Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-06 06:58:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/contour] Sync upstream CRD and templates (#15371)

Browse Source 
Updates the CRDs from the upstream project to match the appVersion of the chart. Also removes the liveness probe from the envoy shutdown-manager as this was removed in the 1.24 release too.

Fixes #15354

Signed-off-by: Paul Nicholson <brenix@gmail.com>
This commit is contained in:
Paul N
2023-03-09 03:04:55 -08:00
committed by GitHub
parent 800022c4ac
commit 34db3aee0e
8 changed files with 6498 additions and 3891 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/contour/Chart.yaml
View File

@@ -25,4 +25,4 @@ sources:
- https://github.com/envoyproxy/envoy
- https://github.com/bitnami/containers/tree/main/bitnami/contour
- https://projectcontour.io
version: 11.0.1
version: 11.0.2

1321
bitnami/contour/resources/contourconfiguration.yaml
View File

File diff suppressed because it is too large Load Diff

4425
bitnami/contour/resources/contourdeployments.yaml
View File

File diff suppressed because it is too large Load Diff

632
bitnami/contour/resources/extensionservices.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
controller-gen.kubebuilder.io/version: v0.11.2
creationTimestamp: null
name: extensionservices.projectcontour.io
spec:
@@ -13,257 +13,409 @@ spec:
listKind: ExtensionServiceList
plural: extensionservices
shortNames:
- extensionservice
- extensionservices
- extensionservice
- extensionservices
singular: extensionservice
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ExtensionService is the schema for the Contour extension services API. An ExtensionService resource binds a network service to the Contour API so that Contour API features can be implemented by collaborating components.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ExtensionServiceSpec defines the desired state of an ExtensionService resource.
properties:
loadBalancerPolicy:
description: The policy for load balancing GRPC service requests. Note that the `Cookie` and `RequestHash` load balancing strategies cannot be used here.
- name: v1alpha1
schema:
openAPIV3Schema:
description: ExtensionService is the schema for the Contour extension services
API. An ExtensionService resource binds a network service to the Contour
API so that Contour API features can be implemented by collaborating components.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ExtensionServiceSpec defines the desired state of an ExtensionService
resource.
properties:
loadBalancerPolicy:
description: The policy for load balancing GRPC service requests.
Note that the `Cookie` and `RequestHash` load balancing strategies
cannot be used here.
properties:
requestHashPolicies:
description: RequestHashPolicies contains a list of hash policies
to apply when the `RequestHash` load balancing strategy is chosen.
If an element of the supplied list of hash policies is invalid,
it will be ignored. If the list of hash policies is empty after
validation, the load balancing strategy will fall back the the
default `RoundRobin`.
items:
description: RequestHashPolicy contains configuration for an
individual hash policy on a request attribute.
properties:
hashSourceIP:
description: HashSourceIP should be set to true when request
source IP hash based load balancing is desired. It must
be the only hash option field set, otherwise this request
hash policy object will be ignored.
type: boolean
headerHashOptions:
description: HeaderHashOptions should be set when request
header hash based load balancing is desired. It must be
the only hash option field set, otherwise this request
hash policy object will be ignored.
properties:
headerName:
description: HeaderName is the name of the HTTP request
header that will be used to calculate the hash key.
If the header specified is not present on a request,
no hash will be produced.
minLength: 1
type: string
type: object
queryParameterHashOptions:
description: QueryParameterHashOptions should be set when
request query parameter hash based load balancing is desired.
It must be the only hash option field set, otherwise this
request hash policy object will be ignored.
properties:
parameterName:
description: ParameterName is the name of the HTTP request
query parameter that will be used to calculate the
hash key. If the query parameter specified is not
present on a request, no hash will be produced.
minLength: 1
type: string
type: object
terminal:
description: Terminal is a flag that allows for short-circuiting
computing of a hash for a given request. If set to true,
and the request attribute specified in the attribute hash
options is present, no further hash policies will be used
to calculate a hash for the request.
type: boolean
type: object
type: array
strategy:
description: Strategy specifies the policy used to balance requests
across the pool of backend pods. Valid policy names are `Random`,
`RoundRobin`, `WeightedLeastRequest`, `Cookie`, and `RequestHash`.
If an unknown strategy name is specified or no policy is supplied,
the default `RoundRobin` policy is used.
type: string
type: object
protocol:
description: Protocol may be used to specify (or override) the protocol
used to reach this Service. Values may be h2 or h2c. If omitted,
protocol-selection falls back on Service annotations.
enum:
- h2
- h2c
type: string
protocolVersion:
description: This field sets the version of the GRPC protocol that
Envoy uses to send requests to the extension service. Since Contour
always uses the v3 Envoy API, this is currently fixed at "v3". However,
other protocol options will be available in future.
enum:
- v3
type: string
services:
description: Services specifies the set of Kubernetes Service resources
that receive GRPC extension API requests. If no weights are specified
for any of the entries in this array, traffic will be spread evenly
