diff --git a/.gitattributes b/.gitattributes index c371f80bf..132b4eae5 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ charts/kong/ci/__snapshots__/*.snap linguist-generated=true +charts/ingress/ci/__snapshots__/*.snap linguist-generated=true diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 131d9d9cb..970095315 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -171,7 +171,9 @@ jobs: - name: build helm chart dependency run: | helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add kong https://charts.konghq.com helm dependency build charts/kong + helm dependency build charts/ingress - name: run golden tests run: make test.golden diff --git a/Makefile b/Makefile index 3044eb061..0b65cec85 100644 --- a/Makefile +++ b/Makefile @@ -28,9 +28,15 @@ lint.charts.kong: lint.shellcheck: shellcheck ./scripts/* -GOLDEN_TEST_CHART ?= kong -GOLDEN_TEST_CHART_VALUES_DIR ?= ./charts/kong/ci/ -CHARTSNAP_COMMAND = helm chartsnap -c ./charts/$(GOLDEN_TEST_CHART) -f $(GOLDEN_TEST_CHART_VALUES_DIR) +.PHONY: test.golden +test.golden: + @ $(MAKE) _chartsnap.kong && $(MAKE) _chartsnap.ingress || \ + (echo "$$GOLDEN_TEST_FAILURE_MSG" && exit 1) + +.PHONY: test.golden.update +test.golden.update: + @ $(MAKE) _chartsnap.kong CHARTSNAP_ARGS="-u" + @ $(MAKE) _chartsnap.ingress CHARTSNAP_ARGS="-u" # Defining multi-line strings to echo: https://stackoverflow.com/a/649462/7958339 define GOLDEN_TEST_FAILURE_MSG @@ -39,12 +45,16 @@ define GOLDEN_TEST_FAILURE_MSG endef export GOLDEN_TEST_FAILURE_MSG -.PHONY: test.golden -test.golden: chartsnap - @ $(CHARTSNAP_COMMAND) || \ - (echo "$$GOLDEN_TEST_FAILURE_MSG" && \ - exit 1) +.PHONY: _chartsnap.kong +_chartsnap.kong: + @ $(MAKE) _chartsnap GOLDEN_TEST_CHART=kong GOLDEN_TEST_CHART_VALUES_DIR=./charts/kong/ci/ \ + CHARTSNAP_ARGS=$(CHARTSNAP_ARGS) -.PHONY: test.golden.update -test.golden.update: chartsnap - $(CHARTSNAP_COMMAND) -u +.PHONY: _chartsnap.ingress +_chartsnap.ingress: + @ $(MAKE) _chartsnap GOLDEN_TEST_CHART=ingress GOLDEN_TEST_CHART_VALUES_DIR=./charts/ingress/ci/ \ + CHARTSNAP_ARGS=$(CHARTSNAP_ARGS) + +.PHONY: _chartsnap +_chartsnap: chartsnap + @ helm chartsnap -c ./charts/$(GOLDEN_TEST_CHART) -f $(GOLDEN_TEST_CHART_VALUES_DIR) $(CHARTSNAP_ARGS) diff --git a/charts/ingress/ci/.chartsnap.yaml b/charts/ingress/ci/.chartsnap.yaml new file mode 100644 index 000000000..24ffb895d --- /dev/null +++ b/charts/ingress/ci/.chartsnap.yaml @@ -0,0 +1,38 @@ +# It's a configuration file used by helm-chartsnap to ignore dynamically generated fields +# when comparing the chart's snapshot with the rendered chart. +# See https://github.com/jlandowner/helm-chartsnap?tab=readme-ov-file#handling-dynamic-values-. +dynamicFields: + - apiVersion: v1 + kind: Secret + name: chartsnap-postgresql + jsonPath: + - /data/postgres-password + - apiVersion: v1 + kind: Secret + name: chartsnap-controller-validation-webhook-keypair + jsonPath: + - /data/tls.crt + - /data/tls.key + - apiVersion: v1 + kind: Secret + name: chartsnap-controller-validation-webhook-ca-keypair + jsonPath: + - /data/tls.crt + - /data/tls.key + - apiVersion: v1 + kind: Secret + name: chartsnap-controller-admin-api-keypair + jsonPath: + - /data/tls.crt + - /data/tls.key + - apiVersion: v1 + kind: Secret + name: chartsnap-controller-admin-api-ca-keypair + jsonPath: + - /data/tls.crt + - /data/tls.key + - apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + name: chartsnap-controller-validations + jsonPath: + - /webhooks/0/clientConfig/caBundle diff --git a/charts/ingress/ci/__snapshots__/gateway-discovery-values.snap b/charts/ingress/ci/__snapshots__/gateway-discovery-values.snap new file mode 100644 index 000000000..5d1751421 --- /dev/null +++ b/charts/ingress/ci/__snapshots__/gateway-discovery-values.snap @@ -0,0 +1,1060 @@ +[gateway-discovery-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-controller-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: controller + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-controller-token + traffic.kuma.io/exclude-outbound-ports: \"8444\" + traffic.sidecar.istio.io/excludeOutboundPorts: \"8444\" + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-controller + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + version: \"3.6\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: \"false\" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_SVC + value: default/chartsnap-gateway-admin + - name: CONTROLLER_KONG_ADMIN_TLS_CLIENT_CERT_FILE + value: /etc/secrets/admin-api-cert/tls.crt + - name: CONTROLLER_KONG_ADMIN_TLS_CLIENT_KEY_FILE + value: /etc/secrets/admin-api-cert/tls.key + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-gateway-proxy + image: kong/kubernetes-ingress-controller:3.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-controller-token + readOnly: true + - mountPath: /etc/secrets/admin-api-cert + name: admin-api-cert + readOnly: true + securityContext: {} + serviceAccountName: chartsnap-controller + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-controller-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-controller-tmp + - name: chartsnap-controller-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-controller-validation-webhook-keypair + - name: admin-api-cert + secret: + secretName: chartsnap-controller-admin-api-keypair +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gateway + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: gateway-2.37.0 + name: chartsnap-gateway + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: gateway + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-gateway-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-gateway + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gateway + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: gateway-2.37.0 + version: \"3.6\" + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROLE + value: traditional + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.6 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8444 + name: admin-tls + protocol: TCP + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-gateway-prefix-dir + - mountPath: /tmp + name: chartsnap-gateway-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROLE + value: traditional + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.6 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-gateway-prefix-dir + - mountPath: /tmp + name: chartsnap-gateway-tmp + securityContext: {} + serviceAccountName: chartsnap-gateway + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-gateway-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-gateway-tmp + - name: chartsnap-gateway-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - konglicenses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-controller + subjects: + - kind: ServiceAccount + name: chartsnap-controller + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-controller + subjects: + - kind: ServiceAccount + name: chartsnap-controller + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller-admin-api-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller-admin-api-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gateway + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: gateway-2.37.0 + name: chartsnap-gateway-admin + namespace: default + spec: + clusterIP: None + ports: + - name: kong-admin-tls + port: 8444 + protocol: TCP + targetPort: 8444 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: gateway + type: ClusterIP +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gateway + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: gateway-2.37.0 + name: chartsnap-gateway-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: gateway + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gateway + app.kubernetes.io/version: \"3.6\" + enable-metrics: \"true\" + helm.sh/chart: gateway-2.37.0 + name: chartsnap-gateway-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: gateway + type: LoadBalancer +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: controller + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: controller-2.37.0 + name: chartsnap-controller + namespace: default +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: gateway + app.kubernetes.io/version: \"3.6\" + helm.sh/chart: gateway-2.37.0 + name: chartsnap-gateway + namespace: default +"""