From 659dae3f0d4d1df310074af60f21e539a8b907b6 Mon Sep 17 00:00:00 2001 From: Jashandeep Sohi Date: Mon, 10 Feb 2025 09:43:49 -0800 Subject: [PATCH] setup K8s dashboard on local-cluster --- flake.nix | 2 + local-cluster/dash/Caddyfile | 9 + local-cluster/dash/deploy-caddy/Kptfile | 25 + local-cluster/dash/deploy-caddy/README.md | 41 + local-cluster/dash/deploy-caddy/deploy.yaml | 42 + .../dash/deploy-caddy/fn-replacements.yaml | 20 + .../dash/deploy-caddy/kustomization.yaml | 11 + .../remove-kpt-internal-annotations/Kptfile | 20 + .../remove-kpt-internal-annotations/README.md | 25 + .../kustomization.yaml | 13 + local-cluster/dash/helm/Kptfile | 58 + local-cluster/dash/helm/README.md | 69 + local-cluster/dash/helm/charts.yaml | 29 + local-cluster/dash/helm/kustomization.yaml | 11 + .../remove-kpt-internal-annotations/Kptfile | 20 + .../remove-kpt-internal-annotations/README.md | 25 + .../kustomization.yaml | 13 + local-cluster/dash/helm/rendered.yaml | 3821 +++++++++++++++++ local-cluster/dash/ing/Kptfile | 20 + local-cluster/dash/ing/README.md | 40 + local-cluster/dash/ing/ing.yaml | 20 + local-cluster/dash/ing/kustomization.yaml | 11 + .../remove-kpt-internal-annotations/Kptfile | 20 + .../remove-kpt-internal-annotations/README.md | 25 + .../kustomization.yaml | 13 + local-cluster/dash/kustomization.yaml | 17 + local-cluster/dash/ns/Kptfile | 20 + local-cluster/dash/ns/README.md | 39 + local-cluster/dash/ns/kustomization.yaml | 11 + local-cluster/dash/ns/ns.yaml | 7 + .../remove-kpt-internal-annotations/Kptfile | 20 + .../remove-kpt-internal-annotations/README.md | 25 + .../kustomization.yaml | 13 + local-cluster/dash/sa.yaml | 25 + local-cluster/dash/svc-caddy/Kptfile | 25 + local-cluster/dash/svc-caddy/README.md | 47 + .../dash/svc-caddy/fn-replacements.yaml | 18 + .../dash/svc-caddy/kustomization.yaml | 11 + .../remove-kpt-internal-annotations/Kptfile | 20 + .../remove-kpt-internal-annotations/README.md | 25 + .../kustomization.yaml | 13 + local-cluster/dash/svc-caddy/svc.yaml | 17 + local-cluster/default.nix | 44 +- 43 files changed, 4798 insertions(+), 2 deletions(-) create mode 100644 local-cluster/dash/Caddyfile create mode 100644 local-cluster/dash/deploy-caddy/Kptfile create mode 100644 local-cluster/dash/deploy-caddy/README.md create mode 100644 local-cluster/dash/deploy-caddy/deploy.yaml create mode 100644 local-cluster/dash/deploy-caddy/fn-replacements.yaml create mode 100644 local-cluster/dash/deploy-caddy/kustomization.yaml create mode 100644 local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/Kptfile create mode 100644 local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/README.md create mode 100644 local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/kustomization.yaml create mode 100644 local-cluster/dash/helm/Kptfile create mode 100644 local-cluster/dash/helm/README.md create mode 100644 local-cluster/dash/helm/charts.yaml create mode 100644 local-cluster/dash/helm/kustomization.yaml create mode 100644 local-cluster/dash/helm/remove-kpt-internal-annotations/Kptfile create mode 100644 local-cluster/dash/helm/remove-kpt-internal-annotations/README.md create mode 100644 local-cluster/dash/helm/remove-kpt-internal-annotations/kustomization.yaml create mode 100644 local-cluster/dash/helm/rendered.yaml create mode 100644 local-cluster/dash/ing/Kptfile create mode 100644 local-cluster/dash/ing/README.md create mode 100644 local-cluster/dash/ing/ing.yaml create mode 100644 local-cluster/dash/ing/kustomization.yaml create mode 100644 local-cluster/dash/ing/remove-kpt-internal-annotations/Kptfile create mode 100644 local-cluster/dash/ing/remove-kpt-internal-annotations/README.md create mode 100644 local-cluster/dash/ing/remove-kpt-internal-annotations/kustomization.yaml create mode 100644 local-cluster/dash/kustomization.yaml create mode 100644 local-cluster/dash/ns/Kptfile create mode 100644 local-cluster/dash/ns/README.md create mode 100644 local-cluster/dash/ns/kustomization.yaml create mode 100644 local-cluster/dash/ns/ns.yaml create mode 100644 local-cluster/dash/ns/remove-kpt-internal-annotations/Kptfile create mode 100644 local-cluster/dash/ns/remove-kpt-internal-annotations/README.md create mode 100644 local-cluster/dash/ns/remove-kpt-internal-annotations/kustomization.yaml create mode 100644 local-cluster/dash/sa.yaml create mode 100644 local-cluster/dash/svc-caddy/Kptfile create mode 100644 local-cluster/dash/svc-caddy/README.md create mode 100644 local-cluster/dash/svc-caddy/fn-replacements.yaml create mode 100644 local-cluster/dash/svc-caddy/kustomization.yaml create mode 100644 local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/Kptfile create mode 100644 local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/README.md create mode 100644 local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/kustomization.yaml create mode 100644 local-cluster/dash/svc-caddy/svc.yaml diff --git a/flake.nix b/flake.nix index 8ea1664..310ac12 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,8 @@ devenv.shells.default = { + #devenv-k8s.local-cluster.enable = true; + devenv.root = let devenvRootFileContent = builtins.readFile inputs.devenv-root.outPath; diff --git a/local-cluster/dash/Caddyfile b/local-cluster/dash/Caddyfile new file mode 100644 index 0000000..481906e --- /dev/null +++ b/local-cluster/dash/Caddyfile @@ -0,0 +1,9 @@ +:80 { + reverse_proxy https://dash-kong-proxy { + transport http { + tls_insecure_skip_verify + } + header_up Host {upstream_hostport} + header_up Authorization "Bearer {$DASH_USER_TOKEN}" + } +} diff --git a/local-cluster/dash/deploy-caddy/Kptfile b/local-cluster/dash/deploy-caddy/Kptfile new file mode 100644 index 0000000..2c1aec2 --- /dev/null +++ b/local-cluster/dash/deploy-caddy/Kptfile @@ -0,0 +1,25 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: deploy-caddy + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /deployment + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /deployment + ref: main + commit: c58213d7a52130c977fdff0a51f4bd4fb5ca73a3 +pipeline: + mutators: + - image: gcr.io/kpt-fn/apply-replacements:v0.1.1 + configPath: ./fn-replacements.yaml + name: apply-replacements diff --git a/local-cluster/dash/deploy-caddy/README.md b/local-cluster/dash/deploy-caddy/README.md new file mode 100644 index 0000000..50a92ff --- /dev/null +++ b/local-cluster/dash/deploy-caddy/README.md @@ -0,0 +1,41 @@ +# deployment + +## Description + +This package provides a bare-bones [`apps/v1.Deployment`](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) +that you can build upon and use in other packages. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/deployment deploy-myapp +``` + +Customize `deploy.yaml`: + +```yaml +apiVersion: apps/v1 +kind: Deployment + # Name will be used as the value for the `app.kubernetes.io/component` + # selector label and updated automatically by `kpt fn render`. + # So no need to set those manually. + name: test +``` + +And then render to update resources: + +```shell +kpt fn render +``` + +This package is also a Kustomization, so, it can also be referenced by other +Kustomizations: + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./deploy-myapp/ +``` diff --git a/local-cluster/dash/deploy-caddy/deploy.yaml b/local-cluster/dash/deploy-caddy/deploy.yaml new file mode 100644 index 0000000..0682e8f --- /dev/null +++ b/local-cluster/dash/deploy-caddy/deploy.yaml @@ -0,0 +1,42 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/deployment-apps-v1.json +apiVersion: apps/v1 +kind: Deployment +metadata: # kpt-merge: /example + # Name will be used as the value for the `app.kubernetes.io/component` + # selector label and updated automatically by `kpt fn render`. + # So no need to set those manually. + name: caddy + labels: + app.kubernetes.io/component: caddy + annotations: + internal.kpt.dev/upstream-identifier: 'apps|Deployment|default|example' +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/component: caddy + template: + metadata: + labels: + app.kubernetes.io/component: caddy + spec: + volumes: + - name: caddy-config + configMap: + name: caddy-config + containers: + - name: default + image: "caddy" + env: + - name: DASH_USER_TOKEN + valueFrom: + secretKeyRef: + optional: false + key: token + name: dash-user-token + ports: + - name: http + containerPort: 80 + volumeMounts: + - name: caddy-config + mountPath: /etc/caddy diff --git a/local-cluster/dash/deploy-caddy/fn-replacements.yaml b/local-cluster/dash/deploy-caddy/fn-replacements.yaml new file mode 100644 index 0000000..4e8fc4b --- /dev/null +++ b/local-cluster/dash/deploy-caddy/fn-replacements.yaml @@ -0,0 +1,20 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: ApplyReplacements +metadata: # kpt-merge: /deploy + name: deploy + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'fn.kpt.dev|ApplyReplacements|default|deploy' +replacements: + - source: + kind: Deployment + fieldPath: metadata.name + targets: + - select: + kind: Deployment + fieldPaths: + - metadata.labels.