diff --git a/assets/nginx-ingress/nginx-ingress-0.13.0.tgz b/assets/nginx-ingress/nginx-ingress-0.13.0.tgz new file mode 100644 index 000000000..cc48f002b Binary files /dev/null and b/assets/nginx-ingress/nginx-ingress-0.13.0.tgz differ diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/.helmignore b/charts/nginx-ingress/nginx-ingress/0.13.0/.helmignore new file mode 100644 index 000000000..c1347c2c2 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/.helmignore @@ -0,0 +1,2 @@ +# Patterns to ignore when building packages. +*.png diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/Chart.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/Chart.yaml new file mode 100644 index 000000000..476e9156b --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NGINX Ingress Controller + catalog.cattle.io/release-name: nginx-ingress-controller +apiVersion: v1 +appVersion: 2.2.0 +description: NGINX Ingress Controller +home: https://github.com/nginxinc/kubernetes-ingress +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.2.0/deployments/helm-chart/chart-icon.png +keywords: +- ingress +- nginx +kubeVersion: 1.19 - 1.23 +maintainers: +- email: kubernetes@nginx.com + name: nginxinc +name: nginx-ingress +sources: +- https://github.com/nginxinc/kubernetes-ingress/tree/v2.2.0/deployments/helm-chart +version: 0.13.0 diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/README.md b/charts/nginx-ingress/nginx-ingress/0.13.0/README.md new file mode 100644 index 000000000..b4eaf18b1 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/README.md @@ -0,0 +1,245 @@ +# NGINX Ingress Controller Helm Chart + +## Introduction + +This chart deploys the NGINX Ingress Controller in your Kubernetes cluster. + +## Prerequisites + + - A [Kubernetes Version Supported by the Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/technical-specifications/#supported-kubernetes-versions) + - Helm 3.0+. + - Git. + - If you’d like to use NGINX Plus: + - To pull from the F5 Container registry, configure a docker registry secret using your JWT token from the MyF5 portal by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/using-the-jwt-token-docker-secret). Make sure to specify the secret using `controller.serviceAccount.imagePullSecretName` parameter. + - Alternatively, pull an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image). + - Alternatively, you can build an Ingress Controller image with NGINX Plus and push it to your private registry by following the instructions from [here](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image). + - Update the `controller.image.repository` field of the `values-plus.yaml` accordingly. + - If you’d like to use App Protect DoS, please install App Protect DoS Arbitrator helm chart. Make sure to install in the same namespace as the NGINX Ingress Controller. Note that if you install multiple NGINX Ingress Controllers in the same namespace, they will need to share the same Arbitrator because it is not possible to install more than one Arbitrator in a single namespace. + + +## Getting the Chart Sources + +This step is required if you're installing the chart using its sources. Additionally, the step is also required for managing the custom resource definitions (CRDs), which the Ingress Controller requires by default, or for upgrading/deleting the CRDs. + +1. Clone the Ingress Controller repo: + ```console + $ git clone https://github.com/nginxinc/kubernetes-ingress --branch v2.2.0 + ``` + **Note**: If you want to use the experimental repository (`edge`), remove the `--branch` flag and value. + +2. Change your working directory to /deployments/helm-chart: + ```console + $ cd kubernetes-ingress/deployments/helm-chart + ``` + +## Adding the Helm Repository + +This step is required if you're installing the chart via the helm repository. + +```console +$ helm repo add nginx-stable https://helm.nginx.com/stable +$ helm repo update +``` + +**Note**: If you want to use the experimental repository, replace `stable` with `edge`. + +## Installing the Chart + +### Installing the CRDs + +By default, the Ingress Controller requires a number of custom resource definitions (CRDs) installed in the cluster. The Helm client will install those CRDs. If the CRDs are not installed, the Ingress Controller pods will not become `Ready`. + +If you do not use the custom resources that require those CRDs (which corresponds to `controller.enableCustomResources` set to `false` and `controller.appprotect.enable` set to `false` and `controller.appprotectdos.enable` set to `false`), the installation of the CRDs can be skipped by specifying `--skip-crds` for the helm install command. + +### Installing via Helm Repository + +To install the chart with the release name my-release (my-release is the name that you choose): + +For NGINX: +```console +$ helm install my-release nginx-stable/nginx-ingress +``` + +For NGINX Plus: (assuming you have pushed the Ingress Controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) +```console +$ helm install my-release nginx-stable/nginx-ingress --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true +``` + +**Note**: If you want to use the experimental repository, replace `stable` with `edge` and add the `--devel` flag. + +### Installing Using Chart Sources + +To install the chart with the release name my-release (my-release is the name that you choose): + +For NGINX: +```console +$ helm install my-release . +``` + +For NGINX Plus: +```console +$ helm install my-release -f values-plus.yaml . +``` + +**Note**: If you want to use the experimental repository, replace the value in the `tag` field inside the yaml files with `edge`. + +The command deploys the Ingress Controller in your Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation. + +When deploying the Ingress Controller, make sure to use your own TLS certificate and key for the default server rather than the default pre-generated ones. Read the [Configuration](#Configuration) section below to see how to configure a TLS certificate and key for the default server. Note that the default server returns the Not Found page with the 404 status code for all requests for domains for which there are no Ingress rules defined. + +## Upgrading the Chart + +### Upgrading the CRDs + +Helm does not upgrade the CRDs during a release upgrade. Before you upgrade a release, run the following command to upgrade the CRDs: + +```console +$ kubectl apply -f crds/ +``` +> **Note**: The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply`. + +> **Note**: Make sure to check the [release notes](https://www.github.com/nginxinc/kubernetes-ingress/releases) for a new release for any special upgrade procedures. + +### Upgrading the Release + +To upgrade the release `my-release`: + +#### Upgrade Using Chart Sources: + +```console +$ helm upgrade my-release . +``` + +#### Upgrade via Helm Repository: + +```console +$ helm upgrade my-release nginx-stable/nginx-ingress +``` + +## Uninstalling the Chart + +### Uninstalling the Release + +To uninstall/delete the release `my-release`: + +```console +$ helm uninstall my-release +``` +The command removes all the Kubernetes components associated with the release and deletes the release. + +### Uninstalling the CRDs + +Uninstalling the release does not remove the CRDs. To remove the CRDs, run: + +```console +$ kubectl delete -f crds/ +``` +> **Note**: This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure there are no custom resources that you want to keep and there are no other Ingress Controller releases running in the cluster. + +## Running Multiple Ingress Controllers + +If you are running multiple Ingress Controller releases in your cluster with enabled custom resources, the releases will share a single version of the CRDs. As a result, make sure that the Ingress Controller versions match the version of the CRDs. Additionally, when uninstalling a release, ensure that you don’t remove the CRDs until there are no other Ingress Controller releases running in the cluster. + +See [running multiple ingress controllers](https://docs.nginx.com/nginx-ingress-controller/installation/running-multiple-ingress-controllers/) for more details. + +## Configuration + +The following tables lists the configurable parameters of the NGINX Ingress Controller chart and their default values. + +Parameter | Description | Default +--- | --- | --- +`controller.name` | The name of the Ingress Controller daemonset or deployment. | Autogenerated +`controller.kind` | The kind of the Ingress Controller installation - deployment or daemonset. | deployment +`controller.nginxplus` | Deploys the Ingress Controller for NGINX Plus. | false +`controller.nginxReloadTimeout` | The timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. | 60000 +`controller.hostNetwork` | Enables the Ingress Controller pods to use the host's network namespace. | false +`controller.nginxDebug` | Enables debugging for NGINX. Uses the `nginx-debug` binary. Requires `error-log-level: debug` in the ConfigMap via `controller.config.entries`. | false +`controller.logLevel` | The log level of the Ingress Controller. | 1 +`controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress +`controller.image.tag` | The tag of the Ingress Controller image. | 2.2.0 +`controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent +`controller.config.name` | The name of the ConfigMap used by the Ingress Controller. | Autogenerated +`controller.config.annotations` | The annotations of the Ingress Controller configmap. | {} +`controller.config.entries` | The entries of the ConfigMap for customizing NGINX configuration. See [ConfigMap resource docs](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) for the list of supported ConfigMap keys. | {} +`controller.customPorts` | A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports. | [] +`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used. **Note:** It is recommended that you specify your own certificate. | A pre-generated self-signed certificate. +`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** If not specified, a pre-generated key is used. It is recommended that you specify your own key. | A pre-generated key. +`controller.defaultTLS.secret` | The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `/`. Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. | None +`controller.wildcardTLS.cert` | The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None +`controller.wildcardTLS.key` | The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None +`controller.wildcardTLS.secret` | The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. The value must follow the following format: `/`. Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters. | None +`controller.nodeSelector` | The node selector for pod assignment for the Ingress Controller pods. | {} +`controller.terminationGracePeriodSeconds` | The termination grace period of the Ingress Controller pod. | 30 +`controller.tolerations` | The tolerations of the Ingress Controller pods. | [] +`controller.affinity` | The affinity of the Ingress Controller pods. | {} +`controller.volumes` | The volumes of the Ingress Controller pods. | [] +`controller.volumeMounts` | The volumeMounts of the Ingress Controller pods. | [] +`controller.initContainers` | InitContainers for the Ingress Controller pods. | [] +`controller.extraContainers` | Extra (eg. sidecar) containers for the Ingress Controller pods. | [] +`controller.resources` | The resources of the Ingress Controller pods. | {} +`controller.replicaCount` | The number of replicas of the Ingress Controller deployment. | 1 +`controller.ingressClass` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of kubernetes. | nginx +`controller.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass`. | false +`controller.watchNamespace` | Namespace to watch for Ingress resources. By default the Ingress Controller watches all namespaces. | "" +`controller.enableCustomResources` | Enable the custom resources. | true +`controller.enablePreviewPolicies` | Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use `controller.enableOIDC` instead. | false +`controller.enableOIDC` | Enable OIDC policies. | false +`controller.enableTLSPassthrough` | Enable TLS Passthrough on port 443. Requires `controller.enableCustomResources`. | false +`controller.enableCertManager` | Enable x509 automated certificate management for VirtualServer resources using cert-manager (cert-manager.io). Requires `controller.enableCustomResources`. | false +`controller.globalConfiguration.create` | Creates the GlobalConfiguration custom resource. Requires `controller.enableCustomResources`. | false +`controller.globalConfiguration.spec` | The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller. | {} +`controller.enableSnippets` | Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. | false +`controller.healthStatus` | Add a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. Useful for external health-checking of the Ingress Controller. | false +`controller.healthStatusURI` | Sets the URI of health status location in the default server. Requires `controller.healthStatus`. | "/nginx-health" +`controller.nginxStatus.enable` | Enable the NGINX stub_status, or the NGINX Plus API. | true +`controller.nginxStatus.port` | Set the port where the NGINX stub_status or the NGINX Plus API is exposed. | 8080 +`controller.nginxStatus.allowCidrs` | Add IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. | 127.0.0.1,::1 +`controller.priorityClassName` | The PriorityClass of the Ingress Controller pods. | None +`controller.service.create` | Creates a service to expose the Ingress Controller pods. | true +`controller.service.type` | The type of service to create for the Ingress Controller. | LoadBalancer +`controller.service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | Local +`controller.service.annotations` | The annotations of the Ingress Controller service. | {} +`controller.service.extraLabels` | The extra labels of the service. | {} +`controller.service.loadBalancerIP` | The static IP address for the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | "" +`controller.service.externalIPs` | The list of external IPs for the Ingress Controller service. | [] +`controller.service.loadBalancerSourceRanges` | The IP ranges (CIDR) that are allowed to access the load balancer. Requires `controller.service.type` set to `LoadBalancer`. The cloud provider must support this feature. | [] +`controller.service.name` | The name of the service. | Autogenerated +`controller.service.customPorts` | A list of custom ports to expose through the Ingress Controller service. Follows the conventional Kubernetes yaml syntax for service ports. | [] +`controller.service.httpPort.enable` | Enables the HTTP port for the Ingress Controller service. | true +`controller.service.httpPort.port` | The HTTP port of the Ingress Controller service. | 80 +`controller.service.httpPort.nodePort` | The custom NodePort for the HTTP port. Requires `controller.service.type` set to `NodePort`. | "" +`controller.service.httpPort.targetPort` | The target port of the HTTP port of the Ingress Controller service. | 80 +`controller.service.httpsPort.enable` | Enables the HTTPS port for the Ingress Controller service. | true +`controller.service.httpsPort.port` | The HTTPS port of the Ingress Controller service. | 443 +`controller.service.httpsPort.nodePort` | The custom NodePort for the HTTPS port. Requires `controller.service.type` set to `NodePort`. | "" +`controller.service.httpsPort.targetPort` | The target port of the HTTPS port of the Ingress Controller service. | 443 +`controller.serviceAccount.name` | The name of the service account of the Ingress Controller pods. Used for RBAC. | Autogenerated +`controller.serviceAccount.imagePullSecretName` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. | "" +`controller.reportIngressStatus.enable` | Updates the address field in the status of Ingress resources with an external address of the Ingress Controller. You must also specify the source of the external address either through an external service via `controller.reportIngressStatus.externalService`, `controller.reportIngressStatus.ingressLink` or the `external-status-address` entry in the ConfigMap via `controller.config.entries`. **Note:** `controller.config.entries.external-status-address` takes precedence over the others. | true +`controller.reportIngressStatus.externalService` | Specifies the name of the service with the type LoadBalancer through which the Ingress Controller is exposed externally. The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. The default is autogenerated and enabled when `controller.service.create` is set to `true` and `controller.service.type` is set to `LoadBalancer`. | Autogenerated +`controller.reportIngressStatus.ingressLink` | Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. `controller.reportIngressStatus.enable` must be set to `true`. | "" +`controller.reportIngressStatus.enableLeaderElection` | Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. `controller.reportIngressStatus.enable` must be set to `true`. | true +`controller.reportIngressStatus.leaderElectionLockName` | Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true. | Autogenerated +`controller.reportIngressStatus.annotations` | The annotations of the leader election configmap. | {} +`controller.pod.annotations` | The annotations of the Ingress Controller pod. | {} +`controller.pod.extraLabels` | The additional extra labels of the Ingress Controller pod. | {} +`controller.appprotect.enable` | Enables the App Protect module in the Ingress Controller. | false +`controller.appprotectdos.enable` | Enables the App Protect DoS module in the Ingress Controller. | false +`controller.appprotectdos.debug` | Enable debugging for App Protect DoS. | false +`controller.appprotectdos.maxDaemons` | Max number of ADMD instances. | 1 +`controller.appprotectdos.maxWorkers` | Max number of nginx processes to support. | Number of CPU cores in the machine +`controller.appprotectdos.memory` | RAM memory size to consume in MB. | 50% of free RAM in the container or 80MB, the smaller +`controller.readyStatus.enable` | Enables the readiness endpoint `"/nginx-ready"`. The endpoint returns a success code when NGINX has loaded all the config after the startup. This also configures a readiness probe for the Ingress Controller pods that uses the readiness endpoint. | true +`controller.readyStatus.port` | The HTTP port for the readiness endpoint. | 8081 +`controller.enableLatencyMetrics` | Enable collection of latency metrics for upstreams. Requires `prometheus.create`. | false +`rbac.create` | Configures RBAC. | true +`prometheus.create` | Expose NGINX or NGINX Plus metrics in the Prometheus format. | false +`prometheus.port` | Configures the port to scrape the metrics. | 9113 +`prometheus.scheme` | Configures the HTTP scheme to use for connections to the Prometheus endpoint. | http +`prometheus.secret` | The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Prometheus endpoint with TLS connections. | "" +`nginxServiceMesh.enable` | Enable integration with NGINX Service Mesh. