Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-05 06:47:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/contour] Sync CRDs with upstream (#16651)

Browse Source 
Updates the CRDs from the upstream project to match the appVersion of the chart.

Signed-off-by: Paul Nicholson <brenix@gmail.com>
This commit is contained in:
Paul N
2023-05-23 02:24:34 -07:00
committed by GitHub
parent abc31a7713
commit c396e7c648
6 changed files with 576 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/contour/Chart.yaml
View File

@@ -22,4 +22,4 @@ maintainers:
name: contour
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/contour
version: 12.0.2
version: 12.0.3

147
bitnami/contour/resources/contourconfiguration.yaml
View File

@@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.2
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.11.4
name: contourconfigurations.projectcontour.io
spec:
preserveUnknownFields: false
@@ -410,6 +409,87 @@ spec:
- namespace
type: object
type: object
globalExtAuth:
description: GlobalExternalAuthorization allows envoys external authorization
filter to be enabled for all virtual hosts.
properties:
authPolicy:
description: AuthPolicy sets a default authorization policy for
client requests. This policy will be used unless overridden
by individual routes.
properties:
context:
additionalProperties:
type: string
description: Context is a set of key/value pairs that are
sent to the authentication server in the check request.
If a context is provided at an enclosing scope, the entries
are merged such that the inner scope overrides matching
keys from the outer scope.
type: object
disabled:
description: When true, this field disables client request
authentication for the scope of the policy.
type: boolean
type: object
extensionRef:
description: ExtensionServiceRef specifies the extension resource
that will authorize client requests.
properties:
apiVersion:
description: API version of the referent. If this field is
not specified, the default "projectcontour.io/v1alpha1"
will be used
minLength: 1
type: string
name:
description: "Name of the referent. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
minLength: 1
type: string
namespace:
description: "Namespace of the referent. If this field is
not specifies, the namespace of the resource that targets
the referent will be used. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/"
minLength: 1
type: string
type: object
failOpen:
description: If FailOpen is true, the client request is forwarded
to the upstream service even if the authorization server fails
to respond. This field should not be set in most cases. It is
intended for use only while migrating applications from internal
authorization to Contour external authorization.
type: boolean
responseTimeout:
description: ResponseTimeout configures maximum time to wait for
a check response from the authorization server. Timeout durations
are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).
Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
The string "infinity" is also a valid input and specifies no
timeout.
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
type: string
withRequestBody:
description: WithRequestBody specifies configuration for sending
the client request's body to authorization server.
properties:
allowPartialMessage:
description: If AllowPartialMessage is true, then Envoy will
buffer the body until MaxRequestBytes are reached.
type: boolean
maxRequestBytes:
default: 1024
description: MaxRequestBytes sets the maximum size of message
body ExtAuthz filter will hold in-memory.
format: int32
minimum: 1
type: integer
packAsBytes:
description: If PackAsBytes is true, the body sent to Authorization
Server is in raw bytes.
type: boolean
type: object
type: object
health:
description: "Health defines the endpoints Contour uses to serve health
checks. \n Contour's default is { address: \"0.0.0.0\", port: 8000
@@ -564,6 +644,69 @@ spec:
required:
- extensionService
type: object
tracing:
description: Tracing defines properties for exporting trace data to
OpenTelemetry.
properties:
customTags:
description: CustomTags defines a list of custom tags with unique
tag name.
items:
description: CustomTag defines custom tags with unique tag name
to create tags for the active span.
properties:
literal:
description: Literal is a static custom tag value. Precisely
one of Literal, RequestHeaderName must be set.
type: string
requestHeaderName:
description: RequestHeaderName indicates which request header
the label value is obtained from. Precisely one of Literal,
RequestHeaderName must be set.
type: string
tagName:
description: TagName is the unique name of the custom tag.
type: string
required:
- tagName
type: object
type: array
extensionService:
description: ExtensionService identifies the extension service
defining the otel-collector.
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
includePodDetail:
description: 'IncludePodDetail defines a flag. If it is true,
contour will add the pod name and namespace to the span of the
trace. the default is true. Note: The Envoy pods MUST have the
HOSTNAME and CONTOUR_NAMESPACE environment variables set for
this to work properly.'
type: boolean
maxPathTagLength:
description: MaxPathTagLength defines maximum length of the request
path to extract and include in the HttpUrl tag. contour's default
is 256.
format: int32
type: integer
overallSampling:
description: OverallSampling defines the sampling rate of trace
data. contour's default is 100.
type: string
serviceName:
description: ServiceName defines the name for the service. contour's
default is contour.
type: string
required:
- extensionService
type: object
xdsServer:
description: XDSServer contains parameters for the xDS server.
properties:

157
bitnami/contour/resources/contourdeployments.yaml
View File

@@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.2
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.11.4
name: contourdeployments.projectcontour.io
spec:
preserveUnknownFields: false
@@ -195,7 +194,8 @@ spec:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable."
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
@@ -1008,7 +1008,8 @@ spec:
that are used by this container. \n This
is an alpha field and requires enabling
the DynamicResourceAllocation feature
gate. \n This field is immutable."
gate. \n This field is immutable. It can
only be set for containers."
items:
description: ResourceClaim references
one entry in PodSpec.ResourceClaims.
@@ -2169,7 +2170,8 @@ spec:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable."
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
@@ -2608,6 +2610,87 @@ spec:
- namespace
type: object
type: object
globalExtAuth:
description: GlobalExternalAuthorization allows envoys external
authorization filter to be enabled for all virtual hosts.
properties:
authPolicy:
description: AuthPolicy sets a default authorization policy
for client requests. This policy will be used unless overridden
by individual routes.
properties:
context:
additionalProperties:
type: string
description: Context is a set of key/value pairs that
are sent to the authentication server in the check request.
If a context is provided at an enclosing scope, the
entries are merged such that the inner scope overrides
matching keys from the outer scope.
type: object
disabled:
description: When true, this field disables client request
authentication for the scope of the policy.
type: boolean
type: object
extensionRef:
description: ExtensionServiceRef specifies the extension resource
that will authorize client requests.
properties:
apiVersion:
description: API version of the referent. If this field
is not specified, the default "projectcontour.io/v1alpha1"
will be used
minLength: 1
type: string
name:
description: "Name of the referent. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
minLength: 1
type: string
namespace:
description: "Namespace of the referent. If this field
is not specifies, the namespace of the resource that
targets the referent will be used. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/"
minLength: 1
type: string
type: object
failOpen:
description: If FailOpen is true, the client request is forwarded
to the upstream service even if the authorization server
fails to respond. This field should not be set in most cases.
It is intended for use only while migrating applications
from internal authorization to Contour external authorization.
type: boolean
responseTimeout:
description: ResponseTimeout configures maximum time to wait
for a check response from the authorization server. Timeout
durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).
Valid time units are "ns", "us" (or "µs"), "ms", "s", "m",
"h". The string "infinity" is also a valid input and specifies
no timeout.
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
type: string
withRequestBody:
description: WithRequestBody specifies configuration for sending
the client request's body to authorization server.
properties:
allowPartialMessage:
description: If AllowPartialMessage is true, then Envoy
will buffer the body until MaxRequestBytes are reached.
type: boolean
maxRequestBytes:
default: 1024
description: MaxRequestBytes sets the maximum size of
message body ExtAuthz filter will hold in-memory.
format: int32
minimum: 1
type: integer
packAsBytes:
description: If PackAsBytes is true, the body sent to
Authorization Server is in raw bytes.
type: boolean
type: object
type: object
health:
description: "Health defines the endpoints Contour uses to serve
health checks. \n Contour's default is { address: \"0.0.0.0\",
@@ -2765,6 +2848,70 @@ spec:
required:
- extensionService
type: object
tracing:
description: Tracing defines properties for exporting trace data
to OpenTelemetry.
properties:
customTags:
description: CustomTags defines a list of custom tags with
unique tag name.
items:
description: CustomTag defines custom tags with unique tag
name to create tags for the active span.
properties:
literal:
description: Literal is a static custom tag value. Precisely
one of Literal, RequestHeaderName must be set.
type: string
requestHeaderName:
description: RequestHeaderName indicates which request
header the label value is obtained from. Precisely
one of Literal, RequestHeaderName must be set.
type: string
tagName:
description: TagName is the unique name of the custom
tag.
type: string
required:
- tagName
type: object
type: array
extensionService:
description: ExtensionService identifies the extension service
defining the otel-collector.
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
includePodDetail:
description: 'IncludePodDetail defines a flag. If it is true,
contour will add the pod name and namespace to the span
of the trace. the default is true. Note: The Envoy pods
MUST have the HOSTNAME and CONTOUR_NAMESPACE environment
variables set for this to work properly.'
type: boolean
maxPathTagLength:
description: MaxPathTagLength defines maximum length of the
request path to extract and include in the HttpUrl tag.
contour's default is 256.
format: int32
type: integer
overallSampling:
description: OverallSampling defines the sampling rate of
trace data. contour's default is 100.
type: string
serviceName:
description: ServiceName defines the name for the service.
contour's default is contour.
type: string
required:
- extensionService
type: object
xdsServer:
description: XDSServer contains parameters for the xDS server.
properties:

5
bitnami/contour/resources/extensionservices.yaml
View File

@@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.2
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.11.4
name: extensionservices.projectcontour.io
spec:
preserveUnknownFields: false
@@ -51,7 +50,7 @@ spec:
to apply when the `RequestHash` load balancing strategy is chosen.
If an element of the supplied list of hash policies is invalid,
it will be ignored. If the list of hash policies is empty after
validation, the load balancing strategy will fall back the the
validation, the load balancing strategy will fall back to the
default `RoundRobin`.
items:
description: RequestHashPolicy contains configuration for an

281
bitnami/contour/resources/httpproxies.yaml
View File

@@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.2
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.11.4
name: httpproxies.projectcontour.io
spec:
preserveUnknownFields: false
@@ -72,8 +71,13 @@ spec:
include invalid.'
items:
description: MatchCondition are a general holder for matching
rules for HTTPProxies. One of Prefix or Header must be provided.
rules for HTTPProxies. One of Prefix, Exact, Header or QueryParameter
must be provided.
properties:
exact:
description: Exact defines a exact match for a request.
This field is not allowed in include match conditions.
type: string
header:
description: Header specifies the header condition to
match.
@@ -119,6 +123,50 @@ spec:
prefix:
description: Prefix defines a prefix match for a request.
type: string
queryParameter:
description: QueryParameter specifies the query parameter
condition to match.
properties:
contains:
description: Contains specifies a substring that must
be present in the query parameter value.
type: string
exact:
description: Exact specifies a string that the query
parameter value must be equal to.
type: string
ignoreCase:
description: IgnoreCase specifies that string matching
should be case insensitive. Note that this has no
effect on the Regex parameter.
type: boolean
name:
description: Name is the name of the query parameter
to match against. Name is required. Query parameter
names are case insensitive.
type: string
prefix:
description: Prefix defines a prefix match for the
query parameter value.
type: string
present:
description: Present specifies that condition is true
when the named query parameter is present, regardless
of its value. Note that setting Present to false
does not make the condition true if the named query
parameter is absent.
type: boolean
regex:
description: Regex specifies a regular expression
pattern that must match the query parameter value.
type: string
suffix:
description: Suffix defines a suffix match for a query
parameter value.
type: string
required:
- name
type: object
type: object
type: array
name:
@@ -171,8 +219,13 @@ spec:
Conditions, will make the route invalid.'
items:
description: MatchCondition are a general holder for matching
rules for HTTPProxies. One of Prefix or Header must be provided.
rules for HTTPProxies. One of Prefix, Exact, Header or QueryParameter
must be provided.
properties:
exact:
description: Exact defines a exact match for a request.
This field is not allowed in include match conditions.
type: string
header:
description: Header specifies the header condition to
match.
@@ -218,6 +271,50 @@ spec:
prefix:
description: Prefix defines a prefix match for a request.
type: string
queryParameter:
description: QueryParameter specifies the query parameter
condition to match.
properties:
contains:
description: Contains specifies a substring that must
be present in the query parameter value.
type: string
exact:
description: Exact specifies a string that the query
parameter value must be equal to.
type: string
ignoreCase:
description: IgnoreCase specifies that string matching
should be case insensitive. Note that this has no
effect on the Regex parameter.
type: boolean
name:
description: Name is the name of the query parameter
to match against. Name is required. Query parameter
names are case insensitive.
type: string
prefix:
description: Prefix defines a prefix match for the
query parameter value.
type: string
present:
description: Present specifies that condition is true
when the named query parameter is present, regardless
