.300/templates/default-backend-rolebinding.yaml

@@ -0,0 +1,37 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/haproxy/haproxy/1.16.300/templates/default-backend-service.yaml

@@ -0,0 +1,44 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.defaultBackend.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- if .Values.defaultBackend.service.annotations }}
+  annotations:
+{{ toYaml .Values.defaultBackend.service.annotations | indent 8 }}
+{{- end }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    - name: http
+      port: {{ .Values.defaultBackend.service.port }}
+      protocol: TCP
+      targetPort: http
+  selector:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/haproxy/haproxy/1.16.300/templates/default-backend-serviceaccount.yaml

@@ -0,0 +1,29 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- end -}}

charts/haproxy/haproxy/1.16.300/values.yaml

@@ -0,0 +1,576 @@
+# Copyright 2019 HAProxy Technologies LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Default values for kubernetes-ingress Chart for HAProxy Ingress Controller
+## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
+
+podSecurityPolicy:
+  annotations: {}
+    ## Specify pod annotations
+    ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
+    ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
+    ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
+    ##
+    # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+    # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
+    # seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default
+    # seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
+  enabled: false
+
+## Enable RBAC Authorization
+## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+rbac:
+  create: true
+
+
+## Configure Service Account
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+serviceAccount:
+  create: true
+  name:
+
+
+## Controller default values
+controller:
+  name: controller
+  image:
+    repository: haproxytech/kubernetes-ingress    # can be changed to use CE or EE Controller images
+    tag: "{{ .Chart.AppVersion }}"
+    pullPolicy: IfNotPresent
+
+  ## Deployment or DaemonSet pod mode
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
+  kind: Deployment    # can be 'Deployment' or 'DaemonSet'
+  replicaCount: 2
+
+  ## Running container without root privileges
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  unprivileged: false
+
+  ## Init Containers
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+  initContainers: []
+  # - name: sysctl
+  #   image: "busybox:musl"
+  #   command:
+  #     - /bin/sh
+  #     - -c
+  #     - sysctl -w net.core.somaxconn=65536
+  #   securityContext:
+  #     privileged: true
+
+  ## Pod termination grace period
+  ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 60
+
+  ## Private Registry configuration
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  imageCredentials:
+    registry: null
+    username: null
+    password: null
+  existingImagePullSecret: null
+
+  ## Controller Container listener port configuration
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
+  containerPort:
+    http: 80
+    https: 443
+    stat: 1024
+
+  ## Controller Container liveness/readiness probe configuration
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  livenessProbe:
+    enabled: true
+    failureThreshold: 3
+    initialDelaySeconds: 0
+    path: /healthz
+    periodSeconds: 10
+    port: 1042
+    scheme: HTTP
+    successThreshold: 1
+    timeoutSeconds: 1
+
+  readinessProbe:
+    enabled: true
+    failureThreshold: 3
+    initialDelaySeconds: 0
+    path: /healthz
+    periodSeconds: 10
+    port: 1042
+    scheme: HTTP
+    successThreshold: 1
+    timeoutSeconds: 1
+
+  startupProbe:
+    enabled: true
+    failureThreshold: 20
+    initialDelaySeconds: 0
+    path: /healthz
+    periodSeconds: 1
+    port: 1042
+    scheme: HTTP
+    successThreshold: 1
+    timeoutSeconds: 1
+
+  ## Ingress Class used for ingress.class annotation in multi-ingress environments
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers
+  ingressClass: haproxy   # typically "haproxy" or null to receive all events
+
+  ## Ingress Class resource with additional configuration and name of the controller
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class
+  ## Note: Uses ingressClass as name for the Ingress Class object if enabled
+  ingressClassResource:
+    enabled: false
+    default: false
+    parameters: {}
+
+  ## Additional labels to add to the deployment or daemonset metadata
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  extraLabels: {}
+  #  key: value
+
+  ## Additional labels to add to the pod container metadata
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  podLabels: {}
+  #  key: value
+
+  ## Additional annotations to add to the pod container metadata
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  podAnnotations: {}
+  #  key: value
+
+  ## Ingress TLS secret, if it is enabled and secret is null then controller will use auto-generated secret, otherwise
+  ## secret needs to contain name of the Secret object which has been created manually
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+  ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  defaultTLSSecret:
+    enabled: true
+    secretNamespace: "{{ .Release.Namespace }}"
+    secret: null
+
+  ## Compute Resources for controller container
+  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  resources:
+  #  limits:
+  #    cpu: 100m
+  #    memory: 64Mi
+    requests:
+      cpu: 100m
+      memory: 64Mi
+
+  ## Horizontal Pod Scaler
+  ## Only to be used with Deployment kind
+  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+  autoscaling:
+    enabled: false
+    minReplicas: 2
+    maxReplicas: 20
+    targetCPUUtilizationPercentage: 80
+    # targetMemoryUtilizationPercentage: 80
+
+    ## Custom metrics (example)
+    ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