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/) for more details. Requires `controller.nginxplus`. | false +`nginxServiceMesh.enableEgress` | Enable NGINX Service Mesh workloads to route egress traffic through the Ingress Controller. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/#enabling-egress) for more details. Requires `nginxServiceMesh.enable`. | false + +## Notes +* The values-icp.yaml file is used for deploying the Ingress Controller on IBM Cloud Private. See the [blog post](https://www.nginx.com/blog/nginx-ingress-controller-ibm-cloud-private/) for more details. +* The values-nsm.yaml file is used for deploying the Ingress Controller with NGINX Service Mesh. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/) for more details. diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/app-readme.md b/charts/nginx-ingress/nginx-ingress/0.13.0/app-readme.md new file mode 100644 index 000000000..0824f4c0f --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/app-readme.md @@ -0,0 +1,15 @@ +# NGINX Ingress Controller + +The [NGINX Ingress Controller](https://github.com/nginxinc/kubernetes-ingress) for Kubernetes provides an enterprise‑grade implementation of an Ingress controller for NGINX and NGINX Plus for Kubernetes applications. + +The Ingress controller is an application that runs in a cluster and configures an HTTP load balancer according to Ingress resources. The load balancer can be a software load balancer running in the cluster or a hardware or cloud load balancer running externally. Different load balancers require different Ingress controller implementations. + +In the case of NGINX, the Ingress controller is deployed in a pod along with the load balancer. + +NGINX Ingress controller works with both NGINX and NGINX Plus and supports the standard Ingress features - content-based routing and TLS/SSL termination. + +Additionally, several NGINX and NGINX Plus features are available as extensions to the Ingress resource via annotations and the ConfigMap resource. In addition to HTTP, NGINX Ingress controller supports load balancing Websocket, gRPC, TCP and UDP applications. See ConfigMap and Annotations docs to learn more about the supported features and customization options. + +As an alternative to the Ingress, NGINX Ingress controller supports the VirtualServer and VirtualServerRoute resources. They enable use cases not supported with the Ingress resource, such as traffic splitting and advanced content-based routing. + +TCP, UDP and TLS Passthrough load balancing is also supported. diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotect.f5.com_aplogconfs.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotect.f5.com_aplogconfs.yaml new file mode 100644 index 000000000..c06e46cb2 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotect.f5.com_aplogconfs.yaml @@ -0,0 +1,65 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: aplogconfs.appprotect.f5.com +spec: + group: appprotect.f5.com + names: + kind: APLogConf + listKind: APLogConfList + plural: aplogconfs + singular: aplogconf + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: APLogConf is the Schema for the APLogConfs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: APLogConfSpec defines the desired state of APLogConf + properties: + content: + properties: + format: + enum: + - splunk + - arcsight + - default + - user-defined + - grpc + type: string + format_string: + type: string + max_message_size: + pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$ + type: string + max_request_size: + pattern: ^([1-9]|[1-9][0-9]|[1-9][0-9]{2}|1[0-9]{3}|20[1-3][0-9]|204[1-8]|any)$ + type: string + type: object + filter: + properties: + request_type: + enum: + - all + - illegal + - blocked + type: string + type: object + type: object + type: object + served: true + storage: true diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotect.f5.com_appolicies.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotect.f5.com_appolicies.yaml new file mode 100644 index 000000000..ac4c6c31e --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotect.f5.com_appolicies.yaml @@ -0,0 +1,1901 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: appolicies.appprotect.f5.com +spec: + group: appprotect.f5.com + names: + kind: APPolicy + listKind: APPolicyList + plural: appolicies + singular: appolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: APPolicyConfig is the Schema for the APPolicyconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: APPolicySpec defines the desired state of APPolicy + properties: + modifications: + items: + properties: + action: + type: string + description: + type: string + entity: + properties: + name: + type: string + type: object + entityChanges: + properties: + type: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + modificationsReference: + properties: + link: + pattern: ^http + type: string + type: object + policy: + description: Defines the App Protect policy + properties: + applicationLanguage: + enum: + - iso-8859-10 + - iso-8859-6 + - windows-1255 + - auto-detect + - koi8-r + - gb18030 + - iso-8859-8 + - windows-1250 + - iso-8859-9 + - windows-1252 + - iso-8859-16 + - gb2312 + - iso-8859-2 + - iso-8859-5 + - windows-1257 + - windows-1256 + - iso-8859-13 + - windows-874 + - windows-1253 + - iso-8859-3 + - euc-jp + - utf-8 + - gbk + - windows-1251 + - big5 + - iso-8859-1 + - shift_jis + - euc-kr + - iso-8859-4 + - iso-8859-7 + - iso-8859-15 + type: string + blocking-settings: + properties: + evasions: + items: + properties: + description: + enum: + - '%u decoding' + - Apache whitespace + - Bad unescape + - Bare byte decoding + - Directory traversals + - IIS backslashes + - IIS Unicode codepoints + - Multiple decoding + type: string + enabled: + type: boolean + maxDecodingPasses: + type: integer + type: object + type: array + http-protocols: + items: + properties: + description: + enum: + - Unescaped space in URL + - Unparsable request content + - Several Content-Length headers + - 'POST request with Content-Length: 0' + - Null in request + - No Host header in HTTP/1.1 request + - Multiple host headers + - Host header contains IP address + - High ASCII characters in headers + - Header name with no header value + - CRLF characters before request start + - Content length should be a positive number + - Chunked request with Content-Length header + - Check maximum number of parameters + - Check maximum number of headers + - Body in GET or HEAD requests + - Bad multipart/form-data request parsing + - Bad multipart parameters parsing + - Bad HTTP version + - Bad host header value + type: string + enabled: + type: boolean + maxHeaders: + type: integer + maxParams: + type: integer + type: object + type: array + violations: + items: + properties: + alarm: + type: boolean + block: + type: boolean + description: + type: string + name: + enum: + - VIOL_GRPC_FORMAT + - VIOL_GRPC_MALFORMED + - VIOL_GRPC_METHOD + - VIOL_PARAMETER_ARRAY_VALUE + - VIOL_PARAMETER_VALUE_REGEXP + - VIOL_CSRF + - VIOL_PARAMETER_VALUE_BASE64 + - VIOL_MANDATORY_HEADER + - VIOL_HEADER_REPEATED + - VIOL_ASM_COOKIE_MODIFIED + - VIOL_BLACKLISTED_IP + - VIOL_COOKIE_EXPIRED + - VIOL_COOKIE_LENGTH + - VIOL_COOKIE_MALFORMED + - VIOL_COOKIE_MODIFIED + - VIOL_DATA_GUARD + - VIOL_ENCODING + - VIOL_EVASION + - VIOL_FILETYPE + - VIOL_FILE_UPLOAD + - VIOL_FILE_UPLOAD_IN_BODY + - VIOL_HEADER_LENGTH + - VIOL_HEADER_METACHAR + - VIOL_HTTP_PROTOCOL + - VIOL_HTTP_RESPONSE_STATUS + - VIOL_JSON_FORMAT + - VIOL_JSON_MALFORMED + - VIOL_JSON_SCHEMA + - VIOL_MANDATORY_PARAMETER + - VIOL_MANDATORY_REQUEST_BODY + - VIOL_METHOD + - VIOL_PARAMETER + - VIOL_PARAMETER_DATA_TYPE + - VIOL_PARAMETER_EMPTY_VALUE + - VIOL_PARAMETER_LOCATION + - VIOL_PARAMETER_MULTIPART_NULL_VALUE + - VIOL_PARAMETER_NAME_METACHAR + - VIOL_PARAMETER_NUMERIC_VALUE + - VIOL_PARAMETER_REPEATED + - VIOL_PARAMETER_STATIC_VALUE + - VIOL_PARAMETER_VALUE_LENGTH + - VIOL_PARAMETER_VALUE_METACHAR + - VIOL_POST_DATA_LENGTH + - VIOL_QUERY_STRING_LENGTH + - VIOL_RATING_THREAT + - VIOL_RATING_NEED_EXAMINATION + - VIOL_REQUEST_MAX_LENGTH + - VIOL_REQUEST_LENGTH + - VIOL_THREAT_CAMPAIGN + - VIOL_URL + - VIOL_URL_CONTENT_TYPE + - VIOL_URL_LENGTH + - VIOL_URL_METACHAR + - VIOL_XML_FORMAT + - VIOL_XML_MALFORMED + type: string + type: object + type: array + type: object + blockingSettingReference: + properties: + link: + pattern: ^http + type: string + type: object + bot-defense: + properties: + mitigations: + properties: + anomalies: + items: + properties: + $action: + enum: + - delete + type: string + action: + enum: + - alarm + - block + - default + - detect + - ignore + type: string + name: + type: string + scoreThreshold: + pattern: '[0-9]|[1-9][0-9]|1[0-4][0-9]|150|default' + type: string + type: object + type: array + browsers: + items: + properties: + $action: + enum: + - delete + type: string + action: + enum: + - alarm + - block + - detect + type: string + browserDefinition: + properties: + $action: + enum: + - delete + type: string + isUserDefined: + type: boolean + matchRegex: + type: string + matchString: + type: string + name: + type: string + type: object + maxVersion: + maximum: 2147483647 + minimum: 0 + type: integer + minVersion: + maximum: 2147483647 + minimum: 0 + type: integer + name: + type: string + type: object + type: array + classes: + items: + properties: + action: + enum: + - alarm + - block + - detect + - ignore + type: string + name: + enum: + - browser + - malicious-bot + - suspicious-browser + - trusted-bot + - unknown + - untrusted-bot + type: string + type: object + type: array + signatures: + items: + properties: + $action: + enum: + - delete + type: string + action: + enum: + - alarm + - block + - detect + - ignore + type: string + name: + type: string + type: object + type: array + type: object + settings: + properties: + isEnabled: + type: boolean + type: object + type: object + browser-definitions: + items: + properties: + $action: + enum: + - delete + type: string + isUserDefined: + type: boolean + matchRegex: + type: string + matchString: + type: string + name: + type: string + type: object + type: array + caseInsensitive: + type: boolean + character-sets: + items: + properties: + characterSet: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + characterSetType: + enum: + - gwt-content + - header + - json-content + - parameter-name + - parameter-value + - plain-text-content + - url + - xml-content + type: string + type: object + type: array + characterSetReference: + properties: + link: + pattern: ^http + type: string + type: object + cookie-settings: + properties: + maximumCookieHeaderLength: + pattern: any|\d+ + type: string + type: object + cookieReference: + properties: + link: + pattern: ^http + type: string + type: object + cookieSettingsReference: + properties: + link: + pattern: ^http + type: string + type: object + cookies: + items: + properties: + $action: + enum: + - delete + type: string + accessibleOnlyThroughTheHttpProtocol: + type: boolean + attackSignaturesCheck: + type: boolean + decodeValueAsBase64: + enum: + - enabled + - disabled + - required + type: string + enforcementType: + type: string + insertSameSiteAttribute: + enum: + - lax + - none + - none-value + - strict + type: string + name: + type: string + securedOverHttpsConnection: + type: boolean + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + type: + enum: + - explicit + - wildcard + type: string + wildcardOrder: + type: integer + type: object + type: array + csrf-protection: + properties: + enabled: + type: boolean + expirationTimeInSeconds: + pattern: disabled|\d+ + type: string + sslOnly: + type: boolean + type: object + csrf-urls: + items: + properties: + $action: + enum: + - delete + type: string + enforcementAction: + enum: + - verify-origin + - none + type: string + method: + enum: + - GET + - POST + - any + type: string + url: + type: string + wildcardOrder: + type: integer + type: object + type: array + data-guard: + properties: + creditCardNumbers: + type: boolean + enabled: + type: boolean + enforcementMode: + enum: + - ignore-urls-in-list + - enforce-urls-in-list + type: string + enforcementUrls: + items: + type: string + type: array + lastCcnDigitsToExpose: + type: integer + lastSsnDigitsToExpose: + type: integer + maskData: + type: boolean + usSocialSecurityNumbers: + type: boolean + type: object + dataGuardReference: + properties: + link: + pattern: ^http + type: string + type: object + description: + type: string + enablePassiveMode: + type: boolean + enforcementMode: + enum: + - transparent + - blocking + type: string + enforcer-settings: + properties: + enforcerStateCookies: + properties: + httpOnlyAttribute: + type: boolean + sameSiteAttribute: + enum: + - lax + - none + - none-value + - strict + type: string + secureAttribute: + enum: + - always + - never + type: string + type: object + type: object + filetypeReference: + properties: + link: + pattern: ^http + type: string + type: object + filetypes: + items: + properties: + $action: + enum: + - delete + type: string + allowed: + type: boolean + checkPostDataLength: + type: boolean + checkQueryStringLength: + type: boolean + checkRequestLength: + type: boolean + checkUrlLength: + type: boolean + name: + type: string + postDataLength: + type: integer + queryStringLength: + type: integer + requestLength: + type: integer + responseCheck: + type: boolean + type: + enum: + - explicit + - wildcard + type: string + urlLength: + type: integer + wildcardOrder: + type: integer + type: object + type: array + fullPath: + type: string + general: + properties: + allowedResponseCodes: + items: + format: int32 + maximum: 999 + minimum: 100 + type: integer + type: array + customXffHeaders: + items: + type: string + type: array + maskCreditCardNumbersInRequest: + type: boolean + trustXff: + type: boolean + type: object + generalReference: + properties: + link: + pattern: ^http + type: string + type: object + grpc-profiles: + items: + properties: + $action: + enum: + - delete + type: string + associateUrls: + type: boolean + attackSignaturesCheck: + type: boolean + defenseAttributes: + properties: + allowUnknownFields: + type: boolean + maximumDataLength: + pattern: any|\d+ + type: string + type: object + description: + type: string + hasIdlFiles: + type: boolean + idlFiles: + items: + properties: + idlFile: + properties: + contents: + type: string + fileName: + type: string + isBase64: + type: boolean + type: object + importUrl: + type: string + isPrimary: + type: boolean + primaryIdlFileName: + type: string + type: object + type: array + metacharElementCheck: + type: boolean + name: + type: string + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + type: object + type: array + header-settings: + properties: + maximumHttpHeaderLength: + pattern: any|\d+ + type: string + type: object + headerReference: + properties: + link: + pattern: ^http + type: string + type: object + headerSettingsReference: + properties: + link: + pattern: ^http + type: string + type: object + headers: + items: + properties: + $action: + enum: + - delete + type: string + allowRepeatedOccurrences: + type: boolean + base64Decoding: + type: boolean + checkSignatures: + type: boolean + decodeValueAsBase64: + enum: + - enabled + - disabled + - required + type: string + htmlNormalization: + type: boolean + mandatory: + type: boolean + maskValueInLogs: + type: boolean + name: + type: string + normalizationViolations: + type: boolean + percentDecoding: + type: boolean + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + type: + enum: + - explicit + - wildcard + type: string + urlNormalization: + type: boolean + wildcardOrder: + type: integer + type: object + type: array + host-names: + items: + properties: + $action: + enum: + - delete + type: string + includeSubdomains: + type: boolean + name: + type: string + type: object + type: array + idl-files: + items: + properties: + contents: + type: string + fileName: + type: string + isBase64: + type: boolean + type: object + type: array + json-profiles: + items: + properties: + $action: + enum: + - delete + type: string + attackSignaturesCheck: + type: boolean + defenseAttributes: + properties: + maximumArrayLength: + pattern: any|\d+ + type: string + maximumStructureDepth: + pattern: any|\d+ + type: string + maximumTotalLengthOfJSONData: + pattern: any|\d+ + type: string + maximumValueLength: + pattern: any|\d+ + type: string + tolerateJSONParsingWarnings: + type: boolean + type: object + description: + type: string + handleJsonValuesAsParameters: + type: boolean + hasValidationFiles: + type: boolean + metacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + name: + type: string + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + validationFiles: + items: + properties: + importUrl: + type: string + isPrimary: + type: boolean + jsonValidationFile: + properties: + $action: + enum: + - delete + type: string + contents: + type: string + fileName: + type: string + isBase64: + type: boolean + type: object + type: object + type: array + type: object + type: array + json-validation-files: + items: + properties: + $action: + enum: + - delete + type: string + contents: + type: string + fileName: + type: string + isBase64: + type: boolean + type: object + type: array + jsonProfileReference: + properties: + link: + pattern: ^http + type: string + type: object + jsonValidationFileReference: + properties: + link: + pattern: ^http + type: string + type: object + methodReference: + properties: + link: + pattern: ^http + type: string + type: object + methods: + items: + properties: + $action: + enum: + - delete + type: string + name: + type: string + type: object + type: array + name: + type: string + open-api-files: + items: + properties: + link: + pattern: ^http + type: string + type: object + type: array + parameterReference: + properties: + link: + pattern: ^http + type: string + type: object + parameters: + items: + properties: + $action: + enum: + - delete + type: string + allowEmptyValue: + type: boolean + allowRepeatedParameterName: + type: boolean + arraySerializationFormat: + enum: + - csv + - form + - label + - matrix + - multi + - multipart + - pipe + - ssv + - tsv + type: string + attackSignaturesCheck: + type: boolean + checkMaxValue: + type: boolean + checkMaxValueLength: + type: boolean + checkMetachars: + type: boolean + checkMinValue: + type: boolean + checkMinValueLength: + type: boolean + checkMultipleOfValue: + type: boolean + contentProfile: + properties: + name: + type: string + type: object + dataType: + enum: + - alpha-numeric + - binary + - boolean + - decimal + - email + - integer + - none + - phone + type: string + decodeValueAsBase64: + enum: + - enabled + - disabled + - required + type: string + disallowFileUploadOfExecutables: + type: boolean + enableRegularExpression: + type: boolean + exclusiveMax: + type: boolean + exclusiveMin: + type: boolean + isBase64: + type: boolean + isCookie: + type: boolean + isHeader: + type: boolean + level: + enum: + - global + - url + type: string + mandatory: + type: boolean + maximumLength: + type: integer + maximumValue: + type: integer + metacharsOnParameterValueCheck: + type: boolean + minimumLength: + type: integer + minimumValue: + type: integer + multipleOf: + type: integer + name: + type: string + nameMetacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + objectSerializationStyle: + type: string + parameterEnumValues: + items: + type: string + type: array + parameterLocation: + enum: + - any + - cookie + - form-data + - header + - path + - query + type: string + regularExpression: + type: string + sensitiveParameter: + type: boolean + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + staticValues: + type: string + type: + enum: + - explicit + - wildcard + type: string + url: + type: object + valueMetacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + valueType: + enum: + - array + - auto-detect + - dynamic-content + - dynamic-parameter-name + - ignore + - json + - object + - openapi-array + - static-content + - user-input + - xml + type: string + wildcardOrder: + type: integer + type: object + type: array + response-pages: + items: + properties: + ajaxActionType: + enum: + - alert-popup + - custom + - redirect + type: string + ajaxCustomContent: + type: string + ajaxEnabled: + type: boolean + ajaxPopupMessage: + type: string + ajaxRedirectUrl: + type: string + grpcStatusCode: + pattern: ABORTED|ALREADY_EXISTS|CANCELLED|DATA_LOSS|DEADLINE_EXCEEDED|FAILED_PRECONDITION|INTERNAL|INVALID_ARGUMENT|NOT_FOUND|OK|OUT_OF_RANGE|PERMISSION_DENIED|RESOURCE_EXHAUSTED|UNAUTHENTICATED|UNAVAILABLE|UNIMPLEMENTED|UNKNOWN|d+ + type: string + grpcStatusMessage: + type: string + responseActionType: + enum: + - custom + - default + - erase-cookies + - redirect + - soap-fault + type: string + responseContent: + type: string + responseHeader: + type: string + responsePageType: + enum: + - ajax + - ajax-login + - captcha + - captcha-fail + - default + - failed-login-honeypot + - failed-login-honeypot-ajax + - hijack + - leaked-credentials + - leaked-credentials-ajax + - mobile + - persistent-flow + - xml + - grpc + type: string + responseRedirectUrl: + type: string + type: object + type: array + responsePageReference: + properties: + link: + pattern: ^http + type: string + type: object + sensitive-parameters: + items: + properties: + $action: + enum: + - delete + type: string + name: + type: string + type: object + type: array + sensitiveParameterReference: + properties: + link: + pattern: ^http + type: string + type: object + server-technologies: + items: + properties: + $action: + enum: + - delete + type: string + serverTechnologyName: + enum: + - Jenkins + - SharePoint + - Oracle Application Server + - Python + - Oracle Identity Manager + - Spring Boot + - CouchDB + - SQLite + - Handlebars + - Mustache + - Prototype + - Zend + - Redis + - Underscore.js + - Ember.js + - ZURB Foundation + - ef.js + - Vue.js + - UIKit + - TYPO3 CMS + - RequireJS + - React + - MooTools + - Laravel + - GraphQL + - Google Web Toolkit + - Express.js + - CodeIgniter + - Backbone.js + - AngularJS + - JavaScript + - Nginx + - Jetty + - Joomla + - JavaServer Faces (JSF) + - Ruby + - MongoDB + - Django + - Node.js + - Citrix + - JBoss + - Elasticsearch + - Apache Struts + - XML + - PostgreSQL + - IBM DB2 + - Sybase/ASE + - CGI + - Proxy Servers + - SSI (Server Side Includes) + - Cisco + - Novell + - Macromedia JRun + - BEA Systems WebLogic Server + - Lotus Domino + - MySQL + - Oracle + - Microsoft SQL Server + - PHP + - Outlook Web Access + - Apache/NCSA HTTP Server + - Apache Tomcat + - WordPress + - Macromedia ColdFusion + - Unix/Linux + - Microsoft Windows + - ASP.NET + - Front Page Server Extensions (FPSE) + - IIS + - WebDAV + - ASP + - Java Servlets/JSP + - jQuery + type: string + type: object + type: array + serverTechnologyReference: + properties: + link: + pattern: ^http + type: string + type: object + signature-requirements: + items: + properties: + $action: + enum: + - delete + type: string + tag: + type: string + type: object + type: array + signature-sets: + items: + properties: + $action: + enum: + - delete + type: string + alarm: + type: boolean + block: + type: boolean + name: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + signature-settings: + properties: + attackSignatureFalsePositiveMode: + enum: + - detect + - detect-and-allow + - disabled + type: string + minimumAccuracyForAutoAddedSignatures: + enum: + - high + - low + - medium + type: string + type: object + signatureReference: + properties: + link: + pattern: ^http + type: string + type: object + signatureSetReference: + properties: + link: + pattern: ^http + type: string + type: object + signatureSettingReference: + properties: + link: + pattern: ^http + type: string + type: object + signatures: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + softwareVersion: + type: string + template: + properties: + name: + type: string + type: object + threat-campaigns: + items: + properties: + isEnabled: + type: boolean + name: + type: string + type: object + type: array + threatCampaignReference: + properties: + link: + pattern: ^http + type: string + type: object + urlReference: + properties: + link: + pattern: ^http + type: string + type: object + urls: + items: + properties: + $action: + enum: + - delete + type: string + allowRenderingInFrames: + enum: + - never + - only-same + type: string + allowRenderingInFramesOnlyFrom: + type: string + attackSignaturesCheck: + type: boolean + clickjackingProtection: + type: boolean + description: + type: string + disallowFileUploadOfExecutables: + type: boolean + html5CrossOriginRequestsEnforcement: + properties: + allowOriginsEnforcementMode: + enum: + - replace-with + - unmodified + type: string + checkAllowedMethods: + type: boolean + crossDomainAllowedOrigin: + items: + properties: + includeSubDomains: + type: boolean + originName: + type: string + originPort: + pattern: any|\d+ + type: string + originProtocol: + enum: + - http + - http/https + - https + type: string + type: object + type: array + enforcementMode: + enum: + - disabled + - enforce + type: string + type: object + isAllowed: + type: boolean + mandatoryBody: + type: boolean + metacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + metacharsOnUrlCheck: + type: boolean + method: + enum: + - ACL + - BCOPY + - BDELETE + - BMOVE + - BPROPFIND + - BPROPPATCH + - CHECKIN + - CHECKOUT + - CONNECT + - COPY + - DELETE + - GET + - HEAD + - LINK + - LOCK + - MERGE + - MKCOL + - MKWORKSPACE + - MOVE + - NOTIFY + - OPTIONS + - PATCH + - POLL + - POST + - PROPFIND + - PROPPATCH + - PUT + - REPORT + - RPC_IN_DATA + - RPC_OUT_DATA + - SEARCH + - SUBSCRIBE + - TRACE + - TRACK + - UNLINK + - UNLOCK + - UNSUBSCRIBE + - VERSION_CONTROL + - X-MS-ENUMATTS + - '*' + type: string + methodOverrides: + items: + properties: + allowed: + type: boolean + method: + enum: + - ACL + - BCOPY + - BDELETE + - BMOVE + - BPROPFIND + - BPROPPATCH + - CHECKIN + - CHECKOUT + - CONNECT + - COPY + - DELETE + - GET + - HEAD + - LINK + - LOCK + - MERGE + - MKCOL + - MKWORKSPACE + - MOVE + - NOTIFY + - OPTIONS + - PATCH + - POLL + - POST + - PROPFIND + - PROPPATCH + - PUT + - REPORT + - RPC_IN_DATA + - RPC_OUT_DATA + - SEARCH + - SUBSCRIBE + - TRACE + - TRACK + - UNLINK + - UNLOCK + - UNSUBSCRIBE + - VERSION_CONTROL + - X-MS-ENUMATTS + type: string + type: object + type: array + methodsOverrideOnUrlCheck: + type: boolean + name: + type: string + operationId: + type: string + positionalParameters: + items: + properties: + parameter: + properties: + $action: + enum: + - delete + type: string + allowEmptyValue: + type: boolean + allowRepeatedParameterName: + type: boolean + arraySerializationFormat: + enum: + - csv + - form + - label + - matrix + - multi + - multipart + - pipe + - ssv + - tsv + type: string + attackSignaturesCheck: + type: boolean + checkMaxValue: + type: boolean + checkMaxValueLength: + type: boolean + checkMetachars: + type: boolean + checkMinValue: + type: boolean + checkMinValueLength: + type: boolean + checkMultipleOfValue: + type: boolean + contentProfile: + properties: + name: + type: string + type: object + dataType: + enum: + - alpha-numeric + - binary + - boolean + - decimal + - email + - integer + - none + - phone + type: string + decodeValueAsBase64: + enum: + - enabled + - disabled + - required + type: string + disallowFileUploadOfExecutables: + type: boolean + enableRegularExpression: + type: boolean + exclusiveMax: + type: boolean + exclusiveMin: + type: boolean + isBase64: + type: boolean + isCookie: + type: boolean + isHeader: + type: boolean + level: + enum: + - global + - url + type: string + mandatory: + type: boolean + maximumLength: + type: integer + maximumValue: + type: integer + metacharsOnParameterValueCheck: + type: boolean + minimumLength: + type: integer + minimumValue: + type: integer + multipleOf: + type: integer + name: + type: string + nameMetacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + objectSerializationStyle: + type: string + parameterEnumValues: + items: + type: string + type: array + parameterLocation: + enum: + - any + - cookie + - form-data + - header + - path + - query + type: string + regularExpression: + type: string + sensitiveParameter: + type: boolean + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + staticValues: + type: string + type: + enum: + - explicit + - wildcard + type: string + url: + type: object + valueMetacharOverrides: + items: + properties: + isAllowed: + type: boolean + metachar: + type: string + type: object + type: array + valueType: + enum: + - array + - auto-detect + - dynamic-content + - dynamic-parameter-name + - ignore + - json + - object + - openapi-array + - static-content + - user-input + - xml + type: string + wildcardOrder: + type: integer + type: object + urlSegmentIndex: + type: integer + type: object + type: array + protocol: + enum: + - http + - https + type: string + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + type: + enum: + - explicit + - wildcard + type: string + urlContentProfiles: + items: + properties: + contentProfile: + properties: + name: + type: string + type: object + headerName: + type: string + headerOrder: + type: string + headerValue: + type: string + name: + type: string + type: + enum: + - apply-content-signatures + - apply-value-and-content-signatures + - disallow + - do-nothing + - form-data + - gwt + - json + - xml + - grpc + type: string + type: object + type: array + wildcardOrder: + type: integer + type: object + type: array + whitelist-ips: + items: + properties: + $action: + enum: + - delete + type: string + blockRequests: + enum: + - always + - never + - policy-default + type: string + ipAddress: + pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' + type: string + ipMask: + pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' + type: string + neverLogRequests: + type: boolean + type: object + type: array + whitelistIpReference: + properties: + link: + pattern: ^http + type: string + type: object + xml-profiles: + items: + properties: + $action: + enum: + - delete + type: string + attackSignaturesCheck: + type: boolean + defenseAttributes: + properties: + allowCDATA: + type: boolean + allowDTDs: + type: boolean + allowExternalReferences: + type: boolean + allowProcessingInstructions: + type: boolean + maximumAttributeValueLength: + pattern: any|\d+ + type: string + maximumAttributesPerElement: + pattern: any|\d+ + type: string + maximumChildrenPerElement: + pattern: any|\d+ + type: string + maximumDocumentDepth: + pattern: any|\d+ + type: string + maximumDocumentSize: + pattern: any|\d+ + type: string + maximumElements: + pattern: any|\d+ + type: string + maximumNSDeclarations: + pattern: any|\d+ + type: string + maximumNameLength: + pattern: any|\d+ + type: string + maximumNamespaceLength: + pattern: any|\d+ + type: string + tolerateCloseTagShorthand: + type: boolean + tolerateLeadingWhiteSpace: + type: boolean + tolerateNumericNames: + type: boolean + type: object + description: + type: string + enableWss: + type: boolean + followSchemaLinks: + type: boolean + name: + type: string + signatureOverrides: + items: + properties: + enabled: + type: boolean + name: + type: string + signatureId: + type: integer + tag: + type: string + type: object + type: array + type: object + type: array + xml-validation-files: + items: + properties: + $action: + enum: + - delete + type: string + contents: + type: string + fileName: + type: string + isBase64: + type: boolean + type: object + type: array + xmlProfileReference: + properties: + link: + pattern: ^http + type: string + type: object + xmlValidationFileReference: + properties: + link: + pattern: ^http + type: string + type: object + type: object + type: object + type: object + served: true + storage: true diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotect.f5.com_apusersigs.