[app.kubernetes.io/component] + - spec.selector.matchLabels.[app.kubernetes.io/component] + - spec.template.metadata.labels.[app.kubernetes.io/component] + options: + create: true diff --git a/local-cluster/dash/deploy-caddy/kustomization.yaml b/local-cluster/dash/deploy-caddy/kustomization.yaml new file mode 100644 index 0000000..3c8f3bb --- /dev/null +++ b/local-cluster/dash/deploy-caddy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +metadata: # kpt-merge: /deploy + name: deploy + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Kustomization|default|deploy' +components: + - ./remove-kpt-internal-annotations/ +resources: + - ./deploy.yaml diff --git a/local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/Kptfile b/local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/Kptfile new file mode 100644 index 0000000..92eb73b --- /dev/null +++ b/local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + commit: b7204dffac224c3060e153b36da4735b31319cab diff --git a/local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/README.md b/local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/README.md new file mode 100644 index 0000000..4ffea9f --- /dev/null +++ b/local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/README.md @@ -0,0 +1,25 @@ +# remove-kpt-internal-annotations + +## Description + +This package provides a [Kustomize `Component`](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/1802-kustomize-components) +that can be used to remove `internal.kpt.dev/upstream-identifier` annotations from all rendered KRM objects. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/remove-kpt-internal-annotations +``` + +And then reference it from another Kustomization: + + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ./remove-kpt-internal-annotations/ +``` diff --git a/local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/kustomization.yaml b/local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/kustomization.yaml new file mode 100644 index 0000000..f11ff1a --- /dev/null +++ b/local-cluster/dash/deploy-caddy/remove-kpt-internal-annotations/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +metadata: # kpt-merge: /remove-kpt-internal-annotations + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Component|default|remove-kpt-internal-annotations' +patches: + - target: + annotationSelector: internal.kpt.dev/upstream-identifier + patch: |- + - op: remove + path: /metadata/annotations/internal.kpt.dev~1upstream-identifier diff --git a/local-cluster/dash/helm/Kptfile b/local-cluster/dash/helm/Kptfile new file mode 100644 index 0000000..ad59a17 --- /dev/null +++ b/local-cluster/dash/helm/Kptfile @@ -0,0 +1,58 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: helm + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /helm-chart + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /helm-chart + ref: main + commit: c58213d7a52130c977fdff0a51f4bd4fb5ca73a3 +pipeline: + mutators: + - image: gcr.io/kpt-fn/starlark:v0.5.0 + configMap: + source: |- + output = "rendered.yaml" + new = [] + + for r in ctx.resource_list["items"]: + path = r.get("metadata", {}).get("annotations", {}).get("internal.config.kubernetes.io/path", "") + if path == output: + continue + new.append(r) + + ctx.resource_list["items"] = new + name: reset-rendered + - image: gcr.io/kpt-fn/render-helm-chart:v0.2.2 + configPath: ./charts.yaml + name: render-helm-chart + - image: gcr.io/kpt-fn/starlark:v0.5.0 + configMap: + source: |- + output = "rendered.yaml" + + index = 0 + for r in ctx.resource_list["items"]: + path = r.get("metadata", {}).get("annotations", {}).get("internal.config.kubernetes.io/path", "") + + if path in set(["charts.yaml", "Kptfile", "kustomization.yaml"]): + continue + + if path.startswith("remove-kpt-internal-annotations/"): + continue + + r["metadata"]["annotations"]["internal.config.kubernetes.io/path"] = output + r["metadata"]["annotations"]["internal.config.kubernetes.io/index"] = "%d" % index + index = index + 1 + name: output-to-file diff --git a/local-cluster/dash/helm/README.md b/local-cluster/dash/helm/README.md new file mode 100644 index 0000000..fe0ca9e --- /dev/null +++ b/local-cluster/dash/helm/README.md @@ -0,0 +1,69 @@ +# helm-chart + +## Description + +This package will let you render a Helm chart. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/helm-chart example-helm +``` + +Define Helm charts in `charts.yaml`: + +```yaml +apiVersion: kpt.dev/v1 +kind: RenderHelmChart +metadata: + name: postgresql # Change this to a short name describing the charts + annotations: + config.kubernetes.io/local-config: "true" +# See https://catalog.kpt.dev/render-helm-chart/v0.2/ +helmCharts: + - chartArgs: + repo: oci://registry-1.docker.io/bitnamicharts + name: postgresql + version: 12.12.10 + templateOptions: + apiVersions: + - "1.23.17" + releaseName: postgresql + namespace: example-ns + includeCRDs: true + skipTests: true + values: + valuesInline: + # Chart values go here + architecture: standalone + primary.persistence.size: 2Gi + auth: + database: example + username: example + password: example +``` + +Then run: + +```shell +kpt fn render --allow-network +``` + +This will template out the Chart(s) and place them in `rendered.yaml`. + +This package is also a Kustomization that includes the Chart(s) output, so +you can use it from other Kustomizations: + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./example-helm/ +``` + +Note `helmCharts[].templateOptions.namespace` does not actually cause a +`v1.Namespace` to be emmited. That must be created seperately, if it does not +already exist on the cluster. +Consider using https://github.com/LCOGT/kpt-pkg-catalog/tree/main/namespace to do that. diff --git a/local-cluster/dash/helm/charts.yaml b/local-cluster/dash/helm/charts.yaml new file mode 100644 index 0000000..cac393c --- /dev/null +++ b/local-cluster/dash/helm/charts.yaml @@ -0,0 +1,29 @@ +apiVersion: kpt.dev/v1 +kind: RenderHelmChart +metadata: # kpt-merge: /example + name: dashboard + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: kpt.dev|RenderHelmChart|default|example +# See https://catalog.kpt.dev/render-helm-chart/v0.2/ +helmCharts: + - chartArgs: + repo: https://kubernetes.github.io/dashboard/ + name: kubernetes-dashboard + version: 7.10.4 + templateOptions: + apiVersions: + - 1.26.15 + releaseName: dash + namespace: dash + includeCRDs: true + skipTests: true + values: + valuesInline: + # Chart values go here + app: + security: + csrfKey: fake + settings: + global: + defaultNamespace: _all diff --git a/local-cluster/dash/helm/kustomization.yaml b/local-cluster/dash/helm/kustomization.yaml new file mode 100644 index 0000000..eeb288c --- /dev/null +++ b/local-cluster/dash/helm/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +metadata: # kpt-merge: /helm-chart + name: helm-chart + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: kustomize.config.k8s.io|Kustomization|default|helm-chart +resources: + - ./rendered.yaml +components: + - ./remove-kpt-internal-annotations/ diff --git a/local-cluster/dash/helm/remove-kpt-internal-annotations/Kptfile b/local-cluster/dash/helm/remove-kpt-internal-annotations/Kptfile new file mode 100644 index 0000000..ce79374 --- /dev/null +++ b/local-cluster/dash/helm/remove-kpt-internal-annotations/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + commit: 9471f7891b764d27fef2e84c0c6450de0004bca9 diff --git a/local-cluster/dash/helm/remove-kpt-internal-annotations/README.md b/local-cluster/dash/helm/remove-kpt-internal-annotations/README.md new file mode 100644 index 0000000..4ffea9f --- /dev/null +++ b/local-cluster/dash/helm/remove-kpt-internal-annotations/README.md @@ -0,0 +1,25 @@ +# remove-kpt-internal-annotations + +## Description + +This package provides a [Kustomize `Component`](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/1802-kustomize-components) +that can be used to remove `internal.kpt.dev/upstream-identifier` annotations from all rendered KRM objects. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/remove-kpt-internal-annotations +``` + +And then reference it from another Kustomization: + + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ./remove-kpt-internal-annotations/ +``` diff --git a/local-cluster/dash/helm/remove-kpt-internal-annotations/kustomization.yaml b/local-cluster/dash/helm/remove-kpt-internal-annotations/kustomization.yaml new file mode 100644 index 0000000..e4543c5 --- /dev/null +++ b/local-cluster/dash/helm/remove-kpt-internal-annotations/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +metadata: # kpt-merge: /remove-kpt-internal-annotations + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: kustomize.config.k8s.io|Component|default|remove-kpt-internal-annotations +patches: + - target: + annotationSelector: internal.kpt.dev/upstream-identifier + patch: |- + - op: remove + path: /metadata/annotations/internal.kpt.dev~1upstream-identifier diff --git a/local-cluster/dash/helm/rendered.yaml b/local-cluster/dash/helm/rendered.yaml new file mode 100644 index 0000000..3a299d4 --- /dev/null +++ b/local-cluster/dash/helm/rendered.yaml @@ -0,0 +1,3821 @@ +# Source: crds/custom-resource-definitions.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: ingressclassparameterses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + kind: IngressClassParameters + listKind: IngressClassParametersList + plural: ingressclassparameterses + singular: ingressclassparameters + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressClassParameters is the Schema for the IngressClassParameters API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the IngressClassParameters specification. + properties: + enableLegacyRegexDetection: + default: false + description: |- + EnableLegacyRegexDetection automatically detects if ImplementationSpecific Ingress paths are regular expression + paths using the legacy 2.x heuristic. The controller adds the "~" prefix to those paths if the Kong version is + 3.0 or higher. + type: boolean + serviceUpstream: + default: false + description: Offload load-balancing to kube-proxy or sidecar. + type: boolean + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: kongclusterplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongClusterPlugin + listKind: KongClusterPluginList + plural: kongclusterplugins + shortNames: + - kcp + singular: kongclusterplugin + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongClusterPlugin is the Schema for the kongclusterplugins API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + config: + description: |- + Config contains the plugin configuration. It's a list of keys and values + required to configure the plugin. + Please read the documentation of the plugin being configured to set values + in here. For any plugin in Kong, anything that goes in the `config` JSON + key in the Admin API request, goes into this property. + Only one of `config` or `configFrom` may be used in a KongClusterPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: |- + ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive information, + such as AWS credentials in the Lambda plugin or the client secret in the OIDC plugin. + Only one of `config` or `configFrom` may be used in a KongClusterPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name, a namespace, and a key of a secret to refer to. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + namespace: + description: The namespace containing the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - secretKeyRef + type: object + configPatches: + description: |- + ConfigPatches represents JSON patches to the configuration of the plugin. + Each item means a JSON patch to add something in the configuration, + where path is specified in `path` and value is in `valueFrom` referencing + a key in a secret. + When Config is specified, patches will be applied to the configuration in Config. + Otherwise, patches will be applied to an empty object. + items: + description: |- + NamespacedConfigPatch is a JSON patch to add values from secrets to KongClusterPlugin + to the generated configuration of plugin in Kong. + properties: + path: + description: Path is the JSON path to add the patch. + type: string + valueFrom: + description: ValueFrom is the reference to a key of a secret where the patched value comes from. + properties: + secretKeyRef: + description: Specifies a name, a namespace, and a key of a secret to refer to. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + namespace: + description: The namespace containing the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - secretKeyRef + type: object + required: + - path + - valueFrom + type: object + type: array + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: |- + InstanceName is an optional custom name to identify an instance of the plugin. This is useful when running the + same plugin in multiple contexts, for example, on multiple services. + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + ordering: + description: |- + Ordering overrides the normal plugin execution order. It's only available on Kong Enterprise. + `` is a request processing phase (for example, `access` or `body_filter`) and + `` is the name of the plugin that will run before or after the KongPlugin. + For example, a KongPlugin with `plugin: rate-limiting` and `before.access: ["key-auth"]` + will create a rate limiting plugin that limits requests _before_ they are authenticated. + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the config. + type: string + protocols: + description: |- + Protocols configures plugin to run on requests received on specific + protocols. + items: + description: |- + KongProtocol is a valid Kong protocol. + This alias is necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: |- + RunOn configures the plugin to run on the first or the second or both + nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongClusterPlugin resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: |- + Conditions describe the current conditions of the KongClusterPluginStatus. + + Known condition types are: + + * "Programmed" + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + x-kubernetes-validations: + - message: Using both config and configFrom fields is not allowed. + rule: '!(has(self.config) && has(self.configFrom))' + - message: Using both configFrom and configPatches fields is not allowed. + rule: '!(has(self.configFrom) && has(self.configPatches))' + - message: The plugin field is immutable + rule: self.plugin == oldSelf.plugin + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: kongconsumergroups.