+    # custom:
+    #   - type: Pods
+    #     pods:
+    #       metricName: haproxy_backend_current_sessions
+    #       targetAverageValue: 2000
+
+  ## Kubernetes Event-driven Autoscaling: KEDA 2.x
+  ## ref: https://keda.sh/docs/2.3/concepts/scaling-deployments/
+  ## Note: mutually exclusive with HPA, enabling KEDA disables HPA
+  ## Node: requires serviceMonitor enabled
+  keda:
+    enabled: false
+    minReplicas: 2
+    maxReplicas: 20
+    pollingInterval: 30
+    cooldownPeriod: 300
+    restoreToOriginalReplicaCount: false
+    scaledObject:
+      annotations: {}
+    behaviour: {}
+    #  scaleDown:
+    #    stabilizationWindowSeconds: 300
+    #    policies:
+    #    - type: Percent
+    #      value: 100
+    #      periodSeconds: 15
+    triggers: []
+    #  - type: prometheus
+    #    metadata:
+    #      serverAddress: http://<prometheus-host>:9090
+    #      metricName: haproxy_process_idle_time_percent
+    #      threshold: '50'
+    #      query: avg(100-avg_over_time(haproxy_process_idle_time_percent{container="kubernetes-ingress-controller",service="mytest-kubernetes-ingress"}[2m]))
+
+  ## Pod Disruption Budget
+  ## Only to be used with Deployment kind
+  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+  PodDisruptionBudget:
+    enable: false
+    # maxUnavailable: 1
+    # minAvailable: 1
+
+  ## Pod Node assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  nodeSelector: {}
+
+  ## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  tolerations: []
+  #  - key: "key"
+  #    operator: "Equal|Exists"
+  #    value: "value"
+  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+  ## Node Affinity for pod-node scheduling constraints
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  affinity: {}
+
+  ## Topology spread constraints (only used in kind: Deployment)
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  topologySpreadConstraints: []
+  # - maxSkew: 1
+  #   topologyKey: kubernetes.io/zone
+  #   whenUnsatisfiable: DoNotSchedule
+  #   labelSelector:
+  #     matchLabels:
+  #       app.kubernetes.io/name: kubernetes-ingress
+  #       app.kubernetes.io/instance: kubernetes-ingress
+
+  ## Pod DNS Config
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
+  dnsConfig: {}
+
+  ## Pod DNS Policy
+  ## Change this to ClusterFirstWithHostNet in case you have useHostNetwork set to true
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
+  dnsPolicy: ClusterFirst
+
+  ## Additional command line arguments to pass to Controller
+  ## ref: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
+  extraArgs: []
+  #  - --namespace-whitelist=default
+  #  - --namespace-whitelist=namespace1
+  #  - --namespace-blacklist=namespace2
+
+  ## Custom configuration for Controller
+  ## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
+  config: {}
+  #   timeout-connect: "250ms"
+  #   servers-increment: "10"
+  #   servers-increment-max-disabled: "10"
+  #   rate-limit: "ON"
+  #   rate-limit-expire: "1m"
+  #   rate-limit-interval: "10s"
+  #   rate-limit-size: "100k"
+
+  ## Controller Logging configuration
+  logging:
+    ## Controller logging level
+    ## This only relevant to Controller logs
+    level: info
+
+    ## HAProxy traffic logs
+    ## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation#logging
+    traffic: {}
+      #      address:  "stdout"
+      #      format:   "raw"
+      #      facility: "daemon"
+
+  ## Mirrors the address of the service's endpoints to the
+  ## load-balancer status of all Ingress objects it satisfies.
+  publishService:
+    enabled: true
+    ##
+    ## Override of the publish service
+    ## Must be <namespace>/<service_name>
+    pathOverride: ""
+
+  ## Controller Service configuration
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+  service:
+    enabled: true     # set to false when controller.kind is 'DaemonSet' and controller.daemonset.useHostPorts is true
+
+    type: NodePort    # can be 'NodePort' or 'LoadBalancer'
+
+    ## Service annotations
+    ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+    annotations: {}
+
+    ## Service labels
+    ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+    labels: {}
+
+    ## Health check node port
+    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    healthCheckNodePort: 0
+
+    ## Service nodePorts to use for http, https and stat
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    ## If empty, random ports will be used
+    nodePorts: {}
+    #  http: 31080
+    #  https: 31443
+    #  stat: 31024
+
+    ## Service ports to use for http, https and stat
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    ports:
+      http: 80
+      https: 443
+      stat: 1024
+
+    ## The controller service ports for http, https and stat can be disabled by
+    ## setting below to false - this could be useful when only deploying haproxy
+    ## as a TCP loadbalancer
+    ## Note: At least one port (http, https, stat or from tcpPorts) has to be enabled
+    enablePorts:
+      http: true
+      https: true
+      stat: true
+
+    ## Target port mappings for http, https and stat
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    targetPorts:
+      http: http
+      https: https
+      stat: stat
+
+    ## Additional tcp ports to expose
+    ## This is especially useful for TCP services:
+    ## https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
+    tcpPorts: []
+    #  - name: http-alt
+    #    port: 8080
+    #    targetPort: http-alt
+    #    nodePort: 32080
+
+    ## Set external traffic policy
+    ## Default is "Cluster", setting it to "Local" preserves source IP
+    ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
+    # externalTrafficPolicy: "Local"
+
+    ## Expose service via external IPs that route to one or more cluster nodes
+    externalIPs: []
+
+    ## LoadBalancer IP
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+    loadBalancerIP: ""