across all the services. Otherwise, traffic is balanced proportionally
to the Weight field in each entry.
items:
description: ExtensionServiceTarget defines an Kubernetes Service
to target with extension service traffic.
properties:
requestHashPolicies:
description: RequestHashPolicies contains a list of hash policies to apply when the `RequestHash` load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back the the default `RoundRobin`.
name:
description: Name is the name of Kubernetes service that will
accept service traffic.
type: string
port:
description: Port (defined as Integer) to proxy traffic to since
a service can have multiple defined.
exclusiveMaximum: true
maximum: 65536
minimum: 1
type: integer
weight:
description: Weight defines proportion of traffic to balance
to the Kubernetes Service.
format: int32
type: integer
required:
- name
- port
type: object
minItems: 1
type: array
timeoutPolicy:
description: The timeout policy for requests to the services.
properties:
idle:
description: Timeout for how long the proxy should wait while
there is no activity during single request/response (for HTTP/1.1)
or stream (for HTTP/2). Timeout will not trigger while HTTP/1.1
connection is idle between two consecutive requests. If not
specified, there is no per-route idle timeout, though a connection
manager-wide stream_idle_timeout default of 5m still applies.
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
type: string
idleConnection:
description: Timeout for how long connection from the proxy to
the upstream service is kept when there are no active requests.
If not supplied, Envoy's default value of 1h applies.
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
type: string
response:
description: Timeout for receiving a response from the server
after processing a request from client. If not supplied, Envoy's
default value of 15s applies.
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
type: string
type: object
validation:
description: UpstreamValidation defines how to verify the backend
service's certificate
properties:
caSecret:
description: Name or namespaced name of the Kubernetes secret
used to validate the certificate presented by the backend. The
secret must contain key named ca.crt.
type: string
subjectName:
description: Key which is expected to be present in the 'subjectAltName'
of the presented certificate.
type: string
required:
- caSecret
- subjectName
type: object
required:
- services
type: object
status:
description: ExtensionServiceStatus defines the observed state of an ExtensionService
resource.
properties:
conditions:
description: "Conditions contains the current status of the ExtensionService
resource. \n Contour will update a single condition, `Valid`, that
is in normal-true polarity. \n Contour will not modify any other
Conditions set in this block, in case some other controller wants
to add a Condition."
items:
description: "DetailedCondition is an extension of the normal Kubernetes
conditions, with two extra fields to hold sub-conditions, which
provide more detailed reasons for the state (True or False) of
the condition. \n `errors` holds information about sub-conditions
which are fatal to that condition and render its state False.
\n `warnings` holds information about sub-conditions which are
not fatal to that condition and do not force the state to be False.
\n Remember that Conditions have a type, a status, and a reason.
\n The type is the type of the condition, the most important one
in this CRD set is `Valid`. `Valid` is a positive-polarity condition:
when it is `status: true` there are no problems. \n In more detail,
`status: true` means that the object is has been ingested into
Contour with no errors. `warnings` may still be present, and will
be indicated in the Reason field. There must be zero entries in
the `errors` slice in this case. \n `Valid`, `status: false` means
that the object has had one or more fatal errors during processing
into Contour. The details of the errors will be present under
the `errors` field. There must be at least one error in the `errors`
slice if `status` is `false`. \n For DetailedConditions of types
other than `Valid`, the Condition must be in the negative polarity.
When they have `status` `true`, there is an error. There must
be at least one entry in the `errors` Subcondition slice. When
they have `status` `false`, there are no serious errors, and there
must be zero entries in the `errors` slice. In either case, there
may be entries in the `warnings` slice. \n Regardless of the polarity,
the `reason` and `message` fields must be updated with either
the detail of the reason (if there is one and only one entry in
total across both the `errors` and `warnings` slices), or `MultipleReasons`
if there is more than one entry."
properties:
errors:
description: "Errors contains a slice of relevant error subconditions
for this object. \n Subconditions are expected to appear when
relevant (when there is a error), and disappear when not relevant.
An empty slice here indicates no errors."
items:
description: RequestHashPolicy contains configuration for an individual hash policy on a request attribute.
description: "SubCondition is a Condition-like type intended
for use as a subcondition inside a DetailedCondition. \n
It contains a subset of the Condition fields. \n It is intended
for warnings and errors, so `type` names should use abnormal-true
polarity, that is, they should be of the form \"ErrorPresent:
true\". \n The expected lifecycle for these errors is that
they should only be present when the error or warning is,
and should be removed when they are not relevant."
properties:
hashSourceIP:
description: HashSourceIP should be set to true when request source IP hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored.
type: boolean
headerHashOptions:
description: HeaderHashOptions should be set when request header hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored.
properties:
headerName:
description: HeaderName is the name of the HTTP request header that will be used to calculate the hash key. If the header specified is not present on a request, no hash will be produced.
minLength: 1
type: string
type: object
queryParameterHashOptions:
description: QueryParameterHashOptions should be set when request query parameter hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored.
properties:
parameterName:
description: ParameterName is the name of the HTTP request query parameter that will be used to calculate the hash key. If the query parameter specified is not present on a request, no hash will be produced.
minLength: 1
type: string
type: object
terminal:
description: Terminal is a flag that allows for short-circuiting computing of a hash for a given request. If set to true, and the request attribute specified in the attribute hash options is present, no further hash policies will be used to calculate a hash for the request.
type: boolean
message:
description: "Message is a human readable message indicating
details about the transition. \n This may be an empty
string."
maxLength: 32768
type: string
reason:
description: "Reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define expected
values and meanings for this field, and whether the
values are considered a guaranteed API. \n The value
should be a CamelCase string. \n This field may not
be empty."
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: Status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`.
\n This must be in abnormal-true polarity, that is,
`ErrorFound` or `controller.io/ErrorFound`. \n The regex
it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)"
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- message
- reason
- status
- type
type: object
type: array
strategy:
description: Strategy specifies the policy used to balance requests across the pool of backend pods. Valid policy names are `Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`, and `RequestHash`. If an unknown strategy name is specified or no policy is supplied, the default `RoundRobin` policy is used.
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
type: object
protocol:
description: Protocol may be used to specify (or override) the protocol used to reach this Service. Values may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations.
enum:
- h2
- h2c
type: string
protocolVersion:
description: This field sets the version of the GRPC protocol that Envoy uses to send requests to the extension service. Since Contour always uses the v3 Envoy API, this is currently fixed at "v3". However, other protocol options will be available in future.
enum:
- v3
type: string
services:
description: Services specifies the set of Kubernetes Service resources that receive GRPC extension API requests. If no weights are specified for any of the entries in this array, traffic will be spread evenly across all the services. Otherwise, traffic is balanced proportionally to the Weight field in each entry.
items:
description: ExtensionServiceTarget defines an Kubernetes Service to target with extension service traffic.
properties:
name:
description: Name is the name of Kubernetes service that will accept service traffic.
type: string
port:
description: Port (defined as Integer) to proxy traffic to since a service can have multiple defined.
exclusiveMaximum: true
maximum: 65536
minimum: 1
type: integer
weight:
description: Weight defines proportion of traffic to balance to the Kubernetes Service.
format: int32
type: integer
required:
- name
- port
type: object
minItems: 1
type: array
timeoutPolicy:
description: The timeout policy for requests to the services.
properties:
idle:
description: Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2). Timeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests. If not specified, there is no per-route idle timeout, though a connection manager-wide stream_idle_timeout default of 5m still applies.
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
idleConnection:
description: Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests. If not supplied, Envoy's default value of 1h applies.
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
response:
description: Timeout for receiving a response from the server after processing a request from client. If not supplied, Envoy's default value of 15s applies.
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type: object
validation:
description: UpstreamValidation defines how to verify the backend service's certificate
properties:
caSecret:
description: Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend. The secret must contain key named ca.crt.
type: string
subjectName:
description: Key which is expected to be present in the 'subjectAltName' of the presented certificate.
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
warnings:
description: "Warnings contains a slice of relevant warning
subconditions for this object. \n Subconditions are expected
to appear when relevant (when there is a warning), and disappear
when not relevant. An empty slice here indicates no warnings."
items:
description: "SubCondition is a Condition-like type intended
for use as a subcondition inside a DetailedCondition. \n
It contains a subset of the Condition fields. \n It is intended
for warnings and errors, so `type` names should use abnormal-true
polarity, that is, they should be of the form \"ErrorPresent:
true\". \n The expected lifecycle for these errors is that
they should only be present when the error or warning is,
and should be removed when they are not relevant."
properties:
message:
description: "Message is a human readable message indicating
details about the transition. \n This may be an empty
string."
maxLength: 32768
type: string
reason:
description: "Reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define expected
values and meanings for this field, and whether the