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumerGroup + listKind: KongConsumerGroupList + plural: kongconsumergroups + shortNames: + - kcg + singular: kongconsumergroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: KongConsumerGroup is the Schema for the kongconsumergroups API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumerGroup resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: |- + Conditions describe the current conditions of the KongConsumerGroup. + + Known condition types are: + + * "Programmed" + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: kongconsumers.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongConsumer + listKind: KongConsumerList + plural: kongconsumers + shortNames: + - kc + singular: kongconsumer + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Username of a Kong Consumer + jsonPath: .username + name: Username + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongConsumer is the Schema for the kongconsumers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + consumerGroups: + description: |- + ConsumerGroups are references to consumer groups (that consumer wants to be part of) + provisioned in Kong. + items: + type: string + type: array + x-kubernetes-list-type: set + credentials: + description: |- + Credentials are references to secrets containing a credential to be + provisioned in Kong. + items: + type: string + type: array + x-kubernetes-list-type: set + custom_id: + description: |- + CustomID is a Kong cluster-unique existing ID for the consumer - useful for mapping + Kong with users in your existing database. + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + status: + description: Status represents the current status of the KongConsumer resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: |- + Conditions describe the current conditions of the KongConsumer. + + Known condition types are: + + * "Programmed" + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + username: + description: Username is a Kong cluster-unique username of the consumer. + type: string + type: object + x-kubernetes-validations: + - message: Need to provide either username or custom_id + rule: has(self.username) || has(self.custom_id) + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: kongcustomentities.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongCustomEntity + listKind: KongCustomEntityList + plural: kongcustomentities + shortNames: + - kce + singular: kongcustomentity + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: type of the Kong entity + jsonPath: .spec.type + name: Entity Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: KongCustomEntity defines a "custom" Kong entity that KIC cannot support the entity type directly. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + controllerName: + description: ControllerName specifies the controller that should reconcile it, like ingress class. + type: string + fields: + description: Fields defines the fields of the Kong entity itself. + x-kubernetes-preserve-unknown-fields: true + parentRef: + description: |- + ParentRef references the kubernetes resource it attached to when its scope is "attached". + Currently only KongPlugin/KongClusterPlugin allowed. This will make the custom entity to be attached + to the entity(service/route/consumer) where the plugin is attached. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + description: Empty namespace means the same namespace of the owning object. + type: string + required: + - name + type: object + type: + description: EntityType is the type of the Kong entity. The type is used in generating declarative configuration. + type: string + required: + - controllerName + - fields + - type + type: object + status: + description: Status stores the reconciling status of the resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: |- + Conditions describe the current conditions of the KongCustomEntityStatus. + + Known condition types are: + + * "Programmed" + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + required: + - conditions + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: The spec.type field is immutable + rule: self.spec.type == oldSelf.spec.type + - message: The spec.type field cannot be known Kong entity types + rule: '!(self.spec.type in [''services'',''routes'',''upstreams'',''targets'',''plugins'',''consumers'',''consumer_groups''])' + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: kongingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongIngress + listKind: KongIngressList + plural: kongingresses + shortNames: + - ki + singular: kongingress + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KongIngress is the Schema for the kongingresses API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + proxy: + description: |- + Proxy defines additional connection options for the routes to be configured in the + Kong Gateway, e.g. `connection_timeout`, `retries`, etc. + properties: + connect_timeout: + description: |- + The timeout in milliseconds for establishing a connection to the upstream server. + Deprecated: use Service's "konghq.com/connect-timeout" annotation instead. + minimum: 0 + type: integer + path: + description: |- + (optional) The path to be used in requests to the upstream server. + Deprecated: use Service's "konghq.com/path" annotation instead. + pattern: ^/.*$ + type: string + protocol: + description: |- + The protocol used to communicate with the upstream. + Deprecated: use Service's "konghq.com/protocol" annotation instead. + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + read_timeout: + description: |- + The timeout in milliseconds between two successive read operations + for transmitting a request to the upstream server. + Deprecated: use Service's "konghq.com/read-timeout" annotation instead. + minimum: 0 + type: integer + retries: + description: |- + The number of retries to execute upon failure to proxy. + Deprecated: use Service's "konghq.com/retries" annotation instead. + minimum: 0 + type: integer + write_timeout: + description: |- + The timeout in milliseconds between two successive write operations + for transmitting a request to the upstream server. + Deprecated: use Service's "konghq.com/write-timeout" annotation instead. + minimum: 0 + type: integer + type: object + route: + description: |- + Route define rules to match client requests. + Each Route is associated with a Service, + and a Service may have multiple Routes associated to it. + properties: + headers: + additionalProperties: + items: + type: string + type: array + description: |- + Headers contains one or more lists of values indexed by header name + that will cause this Route to match if present in the request. + The Host header cannot be used with this attribute. + Deprecated: use Ingress' "konghq.com/headers" annotation instead. + type: object + https_redirect_status_code: + description: |- + HTTPSRedirectStatusCode is the status code Kong responds with + when all properties of a Route match except the protocol. + Deprecated: use Ingress' "ingress.kubernetes.io/force-ssl-redirect" or + "konghq.com/https-redirect-status-code" annotations instead. + type: integer + methods: + description: |- + Methods is a list of HTTP methods that match this Route. + Deprecated: use Ingress' "konghq.com/methods" annotation instead. + items: + type: string + type: array + path_handling: + description: |- + PathHandling controls how the Service path, Route path and requested path + are combined when sending a request to the upstream. + Deprecated: use Ingress' "konghq.com/path-handling" annotation instead. + enum: + - v0 + - v1 + type: string + preserve_host: + description: |- + PreserveHost sets When matching a Route via one of the hosts domain names, + use the request Host header in the upstream request headers. + If set to false, the upstream Host header will be that of the Service’s host. + Deprecated: use Ingress' "konghq.com/preserve-host" annotation instead. + type: boolean + protocols: + description: |- + Protocols is an array of the protocols this Route should allow. + Deprecated: use