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotect.f5.com_apusersigs.yaml new file mode 100644 index 000000000..044eeb456 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotect.f5.com_apusersigs.yaml @@ -0,0 +1,93 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: apusersigs.appprotect.f5.com +spec: + group: appprotect.f5.com + names: + kind: APUserSig + listKind: APUserSigList + plural: apusersigs + singular: apusersig + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: APUserSig is the Schema for the apusersigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: APUserSigSpec defines the desired state of APUserSig + properties: + properties: + type: string + signatures: + items: + properties: + accuracy: + enum: + - high + - medium + - low + type: string + attackType: + properties: + name: + type: string + type: object + description: + type: string + name: + type: string + references: + properties: + type: + enum: + - bugtraq + - cve + - nessus + - url + type: string + value: + type: string + type: object + risk: + enum: + - high + - medium + - low + type: string + rule: + type: string + signatureType: + enum: + - request + - response + type: string + systems: + items: + properties: + name: + type: string + type: object + type: array + type: object + type: array + tag: + type: string + type: object + type: object + served: true + storage: true diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotectdos.f5.com_apdoslogconfs.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotectdos.f5.com_apdoslogconfs.yaml new file mode 100644 index 000000000..d41efc534 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotectdos.f5.com_apdoslogconfs.yaml @@ -0,0 +1,70 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: apdoslogconfs.appprotectdos.f5.com +spec: + group: appprotectdos.f5.com + names: + kind: APDosLogConf + listKind: APDosLogConfList + plural: apdoslogconfs + singular: apdoslogconf + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: APDosLogConf is the Schema for the APDosLogConfs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: APDosLogConfSpec defines the desired state of APDosLogConf + properties: + content: + properties: + format: + enum: + - splunk + - arcsight + - user-defined + default: splunk + type: string + format_string: + type: string + max_message_size: + pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$ + default: 5k + type: string + type: object + filter: + properties: + traffic-mitigation-stats: + enum: + - none + - all + default: all + type: string + bad-actors: + pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$ + default: top 10 + type: string + attack-signatures: + pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$ + default: top 10 + type: string + type: object + type: object + type: object + served: true + storage: true diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotectdos.f5.com_apdospolicy.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotectdos.f5.com_apdospolicy.yaml new file mode 100644 index 000000000..cc5b9bd16 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotectdos.f5.com_apdospolicy.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: apdospolicies.appprotectdos.f5.com +spec: + group: appprotectdos.f5.com + names: + kind: APDosPolicy + listKind: APDosPoliciesList + plural: apdospolicies + singular: apdospolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + description: APDosPolicy is the Schema for the APDosPolicy API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + description: APDosPolicySpec defines the desired state of APDosPolicy + properties: + mitigation_mode: + enum: + - "standard" + - "conservative" + - "none" + default: "standard" + type: string + signatures: + enum: + - "on" + - "off" + default: "on" + type: string + bad_actors: + enum: + - "on" + - "off" + default: "on" + type: string + automation_tools_detection: + enum: + - "on" + - "off" + default: "on" + type: string + tls_fingerprint: + enum: + - "on" + - "off" + default: "on" + type: string + served: true + storage: true diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotectdos.f5.com_dosprotectedresources.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotectdos.f5.com_dosprotectedresources.yaml new file mode 100644 index 000000000..0c6f16b97 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/appprotectdos.f5.com_dosprotectedresources.yaml @@ -0,0 +1,87 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: dosprotectedresources.appprotectdos.f5.com +spec: + group: appprotectdos.f5.com + names: + kind: DosProtectedResource + listKind: DosProtectedResourceList + plural: dosprotectedresources + shortNames: + - pr + singular: dosprotectedresource + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: DosProtectedResource defines a Dos protected resource. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DosProtectedResourceSpec deines the properties and values a DosProtectedResource can have. + type: object + properties: + apDosMonitor: + description: 'ApDosMonitor is how NGINX App Protect DoS monitors the stress level of the protected object. The monitor requests are sent from localhost (127.0.0.1). Default value: URI - None, protocol - http1, timeout - NGINX App Protect DoS default.' + type: object + properties: + protocol: + description: Protocol determines if the server listens on http1 / http2 / grpc. The default is http1. + type: string + enum: + - http1 + - http2 + - grpc + timeout: + description: Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc. + type: integer + format: int64 + uri: + description: 'URI is the destination to the desired protected object in the nginx.conf:' + type: string + apDosPolicy: + description: ApDosPolicy is the namespace/name of a ApDosPolicy resource + type: string + dosAccessLogDest: + description: DosAccessLogDest is the network address for the access logs + type: string + dosSecurityLog: + description: DosSecurityLog defines the security log of the DosProtectedResource. + type: object + properties: + apDosLogConf: + description: ApDosLogConf is the namespace/name of a APDosLogConf resource + type: string + dosLogDest: + description: DosLogDest is the network address of a logging service, can be either IP or DNS name. + type: string + enable: + description: Enable enables the security logging feature if set to true + type: boolean + enable: + description: Enable enables the DOS feature if set to true + type: boolean + name: + description: Name is the name of protected object, max of 63 characters. + type: string + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_globalconfigurations.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_globalconfigurations.yaml new file mode 100644 index 000000000..a91be58f3 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_globalconfigurations.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: globalconfigurations.k8s.nginx.org +spec: + group: k8s.nginx.org + names: + kind: GlobalConfiguration + listKind: GlobalConfigurationList + plural: globalconfigurations + shortNames: + - gc + singular: globalconfiguration + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: GlobalConfiguration defines the GlobalConfiguration resource. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GlobalConfigurationSpec is the spec of the GlobalConfiguration resource. + type: object + properties: + listeners: + type: array + items: + description: Listener defines a listener. + type: object + properties: + name: + type: string + port: + type: integer + protocol: + type: string + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_policies.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_policies.yaml new file mode 100644 index 000000000..05587bd0a --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_policies.yaml @@ -0,0 +1,274 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: policies.k8s.nginx.org +spec: + group: k8s.nginx.org + names: + kind: Policy + listKind: PolicyList + plural: policies + shortNames: + - pol + singular: policy + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Current state of the Policy. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller. + jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed. + type: object + properties: + accessControl: + description: AccessControl defines an access policy based on the source IP of a request. + type: object + properties: + allow: + type: array + items: + type: string + deny: + type: array + items: + type: string + egressMTLS: + description: EgressMTLS defines an Egress MTLS policy. + type: object + properties: + ciphers: + type: string + protocols: + type: string + serverName: + type: boolean + sessionReuse: + type: boolean + sslName: + type: string + tlsSecret: + type: string + trustedCertSecret: + type: string + verifyDepth: + type: integer + verifyServer: + type: boolean + ingressClassName: + type: string + ingressMTLS: + description: IngressMTLS defines an Ingress MTLS policy. + type: object + properties: + clientCertSecret: + type: string + verifyClient: + type: string + verifyDepth: + type: integer + jwt: + description: JWTAuth holds JWT authentication configuration. + type: object + properties: + realm: + type: string + secret: + type: string + token: + type: string + oidc: + description: OIDC defines an Open ID Connect policy. + type: object + properties: + authEndpoint: + type: string + clientID: + type: string + clientSecret: + type: string + jwksURI: + type: string + redirectURI: + type: string + scope: + type: string + tokenEndpoint: + type: string + rateLimit: + description: RateLimit defines a rate limit policy. + type: object + properties: + burst: + type: integer + delay: + type: integer + dryRun: + type: boolean + key: + type: string + logLevel: + type: string + noDelay: + type: boolean + rate: + type: string + rejectCode: + type: integer + zoneSize: + type: string + waf: + description: WAF defines an WAF policy. + type: object + properties: + apPolicy: + type: string + enable: + type: boolean + securityLog: + description: SecurityLog defines the security log of a WAF policy. + type: object + properties: + apLogConf: + type: string + enable: + type: boolean + logDest: + type: string + status: + description: PolicyStatus is the status of the policy resource + type: object + properties: + message: + type: string + reason: + type: string + state: + type: string + served: true + storage: true + subresources: + status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed. + type: object + properties: + accessControl: + description: AccessControl defines an access policy based on the source IP of a request. + type: object + properties: + allow: + type: array + items: + type: string + deny: + type: array + items: + type: string + egressMTLS: + description: EgressMTLS defines an Egress MTLS policy. + type: object + properties: + ciphers: + type: string + protocols: + type: string + serverName: + type: boolean + sessionReuse: + type: boolean + sslName: + type: string + tlsSecret: + type: string + trustedCertSecret: + type: string + verifyDepth: + type: integer + verifyServer: + type: boolean + ingressMTLS: + description: IngressMTLS defines an Ingress MTLS policy. + type: object + properties: + clientCertSecret: + type: string + verifyClient: + type: string + verifyDepth: + type: integer + jwt: + description: JWTAuth holds JWT authentication configuration. + type: object + properties: + realm: + type: string + secret: + type: string + token: + type: string + rateLimit: + description: RateLimit defines a rate limit policy. + type: object + properties: + burst: + type: integer + delay: + type: integer + dryRun: + type: boolean + key: + type: string + logLevel: + type: string + noDelay: + type: boolean + rate: + type: string + rejectCode: + type: integer + zoneSize: + type: string + served: true + storage: false +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_transportservers.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_transportservers.yaml new file mode 100644 index 000000000..66d43d200 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_transportservers.yaml @@ -0,0 +1,157 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: transportservers.k8s.nginx.org +spec: + group: k8s.nginx.org + names: + kind: TransportServer + listKind: TransportServerList + plural: transportservers + shortNames: + - ts + singular: transportserver + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Current state of the TransportServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller. + jsonPath: .status.state + name: State + type: string + - jsonPath: .status.reason + name: Reason + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: TransportServer defines the TransportServer resource. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TransportServerSpec is the spec of the TransportServer resource. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + host: + type: string + ingressClassName: + type: string + listener: + description: TransportServerListener defines a listener for a TransportServer. + type: object + properties: + name: + type: string + protocol: + type: string + serverSnippets: + type: string + sessionParameters: + description: SessionParameters defines session parameters. + type: object + properties: + timeout: + type: string + streamSnippets: + type: string + upstreamParameters: + description: UpstreamParameters defines parameters for an upstream. + type: object + properties: + connectTimeout: + type: string + nextUpstream: + type: boolean + nextUpstreamTimeout: + type: string + nextUpstreamTries: + type: integer + udpRequests: + type: integer + udpResponses: + type: integer + upstreams: + type: array + items: + description: Upstream defines an upstream. + type: object + properties: + failTimeout: + type: string + healthCheck: + description: HealthCheck defines the parameters for active Upstream HealthChecks. + type: object + properties: + enable: + type: boolean + fails: + type: integer + interval: + type: string + jitter: + type: string + match: + description: Match defines the parameters of a custom health check. + type: object + properties: + expect: + type: string + send: + type: string + passes: + type: integer + port: + type: integer + timeout: + type: string + loadBalancingMethod: + type: string + maxConns: + type: integer + maxFails: + type: integer + name: + type: string + port: + type: integer + service: + type: string + status: + description: TransportServerStatus defines the status for the TransportServer resource. + type: object + properties: + message: + type: string + reason: + type: string + state: + type: string + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_virtualserverroutes.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_virtualserverroutes.yaml new file mode 100644 index 000000000..f5c49febd --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_virtualserverroutes.yaml @@ -0,0 +1,635 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: virtualserverroutes.k8s.nginx.org +spec: + group: k8s.nginx.org + names: + kind: VirtualServerRoute + listKind: VirtualServerRouteList + plural: virtualserverroutes + shortNames: + - vsr + singular: virtualserverroute + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Current state of the VirtualServerRoute. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller. + jsonPath: .status.state + name: State + type: string + - jsonPath: .spec.host + name: Host + type: string + - jsonPath: .status.externalEndpoints[*].ip + name: IP + type: string + - jsonPath: .status.externalEndpoints[*].ports + name: Ports + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: VirtualServerRoute defines the VirtualServerRoute resource. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualServerRouteSpec is the spec of the VirtualServerRoute resource. + type: object + properties: + host: + type: string + ingressClassName: + type: string + subroutes: + type: array + items: + description: Route defines a route. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + proxy: + description: ActionProxy defines a proxy in an Action. + type: object + properties: + requestHeaders: + description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. + type: object + properties: + pass: + type: boolean + set: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + responseHeaders: + description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. + type: object + properties: + add: + type: array + items: + description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. + type: object + properties: + always: + type: boolean + name: + type: string + value: + type: string + hide: + type: array + items: + type: string + ignore: + type: array + items: + type: string + pass: + type: array + items: + type: string + rewritePath: + type: string + upstream: + type: string + redirect: + description: ActionRedirect defines a redirect in an Action. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ActionReturn defines a return in an Action. + type: object + properties: + body: + type: string + code: + type: integer + type: + type: string + dos: + type: string + errorPages: + type: array + items: + description: ErrorPage defines an ErrorPage in a Route. + type: object + properties: + codes: + type: array + items: + type: integer + redirect: + description: ErrorPageRedirect defines a redirect for an ErrorPage. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ErrorPageReturn defines a return for an ErrorPage. + type: object + properties: + body: + type: string + code: + type: integer + headers: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + type: + type: string + location-snippets: + type: string + matches: + type: array + items: + description: Match defines a match. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + proxy: + description: ActionProxy defines a proxy in an Action. + type: object + properties: + requestHeaders: + description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. + type: object + properties: + pass: + type: boolean + set: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + responseHeaders: + description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. + type: object + properties: + add: + type: array + items: + description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. + type: object + properties: + always: + type: boolean + name: + type: string + value: + type: string + hide: + type: array + items: + type: string + ignore: + type: array + items: + type: string + pass: + type: array + items: + type: string + rewritePath: + type: string + upstream: + type: string + redirect: + description: ActionRedirect defines a redirect in an Action. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ActionReturn defines a return in an Action. + type: object + properties: + body: + type: string + code: + type: integer + type: + type: string + conditions: + type: array + items: + description: Condition defines a condition in a MatchRule. + type: object + properties: + argument: + type: string + cookie: + type: string + header: + type: string + value: + type: string + variable: + type: string + splits: + type: array + items: + description: Split defines a split. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + proxy: + description: ActionProxy defines a proxy in an Action. + type: object + properties: + requestHeaders: + description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. + type: object + properties: + pass: + type: boolean + set: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + responseHeaders: + description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. + type: object + properties: + add: + type: array + items: + description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. + type: object + properties: + always: + type: boolean + name: + type: string + value: + type: string + hide: + type: array + items: + type: string + ignore: + type: array + items: + type: string + pass: + type: array + items: + type: string + rewritePath: + type: string + upstream: + type: string + redirect: + description: ActionRedirect defines a redirect in an Action. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ActionReturn defines a return in an Action. + type: object + properties: + body: + type: string + code: + type: integer + type: + type: string + weight: + type: integer + path: + type: string + policies: + type: array + items: + description: PolicyReference references a policy by name and an optional namespace. + type: object + properties: + name: + type: string + namespace: + type: string + route: + type: string + splits: + type: array + items: + description: Split defines a split. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + proxy: + description: ActionProxy defines a proxy in an Action. + type: object + properties: + requestHeaders: + description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. + type: object + properties: + pass: + type: boolean + set: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + responseHeaders: + description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. + type: object + properties: + add: + type: array + items: + description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. + type: object + properties: + always: + type: boolean + name: + type: string + value: + type: string + hide: + type: array + items: + type: string + ignore: + type: array + items: + type: string + pass: + type: array + items: + type: string + rewritePath: + type: string + upstream: + type: string + redirect: + description: ActionRedirect defines a redirect in an Action. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ActionReturn defines a return in an Action. + type: object + properties: + body: + type: string + code: + type: integer + type: + type: string + weight: + type: integer + upstreams: + type: array + items: + description: Upstream defines an upstream. + type: object + properties: + buffer-size: + type: string + buffering: + type: boolean + buffers: + description: UpstreamBuffers defines Buffer Configuration for an Upstream. + type: object + properties: + number: + type: integer + size: + type: string + client-max-body-size: + type: string + connect-timeout: + type: string + fail-timeout: + type: string + healthCheck: + description: HealthCheck defines the parameters for active Upstream HealthChecks. + type: object + properties: + connect-timeout: + type: string + enable: + type: boolean + fails: + type: integer + grpcService: + type: string + grpcStatus: + type: integer + headers: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + interval: + type: string + jitter: + type: string + mandatory: + type: boolean + passes: + type: integer + path: + type: string + persistent: + type: boolean + port: + type: integer + read-timeout: + type: string + send-timeout: + type: string + statusMatch: + type: string + tls: + description: UpstreamTLS defines a TLS configuration for an Upstream. + type: object + properties: + enable: + type: boolean + keepalive: + type: integer + lb-method: + type: string + max-conns: + type: integer + max-fails: + type: integer + name: + type: string + next-upstream: + type: string + next-upstream-timeout: + type: string + next-upstream-tries: + type: integer + ntlm: + type: boolean + port: + type: integer + queue: + description: UpstreamQueue defines Queue Configuration for an Upstream. + type: object + properties: + size: + type: integer + timeout: + type: string + read-timeout: + type: string + send-timeout: + type: string + service: + type: string + sessionCookie: + description: SessionCookie defines the parameters for session persistence. + type: object + properties: + domain: + type: string + enable: + type: boolean + expires: + type: string + httpOnly: + type: boolean + name: + type: string + path: + type: string + secure: + type: boolean + slow-start: + type: string + subselector: + type: object + additionalProperties: + type: string + tls: + description: UpstreamTLS defines a TLS configuration for an Upstream. + type: object + properties: + enable: + type: boolean + type: + type: string + use-cluster-ip: + type: boolean + status: + description: VirtualServerRouteStatus defines the status for the VirtualServerRoute resource. + type: object + properties: + externalEndpoints: + type: array + items: + description: ExternalEndpoint defines the IP and ports used to connect to this resource. + type: object + properties: + ip: + type: string + ports: + type: string + message: + type: string + reason: + type: string + referencedBy: + type: string + state: + type: string + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_virtualservers.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_virtualservers.yaml new file mode 100644 index 000000000..9c73d4664 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/crds/k8s.nginx.org_virtualservers.yaml @@ -0,0 +1,685 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: virtualservers.k8s.nginx.org +spec: + group: k8s.nginx.org + names: + kind: VirtualServer + listKind: VirtualServerList + plural: virtualservers + shortNames: + - vs + singular: virtualserver + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Current state of the VirtualServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller. + jsonPath: .status.state + name: State + type: string + - jsonPath: .spec.host + name: Host + type: string + - jsonPath: .status.externalEndpoints[*].ip + name: IP + type: string + - jsonPath: .status.externalEndpoints[*].ports + name: Ports + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: VirtualServer defines the VirtualServer resource. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VirtualServerSpec is the spec of the VirtualServer resource. + type: object + properties: + dos: + type: string + host: + type: string + http-snippets: + type: string + ingressClassName: + type: string + policies: + type: array + items: + description: PolicyReference references a policy by name and an optional namespace. + type: object + properties: + name: + type: string + namespace: + type: string + routes: + type: array + items: + description: Route defines a route. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + proxy: + description: ActionProxy defines a proxy in an Action. + type: object + properties: + requestHeaders: + description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. + type: object + properties: + pass: + type: boolean + set: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + responseHeaders: + description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. + type: object + properties: + add: + type: array + items: + description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. + type: object + properties: + always: + type: boolean + name: + type: string + value: + type: string + hide: + type: array + items: + type: string + ignore: + type: array + items: + type: string + pass: + type: array + items: + type: string + rewritePath: + type: string + upstream: + type: string + redirect: + description: ActionRedirect defines a redirect in an Action. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ActionReturn defines a return in an Action. + type: object + properties: + body: + type: string + code: + type: integer + type: + type: string + dos: + type: string + errorPages: + type: array + items: + description: ErrorPage defines an ErrorPage in a Route. + type: object + properties: + codes: + type: array + items: + type: integer + redirect: + description: ErrorPageRedirect defines a redirect for an ErrorPage. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ErrorPageReturn defines a return for an ErrorPage. + type: object + properties: + body: + type: string + code: + type: integer + headers: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + type: + type: string + location-snippets: + type: string + matches: + type: array + items: + description: Match defines a match. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + proxy: + description: ActionProxy defines a proxy in an Action. + type: object + properties: + requestHeaders: + description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. + type: object + properties: + pass: + type: boolean + set: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + responseHeaders: + description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. + type: object + properties: + add: + type: array + items: + description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. + type: object + properties: + always: + type: boolean + name: + type: string + value: + type: string + hide: + type: array + items: + type: string + ignore: + type: array + items: + type: string + pass: + type: array + items: + type: string + rewritePath: + type: string + upstream: + type: string + redirect: + description: ActionRedirect defines a redirect in an Action. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ActionReturn defines a return in an Action. + type: object + properties: + body: + type: string + code: + type: integer + type: + type: string + conditions: + type: array + items: + description: Condition defines a condition in a MatchRule. + type: object + properties: + argument: + type: string + cookie: + type: string + header: + type: string + value: + type: string + variable: + type: string + splits: + type: array + items: + description: Split defines a split. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + proxy: + description: ActionProxy defines a proxy in an Action. + type: object + properties: + requestHeaders: + description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. + type: object + properties: + pass: + type: boolean + set: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + responseHeaders: + description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. + type: object + properties: + add: + type: array + items: + description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. + type: object + properties: + always: + type: boolean + name: + type: string + value: + type: string + hide: + type: array + items: + type: string + ignore: + type: array + items: + type: string + pass: + type: array + items: + type: string + rewritePath: + type: string + upstream: + type: string + redirect: + description: ActionRedirect defines a redirect in an Action. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ActionReturn defines a return in an Action. + type: object + properties: + body: + type: string + code: + type: integer + type: + type: string + weight: + type: integer + path: + type: string + policies: + type: array + items: + description: PolicyReference references a policy by name and an optional namespace. + type: object + properties: + name: + type: string + namespace: + type: string + route: + type: string + splits: + type: array + items: + description: Split defines a split. + type: object + properties: + action: + description: Action defines an action. + type: object + properties: + pass: + type: string + proxy: + description: ActionProxy defines a proxy in an Action. + type: object + properties: + requestHeaders: + description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. + type: object + properties: + pass: + type: boolean + set: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + responseHeaders: + description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. + type: object + properties: + add: + type: array + items: + description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. + type: object + properties: + always: + type: boolean + name: + type: string + value: + type: string + hide: + type: array + items: + type: string + ignore: + type: array + items: + type: string + pass: + type: array + items: + type: string + rewritePath: + type: string + upstream: + type: string + redirect: + description: ActionRedirect defines a redirect in an Action. + type: object + properties: + code: + type: integer + url: + type: string + return: + description: ActionReturn defines a return in an Action. + type: object + properties: + body: + type: string + code: + type: integer + type: + type: string + weight: + type: integer + server-snippets: + type: string + tls: + description: TLS defines TLS configuration for a VirtualServer. + type: object + properties: + cert-manager: + description: CertManager defines a cert manager config for a TLS. + type: object + properties: + cluster-issuer: + type: string + common-name: + type: string + duration: + type: string + issuer: + type: string + issuer-group: + type: string + issuer-kind: + type: string + renew-before: + type: string + usages: + type: string + redirect: + description: TLSRedirect defines a redirect for a TLS. + type: object + properties: + basedOn: + type: string + code: + type: integer + enable: + type: boolean + secret: + type: string + upstreams: + type: array + items: + description: Upstream defines an upstream. + type: object + properties: + buffer-size: + type: string + buffering: + type: boolean + buffers: + description: UpstreamBuffers defines Buffer Configuration for an Upstream. + type: object + properties: + number: + type: integer + size: + type: string + client-max-body-size: + type: string + connect-timeout: + type: string + fail-timeout: + type: string + healthCheck: + description: HealthCheck defines the parameters for active Upstream HealthChecks. + type: object + properties: + connect-timeout: + type: string + enable: + type: boolean + fails: + type: integer + grpcService: + type: string + grpcStatus: + type: integer + headers: + type: array + items: + description: Header defines an HTTP Header. + type: object + properties: + name: + type: string + value: + type: string + interval: + type: string + jitter: + type: string + mandatory: + type: boolean + passes: + type: integer + path: + type: string + persistent: + type: boolean + port: + type: integer + read-timeout: + type: string + send-timeout: + type: string + statusMatch: + type: string + tls: + description: UpstreamTLS defines a TLS configuration for an Upstream. + type: object + properties: + enable: + type: boolean + keepalive: + type: integer + lb-method: + type: string + max-conns: + type: integer + max-fails: + type: integer + name: + type: string + next-upstream: + type: string + next-upstream-timeout: + type: string + next-upstream-tries: + type: integer + ntlm: + type: boolean + port: + type: integer + queue: + description: UpstreamQueue defines Queue Configuration for an Upstream. + type: object + properties: + size: + type: integer + timeout: + type: string + read-timeout: + type: string + send-timeout: + type: string + service: + type: string + sessionCookie: + description: SessionCookie defines the parameters for session persistence. + type: object + properties: + domain: + type: string + enable: + type: boolean + expires: + type: string + httpOnly: + type: boolean + name: + type: string + path: + type: string + secure: + type: boolean + slow-start: + type: string + subselector: + type: object + additionalProperties: + type: string + tls: + description: UpstreamTLS defines a TLS configuration for an Upstream. + type: object + properties: + enable: + type: boolean + type: + type: string + use-cluster-ip: + type: boolean + status: + description: VirtualServerStatus defines the status for the VirtualServer resource. + type: object + properties: + externalEndpoints: + type: array + items: + description: ExternalEndpoint defines the IP and ports used to connect to this resource. + type: object + properties: + ip: + type: string + ports: + type: string + message: + type: string + reason: + type: string + state: + type: string + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/questions.