values are considered a guaranteed API. \n The value
should be a CamelCase string. \n This field may not
be empty."
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: Status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`.
\n This must be in abnormal-true polarity, that is,
`ErrorFound` or `controller.io/ErrorFound`. \n The regex
it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)"
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- message
- reason
- status
- type
type: object
type: array
required:
- caSecret
- subjectName
- lastTransitionTime
- message
- reason
- status
- type
type: object
required:
- services
type: object
status:
description: ExtensionServiceStatus defines the observed state of an ExtensionService resource.
properties:
conditions:
description: "Conditions contains the current status of the ExtensionService resource. \n Contour will update a single condition, `Valid`, that is in normal-true polarity. \n Contour will not modify any other Conditions set in this block, in case some other controller wants to add a Condition."
items:
description: "DetailedCondition is an extension of the normal Kubernetes conditions, with two extra fields to hold sub-conditions, which provide more detailed reasons for the state (True or False) of the condition. \n `errors` holds information about sub-conditions which are fatal to that condition and render its state False. \n `warnings` holds information about sub-conditions which are not fatal to that condition and do not force the state to be False. \n Remember that Conditions have a type, a status, and a reason. \n The type is the type of the condition, the most important one in this CRD set is `Valid`. `Valid` is a positive-polarity condition: when it is `status: true` there are no problems. \n In more detail, `status: true` means that the object is has been ingested into Contour with no errors. `warnings` may still be present, and will be indicated in the Reason field. There must be zero entries in the `errors` slice in this case. \n `Valid`, `status: false` means that the object has had one or more fatal errors during processing into Contour. The details of the errors will be present under the `errors` field. There must be at least one error in the `errors` slice if `status` is `false`. \n For DetailedConditions of types other than `Valid`, the Condition must be in the negative polarity. When they have `status` `true`, there is an error. There must be at least one entry in the `errors` Subcondition slice. When they have `status` `false`, there are no serious errors, and there must be zero entries in the `errors` slice. In either case, there may be entries in the `warnings` slice. \n Regardless of the polarity, the `reason` and `message` fields must be updated with either the detail of the reason (if there is one and only one entry in total across both the `errors` and `warnings` slices), or `MultipleReasons` if there is more than one entry."
properties:
errors:
description: "Errors contains a slice of relevant error subconditions for this object. \n Subconditions are expected to appear when relevant (when there is a error), and disappear when not relevant. An empty slice here indicates no errors."
items:
description: "SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. \n It contains a subset of the Condition fields. \n It is intended for warnings and errors, so `type` names should use abnormal-true polarity, that is, they should be of the form \"ErrorPresent: true\". \n The expected lifecycle for these errors is that they should only be present when the error or warning is, and should be removed when they are not relevant."
properties:
message:
description: "Message is a human readable message indicating details about the transition. \n This may be an empty string."
maxLength: 32768
type: string
reason:
description: "Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. \n The value should be a CamelCase string. \n This field may not be empty."
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: Status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. \n This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. \n The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)"
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- message
- reason
- status
- type
type: object
type: array
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
warnings:
description: "Warnings contains a slice of relevant warning subconditions for this object. \n Subconditions are expected to appear when relevant (when there is a warning), and disappear when not relevant. An empty slice here indicates no warnings."
items:
description: "SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. \n It contains a subset of the Condition fields. \n It is intended for warnings and errors, so `type` names should use abnormal-true polarity, that is, they should be of the form \"ErrorPresent: true\". \n The expected lifecycle for these errors is that they should only be present when the error or warning is, and should be removed when they are not relevant."
properties:
message:
description: "Message is a human readable message indicating details about the transition. \n This may be an empty string."
maxLength: 32768
type: string
reason:
description: "Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. \n The value should be a CamelCase string. \n This field may not be empty."
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: Status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. \n This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. \n The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)"
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- message
- reason
- status
- type
type: object
type: array
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
type: object
type: object
served: true
storage: true
subresources:
status: {}