Ingress' "konghq.com/protocols" annotation instead. + items: + description: |- + KongProtocol is a valid Kong protocol. + This alias is necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + regex_priority: + description: |- + RegexPriority is a number used to choose which route resolves a given request + when several routes match it using regexes simultaneously. + Deprecated: use Ingress' "konghq.com/regex-priority" annotation instead. + type: integer + request_buffering: + description: |- + RequestBuffering sets whether to enable request body buffering or not. + Deprecated: use Ingress' "konghq.com/request-buffering" annotation instead. + type: boolean + response_buffering: + description: |- + ResponseBuffering sets whether to enable response body buffering or not. + Deprecated: use Ingress' "konghq.com/response-buffering" annotation instead. + type: boolean + snis: + description: |- + SNIs is a list of SNIs that match this Route when using stream routing. + Deprecated: use Ingress' "konghq.com/snis" annotation instead. + items: + type: string + type: array + strip_path: + description: |- + StripPath sets When matching a Route via one of the paths + strip the matching prefix from the upstream request URL. + Deprecated: use Ingress' "konghq.com/strip-path" annotation instead. + type: boolean + type: object + upstream: + description: |- + Upstream represents a virtual hostname and can be used to loadbalance + incoming requests over multiple targets (e.g. Kubernetes `Services` can + be a target, OR `Endpoints` can be targets). + properties: + algorithm: + description: |- + Algorithm is the load balancing algorithm to use. + Accepted values are: "round-robin", "consistent-hashing", "least-connections", "latency". + enum: + - round-robin + - consistent-hashing + - least-connections + - latency + type: string + hash_fallback: + description: |- + HashFallback defines What to use as hashing input + if the primary hash_on does not return a hash. + Accepted values are: "none", "consumer", "ip", "header", "cookie". + type: string + hash_fallback_header: + description: |- + HashFallbackHeader is the header name to take the value from as hash input. + Only required when "hash_fallback" is set to "header". + type: string + hash_fallback_query_arg: + description: HashFallbackQueryArg is the "hash_fallback" version of HashOnQueryArg. + type: string + hash_fallback_uri_capture: + description: HashFallbackURICapture is the "hash_fallback" version of HashOnURICapture. + type: string + hash_on: + description: |- + HashOn defines what to use as hashing input. + Accepted values are: "none", "consumer", "ip", "header", "cookie", "path", "query_arg", "uri_capture". + type: string + hash_on_cookie: + description: |- + The cookie name to take the value from as hash input. + Only required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_cookie_path: + description: |- + The cookie path to set in the response headers. + Only required when "hash_on" or "hash_fallback" is set to "cookie". + type: string + hash_on_header: + description: |- + HashOnHeader defines the header name to take the value from as hash input. + Only required when "hash_on" is set to "header". + type: string + hash_on_query_arg: + description: HashOnQueryArg is the query string parameter whose value is the hash input when "hash_on" is set to "query_arg". + type: string + hash_on_uri_capture: + description: |- + HashOnURICapture is the name of the capture group whose value is the hash input when "hash_on" is set to + "uri_capture". + type: string + healthchecks: + description: Healthchecks defines the health check configurations in Kong. + properties: + active: + description: ActiveHealthcheck configures active health check probing. + properties: + concurrency: + minimum: 1 + type: integer + headers: + additionalProperties: + items: + type: string + type: array + type: object + healthy: + description: |- + Healthy configures thresholds and HTTP status codes + to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + http_path: + pattern: ^/.*$ + type: string + https_sni: + type: string + https_verify_certificate: + type: boolean + timeout: + minimum: 0 + type: integer + type: + type: string + unhealthy: + description: |- + Unhealthy configures thresholds and HTTP status codes + to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + passive: + description: |- + PassiveHealthcheck configures passive checks around + passive health checks. + properties: + healthy: + description: |- + Healthy configures thresholds and HTTP status codes + to mark targets healthy for an upstream. + properties: + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + successes: + minimum: 0 + type: integer + type: object + type: + type: string + unhealthy: + description: |- + Unhealthy configures thresholds and HTTP status codes + to mark targets unhealthy. + properties: + http_failures: + minimum: 0 + type: integer + http_statuses: + items: + type: integer + type: array + interval: + minimum: 0 + type: integer + tcp_failures: + minimum: 0 + type: integer + timeouts: + minimum: 0 + type: integer + type: object + type: object + threshold: + type: number + type: object + host_header: + description: |- + HostHeader is The hostname to be used as Host header + when proxying requests through Kong. + type: string + slots: + description: Slots is the number of slots in the load balancer algorithm. + minimum: 10 + type: integer + type: object + type: object + x-kubernetes-validations: + - message: '''proxy'' field is no longer supported, use Service''s annotations instead' + rule: '!has(self.proxy)' + - message: '''route'' field is no longer supported, use Ingress'' annotations instead' + rule: '!has(self.route)' + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: konglicenses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongLicense + listKind: KongLicenseList + plural: konglicenses + shortNames: + - kl + singular: konglicense + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Enabled to configure on Kong gateway instances + jsonPath: .enabled + name: Enabled + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: KongLicense stores a Kong enterprise license to apply to managed Kong gateway instances. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + enabled: + default: true + description: |- + Enabled is set to true to let controllers (like KIC or KGO) to reconcile it. + Default value is true to apply the license by default. + type: boolean + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + rawLicenseString: + description: RawLicenseString is a string with the raw content of the license. + type: string + status: + description: Status is the status of the KongLicense being processed by controllers. + properties: + controllers: + items: + description: |- + KongLicenseControllerStatus is the status of owning KongLicense being processed + identified by the controllerName field. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: Conditions describe the current conditions of the KongLicense on the controller. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllerName: + description: |- + ControllerName is an identifier of the controller to reconcile this KongLicense. + Should be unique in the list of controller statuses. + type: string + controllerRef: + description: |- + ControllerRef is the reference of the controller to reconcile this KongLicense. + It is usually the name of (KIC/KGO) pod that reconciles it. + properties: + group: + description: |- + Group is the group of referent. + It should be empty if the referent is in "core" group (like pod). + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: |- + Kind is the kind of the referent. + By default the nil kind means kind Pod. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the referent. + It should be empty if the referent is cluster scoped. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + required: + - controllerName + type: object + type: array + x-kubernetes-list-map-keys: + - controllerName + x-kubernetes-list-type: map + type: object + required: + - enabled + - rawLicenseString + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: kongplugins.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongPlugin + listKind: KongPluginList + plural: kongplugins + shortNames: + - kp + singular: kongplugin + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the plugin + jsonPath: .plugin + name: Plugin-Type + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Indicates if the plugin is disabled + jsonPath: .disabled + name: Disabled + priority: 1 + type: boolean + - description: Configuration of the plugin + jsonPath: .config + name: Config + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1 + schema: + openAPIV3Schema: + description: KongPlugin is the Schema for the kongplugins API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + config: + description: |- + Config contains the plugin configuration. It's a list of keys and values + required to configure the plugin. + Please read the documentation of the plugin being configured to set values + in here. For any plugin in Kong, anything that goes in the `config` JSON + key in the Admin API request, goes into this property. + Only one of `config` or `configFrom` may be used in a KongPlugin, not both at once. + type: object + x-kubernetes-preserve-unknown-fields: true + configFrom: + description: |- + ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive information, + such as AWS credentials in the Lambda plugin or the client secret in the OIDC plugin. + Only one of `config` or `configFrom` may be used in a KongPlugin, not both at once. + properties: + secretKeyRef: + description: Specifies a name and a key of a secret to refer to. The namespace is implicitly set to the one of referring object. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + configPatches: + description: |- + ConfigPatches represents JSON patches to the configuration of the plugin. + Each item means a JSON patch to add something in the configuration, + where path is specified in `path` and value is in `valueFrom` referencing + a key in a secret. + When Config is specified, patches will be applied to the configuration in Config. + Otherwise, patches will be applied to an empty object. + items: + description: |- + ConfigPatch is a JSON patch (RFC6902) to add values from Secret to the generated configuration. + It is an equivalent of the following patch: + `{"op": "add", "path": {.Path}, "value": {.ComputedValueFrom}}`. + properties: + path: + description: Path is the JSON-Pointer value (RFC6901) that references a location within the target configuration. + type: string + valueFrom: + description: ValueFrom is the reference to a key of a secret where the patched value comes from. + properties: + secretKeyRef: + description: Specifies a name and a key of a secret to refer to. The namespace is implicitly set to the one of referring object. + properties: + key: + description: The key containing the value. + type: string + name: + description: The secret containing the key. + type: string + required: + - key + - name + type: object + required: + - secretKeyRef + type: object + required: + - path + - valueFrom + type: object + type: array + consumerRef: + description: ConsumerRef is a reference to a particular consumer. + type: string + disabled: + description: Disabled set if the plugin is disabled or not. + type: boolean + instance_name: + description: |- + InstanceName is an optional custom name to identify an instance of the plugin. This is useful when running the + same plugin in multiple contexts, for example, on multiple services. + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + ordering: + description: |- + Ordering overrides the normal plugin execution order. It's only available on Kong Enterprise. + `` is a request processing phase (for example, `access` or `body_filter`) and + `` is the name of the plugin that will run before or after the KongPlugin. + For example, a KongPlugin with `plugin: rate-limiting` and `before.access: ["key-auth"]` + will create a rate limiting plugin that limits requests _before_ they are authenticated. + properties: + after: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase should affect the target plugin's order + type: object + before: + additionalProperties: + items: + type: string + type: array + description: PluginOrderingPhase indicates which plugins in a phase should affect the target plugin's order + type: object + type: object + plugin: + description: PluginName is the name of the plugin to which to apply the config. + type: string + protocols: + description: |- + Protocols configures plugin to run on requests received on specific + protocols. + items: + description: |- + KongProtocol is a valid Kong protocol. + This alias is necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342 + enum: + - http + - https + - grpc + - grpcs + - tcp + - tls + - udp + type: string + type: array + run_on: + description: |- + RunOn configures the plugin to run on the first or the second or both + nodes in case of a service mesh deployment. + enum: + - first + - second + - all + type: string + status: + description: Status represents the current status of the KongPlugin resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: |- + Conditions describe the current conditions of the KongPluginStatus. + + Known condition types are: + + * "Programmed" + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - plugin + type: object + x-kubernetes-validations: + - message: Using both config and configFrom fields is not allowed. + rule: '!(has(self.config) && has(self.configFrom))' + - message: Using both configFrom and configPatches fields is not allowed. + rule: '!(has(self.configFrom) && has(self.configPatches))' + - message: The plugin field is immutable + rule: self.plugin == oldSelf.plugin + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + labels: + gateway.networking.k8s.io/policy: direct + name: kongupstreampolicies.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongUpstreamPolicy + listKind: KongUpstreamPolicyList + plural: kongupstreampolicies + shortNames: + - kup + singular: kongupstreampolicy + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: |- + KongUpstreamPolicy allows configuring algorithm that should be used for load balancing traffic between Kong + Upstream's Targets. It also allows configuring health checks for Kong Upstream's Targets. + + Its configuration is similar to Kong Upstream object (https://docs.konghq.com/gateway/latest/admin-api/#upstream-object), + and it is applied to Kong Upstream objects created by the controller. + + It can be attached to Services. To attach it to a Service, it has to be annotated with + `konghq.com/upstream-policy: `, where `` is the name of the KongUpstreamPolicy + object in the same namespace as the Service. + + When attached to a Service, it will affect all Kong Upstreams created for the Service. + + When attached to a Service used in a Gateway API *Route rule with multiple BackendRefs, all of its Services MUST + be configured with the same KongUpstreamPolicy. Otherwise, the controller will *ignore* the KongUpstreamPolicy. + + Note: KongUpstreamPolicy doesn't implement Gateway API's GEP-713 strictly. + In particular, it doesn't use the TargetRef for attaching to Services and Gateway API *Routes - annotations are + used instead. This is to allow reusing the same KongUpstreamPolicy for multiple Services and Gateway API *Routes. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec contains the configuration of the Kong upstream. + properties: + algorithm: + description: |- + Algorithm is the load balancing algorithm to use. + Accepted values are: "round-robin", "consistent-hashing", "least-connections", "latency". + enum: + - round-robin + - consistent-hashing + - least-connections + - latency + type: string + hashOn: + description: |- + HashOn defines how to calculate hash for consistent-hashing load balancing algorithm. + Algorithm must be set to "consistent-hashing" for this field to have effect. + properties: + cookie: + description: Cookie is the name of the cookie to use as hash input. + type: string + cookiePath: + description: CookiePath is cookie path to set in the response headers. + type: string + header: + description: Header is the name of the header to use as hash input. + type: string + input: + description: |- + Input allows using one of the predefined inputs (ip, consumer, path). + For other parametrized inputs, use one of the fields below. + enum: + - ip + - consumer + - path + type: string + queryArg: + description: QueryArg is the name of the query argument to use as hash input. + type: string + uriCapture: + description: URICapture is the name of the URI capture group to use as hash input. + type: string + type: object + hashOnFallback: + description: |- + HashOnFallback defines how to calculate hash for consistent-hashing load balancing algorithm if the primary hash + function fails. + Algorithm must be set to "consistent-hashing" for this field to have effect. + properties: + cookie: + description: Cookie is the name of the cookie to use as hash input. + type: string + cookiePath: + description: CookiePath is cookie path to set in the response headers. + type: string + header: + description: Header is the name of the header to use as hash input. + type: string + input: + description: |- + Input allows using one of the predefined inputs (ip, consumer, path). + For other parametrized inputs, use one of the fields below. + enum: + - ip + - consumer + - path + type: string + queryArg: + description: QueryArg is the name of the query argument to use as hash input. + type: string + uriCapture: + description: URICapture is the name of the URI capture group to use as hash input. + type: string + type: object + healthchecks: + description: Healthchecks defines the health check configurations in Kong. + properties: + active: + description: Active configures active health check probing. + properties: + concurrency: + description: Concurrency is the number of targets to check concurrently. + minimum: 1 + type: integer + headers: + additionalProperties: + items: + type: string + type: array + description: Headers is a list of HTTP headers to add to the probe request. + type: object + healthy: + description: Healthy configures thresholds and HTTP status codes to mark targets healthy for an upstream. + properties: + httpStatuses: + description: HTTPStatuses is a list of HTTP status codes that Kong considers a success. + items: + description: HTTPStatus is an HTTP status code. + maximum: 599 + minimum: 100 + type: integer + type: array + interval: + description: Interval is the interval between active health checks for an upstream in seconds when in a healthy state. + minimum: 0 + type: integer + successes: + description: Successes is the number of successes to consider a target healthy. + minimum: 0 + type: integer + type: object + httpPath: + description: HTTPPath is the path to use in GET HTTP request to run as a probe. + pattern: ^/.*$ + type: string + httpsSni: + description: HTTPSSNI is the SNI to use in GET HTTPS request to run as a probe. + type: string + httpsVerifyCertificate: + description: HTTPSVerifyCertificate is a boolean value that indicates if the certificate should be verified. + type: boolean + timeout: + description: Timeout is the probe timeout in seconds. + minimum: 0 + type: integer + type: + description: |- + Type determines whether to perform active health checks using HTTP or HTTPS, or just attempt a TCP connection. + Accepted values are "http", "https", "tcp", "grpc", "grpcs". + enum: + - http + - https + - tcp + - grpc + - grpcs + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status codes to mark targets unhealthy for an upstream. + properties: + httpFailures: + description: HTTPFailures is the number of failures to consider a target unhealthy. + minimum: 0 + type: integer + httpStatuses: + description: HTTPStatuses is a list of HTTP status codes that Kong considers a failure. + items: + description: HTTPStatus is an HTTP status code. + maximum: 599 + minimum: 100 + type: integer + type: array + interval: + description: Interval is the interval between active health checks for an upstream in seconds when in an unhealthy state. + minimum: 0 + type: integer + tcpFailures: + description: TCPFailures is the number of TCP failures in a row to consider a target unhealthy. + minimum: 0 + type: integer + timeouts: + description: Timeouts is the number of timeouts in a row to consider a target unhealthy. + minimum: 0 + type: integer + type: object + type: object + passive: + description: Passive configures passive health check probing. + properties: + healthy: + description: Healthy configures thresholds and HTTP status codes to mark targets healthy for an upstream. + properties: + httpStatuses: + description: HTTPStatuses is a list of HTTP status codes that Kong considers a success. + items: + description: HTTPStatus is an HTTP status code. + maximum: 599 + minimum: 100 + type: integer + type: array + interval: + description: Interval is the interval between active health checks for an upstream in seconds when in a healthy state. + minimum: 0 + type: integer + successes: + description: Successes is the number of successes to consider a target healthy. + minimum: 0 + type: integer + type: object + type: + description: |- + Type determines whether to perform passive health checks interpreting HTTP/HTTPS statuses, + or just check for TCP connection success. + Accepted values are "http", "https", "tcp", "grpc", "grpcs". + enum: + - http + - https + - tcp + - grpc + - grpcs + type: string + unhealthy: + description: Unhealthy configures thresholds and HTTP status codes to mark targets unhealthy. + properties: + httpFailures: + description: HTTPFailures is the number of failures to consider a target unhealthy. + minimum: 0 + type: integer + httpStatuses: + description: HTTPStatuses is a list of HTTP status codes that Kong considers a failure. + items: + description: HTTPStatus is an HTTP status code. + maximum: 599 + minimum: 100 + type: integer + type: array + interval: + description: Interval is the interval between active health checks for an upstream in seconds when in an unhealthy state. + minimum: 0 + type: integer + tcpFailures: + description: TCPFailures is the number of TCP failures in a row to consider a target unhealthy. + minimum: 0 + type: integer + timeouts: + description: Timeouts is the number of timeouts in a row to consider a target unhealthy. + minimum: 0 + type: integer + type: object + type: object + threshold: + description: |- + Threshold is the minimum percentage of the upstream’s targets’ weight that must be available for the whole + upstream to be considered healthy. + type: integer + type: object + slots: + description: |- + Slots is the number of slots in the load balancer algorithm. + If not set, the default value in Kong for the algorithm is used. + maximum: 65536 + minimum: 10 + type: integer + type: object + status: + description: Status defines the current state of KongUpstreamPolicy + properties: + ancestors: + description: |- + Ancestors is a list of ancestor resources (usually Gateways) that are + associated with the policy, and the status of the policy with respect to + each ancestor. When this policy attaches to a parent, the controller that + manages the parent and the ancestors MUST add an entry to this list when + the controller first sees the policy and SHOULD update the entry as + appropriate when the relevant ancestor is modified. + + Note that choosing the relevant ancestor is left to the Policy designers; + an important part of Policy design is designing the right object level at + which to namespace this status. + + Note also that