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/questions.yaml new file mode 100644 index 000000000..4e7b1cc3f --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/questions.yaml @@ -0,0 +1,180 @@ +questions: +- variable: controller.kind + type: enum + options: + - deployment + - daemonset + default: deployment + description: "The kind of the Ingress controller installation - deployment or daemonset." + label: Installation Kind + group: "Settings" +- variable: imageDefault + default: true + description: "Use default Docker image" + label: Use Default Image + type: boolean + group: "Settings" + show_subquestion_if: false + subquestions: + - variable: controller.nginxplus + default: false + description: "Deploys the Ingress controller for NGINX Plus." + label: Deploy NGINX Plus + type: boolean + group: "NGINX Plus" + - variable: controller.appprotect.enable + default: false + description: "Enable the App Protect module in the Ingress Controller." + label: Enable the App Protect module. + type: boolean + - variable: controller.appprotectdos.enable + default: false + description: "Enable the App Protect DoS module in the Ingress Controller." + label: Enable the App Protect DoS module. + type: boolean + - variable: controller.image.repository + default: nginx/nginx-ingress + description: "The image repository of the Ingress controller." + type: string + label: NGINX Ingress Controller Image Repository + required: true + - variable: controller.image.tag + default: 2.2.0 + description: "The tag of the Ingress controller image." + type: string + label: NGINX Ingress Controller Image Tag + required: true + - variable: controller.image.pullPolicy + type: enum + options: + - IfNotPresent + - Always + - Never + default: IfNotPresent + description: "The pull policy for the Ingress controller image." + label: NGINX Ingress Controller Image Pull Policy + - variable: controller.serviceAccount.imagePullSecretName + default: "" + description: "The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release." + type: string + label: Image Pull Secret Name +- variable: controller.defaultTLS.secret + default: "" + description: "The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `/`." + label: TLS Secret + type: string + group: "Settings" +- variable: controller.ingressClass + default: nginx + description: "A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation `[kubernetes.io/ingress.class]` equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the [-use-ingress-class-only] flag." + label: Ingress Class + type: string + group: "Settings" + required: true + subquestions: + - variable: controller.useIngressClassOnly + default: false + description: "Ignore Ingress resources without the `[kubernetes.io/ingress.class]` annotation." + label: Use Ingress Class Only + type: boolean + group: "Settings" +- variable: controller.enableCustomResources + default: true + label: Enable Custom Resources + type: boolean + group: "Settings" + show_subquestion_if: true + subquestions: + - variable: controller.globalConfiguration.create + default: true + description: "Creates the GlobalConfiguration custom resource." + label: Create GlobalConfiguration Custom Resource + type: boolean + group: "Settings" + - variable: controller.enableOIDC + default: false + description: "Enables OIDC policies." + label: Enable OIDC policies + type: boolean + group: "Settings" + - variable: controller.enableCertManager + default: false + description: "Enables cert manager for Virtual Server resources." + label: Enable cert manager for Virtual Server resources + type: boolean + group: "Settings" +- variable: controller.watchNamespace + default: "" + description: "Namespace to watch for Ingress resources. By default the Ingress controller watches all namespaces." + label: Watch Namespace + type: string + group: "Settings" +- variable: controller.service.create + default: true + description: "Creates a service to expose the Ingress controller pods." + label: Create a Service + type: boolean + group: "Service" + show_subquestion_if: true + subquestions: + - variable: controller.service.type + type: enum + options: + - LoadBalancer + - NodePort + default: LoadBalancer + description: "The type of service to create for the Ingress controller." + label: Type of Service +- variable: controller.service.httpPort.enable + default: true + description: "Enables the HTTP port for the Ingress controller service." + label: Enable HTTP Port + type: boolean + group: "Service" + show_subquestion_if: true + subquestions: + - variable: controller.service.httpPort.port + default: 80 + description: "The HTTP port of the Ingress controller service." + label: HTTP Port + type: int + required: true +- variable: controller.service.httpsPort.enable + default: true + description: "Enables the HTTPS port for the Ingress controller service." + label: Enable HTTPS Port + type: boolean + group: "Service" + show_subquestion_if: true + subquestions: + - variable: controller.service.httpsPort.port + default: 443 + description: "The HTTPS port of the Ingress controller service." + label: HTTPS Port + type: int + required: true +- variable: prometheus.create + default: false + description: "Expose NGINX or NGINX Plus metrics in the Prometheus format." + label: Enable Exposing Prometheus Metrics + type: boolean + group: "Prometheus" + show_subquestion_if: true + subquestions: + - variable: prometheus.port + default: 9113 + description: "Configures the port to scrape the metrics." + label: Prometheus Port + type: int + required: true + - variable: prometheus.scheme + default: http + description: "Configures the HTTP scheme to use for connections to the Prometheus endpoint." + label: Prometheus Scheme + type: string + required: true + - variable: prometheus.secret + default: "" + description: "The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Prometheus endpoint with TLS connections." + label: Prometheus Secret + type: string diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/NOTES.txt b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/NOTES.txt new file mode 100644 index 000000000..c61fbd1a2 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/NOTES.txt @@ -0,0 +1 @@ +The NGINX Ingress Controller has been installed. \ No newline at end of file diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/_helpers.tpl b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/_helpers.tpl new file mode 100644 index 000000000..9a73a5656 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/_helpers.tpl @@ -0,0 +1,71 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "nginx-ingress.name" -}} +{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create labels +*/}} +{{- define "nginx-ingress.labels" -}} +app.kubernetes.io/name: {{ include "nginx-ingress.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Expand the name of the configmap. +*/}} +{{- define "nginx-ingress.configName" -}} +{{- default (include "nginx-ingress.name" .) .Values.controller.config.name -}} +{{- end -}} + +{{/* +Expand leader election lock name. +*/}} +{{- define "nginx-ingress.leaderElectionName" -}} +{{- if .Values.controller.reportIngressStatus.leaderElectionLockName -}} +{{ .Values.controller.reportIngressStatus.leaderElectionLockName }} +{{- else -}} +{{- printf "%s-%s" (include "nginx-ingress.name" .) "leader-election" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand service account name. +*/}} +{{- define "nginx-ingress.serviceAccountName" -}} +{{- default (include "nginx-ingress.name" .) .Values.controller.serviceAccount.name -}} +{{- end -}} + +{{/* +Expand service name. +*/}} +{{- define "nginx-ingress.serviceName" -}} +{{- default (include "nginx-ingress.name" .) .Values.controller.service.name }} +{{- end -}} + +{{/* +Expand default TLS name. +*/}} +{{- define "nginx-ingress.defaultTLSName" -}} +{{- printf "%s-%s" (include "nginx-ingress.name" .) "default-server-tls" -}} +{{- end -}} + +{{/* +Expand wildcard TLS name. +*/}} +{{- define "nginx-ingress.wildcardTLSName" -}} +{{- printf "%s-%s" (include "nginx-ingress.name" .) "wildcard-tls" -}} +{{- end -}} + +{{/* +Expand app name. +*/}} +{{- define "nginx-ingress.appName" -}} +{{- default (include "nginx-ingress.name" .) .Values.controller.name -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-configmap.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-configmap.yaml new file mode 100644 index 000000000..971faa84d --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "nginx-ingress.configName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +{{- if .Values.controller.config.annotations }} + annotations: +{{ toYaml .Values.controller.config.annotations | indent 4 }} +{{- end }} +data: +{{- if .Values.controller.config.entries }} +{{ toYaml .Values.controller.config.entries | indent 2 }} +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-daemonset.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-daemonset.yaml new file mode 100644 index 000000000..6c8a87c0f --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-daemonset.yaml @@ -0,0 +1,203 @@ +{{- if eq .Values.controller.kind "daemonset" }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ default (include "nginx-ingress.name" .) .Values.controller.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: {{ include "nginx-ingress.appName" . }} + template: + metadata: + labels: + app: {{ include "nginx-ingress.appName" . }} +{{- if .Values.nginxServiceMesh.enable }} + nsm.nginx.com/daemonset: {{ default (include "nginx-ingress.name" .) .Values.controller.name }} + spiffe.io/spiffeid: "true" +{{- end }} +{{- if .Values.controller.pod.extraLabels }} +{{ toYaml .Values.controller.pod.extraLabels | indent 8 }} +{{- end }} +{{- if or .Values.prometheus.create (or .Values.controller.pod.annotations .Values.nginxServiceMesh.enable) }} + annotations: +{{- if .Values.prometheus.create }} + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.prometheus.port }}" + prometheus.io/scheme: "{{ .Values.prometheus.scheme }}" +{{- end }} +{{- if .Values.nginxServiceMesh.enable }} + nsm.nginx.com/enable-ingress: "true" + nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}" +{{- end }} +{{- if .Values.controller.pod.annotations }} +{{ toYaml .Values.controller.pod.annotations | indent 8 }} +{{- end }} +{{- end }} + spec: + serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} +{{- if .Values.controller.nodeSelector }} + nodeSelector: +{{ toYaml .Values.controller.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.controller.tolerations }} + tolerations: +{{ toYaml .Values.controller.tolerations | indent 6 }} +{{- end }} +{{- if .Values.controller.affinity }} + affinity: +{{ toYaml .Values.controller.affinity | indent 8 }} +{{- end }} +{{- if or .Values.controller.volumes .Values.nginxServiceMesh.enable }} + volumes: +{{- end }} +{{- if .Values.nginxServiceMesh.enable }} + - hostPath: + path: /run/spire/sockets + type: DirectoryOrCreate + name: spire-agent-socket +{{- end }} +{{- if .Values.controller.volumes }} +{{ toYaml .Values.controller.volumes | indent 6 }} +{{- end }} +{{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} +{{- end }} + hostNetwork: {{ .Values.controller.hostNetwork }} + containers: + - name: {{ include "nginx-ingress.name" . }} + image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" + ports: + - name: http + containerPort: 80 + hostPort: 80 + - name: https + containerPort: 443 + hostPort: 443 +{{ if .Values.controller.customPorts }} +{{ toYaml .Values.controller.customPorts | indent 8 }} +{{ end }} +{{- if .Values.prometheus.create }} + - name: prometheus + containerPort: {{ .Values.prometheus.port }} +{{- end }} +{{- if .Values.controller.readyStatus.enable }} + - name: readiness-port + containerPort: {{ .Values.controller.readyStatus.port}} + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 +{{- end }} + securityContext: + allowPrivilegeEscalation: true + runAsUser: 101 #nginx + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE +{{- if or .Values.controller.volumeMounts .Values.nginxServiceMesh.enable }} + volumeMounts: +{{- end }} +{{- if .Values.nginxServiceMesh.enable }} + - mountPath: /run/spire/sockets + name: spire-agent-socket +{{- end }} +{{- if .Values.controller.volumeMounts }} +{{ toYaml .Values.controller.volumeMounts | indent 8 }} +{{- end }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + resources: +{{ toYaml .Values.controller.resources | indent 10 }} + args: + - -nginx-plus={{ .Values.controller.nginxplus }} + - -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }} + - -enable-app-protect={{ .Values.controller.appprotect.enable }} +{{- if and .Values.controller.appprotect.enable .Values.controller.appprotect.logLevel }} + - -app-protect-log-level={{ .Values.controller.appprotect.logLevel }} +{{ end }} + - -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }} + {{- if .Values.controller.appprotectdos.enable }} + - -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }} + - -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxWorkers }} + - -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxDaemons }} + - -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }} + {{ end }} + - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }} +{{- if .Values.controller.defaultTLS.secret }} + - -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }} +{{ else }} + - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }} +{{- end }} + - -ingress-class={{ .Values.controller.ingressClass }} +{{- if .Values.controller.watchNamespace }} + - -watch-namespace={{ .Values.controller.watchNamespace }} +{{- end }} + - -health-status={{ .Values.controller.healthStatus }} + - -health-status-uri={{ .Values.controller.healthStatusURI }} + - -nginx-debug={{ .Values.controller.nginxDebug }} + - -v={{ .Values.controller.logLevel }} + - -nginx-status={{ .Values.controller.nginxStatus.enable }} +{{- if .Values.controller.nginxStatus.enable }} + - -nginx-status-port={{ .Values.controller.nginxStatus.port }} + - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} +{{- end }} +{{- if .Values.controller.reportIngressStatus.enable }} + - -report-ingress-status +{{- if .Values.controller.reportIngressStatus.ingressLink }} + - -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }} +{{- else if .Values.controller.reportIngressStatus.externalService }} + - -external-service={{ .Values.controller.reportIngressStatus.externalService }} +{{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }} + - -external-service={{ include "nginx-ingress.serviceName" . }} +{{- end }} + - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} + - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }} +{{- end }} +{{- if .Values.controller.wildcardTLS.secret }} + - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }} +{{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }} + - -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }} +{{- end }} + - -enable-prometheus-metrics={{ .Values.prometheus.create }} + - -prometheus-metrics-listen-port={{ .Values.prometheus.port }} + - -prometheus-tls-secret={{ .Values.prometheus.secret }} + - -enable-custom-resources={{ .Values.controller.enableCustomResources }} + - -enable-snippets={{ .Values.controller.enableSnippets }} +{{- if .Values.controller.enableCustomResources }} + - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }} + - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }} + - -enable-cert-manager={{ .Values.controller.enableCertManager }} + - -enable-oidc={{ .Values.controller.enableOIDC }} +{{- if .Values.controller.globalConfiguration.create }} + - -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.name" . }} +{{- end }} +{{- end }} + - -ready-status={{ .Values.controller.readyStatus.enable }} + - -ready-status-port={{ .Values.controller.readyStatus.port }} + - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }} +{{- if .Values.nginxServiceMesh.enable }} + - -spire-agent-address=/run/spire/sockets/agent.sock + - -enable-internal-routes={{ .Values.nginxServiceMesh.enableEgress }} +{{- end }} +{{- if .Values.controller.extraContainers }} + {{ toYaml .Values.controller.extraContainers | nindent 6 }} +{{- end }} +{{- if .Values.controller.initContainers }} + initContainers: {{ toYaml .Values.controller.initContainers | nindent 8 }} +{{- end }} +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-deployment.