3546
bitnami/contour/resources/httpproxies.yaml
View File

File diff suppressed because it is too large Load Diff

442
bitnami/contour/resources/tlscertificatedeligations.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
controller-gen.kubebuilder.io/version: v0.11.2
creationTimestamp: null
name: tlscertificatedelegations.projectcontour.io
spec:
@@ -13,176 +13,278 @@ spec:
listKind: TLSCertificateDelegationList
plural: tlscertificatedelegations
shortNames:
- tlscerts
- tlscerts
singular: tlscertificatedelegation
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: TLSCertificateDelegation is an TLS Certificate Delegation CRD specification. See design/tls-certificate-delegation.md for details.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSCertificateDelegationSpec defines the spec of the CRD
properties:
delegations:
items:
description: CertificateDelegation maps the authority to reference a secret in the current namespace to a set of namespaces.
properties:
secretName:
description: required, the name of a secret in the current namespace.
- name: v1
schema:
openAPIV3Schema:
description: TLSCertificateDelegation is an TLS Certificate Delegation CRD
specification. See design/tls-certificate-delegation.md for details.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSCertificateDelegationSpec defines the spec of the CRD
properties:
delegations:
items:
description: CertificateDelegation maps the authority to reference
a secret in the current namespace to a set of namespaces.
properties:
secretName:
description: required, the name of a secret in the current namespace.
type: string
targetNamespaces:
description: required, the namespaces the authority to reference
the the secret will be delegated to. If TargetNamespaces is
nil or empty, the CertificateDelegation' is ignored. If the
TargetNamespace list contains the character, "*" the secret
will be delegated to all namespaces.
items:
type: string
targetNamespaces:
description: required, the namespaces the authority to reference the the secret will be delegated to. If TargetNamespaces is nil or empty, the CertificateDelegation' is ignored. If the TargetNamespace list contains the character, "*" the secret will be delegated to all namespaces.
items:
type: string
type: array
required:
- secretName
- targetNamespaces
type: object
type: array
required:
- delegations
type: object
status:
description: TLSCertificateDelegationStatus allows for the status of the delegation to be presented to the user.
properties:
conditions:
description: "Conditions contains information about the current status of the HTTPProxy, in an upstream-friendly container. \n Contour will update a single condition, `Valid`, that is in normal-true polarity. That is, when `currentStatus` is `valid`, the `Valid` condition will be `status: true`, and vice versa. \n Contour will leave untouched any other Conditions set in this block, in case some other controller wants to add a Condition. \n If you are another controller owner and wish to add a condition, you *should* namespace your condition with a label, like `controller.domain.com\\ConditionName`."
items:
description: "DetailedCondition is an extension of the normal Kubernetes conditions, with two extra fields to hold sub-conditions, which provide more detailed reasons for the state (True or False) of the condition. \n `errors` holds information about sub-conditions which are fatal to that condition and render its state False. \n `warnings` holds information about sub-conditions which are not fatal to that condition and do not force the state to be False. \n Remember that Conditions have a type, a status, and a reason. \n The type is the type of the condition, the most important one in this CRD set is `Valid`. `Valid` is a positive-polarity condition: when it is `status: true` there are no problems. \n In more detail, `status: true` means that the object is has been ingested into Contour with no errors. `warnings` may still be present, and will be indicated in the Reason field. There must be zero entries in the `errors` slice in this case. \n `Valid`, `status: false` means that the object has had one or more fatal errors during processing into Contour. The details of the errors will be present under the `errors` field. There must be at least one error in the `errors` slice if `status` is `false`. \n For DetailedConditions of types other than `Valid`, the Condition must be in the negative polarity. When they have `status` `true`, there is an error. There must be at least one entry in the `errors` Subcondition slice. When they have `status` `false`, there are no serious errors, and there must be zero entries in the `errors` slice. In either case, there may be entries in the `warnings` slice. \n Regardless of the polarity, the `reason` and `message` fields must be updated with either the detail of the reason (if there is one and only one entry in total across both the `errors` and `warnings` slices), or `MultipleReasons` if there is more than one entry."
