diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 3d9d7d426..759ee4172 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -193,6 +193,7 @@ jobs: helm repo add kong https://charts.konghq.com helm dependency build charts/kong helm dependency build charts/ingress + helm dependency build charts/gateway-operator - name: run golden tests run: make test.golden diff --git a/Makefile b/Makefile index 93234e64f..b735f003d 100644 --- a/Makefile +++ b/Makefile @@ -55,13 +55,18 @@ lint.shellcheck: shellcheck .PHONY: test.golden test.golden: - @ $(MAKE) _chartsnap.kong && $(MAKE) _chartsnap.ingress || \ + @ \ + $(MAKE) _chartsnap CHART=kong && \ + $(MAKE) _chartsnap CHART=ingress && \ + $(MAKE) _chartsnap CHART=gateway-operator || \ (echo "$$GOLDEN_TEST_FAILURE_MSG" && exit 1) .PHONY: test.golden.update test.golden.update: - @ $(MAKE) _chartsnap.kong CHARTSNAP_ARGS="-u" - @ $(MAKE) _chartsnap.ingress CHARTSNAP_ARGS="-u" + helm repo update kong + @ $(MAKE) _chartsnap CHART=kong CHARTSNAP_ARGS="-u" + @ $(MAKE) _chartsnap CHART=ingress CHARTSNAP_ARGS="-u" + @ $(MAKE) _chartsnap CHART=gateway-operator CHARTSNAP_ARGS="-u" # Defining multi-line strings to echo: https://stackoverflow.com/a/649462/7958339 define GOLDEN_TEST_FAILURE_MSG @@ -70,18 +75,13 @@ define GOLDEN_TEST_FAILURE_MSG endef export GOLDEN_TEST_FAILURE_MSG -.PHONY: _chartsnap.kong -_chartsnap.kong: - @ $(MAKE) _chartsnap GOLDEN_TEST_CHART=kong GOLDEN_TEST_CHART_VALUES_DIR=./charts/kong/ci/ \ - CHARTSNAP_ARGS=$(CHARTSNAP_ARGS) - -.PHONY: _chartsnap.ingress -_chartsnap.ingress: - @ $(MAKE) _chartsnap GOLDEN_TEST_CHART=ingress GOLDEN_TEST_CHART_VALUES_DIR=./charts/ingress/ci/ \ - CHARTSNAP_ARGS=$(CHARTSNAP_ARGS) - .PHONY: _chartsnap -_chartsnap: chartsnap - @ helm repo update kong - @ helm dependencies update charts/ingress - @ helm chartsnap -c ./charts/$(GOLDEN_TEST_CHART) -f $(GOLDEN_TEST_CHART_VALUES_DIR) $(CHARTSNAP_ARGS) +.PHONY: _chartsnap +_chartsnap: _chartsnap.deps + helm chartsnap -c ./charts/$(CHART) -f ./charts/$(CHART)/ci/ $(CHARTSNAP_ARGS) + +.PHONY: _chartsnap.deps +_chartsnap.deps: chartsnap + @ if [ "$(CHART)" = "kong" ]; then \ + helm dependencies update charts/ingress; \ + fi diff --git a/charts/gateway-operator/ci/__snapshots__/affinity-values.snap b/charts/gateway-operator/ci/__snapshots__/affinity-values.snap new file mode 100644 index 000000000..4ae029a17 --- /dev/null +++ b/charts/gateway-operator/ci/__snapshots__/affinity-values.snap @@ -0,0 +1,810 @@ +# chartsnap: snapshot_version=v3 +--- +# Source: gateway-operator/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + - serviceaccounts/status + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + - kongclusterplugins + - kongcustomentities + - kongingresses + - konglicenses + - kongupstreampolicies + - tcpingresses + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates + - kongcertificates + - kongconsumergroups + - kongconsumers + - kongcredentialacls + - kongcredentialapikeys + - kongcredentialbasicauths + - kongcredentialhmacs + - kongcredentialjwts + - kongdataplaneclientcertificates + - kongkeys + - kongkeysets + - kongroutes + - kongservices + - kongsnis + - kongtargets + - kongupstreams + - kongvaults + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates/finalizers + - kongcacertificates/status + - kongcertificates/finalizers + - kongcertificates/status + - kongconsumergroups/finalizers + - kongconsumers/finalizers + - kongcredentialacls/finalizers + - kongcredentialacls/status + - kongcredentialapikeys/finalizers + - kongcredentialapikeys/status + - kongcredentialbasicauths/finalizers + - kongcredentialbasicauths/status + - kongcredentialhmacs/finalizers + - kongcredentialhmacs/status + - kongcredentialjwts/finalizers + - kongcredentialjwts/status + - kongdataplaneclientcertificates/finalizers + - kongdataplaneclientcertificates/status + - kongkeys/finalizers + - kongkeys/status + - kongkeysets/finalizers + - kongkeysets/status + - kongpluginbindings/status + - kongroutes/finalizers + - kongroutes/status + - kongservices/finalizers + - kongservices/status + - kongsnis/finalizers + - kongsnis/status + - kongtargets/finalizers + - kongtargets/status + - kongupstreams/finalizers + - kongupstreams/status + - kongvaults/finalizers + verbs: + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + - kongconsumergroups/status + - kongconsumers/status + - kongcustomentities/status + - kongingresses/status + - konglicenses/status + - kongplugins/status + - kongupstreampolicies/status + - kongvaults/status + - tcpingresses/status + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongpluginbindings + - kongplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways + - controlplanes + - dataplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/finalizers + - controlplanes/finalizers + - dataplanes/finalizers + verbs: + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/status + - controlplanes/status + - dataplanes/status + - kongplugininstallations/status + - konnectextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - dataplanemetricsextensions + - gatewayconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - kongplugininstallations + - konnectextensions + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - konnectextensions/finalizers + verbs: + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - grpcroutes + - referencegrants + - tcproutes + - tlsroutes + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + verbs: + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades + verbs: + - get + - list + - watch +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades/status + verbs: + - get + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations + - konnectgatewaycontrolplanes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/finalizers + - konnectgatewaycontrolplanes/finalizers + - konnectgatewaycontrolplanes/status + verbs: + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings/status + - clusterroles/status + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: chartsnap-gateway-operator-kong-mtls-secret-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - patch + - update +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-kong-mtls-secret-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-kong-mtls-secret-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chartsnap-gateway-operator-leader-election-role + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chartsnap-gateway-operator-leader-election-rolebinding + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-gateway-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: chartsnap-gateway-operator-metrics-service + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +# Source: gateway-operator/templates/services.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: kgo +--- +# Source: gateway-operator/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator-controller-manager + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: gateway-operator + app.kubernetes.io/component: kgo + app.kubernetes.io/instance: "chartsnap" + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + app: chartsnap-gateway-operator + version: "1.4" + spec: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: component + operator: NotIn + values: + - dummy + topologyKey: kubernetes.io/hostname + containers: + - name: manager + env: + - name: GATEWAY_OPERATOR_ANONYMOUS_REPORTS + value: "false" + - name: GATEWAY_OPERATOR_HEALTH_PROBE_BIND_ADDRESS + value: ":8081" + - name: GATEWAY_OPERATOR_METRICS_BIND_ADDRESS + value: "127.0.0.1:8080" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: "docker.io/kong/gateway-operator:1.4" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ports: + - containerPort: 8081 + name: probe + protocol: TCP + volumeMounts: + - name: chartsnap-gateway-operator-certs-dir + mountPath: /tmp/k8s-webhook-server/serving-certs + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + runAsNonRoot: true + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: chartsnap-gateway-operator-certs-dir + emptyDir: + sizeLimit: 256Mi diff --git a/charts/gateway-operator/ci/__snapshots__/disable-gateway-controller-values.snap b/charts/gateway-operator/ci/__snapshots__/disable-gateway-controller-values.snap new file mode 100644 index 000000000..3b2fea689 --- /dev/null +++ b/charts/gateway-operator/ci/__snapshots__/disable-gateway-controller-values.snap @@ -0,0 +1,802 @@ +# chartsnap: snapshot_version=v3 +--- +# Source: gateway-operator/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + - serviceaccounts/status + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + - kongclusterplugins + - kongcustomentities + - kongingresses + - konglicenses + - kongupstreampolicies + - tcpingresses + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates + - kongcertificates + - kongconsumergroups + - kongconsumers + - kongcredentialacls + - kongcredentialapikeys + - kongcredentialbasicauths + - kongcredentialhmacs + - kongcredentialjwts + - kongdataplaneclientcertificates + - kongkeys + - kongkeysets + - kongroutes + - kongservices + - kongsnis + - kongtargets + - kongupstreams + - kongvaults + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates/finalizers + - kongcacertificates/status + - kongcertificates/finalizers + - kongcertificates/status + - kongconsumergroups/finalizers + - kongconsumers/finalizers + - kongcredentialacls/finalizers + - kongcredentialacls/status + - kongcredentialapikeys/finalizers + - kongcredentialapikeys/status + - kongcredentialbasicauths/finalizers + - kongcredentialbasicauths/status + - kongcredentialhmacs/finalizers + - kongcredentialhmacs/status + - kongcredentialjwts/finalizers + - kongcredentialjwts/status + - kongdataplaneclientcertificates/finalizers + - kongdataplaneclientcertificates/status + - kongkeys/finalizers + - kongkeys/status + - kongkeysets/finalizers + - kongkeysets/status + - kongpluginbindings/status + - kongroutes/finalizers + - kongroutes/status + - kongservices/finalizers + - kongservices/status + - kongsnis/finalizers + - kongsnis/status + - kongtargets/finalizers + - kongtargets/status + - kongupstreams/finalizers + - kongupstreams/status + - kongvaults/finalizers + verbs: + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + - kongconsumergroups/status + - kongconsumers/status + - kongcustomentities/status + - kongingresses/status + - konglicenses/status + - kongplugins/status + - kongupstreampolicies/status + - kongvaults/status + - tcpingresses/status + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongpluginbindings + - kongplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways + - controlplanes + - dataplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/finalizers + - controlplanes/finalizers + - dataplanes/finalizers + verbs: + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/status + - controlplanes/status + - dataplanes/status + - kongplugininstallations/status + - konnectextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - dataplanemetricsextensions + - gatewayconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - kongplugininstallations + - konnectextensions + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - konnectextensions/finalizers + verbs: + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - grpcroutes + - referencegrants + - tcproutes + - tlsroutes + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + verbs: + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades + verbs: + - get + - list + - watch +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades/status + verbs: + - get + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations + - konnectgatewaycontrolplanes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/finalizers + - konnectgatewaycontrolplanes/finalizers + - konnectgatewaycontrolplanes/status + verbs: + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings/status + - clusterroles/status + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: chartsnap-gateway-operator-kong-mtls-secret-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - patch + - update +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-kong-mtls-secret-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-kong-mtls-secret-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chartsnap-gateway-operator-leader-election-role + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chartsnap-gateway-operator-leader-election-rolebinding + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-gateway-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: chartsnap-gateway-operator-metrics-service + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +# Source: gateway-operator/templates/services.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: kgo +--- +# Source: gateway-operator/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator-controller-manager + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: gateway-operator + app.kubernetes.io/component: kgo + app.kubernetes.io/instance: "chartsnap" + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + app: chartsnap-gateway-operator + version: "1.4" + spec: + containers: + - name: manager + env: + - name: GATEWAY_OPERATOR_ANONYMOUS_REPORTS + value: "false" + - name: GATEWAY_OPERATOR_ENABLE_GATEWAY_CONTROLLER + value: "false" + - name: GATEWAY_OPERATOR_HEALTH_PROBE_BIND_ADDRESS + value: ":8081" + - name: GATEWAY_OPERATOR_METRICS_BIND_ADDRESS + value: "127.0.0.1:8080" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: "docker.io/kong/gateway-operator:1.4" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ports: + - containerPort: 8081 + name: probe + protocol: TCP + volumeMounts: + - name: chartsnap-gateway-operator-certs-dir + mountPath: /tmp/k8s-webhook-server/serving-certs + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + runAsNonRoot: true + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: chartsnap-gateway-operator-certs-dir + emptyDir: + sizeLimit: 256Mi diff --git a/charts/gateway-operator/ci/__snapshots__/env-and-args-values.snap b/charts/gateway-operator/ci/__snapshots__/env-and-args-values.snap new file mode 100644 index 000000000..5a871841d --- /dev/null +++ b/charts/gateway-operator/ci/__snapshots__/env-and-args-values.snap @@ -0,0 +1,802 @@ +# chartsnap: snapshot_version=v3 +--- +# Source: gateway-operator/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + - serviceaccounts/status + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + - kongclusterplugins + - kongcustomentities + - kongingresses + - konglicenses + - kongupstreampolicies + - tcpingresses + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates + - kongcertificates + - kongconsumergroups + - kongconsumers + - kongcredentialacls + - kongcredentialapikeys + - kongcredentialbasicauths + - kongcredentialhmacs + - kongcredentialjwts + - kongdataplaneclientcertificates + - kongkeys + - kongkeysets + - kongroutes + - kongservices + - kongsnis + - kongtargets + - kongupstreams + - kongvaults + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates/finalizers + - kongcacertificates/status + - kongcertificates/finalizers + - kongcertificates/status + - kongconsumergroups/finalizers + - kongconsumers/finalizers + - kongcredentialacls/finalizers + - kongcredentialacls/status + - kongcredentialapikeys/finalizers + - kongcredentialapikeys/status + - kongcredentialbasicauths/finalizers + - kongcredentialbasicauths/status + - kongcredentialhmacs/finalizers + - kongcredentialhmacs/status + - kongcredentialjwts/finalizers + - kongcredentialjwts/status + - kongdataplaneclientcertificates/finalizers + - kongdataplaneclientcertificates/status + - kongkeys/finalizers + - kongkeys/status + - kongkeysets/finalizers + - kongkeysets/status + - kongpluginbindings/status + - kongroutes/finalizers + - kongroutes/status + - kongservices/finalizers + - kongservices/status + - kongsnis/finalizers + - kongsnis/status + - kongtargets/finalizers + - kongtargets/status + - kongupstreams/finalizers + - kongupstreams/status + - kongvaults/finalizers + verbs: + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + - kongconsumergroups/status + - kongconsumers/status + - kongcustomentities/status + - kongingresses/status + - konglicenses/status + - kongplugins/status + - kongupstreampolicies/status + - kongvaults/status + - tcpingresses/status + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongpluginbindings + - kongplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways + - controlplanes + - dataplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/finalizers + - controlplanes/finalizers + - dataplanes/finalizers + verbs: + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/status + - controlplanes/status + - dataplanes/status + - kongplugininstallations/status + - konnectextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - dataplanemetricsextensions + - gatewayconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - kongplugininstallations + - konnectextensions + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - konnectextensions/finalizers + verbs: + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - grpcroutes + - referencegrants + - tcproutes + - tlsroutes + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + verbs: + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades + verbs: + - get + - list + - watch +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades/status + verbs: + - get + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations + - konnectgatewaycontrolplanes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/finalizers + - konnectgatewaycontrolplanes/finalizers + - konnectgatewaycontrolplanes/status + verbs: + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings/status + - clusterroles/status + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: chartsnap-gateway-operator-kong-mtls-secret-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - patch + - update +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-kong-mtls-secret-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-kong-mtls-secret-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chartsnap-gateway-operator-leader-election-role + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chartsnap-gateway-operator-leader-election-rolebinding + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-gateway-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: chartsnap-gateway-operator-metrics-service + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +# Source: gateway-operator/templates/services.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: kgo +--- +# Source: gateway-operator/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator-controller-manager + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: gateway-operator + app.kubernetes.io/component: kgo + app.kubernetes.io/instance: "chartsnap" + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + app: chartsnap-gateway-operator + version: "1.4" + spec: + containers: + - name: manager + args: + - --zap-log-level=debug + env: + - name: GATEWAY_OPERATOR_ENABLE_CONTROLLER_GATEWAY + value: "false" + - name: GATEWAY_OPERATOR_HEALTH_PROBE_BIND_ADDRESS + value: ":8081" + - name: GATEWAY_OPERATOR_METRICS_BIND_ADDRESS + value: "127.0.0.1:8080" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: "docker.io/kong/gateway-operator:1.4" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ports: + - containerPort: 8081 + name: probe + protocol: TCP + volumeMounts: + - name: chartsnap-gateway-operator-certs-dir + mountPath: /tmp/k8s-webhook-server/serving-certs + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + runAsNonRoot: true + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: chartsnap-gateway-operator-certs-dir + emptyDir: + sizeLimit: 256Mi diff --git a/charts/gateway-operator/ci/__snapshots__/env-and-customenv-values.snap b/charts/gateway-operator/ci/__snapshots__/env-and-customenv-values.snap new file mode 100644 index 000000000..bfc02b78f --- /dev/null +++ b/charts/gateway-operator/ci/__snapshots__/env-and-customenv-values.snap @@ -0,0 +1,804 @@ +# chartsnap: snapshot_version=v3 +--- +# Source: gateway-operator/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + - serviceaccounts/status + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + - kongclusterplugins + - kongcustomentities + - kongingresses + - konglicenses + - kongupstreampolicies + - tcpingresses + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates + - kongcertificates + - kongconsumergroups + - kongconsumers + - kongcredentialacls + - kongcredentialapikeys + - kongcredentialbasicauths + - kongcredentialhmacs + - kongcredentialjwts + - kongdataplaneclientcertificates + - kongkeys + - kongkeysets + - kongroutes + - kongservices + - kongsnis + - kongtargets + - kongupstreams + - kongvaults + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates/finalizers + - kongcacertificates/status + - kongcertificates/finalizers + - kongcertificates/status + - kongconsumergroups/finalizers + - kongconsumers/finalizers + - kongcredentialacls/finalizers + - kongcredentialacls/status + - kongcredentialapikeys/finalizers + - kongcredentialapikeys/status + - kongcredentialbasicauths/finalizers + - kongcredentialbasicauths/status + - kongcredentialhmacs/finalizers + - kongcredentialhmacs/status + - kongcredentialjwts/finalizers + - kongcredentialjwts/status + - kongdataplaneclientcertificates/finalizers + - kongdataplaneclientcertificates/status + - kongkeys/finalizers + - kongkeys/status + - kongkeysets/finalizers + - kongkeysets/status + - kongpluginbindings/status + - kongroutes/finalizers + - kongroutes/status + - kongservices/finalizers + - kongservices/status + - kongsnis/finalizers + - kongsnis/status + - kongtargets/finalizers + - kongtargets/status + - kongupstreams/finalizers + - kongupstreams/status + - kongvaults/finalizers + verbs: + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + - kongconsumergroups/status + - kongconsumers/status + - kongcustomentities/status + - kongingresses/status + - konglicenses/status + - kongplugins/status + - kongupstreampolicies/status + - kongvaults/status + - tcpingresses/status + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongpluginbindings + - kongplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways + - controlplanes + - dataplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/finalizers + - controlplanes/finalizers + - dataplanes/finalizers + verbs: + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/status + - controlplanes/status + - dataplanes/status + - kongplugininstallations/status + - konnectextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - dataplanemetricsextensions + - gatewayconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - kongplugininstallations + - konnectextensions + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - konnectextensions/finalizers + verbs: + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - grpcroutes + - referencegrants + - tcproutes + - tlsroutes + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + verbs: + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades + verbs: + - get + - list + - watch +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades/status + verbs: + - get + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations + - konnectgatewaycontrolplanes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/finalizers + - konnectgatewaycontrolplanes/finalizers + - konnectgatewaycontrolplanes/status + verbs: + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings/status + - clusterroles/status + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: chartsnap-gateway-operator-kong-mtls-secret-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - patch + - update +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-kong-mtls-secret-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-kong-mtls-secret-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chartsnap-gateway-operator-leader-election-role + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chartsnap-gateway-operator-leader-election-rolebinding + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-gateway-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: chartsnap-gateway-operator-metrics-service + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +# Source: gateway-operator/templates/services.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: kgo +--- +# Source: gateway-operator/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator-controller-manager + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: gateway-operator + app.kubernetes.io/component: kgo + app.kubernetes.io/instance: "chartsnap" + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + app: chartsnap-gateway-operator + version: "1.4" + spec: + containers: + - name: manager + env: + - name: GATEWAY_OPERATOR_ANONYMOUS_REPORTS + value: "false" + - name: GATEWAY_OPERATOR_ENABLE_CONTROLLER_GATEWAY + value: "false" + - name: TZ + value: "Europe/Berlin" + - name: GATEWAY_OPERATOR_HEALTH_PROBE_BIND_ADDRESS + value: ":8081" + - name: GATEWAY_OPERATOR_METRICS_BIND_ADDRESS + value: "127.0.0.1:8080" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: "docker.io/kong/gateway-operator:1.4" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ports: + - containerPort: 8081 + name: probe + protocol: TCP + volumeMounts: + - name: chartsnap-gateway-operator-certs-dir + mountPath: /tmp/k8s-webhook-server/serving-certs + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + runAsNonRoot: true + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: chartsnap-gateway-operator-certs-dir + emptyDir: + sizeLimit: 256Mi diff --git a/charts/gateway-operator/ci/__snapshots__/extra-labels-values.snap b/charts/gateway-operator/ci/__snapshots__/extra-labels-values.snap new file mode 100644 index 000000000..4223f388f --- /dev/null +++ b/charts/gateway-operator/ci/__snapshots__/extra-labels-values.snap @@ -0,0 +1,802 @@ +# chartsnap: snapshot_version=v3 +--- +# Source: gateway-operator/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + - serviceaccounts/status + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + - kongclusterplugins + - kongcustomentities + - kongingresses + - konglicenses + - kongupstreampolicies + - tcpingresses + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates + - kongcertificates + - kongconsumergroups + - kongconsumers + - kongcredentialacls + - kongcredentialapikeys + - kongcredentialbasicauths + - kongcredentialhmacs + - kongcredentialjwts + - kongdataplaneclientcertificates + - kongkeys + - kongkeysets + - kongroutes + - kongservices + - kongsnis + - kongtargets + - kongupstreams + - kongvaults + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates/finalizers + - kongcacertificates/status + - kongcertificates/finalizers + - kongcertificates/status + - kongconsumergroups/finalizers + - kongconsumers/finalizers + - kongcredentialacls/finalizers + - kongcredentialacls/status + - kongcredentialapikeys/finalizers + - kongcredentialapikeys/status + - kongcredentialbasicauths/finalizers + - kongcredentialbasicauths/status + - kongcredentialhmacs/finalizers + - kongcredentialhmacs/status + - kongcredentialjwts/finalizers + - kongcredentialjwts/status + - kongdataplaneclientcertificates/finalizers + - kongdataplaneclientcertificates/status + - kongkeys/finalizers + - kongkeys/status + - kongkeysets/finalizers + - kongkeysets/status + - kongpluginbindings/status + - kongroutes/finalizers + - kongroutes/status + - kongservices/finalizers + - kongservices/status + - kongsnis/finalizers + - kongsnis/status + - kongtargets/finalizers + - kongtargets/status + - kongupstreams/finalizers + - kongupstreams/status + - kongvaults/finalizers + verbs: + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + - kongconsumergroups/status + - kongconsumers/status + - kongcustomentities/status + - kongingresses/status + - konglicenses/status + - kongplugins/status + - kongupstreampolicies/status + - kongvaults/status + - tcpingresses/status + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongpluginbindings + - kongplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways + - controlplanes + - dataplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/finalizers + - controlplanes/finalizers + - dataplanes/finalizers + verbs: + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/status + - controlplanes/status + - dataplanes/status + - kongplugininstallations/status + - konnectextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - dataplanemetricsextensions + - gatewayconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - kongplugininstallations + - konnectextensions + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - konnectextensions/finalizers + verbs: + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - grpcroutes + - referencegrants + - tcproutes + - tlsroutes + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + verbs: + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades + verbs: + - get + - list + - watch +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades/status + verbs: + - get + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations + - konnectgatewaycontrolplanes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/finalizers + - konnectgatewaycontrolplanes/finalizers + - konnectgatewaycontrolplanes/status + verbs: + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings/status + - clusterroles/status + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: chartsnap-gateway-operator-kong-mtls-secret-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - patch + - update +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-kong-mtls-secret-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-kong-mtls-secret-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chartsnap-gateway-operator-leader-election-role + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chartsnap-gateway-operator-leader-election-rolebinding + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-gateway-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: chartsnap-gateway-operator-metrics-service + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +# Source: gateway-operator/templates/services.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: kgo +--- +# Source: gateway-operator/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + a: "b" + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator-controller-manager + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: gateway-operator + app.kubernetes.io/component: kgo + app.kubernetes.io/instance: "chartsnap" + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + a: "b" + app.kubernetes.io/component: kgo + app: chartsnap-gateway-operator + version: "1.4" + spec: + containers: + - name: manager + env: + - name: GATEWAY_OPERATOR_ANONYMOUS_REPORTS + value: "false" + - name: GATEWAY_OPERATOR_HEALTH_PROBE_BIND_ADDRESS + value: ":8081" + - name: GATEWAY_OPERATOR_METRICS_BIND_ADDRESS + value: "127.0.0.1:8080" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: "docker.io/kong/gateway-operator:1.4" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ports: + - containerPort: 8081 + name: probe + protocol: TCP + volumeMounts: + - name: chartsnap-gateway-operator-certs-dir + mountPath: /tmp/k8s-webhook-server/serving-certs + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + runAsNonRoot: true + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: chartsnap-gateway-operator-certs-dir + emptyDir: + sizeLimit: 256Mi diff --git a/charts/gateway-operator/ci/__snapshots__/probes-and-args-values.snap b/charts/gateway-operator/ci/__snapshots__/probes-and-args-values.snap new file mode 100644 index 000000000..09148c02a --- /dev/null +++ b/charts/gateway-operator/ci/__snapshots__/probes-and-args-values.snap @@ -0,0 +1,802 @@ +# chartsnap: snapshot_version=v3 +--- +# Source: gateway-operator/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + - serviceaccounts/status + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + - kongclusterplugins + - kongcustomentities + - kongingresses + - konglicenses + - kongupstreampolicies + - tcpingresses + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates + - kongcertificates + - kongconsumergroups + - kongconsumers + - kongcredentialacls + - kongcredentialapikeys + - kongcredentialbasicauths + - kongcredentialhmacs + - kongcredentialjwts + - kongdataplaneclientcertificates + - kongkeys + - kongkeysets + - kongroutes + - kongservices + - kongsnis + - kongtargets + - kongupstreams + - kongvaults + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates/finalizers + - kongcacertificates/status + - kongcertificates/finalizers + - kongcertificates/status + - kongconsumergroups/finalizers + - kongconsumers/finalizers + - kongcredentialacls/finalizers + - kongcredentialacls/status + - kongcredentialapikeys/finalizers + - kongcredentialapikeys/status + - kongcredentialbasicauths/finalizers + - kongcredentialbasicauths/status + - kongcredentialhmacs/finalizers + - kongcredentialhmacs/status + - kongcredentialjwts/finalizers + - kongcredentialjwts/status + - kongdataplaneclientcertificates/finalizers + - kongdataplaneclientcertificates/status + - kongkeys/finalizers + - kongkeys/status + - kongkeysets/finalizers + - kongkeysets/status + - kongpluginbindings/status + - kongroutes/finalizers + - kongroutes/status + - kongservices/finalizers + - kongservices/status + - kongsnis/finalizers + - kongsnis/status + - kongtargets/finalizers + - kongtargets/status + - kongupstreams/finalizers + - kongupstreams/status + - kongvaults/finalizers + verbs: + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + - kongconsumergroups/status + - kongconsumers/status + - kongcustomentities/status + - kongingresses/status + - konglicenses/status + - kongplugins/status + - kongupstreampolicies/status + - kongvaults/status + - tcpingresses/status + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongpluginbindings + - kongplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways + - controlplanes + - dataplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/finalizers + - controlplanes/finalizers + - dataplanes/finalizers + verbs: + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/status + - controlplanes/status + - dataplanes/status + - kongplugininstallations/status + - konnectextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - dataplanemetricsextensions + - gatewayconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - kongplugininstallations + - konnectextensions + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - konnectextensions/finalizers + verbs: + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - grpcroutes + - referencegrants + - tcproutes + - tlsroutes + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + verbs: + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades + verbs: + - get + - list + - watch +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades/status + verbs: + - get + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations + - konnectgatewaycontrolplanes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/finalizers + - konnectgatewaycontrolplanes/finalizers + - konnectgatewaycontrolplanes/status + verbs: + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings/status + - clusterroles/status + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: chartsnap-gateway-operator-kong-mtls-secret-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - patch + - update +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-kong-mtls-secret-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-kong-mtls-secret-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chartsnap-gateway-operator-leader-election-role + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chartsnap-gateway-operator-leader-election-rolebinding + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-gateway-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: chartsnap-gateway-operator-metrics-service + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +# Source: gateway-operator/templates/services.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: kgo +--- +# Source: gateway-operator/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator-controller-manager + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: gateway-operator + app.kubernetes.io/component: kgo + app.kubernetes.io/instance: "chartsnap" + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + app: chartsnap-gateway-operator + version: "1.4" + spec: + containers: + - name: manager + args: + - --zap-log-level=debug + env: + - name: GATEWAY_OPERATOR_ANONYMOUS_REPORTS + value: "false" + - name: GATEWAY_OPERATOR_HEALTH_PROBE_BIND_ADDRESS + value: ":8081" + - name: GATEWAY_OPERATOR_METRICS_BIND_ADDRESS + value: "127.0.0.1:8080" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: "docker.io/kong/gateway-operator:1.4" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ports: + - containerPort: 8081 + name: probe + protocol: TCP + volumeMounts: + - name: chartsnap-gateway-operator-certs-dir + mountPath: /tmp/k8s-webhook-server/serving-certs + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + runAsNonRoot: true + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: chartsnap-gateway-operator-certs-dir + emptyDir: + sizeLimit: 256Mi diff --git a/charts/gateway-operator/ci/__snapshots__/tolerations-values.snap b/charts/gateway-operator/ci/__snapshots__/tolerations-values.snap new file mode 100644 index 000000000..f8fc257b6 --- /dev/null +++ b/charts/gateway-operator/ci/__snapshots__/tolerations-values.snap @@ -0,0 +1,804 @@ +# chartsnap: snapshot_version=v3 +--- +# Source: gateway-operator/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + - serviceaccounts/status + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + - kongclusterplugins + - kongcustomentities + - kongingresses + - konglicenses + - kongupstreampolicies + - tcpingresses + - udpingresses + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates + - kongcertificates + - kongconsumergroups + - kongconsumers + - kongcredentialacls + - kongcredentialapikeys + - kongcredentialbasicauths + - kongcredentialhmacs + - kongcredentialjwts + - kongdataplaneclientcertificates + - kongkeys + - kongkeysets + - kongroutes + - kongservices + - kongsnis + - kongtargets + - kongupstreams + - kongvaults + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcacertificates/finalizers + - kongcacertificates/status + - kongcertificates/finalizers + - kongcertificates/status + - kongconsumergroups/finalizers + - kongconsumers/finalizers + - kongcredentialacls/finalizers + - kongcredentialacls/status + - kongcredentialapikeys/finalizers + - kongcredentialapikeys/status + - kongcredentialbasicauths/finalizers + - kongcredentialbasicauths/status + - kongcredentialhmacs/finalizers + - kongcredentialhmacs/status + - kongcredentialjwts/finalizers + - kongcredentialjwts/status + - kongdataplaneclientcertificates/finalizers + - kongdataplaneclientcertificates/status + - kongkeys/finalizers + - kongkeys/status + - kongkeysets/finalizers + - kongkeysets/status + - kongpluginbindings/status + - kongroutes/finalizers + - kongroutes/status + - kongservices/finalizers + - kongservices/status + - kongsnis/finalizers + - kongsnis/status + - kongtargets/finalizers + - kongtargets/status + - kongupstreams/finalizers + - kongupstreams/status + - kongvaults/finalizers + verbs: + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + - kongconsumergroups/status + - kongconsumers/status + - kongcustomentities/status + - kongingresses/status + - konglicenses/status + - kongplugins/status + - kongupstreampolicies/status + - kongvaults/status + - tcpingresses/status + - udpingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - configuration.konghq.com + resources: + - kongpluginbindings + - kongplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways + - controlplanes + - dataplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/finalizers + - controlplanes/finalizers + - dataplanes/finalizers + verbs: + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - aigateways/status + - controlplanes/status + - dataplanes/status + - kongplugininstallations/status + - konnectextensions/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway-operator.konghq.com + resources: + - dataplanemetricsextensions + - gatewayconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - kongplugininstallations + - konnectextensions + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway-operator.konghq.com + resources: + - konnectextensions/finalizers + verbs: + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - grpcroutes + - referencegrants + - tcproutes + - tlsroutes + - udproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - grpcroutes/status + verbs: + - get + - patch + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + verbs: + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: + - get + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants/status + verbs: + - get +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades + verbs: + - get + - list + - watch +- apiGroups: + - incubator.ingress-controller.konghq.com + resources: + - kongservicefacades/status + verbs: + - get + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations + - konnectgatewaycontrolplanes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/finalizers + - konnectgatewaycontrolplanes/finalizers + - konnectgatewaycontrolplanes/status + verbs: + - patch + - update +- apiGroups: + - konnect.konghq.com + resources: + - konnectapiauthconfigurations/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings/status + - clusterroles/status + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: chartsnap-gateway-operator-kong-mtls-secret-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - patch + - update +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chartsnap-gateway-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-kong-mtls-secret-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-kong-mtls-secret-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: chartsnap-gateway-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-gateway-operator-proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chartsnap-gateway-operator-leader-election-role + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chartsnap-gateway-operator-leader-election-rolebinding + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-gateway-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: default +--- +# Source: gateway-operator/templates/rbac-resources.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: chartsnap-gateway-operator-metrics-service + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +# Source: gateway-operator/templates/services.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator + namespace: default +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: kgo +--- +# Source: gateway-operator/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + name: chartsnap-gateway-operator-controller-manager + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: gateway-operator + app.kubernetes.io/component: kgo + app.kubernetes.io/instance: "chartsnap" + strategy: + type: Recreate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + app.kubernetes.io/name: gateway-operator + helm.sh/chart: gateway-operator-0.4.2 + app.kubernetes.io/instance: "chartsnap" + app.kubernetes.io/version: "1.4" + app.kubernetes.io/component: kgo + app: chartsnap-gateway-operator + version: "1.4" + spec: + tolerations: + - effect: NoSchedule + key: example-key + operator: Exists + containers: + - name: manager + env: + - name: GATEWAY_OPERATOR_ANONYMOUS_REPORTS + value: "false" + - name: GATEWAY_OPERATOR_HEALTH_PROBE_BIND_ADDRESS + value: ":8081" + - name: GATEWAY_OPERATOR_METRICS_BIND_ADDRESS + value: "127.0.0.1:8080" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: "docker.io/kong/gateway-operator:1.4" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 1 + periodSeconds: 1 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + ports: + - containerPort: 8081 + name: probe + protocol: TCP + volumeMounts: + - name: chartsnap-gateway-operator-certs-dir + mountPath: /tmp/k8s-webhook-server/serving-certs + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + runAsNonRoot: true + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: chartsnap-gateway-operator-certs-dir + emptyDir: + sizeLimit: 256Mi