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-deployment.yaml new file mode 100644 index 000000000..7990b0464 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-deployment.yaml @@ -0,0 +1,201 @@ +{{- if eq .Values.controller.kind "deployment" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ default (include "nginx-ingress.name" .) .Values.controller.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicaCount }} + selector: + matchLabels: + app: {{ include "nginx-ingress.appName" . }} + template: + metadata: + labels: + app: {{ include "nginx-ingress.appName" . }} +{{- if .Values.nginxServiceMesh.enable }} + nsm.nginx.com/deployment: {{ default (include "nginx-ingress.name" .) .Values.controller.name }} + spiffe.io/spiffeid: "true" +{{- end }} +{{- if .Values.controller.pod.extraLabels }} +{{ toYaml .Values.controller.pod.extraLabels | indent 8 }} +{{- end }} +{{- if or .Values.prometheus.create (or .Values.controller.pod.annotations .Values.nginxServiceMesh.enable) }} + annotations: +{{- if .Values.prometheus.create }} + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.prometheus.port }}" + prometheus.io/scheme: "{{ .Values.prometheus.scheme }}" +{{- end }} +{{- if .Values.nginxServiceMesh.enable }} + nsm.nginx.com/enable-ingress: "true" + nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}" +{{- end }} +{{- if .Values.controller.pod.annotations }} +{{ toYaml .Values.controller.pod.annotations | indent 8 }} +{{- end }} +{{- end }} + spec: +{{- if .Values.controller.nodeSelector }} + nodeSelector: +{{ toYaml .Values.controller.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.controller.tolerations }} + tolerations: +{{ toYaml .Values.controller.tolerations | indent 6 }} +{{- end }} +{{- if .Values.controller.affinity }} + affinity: +{{ toYaml .Values.controller.affinity | indent 8 }} +{{- end }} +{{- if or (.Values.controller.volumes) (.Values.nginxServiceMesh.enable) }} + volumes: +{{- end }} +{{- if .Values.nginxServiceMesh.enable }} + - hostPath: + path: /run/spire/sockets + type: DirectoryOrCreate + name: spire-agent-socket +{{- end }} +{{- if .Values.controller.volumes }} +{{ toYaml .Values.controller.volumes | indent 6 }} +{{- end }} +{{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} +{{- end }} + serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }} + hostNetwork: {{ .Values.controller.hostNetwork }} + containers: + - image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" + name: {{ include "nginx-ingress.name" . }} + imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 +{{ if .Values.controller.customPorts }} +{{ toYaml .Values.controller.customPorts | indent 8 }} +{{ end }} +{{- if .Values.prometheus.create }} + - name: prometheus + containerPort: {{ .Values.prometheus.port }} +{{- end }} +{{- if .Values.controller.readyStatus.enable }} + - name: readiness-port + containerPort: {{ .Values.controller.readyStatus.port}} + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 +{{- end }} + resources: +{{ toYaml .Values.controller.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: true + runAsUser: 101 #nginx + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE +{{- if or (.Values.controller.volumeMounts) (.Values.nginxServiceMesh.enable) }} + volumeMounts: +{{- end }} +{{- if .Values.nginxServiceMesh.enable }} + - mountPath: /run/spire/sockets + name: spire-agent-socket +{{- end }} +{{- if .Values.controller.volumeMounts}} +{{ toYaml .Values.controller.volumeMounts | indent 8 }} +{{- end }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus={{ .Values.controller.nginxplus }} + - -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }} + - -enable-app-protect={{ .Values.controller.appprotect.enable }} +{{- if and .Values.controller.appprotect.enable .Values.controller.appprotect.logLevel }} + - -app-protect-log-level={{ .Values.controller.appprotect.logLevel }} +{{ end }} + - -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }} +{{- if .Values.controller.appprotectdos.enable }} + - -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }} + - -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxWorkers }} + - -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxDaemons }} + - -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }} +{{ end }} + - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }} +{{- if .Values.controller.defaultTLS.secret }} + - -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }} +{{ else }} + - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }} +{{- end }} + - -ingress-class={{ .Values.controller.ingressClass }} +{{- if .Values.controller.watchNamespace }} + - -watch-namespace={{ .Values.controller.watchNamespace }} +{{- end }} + - -health-status={{ .Values.controller.healthStatus }} + - -health-status-uri={{ .Values.controller.healthStatusURI }} + - -nginx-debug={{ .Values.controller.nginxDebug }} + - -v={{ .Values.controller.logLevel }} + - -nginx-status={{ .Values.controller.nginxStatus.enable }} +{{- if .Values.controller.nginxStatus.enable }} + - -nginx-status-port={{ .Values.controller.nginxStatus.port }} + - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} +{{- end }} +{{- if .Values.controller.reportIngressStatus.enable }} + - -report-ingress-status +{{- if .Values.controller.reportIngressStatus.ingressLink }} + - -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }} +{{- else if .Values.controller.reportIngressStatus.externalService }} + - -external-service={{ .Values.controller.reportIngressStatus.externalService }} +{{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }} + - -external-service={{ include "nginx-ingress.serviceName" . }} +{{- end }} + - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} + - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }} +{{- end }} +{{- if .Values.controller.wildcardTLS.secret }} + - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }} +{{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }} + - -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }} +{{- end }} + - -enable-prometheus-metrics={{ .Values.prometheus.create }} + - -prometheus-metrics-listen-port={{ .Values.prometheus.port }} + - -prometheus-tls-secret={{ .Values.prometheus.secret }} + - -enable-custom-resources={{ .Values.controller.enableCustomResources }} + - -enable-snippets={{ .Values.controller.enableSnippets }} +{{- if .Values.controller.enableCustomResources }} + - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }} + - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }} + - -enable-cert-manager={{ .Values.controller.enableCertManager }} + - -enable-oidc={{ .Values.controller.enableOIDC }} +{{- if .Values.controller.globalConfiguration.create }} + - -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.name" . }} +{{- end }} +{{- end }} + - -ready-status={{ .Values.controller.readyStatus.enable }} + - -ready-status-port={{ .Values.controller.readyStatus.port }} + - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }} +{{- if .Values.nginxServiceMesh.enable }} + - -spire-agent-address=/run/spire/sockets/agent.sock + - -enable-internal-routes={{ .Values.nginxServiceMesh.enableEgress }} +{{- end }} + {{- if .Values.controller.extraContainers }} + {{ toYaml .Values.controller.extraContainers | nindent 6 }} +{{- end }} +{{- if .Values.controller.initContainers }} + initContainers: {{ toYaml .Values.controller.initContainers | nindent 8 }} +{{- end }} +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-globalconfiguration.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-globalconfiguration.yaml new file mode 100644 index 000000000..b0bba4870 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-globalconfiguration.yaml @@ -0,0 +1,11 @@ +{{ if .Values.controller.globalConfiguration.create }} +apiVersion: k8s.nginx.org/v1alpha1 +kind: GlobalConfiguration +metadata: + name: {{ include "nginx-ingress.name" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +spec: +{{ toYaml .Values.controller.globalConfiguration.spec | indent 2 }} +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-ingress-class.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-ingress-class.yaml new file mode 100644 index 000000000..bc071b47c --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-ingress-class.yaml @@ -0,0 +1,10 @@ +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: {{ .Values.controller.ingressClass }} +{{- if .Values.controller.setAsDefaultIngress }} + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +{{- end }} +spec: + controller: nginx.org/ingress-controller diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-leader-election-configmap.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-leader-election-configmap.yaml new file mode 100644 index 000000000..ef6f79a58 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-leader-election-configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "nginx-ingress.leaderElectionName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +{{- if .Values.controller.reportIngressStatus.annotations }} + annotations: +{{ toYaml .Values.controller.reportIngressStatus.annotations | indent 4 }} +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-secret.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-secret.yaml new file mode 100644 index 000000000..4c9e693bb --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-secret.yaml @@ -0,0 +1,13 @@ +{{ if not .Values.controller.defaultTLS.secret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "nginx-ingress.defaultTLSName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.controller.defaultTLS.cert }} + tls.key: {{ .Values.controller.defaultTLS.key }} +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-service.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-service.yaml new file mode 100644 index 000000000..11d542271 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-service.yaml @@ -0,0 +1,60 @@ +{{- if .Values.controller.service.create }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nginx-ingress.serviceName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +{{- if .Values.controller.service.extraLabels }} +{{ toYaml .Values.controller.service.extraLabels | indent 4 }} +{{- end }} +{{- if .Values.controller.service.annotations }} + annotations: +{{ toYaml .Values.controller.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if or (eq .Values.controller.service.type "LoadBalancer") (eq .Values.controller.service.type "NodePort") }} + {{- if .Values.controller.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }} + {{- end }} +{{- end }} +{{- if eq .Values.controller.service.type "LoadBalancer" }} + {{- if .Values.controller.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }} + {{- end }} + {{- if .Values.controller.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} + {{- end }} +{{- end }} + type: {{ .Values.controller.service.type }} + ports: +{{- if .Values.controller.service.customPorts }} +{{ toYaml .Values.controller.service.customPorts | indent 2 }} +{{ end }} +{{- if .Values.controller.service.httpPort.enable }} + - port: {{ .Values.controller.service.httpPort.port }} + targetPort: {{ .Values.controller.service.httpPort.targetPort }} + protocol: TCP + name: http + {{- if eq .Values.controller.service.type "NodePort" }} + nodePort: {{ .Values.controller.service.httpPort.nodePort }} + {{- end }} +{{- end }} +{{- if .Values.controller.service.httpsPort.enable }} + - port: {{ .Values.controller.service.httpsPort.port }} + targetPort: {{ .Values.controller.service.httpsPort.targetPort }} + protocol: TCP + name: https + {{- if eq .Values.controller.service.type "NodePort" }} + nodePort: {{ .Values.controller.service.httpsPort.nodePort }} + {{- end }} +{{- end }} + selector: + app: {{ include "nginx-ingress.appName" . }} + {{- if .Values.controller.service.externalIPs }} + externalIPs: +{{ toYaml .Values.controller.service.externalIPs | indent 4 }} + {{- end }} +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-serviceaccount.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-serviceaccount.yaml new file mode 100644 index 000000000..c03c6a793 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "nginx-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +{{- if .Values.controller.serviceAccount.imagePullSecretName }} +imagePullSecrets: +- name: {{ .Values.controller.serviceAccount.imagePullSecretName }} +{{- end }} +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-wildcard-secret.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-wildcard-secret.yaml new file mode 100644 index 000000000..3abe16c4c --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/controller-wildcard-secret.yaml @@ -0,0 +1,13 @@ +{{ if and (not .Values.controller.wildcardTLS.secret) (and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "nginx-ingress.wildcardTLSName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.controller.wildcardTLS.cert }} + tls.key: {{ .Values.controller.wildcardTLS.key }} +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/templates/rbac.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/rbac.yaml new file mode 100644 index 000000000..73e713c6d --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/templates/rbac.yaml @@ -0,0 +1,160 @@ +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "nginx-ingress.name" . }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +rules: +{{- if .Values.controller.appprotect.enable }} +- apiGroups: + - appprotect.f5.com + resources: + - appolicies + - aplogconfs + - apusersigs + verbs: + - get + - watch + - list +{{- end }} +{{- if .Values.controller.appprotectdos.enable }} +- apiGroups: + - appprotectdos.f5.com + resources: + - apdospolicies + - apdoslogconfs + - dosprotectedresources + verbs: + - get + - watch + - list +{{- end }} +- apiGroups: + - "" + resources: + - services + - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +{{- if .Values.controller.reportIngressStatus.enableLeaderElection }} + - update + - create +{{- end }} +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get +{{- if .Values.controller.reportIngressStatus.enable }} +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +{{- end }} +{{- if .Values.controller.enableCustomResources }} +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +{{- end }} +{{- if .Values.controller.reportIngressStatus.ingressLink }} +- apiGroups: + - cis.f5.com + resources: + - ingresslinks + verbs: + - list + - watch + - get +{{- end }} +{{- if .Values.controller.enableCertManager }} +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - list + - watch + - get + - update + - create + - delete +{{- end }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "nginx-ingress.name" . }} + labels: + {{- include "nginx-ingress.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "nginx-ingress.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "nginx-ingress.name" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/values-icp.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/values-icp.yaml new file mode 100644 index 000000000..36e488e0a --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/values-icp.yaml @@ -0,0 +1,16 @@ +controller: + kind: daemonset + nginxplus: true + image: + repository: mycluster.icp:8500/kube-system/nginx-plus-ingress + tag: "2.2.0" + nodeSelector: + beta.kubernetes.io/arch: "amd64" + proxy: true + terminationGracePeriodSeconds: 60 + tolerations: + - key: "dedicated" + operator: "Exists" + effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/values-nsm.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/values-nsm.yaml new file mode 100644 index 000000000..93b258930 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/values-nsm.yaml @@ -0,0 +1,9 @@ +controller: + nginxplus: true + image: + repository: nginx-plus-ingress + tag: "2.2.0" + enableLatencyMetrics: true +nginxServiceMesh: + enable: true + enableEgress: true diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/values-plus.