properties:
errors:
description: "Errors contains a slice of relevant error subconditions for this object. \n Subconditions are expected to appear when relevant (when there is a error), and disappear when not relevant. An empty slice here indicates no errors."
items:
description: "SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. \n It contains a subset of the Condition fields. \n It is intended for warnings and errors, so `type` names should use abnormal-true polarity, that is, they should be of the form \"ErrorPresent: true\". \n The expected lifecycle for these errors is that they should only be present when the error or warning is, and should be removed when they are not relevant."
properties:
message:
description: "Message is a human readable message indicating details about the transition. \n This may be an empty string."
maxLength: 32768
type: string
reason:
description: "Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. \n The value should be a CamelCase string. \n This field may not be empty."
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: Status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. \n This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. \n The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)"
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- message
- reason
- status
- type
type: object
type: array
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
warnings:
description: "Warnings contains a slice of relevant warning subconditions for this object. \n Subconditions are expected to appear when relevant (when there is a warning), and disappear when not relevant. An empty slice here indicates no warnings."
items:
description: "SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. \n It contains a subset of the Condition fields. \n It is intended for warnings and errors, so `type` names should use abnormal-true polarity, that is, they should be of the form \"ErrorPresent: true\". \n The expected lifecycle for these errors is that they should only be present when the error or warning is, and should be removed when they are not relevant."
properties:
message:
description: "Message is a human readable message indicating details about the transition. \n This may be an empty string."
maxLength: 32768
type: string
reason:
description: "Reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. \n The value should be a CamelCase string. \n This field may not be empty."
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: Status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. \n This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. \n The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)"
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- message
- reason
- status
- type
type: object
type: array
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
type: array
required:
- secretName
- targetNamespaces
type: object
type: array
required:
- delegations
type: object
status:
description: TLSCertificateDelegationStatus allows for the status of the
delegation to be presented to the user.
properties:
conditions:
description: "Conditions contains information about the current status
of the HTTPProxy, in an upstream-friendly container. \n Contour
will update a single condition, `Valid`, that is in normal-true
polarity. That is, when `currentStatus` is `valid`, the `Valid`
condition will be `status: true`, and vice versa. \n Contour will
leave untouched any other Conditions set in this block, in case
some other controller wants to add a Condition. \n If you are another
controller owner and wish to add a condition, you *should* namespace
your condition with a label, like `controller.domain.com\\ConditionName`."
items:
description: "DetailedCondition is an extension of the normal Kubernetes
conditions, with two extra fields to hold sub-conditions, which
provide more detailed reasons for the state (True or False) of
the condition. \n `errors` holds information about sub-conditions
which are fatal to that condition and render its state False.
\n `warnings` holds information about sub-conditions which are
not fatal to that condition and do not force the state to be False.
\n Remember that Conditions have a type, a status, and a reason.
\n The type is the type of the condition, the most important one
in this CRD set is `Valid`. `Valid` is a positive-polarity condition:
when it is `status: true` there are no problems. \n In more detail,
`status: true` means that the object is has been ingested into
Contour with no errors. `warnings` may still be present, and will
be indicated in the Reason field. There must be zero entries in
the `errors` slice in this case. \n `Valid`, `status: false` means
that the object has had one or more fatal errors during processing
into Contour. The details of the errors will be present under