+
+    ## Source IP ranges permitted to access Network Load Balancer
+    # ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
+    loadBalancerSourceRanges: []
+
+    ## Service ClusterIP
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    # clusterIP: ""
+
+    ## Service session affinity
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    # sessionAffinity: ""
+
+  ## Controller DaemonSet configuration
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
+  daemonset:
+    useHostNetwork: false  # also modify dnsPolicy accordingly
+    useHostPort: false
+    hostPorts:
+      http: 80
+      https: 443
+      stat: 1024
+
+  ## Controller deployment strategy definition
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+  strategy: {}
+  #  rollingUpdate:
+  #    maxSurge: 25%
+  #    maxUnavailable: 25%
+  #  type: RollingUpdate
+
+  ## Controller Pod PriorityClass
+  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
+  priorityClassName: ""
+
+  ## Controller container lifecycle handlers
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
+  lifecycle: {}
+    ## Example preStop for graceful shutdown
+    # preStop:
+    #   exec:
+    #     command: ["/bin/sh", "-c", "kill -USR1 $(pidof haproxy); while killall -0 haproxy; do sleep 1; done"]
+
+  ## Set additional environment variables
+  extraEnvs: []
+    ## Set TZ env to configure timezone on controller containers
+    # - name: TZ
+    #   value: "Etc/UTC"
+
+  ## Add additional containers
+  extraContainers: []
+    ## Example sidecar
+    # - name: sidecar
+    #   image: alpine # alpine is a simple Linux OS image
+    #   command: ["/bin/sh"]
+    #   args: ["-c", "while true; do date; sleep 5;done"]
+
+  ## Additional volumeMounts to the controller main container
+  extraVolumeMounts: []
+    ## Example empty volume mounts when using securityContext->readOnlyRootFilesystem
+    # - name: etc-haproxy
+    #   mountPath: /etc/haproxy
+    # - name: tmp
+    #   mountPath: /tmp
+    # - name: var-state-haproxy
+    #   mountPath: /var/state/haproxy
+
+  ## Additional volumes to the controller pod
+  extraVolumes: []
+    ## Example empty volumes when using securityContext->readOnlyRootFilesystem
+    # - name: etc-haproxy
+    #   emptyDir: {}
+    # - name: tmp
+    #   emptyDir: {}
+    # - name: var-state-haproxy
+    #   emptyDir: {}
+
+  ## ServiceMonitor
+  ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md
+  ## Note: requires Prometheus Operator to be able to work, for example:
+  ## helm install prometheus prometheus-community/kube-prometheus-stack \
+  ##   --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
+  ##   --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
+  serviceMonitor:
+    ## Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured
+    enabled: false
+
+    ## Specify the labels to add to the ServiceMonitors to be selected for target discovery
+    extraLabels: {}
+
+    ## Specify the endpoints
+    ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/design.md#servicemonitor
+    endpoints:
+    - port: stat
+      path: /metrics
+      scheme: http
+
+## Default 404 backend
+defaultBackend:
+  enabled: true
+  name: default-backend
+  replicaCount: 2
+
+  image:
+    repository: k8s.gcr.io/defaultbackend-amd64
+    tag: 1.5
+    pullPolicy: IfNotPresent
+    runAsUser: 65534
+
+  ## Compute Resources
+  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  resources:
+  #  limits:
+  #    cpu: 10m
+  #    memory: 16Mi
+    requests:
+      cpu: 10m
+      memory: 16Mi
+
+  ## Horizontal Pod Scaler
+  ## Only to be used with Deployment kind
+  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 2
+    targetCPUUtilizationPercentage: 80
+    # targetMemoryUtilizationPercentage: 80
+
+    ## Custom metrics (example)
+    ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
+    # custom:
+    #   - type: Pods
+    #     pods:
+    #       metricName: haproxy_backend_current_sessions
+    #       targetAverageValue: 2000
+
+  ## Listener port configuration
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
+  containerPort: 8080
+
+  ## Pod Node assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  nodeSelector: {}
+
+  ## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  tolerations: []
+  #  - key: "key"
+  #    operator: "Equal|Exists"
+  #    value: "value"
+  #    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+  ## Node Affinity for pod-node scheduling constraints
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  affinity: {}
+
+  ## Topology spread constraints
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  topologySpreadConstraints: []
+  # - maxSkew: 1
+  #   topologyKey: kubernetes.io/zone
+  #   whenUnsatisfiable: DoNotSchedule
+  #   labelSelector:
+  #     matchLabels:
+  #       app.kubernetes.io/name: kubernetes-ingress-kubernetes-ingress-default-backend
+  #       app.kubernetes.io/instance: haproxy-ingress
+
+  ## Additional labels to add to the pod container metadata
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  podLabels: {}
+  #  key: value
+
+  ## Additional annotations to add to the pod container metadata
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  podAnnotations: {}
+  #  key: value
+
+  service:
+    ## Annotations for the default backend service object
+    annotations: {}
+    # Use the controller as default backend
+    # haproxy.org/backend-config-snippet: http-request return status 404
+
+    ## Service ports
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    port: 8080
+
+  ## Configure Service Account
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+  serviceAccount:
+    create: true
+
+  ## Pod PriorityClass
+  ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
+  priorityClassName: ""
+
+  ## Set additional environment variables
+  extraEnvs: []
+    ## Set TZ env to configure timezone on controller containers
+    # - name: TZ
+    #   value: "Etc/UTC"