of its value. Note that setting Present to false
does not make the condition true if the named query
parameter is absent.
type: boolean
regex:
description: Regex specifies a regular expression
pattern that must match the query parameter value.
type: string
suffix:
description: Suffix defines a suffix match for a query
parameter value.
type: string
required:
- name
type: object
type: object
type: array
cookieRewritePolicies:
@@ -337,6 +434,112 @@ spec:
required:
- path
type: object
internalRedirectPolicy:
description: The policy to define when to handle redirects responses
internally.
properties:
allowCrossSchemeRedirect:
default: Never
description: AllowCrossSchemeRedirect Allow internal redirect
to follow a target URI with a different scheme than the
value of x-forwarded-proto. SafeOnly allows same scheme
redirect and safe cross scheme redirect, which means if
the downstream scheme is HTTPS, both HTTPS and HTTP redirect
targets are allowed, but if the downstream scheme is HTTP,
only HTTP redirect targets are allowed.
enum:
- Always
- Never
- SafeOnly
type: string
denyRepeatedRouteRedirect:
description: If DenyRepeatedRouteRedirect is true, rejects
redirect targets that are pointing to a route that has
been followed by a previous redirect from the current
route.
type: boolean
maxInternalRedirects:
description: MaxInternalRedirects An internal redirect is
not handled, unless the number of previous internal redirects
that a downstream request has encountered is lower than
this value.
format: int32
type: integer
redirectResponseCodes:
description: RedirectResponseCodes If unspecified, only
302 will be treated as internal redirect. Only 301, 302,
303, 307 and 308 are valid values.
items:
description: RedirectResponseCode is a uint32 type alias
with validation to ensure that the value is valid.
enum:
- 301
- 302
- 303
- 307
- 308
format: int32
type: integer
type: array
type: object
ipAllowPolicy:
description: IPAllowFilterPolicy is a list of ipv4/6 filter
rules for which matching requests should be allowed. All other
requests will be denied. Only one of IPAllowFilterPolicy and
IPDenyFilterPolicy can be defined. The rules defined here
override any rules set on the root HTTPProxy.
items:
properties:
cidr:
description: CIDR is a CIDR block of ipv4 or ipv6 addresses
to filter on. This can also be a bare IP address (without
a mask) to filter on exactly one address.
type: string
source:
description: 'Source indicates how to determine the ip
address to filter on, and can be one of two values:
- `Remote` filters on the ip address of the client,
accounting for PROXY and X-Forwarded-For as needed.
- `Peer` filters on the ip of the network request, ignoring
PROXY and X-Forwarded-For.'
enum:
- Peer
- Remote
type: string
required:
- cidr
- source
type: object
type: array
ipDenyPolicy:
description: IPDenyFilterPolicy is a list of ipv4/6 filter rules
for which matching requests should be denied. All other requests
will be allowed. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy
can be defined. The rules defined here override any rules
set on the root HTTPProxy.
items:
properties:
cidr:
description: CIDR is a CIDR block of ipv4 or ipv6 addresses
to filter on. This can also be a bare IP address (without
a mask) to filter on exactly one address.
type: string
source:
description: 'Source indicates how to determine the ip
address to filter on, and can be one of two values:
- `Remote` filters on the ip address of the client,
accounting for PROXY and X-Forwarded-For as needed.
- `Peer` filters on the ip of the network request, ignoring
PROXY and X-Forwarded-For.'
enum:
- Peer
- Remote
type: string
required:
- cidr
- source
type: object
type: array
jwtVerificationPolicy:
description: The policy for verifying JWTs for requests to this
route.
@@ -366,7 +569,7 @@ spec:
strategy is chosen. If an element of the supplied list
of hash policies is invalid, it will be ignored. If the
list of hash policies is empty after validation, the load
balancing strategy will fall back the the default `RoundRobin`.
balancing strategy will fall back to the default `RoundRobin`.
items:
description: RequestHashPolicy contains configuration
for an individual hash policy on a request attribute.
@@ -960,7 +1163,7 @@ spec:
type: string