the `errors` field. There must be at least one error in the `errors`
slice if `status` is `false`. \n For DetailedConditions of types
other than `Valid`, the Condition must be in the negative polarity.
When they have `status` `true`, there is an error. There must
be at least one entry in the `errors` Subcondition slice. When
they have `status` `false`, there are no serious errors, and there
must be zero entries in the `errors` slice. In either case, there
may be entries in the `warnings` slice. \n Regardless of the polarity,
the `reason` and `message` fields must be updated with either
the detail of the reason (if there is one and only one entry in
total across both the `errors` and `warnings` slices), or `MultipleReasons`
if there is more than one entry."
properties:
errors:
description: "Errors contains a slice of relevant error subconditions
for this object. \n Subconditions are expected to appear when
relevant (when there is a error), and disappear when not relevant.
An empty slice here indicates no errors."
items:
description: "SubCondition is a Condition-like type intended
for use as a subcondition inside a DetailedCondition. \n
It contains a subset of the Condition fields. \n It is intended
for warnings and errors, so `type` names should use abnormal-true
polarity, that is, they should be of the form \"ErrorPresent:
true\". \n The expected lifecycle for these errors is that
they should only be present when the error or warning is,
and should be removed when they are not relevant."
properties:
message:
description: "Message is a human readable message indicating
details about the transition. \n This may be an empty
string."
maxLength: 32768
type: string
reason:
description: "Reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define expected
values and meanings for this field, and whether the
values are considered a guaranteed API. \n The value
should be a CamelCase string. \n This field may not
be empty."
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: Status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`.
\n This must be in abnormal-true polarity, that is,
`ErrorFound` or `controller.io/ErrorFound`. \n The regex
it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)"
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- message
- reason
- status
- type
type: object
type: array
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
warnings:
description: "Warnings contains a slice of relevant warning
subconditions for this object. \n Subconditions are expected
to appear when relevant (when there is a warning), and disappear
when not relevant. An empty slice here indicates no warnings."
items:
description: "SubCondition is a Condition-like type intended
for use as a subcondition inside a DetailedCondition. \n
It contains a subset of the Condition fields. \n It is intended
for warnings and errors, so `type` names should use abnormal-true
polarity, that is, they should be of the form \"ErrorPresent:
true\". \n The expected lifecycle for these errors is that
they should only be present when the error or warning is,
and should be removed when they are not relevant."
properties:
message:
description: "Message is a human readable message indicating
details about the transition. \n This may be an empty
string."
maxLength: 32768
type: string
reason:
description: "Reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define expected
values and meanings for this field, and whether the
values are considered a guaranteed API. \n The value
should be a CamelCase string. \n This field may not
be empty."
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: Status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`.
\n This must be in abnormal-true polarity, that is,
`ErrorFound` or `controller.io/ErrorFound`. \n The regex
it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)"
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- message
- reason
- status
- type
type: object
type: array
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

11
bitnami/contour/templates/envoy/daemonset.yaml
View File

@@ -106,17 +106,6 @@ spec:
- envoy
- shutdown
{{- end }}
{{- if .Values.contour.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz
port: 8090
initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.contour.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }}
{{- end }}
name: shutdown-manager
resources: {{- toYaml .Values.envoy.shutdownManager.resources | nindent 12 }}
volumeMounts:

10
bitnami/contour/templates/envoy/deployment.yaml
View File

@@ -109,16 +109,6 @@ spec:
- shutdown
{{- if .Values.envoy.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.contour.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz
port: 8090
initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.contour.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }}
{{- end }}
name: shutdown-manager
resources: {{- toYaml .Values.envoy.shutdownManager.resources | nindent 12 }}