index.yaml

@@ -844,6 +844,35 @@ entries:
     - assets/federatorai/federatorai-4.5.100.tgz
     version: 4.5.100
   haproxy:
+  - annotations:
+      catalog.cattle.io/certified: partner
+      catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
+      catalog.cattle.io/release-name: haproxy
+    apiVersion: v2
+    appVersion: 1.6.7
+    created: "2021-09-23T15:15:23.7564039Z"
+    description: A Helm chart for HAProxy Kubernetes Ingress Controller
+    digest: c79dedb80de7bc59351c8932a2749089a487a44d7bcedd9074a5bbe4a1763f03
+    home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
+    icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
+    keywords:
+    - ingress
+    - haproxy
+    kubeVersion: '>=1.12.0-0'
+    maintainers:
+    - email: mmhedhbi@haproxy.com
+      name: Moemen Mhedhbi
+    - email: bassmann@haproxy.com
+      name: Baptiste Assmann
+    - email: dkorunic@haproxy.com
+      name: Dinko Korunic
+    name: haproxy
+    sources:
+    - https://github.com/haproxytech/kubernetes-ingress
+    type: application
+    urls:
+    - assets/haproxy/haproxy-1.16.300.tgz
+    version: 1.16.300
   - annotations:
       catalog.cattle.io/certified: partner
       catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller

packages/haproxy/generated-changes/overlay/questions.yml

@@ -8,7 +8,7 @@ questions:
   show_subquestion_if: false
   subquestions:
   - variable: controller.image.tag
-    default: "1.6.5"
+    default: "1.6.7"
     description: "HAProxy Ingress Controller Tag"
     type: string
     label: HAProxy Ingress Controller Tag

packages/haproxy/generated-changes/patch/Chart.yaml.patch

@@ -1,6 +1,6 @@
 --- charts-original/Chart.yaml
 +++ charts/Chart.yaml
-@@ -14,7 +14,11 @@
+@@ -17,8 +17,12 @@
    name: Baptiste Assmann
  - email: dkorunic@haproxy.com
    name: Dinko Korunic
@@ -8,7 +8,8 @@
 +name: haproxy
  sources:
  - https://github.com/haproxytech/kubernetes-ingress
- version: 1.16.1
+ type: application
+ version: 1.16.3
 +annotations:
 +  catalog.cattle.io/certified: partner
 +  catalog.cattle.io/release-name: haproxy

packages/haproxy/package.yaml

@@ -1,2 +1,2 @@
-url: https://github.com/haproxytech/helm-charts/releases/download/kubernetes-ingress-1.16.1/kubernetes-ingress-1.16.1.tgz
+url: https://github.com/haproxytech/helm-charts/releases/download/kubernetes-ingress-1.16.3/kubernetes-ingress-1.16.3.tgz
 packageVersion: 00