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/values-plus.yaml new file mode 100644 index 000000000..d983927ce --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/values-plus.yaml @@ -0,0 +1,5 @@ +controller: + nginxplus: true + image: + repository: nginx-plus-ingress + tag: "2.2.0" diff --git a/charts/nginx-ingress/nginx-ingress/0.13.0/values.yaml b/charts/nginx-ingress/nginx-ingress/0.13.0/values.yaml new file mode 100644 index 000000000..3dce34051 --- /dev/null +++ b/charts/nginx-ingress/nginx-ingress/0.13.0/values.yaml @@ -0,0 +1,350 @@ +controller: + ## The name of the Ingress Controller daemonset or deployment. + ## Autogenerated if not set or set to "". + # name: nginx-ingress + + ## The kind of the Ingress Controller installation - deployment or daemonset. + kind: deployment + + ## Deploys the Ingress Controller for NGINX Plus. + nginxplus: false + + # Timeout in milliseconds which the Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. + nginxReloadTimeout: 60000 + + ## Support for App Protect + appprotect: + ## Enable the App Protect module in the Ingress Controller. + enable: false + ## Sets log level for App Protect. Allowed values: fatal, error, warn, info, debug, trace + # logLevel: fatal + + ## Support for App Protect Dos + appprotectdos: + ## Enable the App Protect Dos module in the Ingress Controller. + enable: false + ## Enable debugging for App Protect Dos. + debug: false + ## Max number of nginx processes to support. + maxWorkers: 0 + ## Max number of ADMD instances. + maxDaemons: 0 + ## RAM memory size to consume in MB. + memory: 0 + + ## Enables the Ingress Controller pods to use the host's network namespace. + hostNetwork: false + + ## Enables debugging for NGINX. Uses the nginx-debug binary. Requires error-log-level: debug in the ConfigMap via `controller.config.entries`. + nginxDebug: false + + ## The log level of the Ingress Controller. + logLevel: 1 + + ## A list of custom ports to expose on the NGINX ingress controller pod. Follows the conventional Kubernetes yaml syntax for container ports. + customPorts: [] + + image: + ## The image repository of the Ingress Controller. + repository: nginx/nginx-ingress + + ## The tag of the Ingress Controller image. + tag: "2.2.0" + + ## The pull policy for the Ingress Controller image. + pullPolicy: IfNotPresent + + config: + ## The name of the ConfigMap used by the Ingress Controller. + ## Autogenerated if not set or set to "". + # name: nginx-config + + ## The annotations of the Ingress Controller configmap. + annotations: {} + + ## The entries of the ConfigMap for customizing NGINX configuration. + entries: {} + + ## It is recommended to use your own TLS certificates and keys + defaultTLS: + ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used. + ## Note: It is recommended that you specify your own certificate. + cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN2akNDQWFZQ0NRREFPRjl0THNhWFhEQU5CZ2txaGtpRzl3MEJBUXNGQURBaE1SOHdIUVlEVlFRRERCWk8KUjBsT1dFbHVaM0psYzNORGIyNTBjbTlzYkdWeU1CNFhEVEU0TURreE1qRTRNRE16TlZvWERUSXpNRGt4TVRFNApNRE16TlZvd0lURWZNQjBHQTFVRUF3d1dUa2RKVGxoSmJtZHlaWE56UTI5dWRISnZiR3hsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUwvN2hIUEtFWGRMdjNyaUM3QlBrMTNpWkt5eTlyQ08KR2xZUXYyK2EzUDF0azIrS3YwVGF5aGRCbDRrcnNUcTZzZm8vWUk1Y2Vhbkw4WGM3U1pyQkVRYm9EN2REbWs1Qgo4eDZLS2xHWU5IWlg0Rm5UZ0VPaStlM2ptTFFxRlBSY1kzVnNPazFFeUZBL0JnWlJVbkNHZUtGeERSN0tQdGhyCmtqSXVuektURXUyaDU4Tlp0S21ScUJHdDEwcTNRYzhZT3ExM2FnbmovUWRjc0ZYYTJnMjB1K1lYZDdoZ3krZksKWk4vVUkxQUQ0YzZyM1lma1ZWUmVHd1lxQVp1WXN2V0RKbW1GNWRwdEMzN011cDBPRUxVTExSakZJOTZXNXIwSAo1TmdPc25NWFJNV1hYVlpiNWRxT3R0SmRtS3FhZ25TZ1JQQVpQN2MwQjFQU2FqYzZjNGZRVXpNQ0F3RUFBVEFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWpLb2tRdGRPcEsrTzhibWVPc3lySmdJSXJycVFVY2ZOUitjb0hZVUoKdGhrYnhITFMzR3VBTWI5dm15VExPY2xxeC9aYzJPblEwMEJCLzlTb0swcitFZ1U2UlVrRWtWcitTTFA3NTdUWgozZWI4dmdPdEduMS9ienM3bzNBaS9kclkrcUI5Q2k1S3lPc3FHTG1US2xFaUtOYkcyR1ZyTWxjS0ZYQU80YTY3Cklnc1hzYktNbTQwV1U3cG9mcGltU1ZmaXFSdkV5YmN3N0NYODF6cFErUyt1eHRYK2VBZ3V0NHh3VlI5d2IyVXYKelhuZk9HbWhWNThDd1dIQnNKa0kxNXhaa2VUWXdSN0diaEFMSkZUUkk3dkhvQXprTWIzbjAxQjQyWjNrN3RXNQpJUDFmTlpIOFUvOWxiUHNoT21FRFZkdjF5ZytVRVJxbStGSis2R0oxeFJGcGZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + + ## The base64-encoded TLS key for the default HTTPS server. Note: If not specified, a pre-generated key is used. + ## Note: It is recommended that you specify your own key. + key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdi91RWM4b1JkMHUvZXVJTHNFK1RYZUprckxMMnNJNGFWaEMvYjVyYy9XMlRiNHEvClJOcktGMEdYaVN1eE9ycXgrajlnamx4NXFjdnhkenRKbXNFUkJ1Z1B0ME9hVGtIekhvb3FVWmcwZGxmZ1dkT0EKUTZMNTdlT1l0Q29VOUZ4amRXdzZUVVRJVUQ4R0JsRlNjSVo0b1hFTkhzbysyR3VTTWk2Zk1wTVM3YUhudzFtMApxWkdvRWEzWFNyZEJ6eGc2clhkcUNlUDlCMXl3VmRyYURiUzc1aGQzdUdETDU4cGszOVFqVUFQaHpxdmRoK1JWClZGNGJCaW9CbTVpeTlZTW1hWVhsMm0wTGZzeTZuUTRRdFFzdEdNVWozcGJtdlFmazJBNnljeGRFeFpkZFZsdmwKMm82MjBsMllxcHFDZEtCRThCay90elFIVTlKcU56cHpoOUJUTXdJREFRQUJBb0lCQVFDZklHbXowOHhRVmorNwpLZnZJUXQwQ0YzR2MxNld6eDhVNml4MHg4Mm15d1kxUUNlL3BzWE9LZlRxT1h1SENyUlp5TnUvZ2IvUUQ4bUFOCmxOMjRZTWl0TWRJODg5TEZoTkp3QU5OODJDeTczckM5bzVvUDlkazAvYzRIbjAzSkVYNzZ5QjgzQm9rR1FvYksKMjhMNk0rdHUzUmFqNjd6Vmc2d2szaEhrU0pXSzBwV1YrSjdrUkRWYmhDYUZhNk5nMUZNRWxhTlozVDhhUUtyQgpDUDNDeEFTdjYxWTk5TEI4KzNXWVFIK3NYaTVGM01pYVNBZ1BkQUk3WEh1dXFET1lvMU5PL0JoSGt1aVg2QnRtCnorNTZud2pZMy8yUytSRmNBc3JMTnIwMDJZZi9oY0IraVlDNzVWYmcydVd6WTY3TWdOTGQ5VW9RU3BDRkYrVm4KM0cyUnhybnhBb0dCQU40U3M0ZVlPU2huMVpQQjdhTUZsY0k2RHR2S2ErTGZTTXFyY2pOZjJlSEpZNnhubmxKdgpGenpGL2RiVWVTbWxSekR0WkdlcXZXaHFISy9iTjIyeWJhOU1WMDlRQ0JFTk5jNmtWajJTVHpUWkJVbEx4QzYrCk93Z0wyZHhKendWelU0VC84ajdHalRUN05BZVpFS2FvRHFyRG5BYWkyaW5oZU1JVWZHRXFGKzJyQW9HQkFOMVAKK0tZL0lsS3RWRzRKSklQNzBjUis3RmpyeXJpY05iWCtQVzUvOXFHaWxnY2grZ3l4b25BWlBpd2NpeDN3QVpGdwpaZC96ZFB2aTBkWEppc1BSZjRMazg5b2pCUmpiRmRmc2l5UmJYbyt3TFU4NUhRU2NGMnN5aUFPaTVBRHdVU0FkCm45YWFweUNweEFkREtERHdObit3ZFhtaTZ0OHRpSFRkK3RoVDhkaVpBb0dCQUt6Wis1bG9OOTBtYlF4VVh5YUwKMjFSUm9tMGJjcndsTmVCaWNFSmlzaEhYa2xpSVVxZ3hSZklNM2hhUVRUcklKZENFaHFsV01aV0xPb2I2NTNyZgo3aFlMSXM1ZUtka3o0aFRVdnpldm9TMHVXcm9CV2xOVHlGanIrSWhKZnZUc0hpOGdsU3FkbXgySkJhZUFVWUNXCndNdlQ4NmNLclNyNkQrZG8wS05FZzFsL0FvR0FlMkFVdHVFbFNqLzBmRzgrV3hHc1RFV1JqclRNUzRSUjhRWXQKeXdjdFA4aDZxTGxKUTRCWGxQU05rMXZLTmtOUkxIb2pZT2pCQTViYjhibXNVU1BlV09NNENoaFJ4QnlHbmR2eAphYkJDRkFwY0IvbEg4d1R0alVZYlN5T294ZGt5OEp0ek90ajJhS0FiZHd6NlArWDZDODhjZmxYVFo5MWpYL3RMCjF3TmRKS2tDZ1lCbyt0UzB5TzJ2SWFmK2UwSkN5TGhzVDQ5cTN3Zis2QWVqWGx2WDJ1VnRYejN5QTZnbXo5aCsKcDNlK2JMRUxwb3B0WFhNdUFRR0xhUkcrYlNNcjR5dERYbE5ZSndUeThXczNKY3dlSTdqZVp2b0ZpbmNvVlVIMwphdmxoTUVCRGYxSjltSDB5cDBwWUNaS2ROdHNvZEZtQktzVEtQMjJhTmtsVVhCS3gyZzR6cFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + + ## The secret with a TLS certificate and key for the default HTTPS server. + ## The value must follow the following format: `/`. + ## Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. + ## Format: / + secret: + + wildcardTLS: + ## The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. + ## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. + cert: "" + + ## The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. + ## If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. + key: "" + + ## The secret with a TLS certificate and key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. + ## The value must follow the following format: `/`. + ## Used as an alternative to specifying a certificate and key using `controller.wildcardTLS.cert` and `controller.wildcardTLS.key` parameters. + ## Format: / + secret: + + ## The node selector for pod assignment for the Ingress Controller pods. + nodeSelector: {} + + ## The termination grace period of the Ingress Controller pod. + terminationGracePeriodSeconds: 30 + + ## The resources of the Ingress Controller pods. + resources: {} + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 100m + # memory: 64Mi + + ## The tolerations of the Ingress Controller pods. + tolerations: [] + + ## The affinity of the Ingress Controller pods. + affinity: {} + + ## The volumes of the Ingress Controller pods. + volumes: [] + # - name: extra-conf + # configMap: + # name: extra-conf + + ## The volumeMounts of the Ingress Controller pods. + volumeMounts: [] + # - name: extra-conf + # mountPath: /etc/nginx/conf.d/extra.conf + # subPath: extra.conf + + ## InitContainers for the Ingress Controller pods. + initContainers: [] + # - name: init-container + # image: busybox:1.34 + # command: ['sh', '-c', 'echo this is initial setup!'] + + ## Extra containers for the Ingress Controller pods. + extraContainers: [] + # - name: container + # image: busybox:1.34 + # command: ['sh', '-c', 'echo this is a sidecar!'] + + ## The number of replicas of the Ingress Controller deployment. + replicaCount: 1 + + ## A class of the Ingress Controller. + + ## IngressClass resource with the name equal to the class must be deployed. Otherwise, + ## the Ingress Controller will fail to start. + ## The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. + + ## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes. + ingressClass: nginx + + ## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`. + setAsDefaultIngress: false + + ## Namespace to watch for Ingress resources. By default the Ingress Controller watches all namespaces. + watchNamespace: "" + + ## Enable the custom resources. + enableCustomResources: true + + ## Enable preview policies. This parameter is deprecated. To enable OIDC Policies please use controller.enableOIDC instead. + enablePreviewPolicies: false + + ## Enable OIDC policies. + enableOIDC: false + + ## Enable TLS Passthrough on port 443. Requires controller.enableCustomResources. + enableTLSPassthrough: false + + ## Enable cert manager for Virtual Server resources. Requires controller.enableCustomResources. + enableCertManager: false + + globalConfiguration: + ## Creates the GlobalConfiguration custom resource. Requires controller.enableCustomResources. + create: false + + ## The spec of the GlobalConfiguration for defining the global configuration parameters of the Ingress Controller. + spec: {} + # listeners: + # - name: dns-udp + # port: 5353 + # protocol: UDP + # - name: dns-tcp + # port: 5353 + # protocol: TCP + + ## Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. + enableSnippets: false + + ## Add a location based on the value of health-status-uri to the default server. The location responds with the 200 status code for any request. + ## Useful for external health-checking of the Ingress Controller. + healthStatus: false + + ## Sets the URI of health status location in the default server. Requires controller.healthStatus. + healthStatusURI: "/nginx-health" + + nginxStatus: + ## Enable the NGINX stub_status, or the NGINX Plus API. + enable: true + + ## Set the port where the NGINX stub_status or the NGINX Plus API is exposed. + port: 8080 + + ## Add IPv4 IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. Separate multiple IP/CIDR by commas. + allowCidrs: "127.0.0.1" + + service: + ## Creates a service to expose the Ingress Controller pods. + create: true + + ## The type of service to create for the Ingress Controller. + type: LoadBalancer + + ## The externalTrafficPolicy of the service. The value Local preserves the client source IP. + externalTrafficPolicy: Local + + ## The annotations of the Ingress Controller service. + annotations: {} + + ## The extra labels of the service. + extraLabels: {} + + ## The static IP address for the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature. + loadBalancerIP: "" + + ## The list of external IPs for the Ingress Controller service. + externalIPs: [] + + ## The IP ranges (CIDR) that are allowed to access the load balancer. Requires controller.service.type set to LoadBalancer. The cloud provider must support this feature. + loadBalancerSourceRanges: [] + + ## The name of the service + ## Autogenerated if not set or set to "". + # name: nginx-ingress + + httpPort: + ## Enables the HTTP port for the Ingress Controller service. + enable: true + + ## The HTTP port of the Ingress Controller service. + port: 80 + + ## The custom NodePort for the HTTP port. Requires controller.service.type set to NodePort. + nodePort: "" + + ## The HTTP port on the POD where the Ingress Controller service is running. + targetPort: 80 + + httpsPort: + ## Enables the HTTPS port for the Ingress Controller service. + enable: true + + ## The HTTPS port of the Ingress Controller service. + port: 443 + + ## The custom NodePort for the HTTPS port. Requires controller.service.type set to NodePort. + nodePort: "" + + ## The HTTPS port on the POD where the Ingress Controller service is running. + targetPort: 443 + + ## A list of custom ports to expose through the Ingress Controller service. Follows the conventional Kubernetes yaml syntax for service ports. + customPorts: [] + + serviceAccount: + ## The name of the service account of the Ingress Controller pods. Used for RBAC. + ## Autogenerated if not set or set to "". + # name: nginx-ingress + + ## The name of the secret containing docker registry credentials. + ## Secret must exist in the same namespace as the helm release. + imagePullSecretName: "" + + reportIngressStatus: + ## Updates the address field in the status of Ingress resources with an external address of the Ingress Controller. + ## You must also specify the source of the external address either through an external service via controller.reportIngressStatus.externalService, + ## controller.reportIngressStatus.ingressLink or the external-status-address entry in the ConfigMap via controller.config.entries. + ## Note: controller.config.entries.external-status-address takes precedence over the others. + enable: true + + ## Specifies the name of the service with the type LoadBalancer through which the Ingress Controller is exposed externally. + ## The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. + ## controller.reportIngressStatus.enable must be set to true. + ## The default is autogenerated and matches the created service (see controller.service.create). + # externalService: nginx-ingress + + ## Specifies the name of the IngressLink resource, which exposes the Ingress Controller pods via a BIG-IP system. + ## The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. + ## controller.reportIngressStatus.enable must be set to true. + ingressLink: "" + + ## Enable Leader election to avoid multiple replicas of the controller reporting the status of Ingress resources. controller.reportIngressStatus.enable must be set to true. + enableLeaderElection: true + + ## Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true. + ## Autogenerated if not set or set to "". + # leaderElectionLockName: "nginx-ingress-leader-election" + + ## The annotations of the leader election configmap. + annotations: {} + + pod: + ## The annotations of the Ingress Controller pod. + annotations: {} + + ## The additional extra labels of the Ingress Controller pod. + extraLabels: {} + + ## The PriorityClass of the ingress controller pods. + priorityClassName: + + readyStatus: + ## Enables readiness endpoint "/nginx-ready". The endpoint returns a success code when NGINX has loaded all the config after startup. + enable: true + + ## Set the port where the readiness endpoint is exposed. + port: 8081 + + ## Enable collection of latency metrics for upstreams. Requires prometheus.create. + enableLatencyMetrics: false + +rbac: + ## Configures RBAC. + create: true + +prometheus: + ## Expose NGINX or NGINX Plus metrics in the Prometheus format. + create: true + + ## Configures the port to scrape the metrics. + port: 9113 + + ## Specifies the namespace/name of a Kubernetes TLS Secret which will be used to protect the Prometheus endpoint. + secret: "" + + ## Configures the HTTP scheme used. + scheme: http + +nginxServiceMesh: + ## Enables integration with NGINX Service Mesh. + ## Requires controller.nginxplus + enable: false + + ## Enables NGINX Service Mesh workload to route egress traffic through the Ingress Controller. + ## Requires nginxServiceMesh.enable + enableEgress: false diff --git a/index.yaml b/index.yaml index dd3ee378c..cba32298f 100755 --- a/index.yaml +++ b/index.yaml @@ -2715,6 +2715,30 @@ entries: - assets/neuvector/neuvector-1.8.0.tgz version: 1.8.0 nginx-ingress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NGINX Ingress Controller + catalog.cattle.io/release-name: nginx-ingress-controller + apiVersion: v1 + appVersion: 2.2.0 + created: "2022-04-13T09:57:40.658923+01:00" + description: NGINX Ingress Controller + digest: 7717bdb2544f5f311040edb757225f5f13c522df6d7c27de61cd0d69ed7fbb91 + home: https://github.com/nginxinc/kubernetes-ingress + icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v2.2.0/deployments/helm-chart/chart-icon.png + keywords: + - ingress + - nginx + kubeVersion: 1.19 - 1.23 + maintainers: + - email: kubernetes@nginx.com + name: nginxinc + name: nginx-ingress + sources: + - https://github.com/nginxinc/kubernetes-ingress/tree/v2.2.0/deployments/helm-chart + urls: + - assets/nginx-ingress/nginx-ingress-0.13.0.tgz + version: 0.13.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NGINX Ingress Controller