requestHeadersPolicy:
description: The policy for managing request headers during
proxying. Rewriting the 'Host' header is not supported.
proxying.
properties:
remove:
description: Remove specifies a list of HTTP header
@@ -1190,7 +1393,7 @@ spec:
is chosen. If an element of the supplied list of hash policies
is invalid, it will be ignored. If the list of hash policies
is empty after validation, the load balancing strategy will
fall back the the default `RoundRobin`.
fall back to the default `RoundRobin`.
items:
description: RequestHashPolicy contains configuration for
an individual hash policy on a request attribute.
@@ -1346,7 +1549,7 @@ spec:
type: string
requestHeadersPolicy:
description: The policy for managing request headers during
proxying. Rewriting the 'Host' header is not supported.
proxying.
properties:
remove:
description: Remove specifies a list of HTTP header
@@ -1567,8 +1770,6 @@ spec:
Authorization Server is in raw bytes.
type: boolean
type: object
required:
- extensionRef
type: object
corsPolicy:
description: Specifies the cross-origin policy to apply to the
@@ -1609,6 +1810,10 @@ spec:
type: string
minItems: 1
type: array
allowPrivateNetwork:
description: AllowPrivateNetwork specifies whether to allow
private network requests. See https://developer.chrome.com/blog/private-network-access-preflight.
type: boolean
exposeHeaders:
description: ExposeHeaders Specifies the content for the *access-control-expose-headers*
header.
@@ -1639,6 +1844,62 @@ spec:
to the fqdn.
pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
ipAllowPolicy:
description: IPAllowFilterPolicy is a list of ipv4/6 filter rules
for which matching requests should be allowed. All other requests
will be denied. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy
can be defined. The rules defined here may be overridden in
a Route.
items:
properties:
cidr:
description: CIDR is a CIDR block of ipv4 or ipv6 addresses
to filter on. This can also be a bare IP address (without
a mask) to filter on exactly one address.
type: string
source:
description: 'Source indicates how to determine the ip address
to filter on, and can be one of two values: - `Remote`
filters on the ip address of the client, accounting for
PROXY and X-Forwarded-For as needed. - `Peer` filters
on the ip of the network request, ignoring PROXY and X-Forwarded-For.'
enum:
- Peer
- Remote
type: string
required:
- cidr
- source
type: object
type: array
ipDenyPolicy:
description: IPDenyFilterPolicy is a list of ipv4/6 filter rules
for which matching requests should be denied. All other requests
will be allowed. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy
can be defined. The rules defined here may be overridden in
a Route.
items:
properties:
cidr:
description: CIDR is a CIDR block of ipv4 or ipv6 addresses
to filter on. This can also be a bare IP address (without
a mask) to filter on exactly one address.
type: string
source:
description: 'Source indicates how to determine the ip address
to filter on, and can be one of two values: - `Remote`
filters on the ip address of the client, accounting for
PROXY and X-Forwarded-For as needed. - `Peer` filters
on the ip of the network request, ignoring PROXY and X-Forwarded-For.'
enum:
- Peer
- Remote
type: string
required:
- cidr
- source
type: object
type: array
jwtProviders:
description: Providers to use for verifying JSON Web Tokens (JWTs)
on the virtual host.

11
bitnami/contour/resources/tlscertificatedeligations.yaml
View File

@@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.2
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.11.4
name: tlscertificatedelegations.projectcontour.io
spec:
preserveUnknownFields: false
@@ -48,10 +47,10 @@ spec:
type: string
targetNamespaces:
description: required, the namespaces the authority to reference
the the secret will be delegated to. If TargetNamespaces is
nil or empty, the CertificateDelegation' is ignored. If the
TargetNamespace list contains the character, "*" the secret
will be delegated to all namespaces.
the secret will be delegated to. If TargetNamespaces is nil
or empty, the CertificateDelegation' is ignored. If the TargetNamespace
list contains the character, "*" the secret will be delegated
to all namespaces.
items:
type: string
type: array