implementations MUST ONLY populate ancestor status for + the Ancestor resources they are responsible for. Implementations MUST + use the ControllerName field to uniquely identify the entries in this list + that they are responsible for. + + Note that to achieve this, the list of PolicyAncestorStatus structs + MUST be treated as a map with a composite key, made up of the AncestorRef + and ControllerName fields combined. + + A maximum of 16 ancestors will be represented in this list. An empty list + means the Policy is not relevant for any ancestors. + + If this slice is full, implementations MUST NOT add further entries. + Instead they MUST consider the policy unimplementable and signal that + on any related resources such as the ancestor that would be referenced + here. For example, if this list was full on BackendTLSPolicy, no + additional Gateways would be able to reference the Service targeted by + the BackendTLSPolicy. + items: + description: |- + PolicyAncestorStatus describes the status of a route with respect to an + associated Ancestor. + + Ancestors refer to objects that are either the Target of a policy or above it + in terms of object hierarchy. For example, if a policy targets a Service, the + Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and + the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most + useful object to place Policy status on, so we recommend that implementations + SHOULD use Gateway as the PolicyAncestorStatus object unless the designers + have a _very_ good reason otherwise. + + In the context of policy attachment, the Ancestor is used to distinguish which + resource results in a distinct application of this policy. For example, if a policy + targets a Service, it may have a distinct result per attached Gateway. + + Policies targeting the same resource may have different effects depending on the + ancestors of those resources. For example, different Gateways targeting the same + Service may have different capabilities, especially if they have different underlying + implementations. + + For example, in BackendTLSPolicy, the Policy attaches to a Service that is + used as a backend in a HTTPRoute that is itself attached to a Gateway. + In this case, the relevant object for status is the Gateway, and that is the + ancestor object referred to in this status. + + Note that a parent is also an ancestor, so for objects where the parent is the + relevant object for status, this struct SHOULD still be used. + + This struct is intended to be used in a slice that's effectively a map, + with a composite key made up of the AncestorRef and the ControllerName. + properties: + ancestorRef: + description: |- + AncestorRef corresponds with a ParentRef in the spec that this + PolicyAncestorStatus struct describes the status of. + properties: + group: + default: gateway.networking.k8s.io + description: |- + Group is the group of the referent. + When unspecified, "gateway.networking.k8s.io" is inferred. + To set the core API group (such as for a "Service" kind referent), + Group must be explicitly set to "" (empty string). + + Support: Core + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: |- + Kind is kind of the referent. + + There are two kinds of parent resources with "Core" support: + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + Support for other resources is Implementation-Specific. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: |- + Name is the name of the referent. + + Support: Core + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the referent. When unspecified, this refers + to the local namespace of the Route. + + Note that there are specific rules for ParentRefs which cross namespace + boundaries. Cross-namespace references are only valid if they are explicitly + allowed by something in the namespace they are referring to. For example: + Gateway has the AllowedRoutes field, and ReferenceGrant provides a + generic way to enable any other kind of cross-namespace reference. + + + ParentRefs from a Route to a Service in the same namespace are "producer" + routes, which apply default routing rules to inbound connections from + any namespace to the Service. + + ParentRefs from a Route to a Service in a different namespace are + "consumer" routes, and these routing rules are only applied to outbound + connections originating from the same namespace as the Route, for which + the intended destination of the connections are a Service targeted as a + ParentRef of the Route. + + + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port is the network port this Route targets. It can be interpreted + differently based on the type of parent resource. + + When the parent resource is a Gateway, this targets all listeners + listening on the specified port that also support this kind of Route(and + select this Route). It's not recommended to set `Port` unless the + networking behaviors specified in a Route must apply to a specific port + as opposed to a listener(s) whose port(s) may be changed. When both Port + and SectionName are specified, the name and port of the selected listener + must match both specified values. + + + When the parent resource is a Service, this targets a specific port in the + Service spec. When both Port (experimental) and SectionName are specified, + the name and port of the selected port must match both specified values. + + + Implementations MAY choose to support other parent resources. + Implementations supporting other types of parent resources MUST clearly + document how/if Port is interpreted. + + For the purpose of status, an attachment is considered successful as + long as the parent resource accepts it partially. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + from the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, + the Route MUST be considered detached from the Gateway. + + Support: Extended + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: |- + SectionName is the name of a section within the target resource. In the + following resources, SectionName is interpreted as the following: + + * Gateway: Listener name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + * Service: Port name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + + Implementations MAY choose to support attaching Routes to other resources. + If that is the case, they MUST clearly document how SectionName is + interpreted. + + When unspecified (empty string), this will reference the entire resource. + For the purpose of status, an attachment is considered successful if at + least one section in the parent resource accepts it. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, the + Route MUST be considered detached from the Gateway. + + Support: Core + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + conditions: + description: Conditions describes the status of the Policy with respect to the given Ancestor. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllerName: + description: |- + ControllerName is a domain/path string that indicates the name of the + controller that wrote this status. This corresponds with the + controllerName field on GatewayClass. + + Example: "example.net/gateway-controller". + + The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are + valid Kubernetes names + (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + Controllers MUST populate this field when writing status. Controllers should ensure that + entries to status populated with their ControllerName are cleaned up when they are no + longer necessary. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + type: string + required: + - ancestorRef + - controllerName + type: object + maxItems: 16 + type: array + required: + - ancestors + type: object + type: object + x-kubernetes-validations: + - message: Only one of spec.hashOn.(input|cookie|header|uriCapture|queryArg) can be set. + rule: 'has(self.spec.hashOn) ? [has(self.spec.hashOn.input), has(self.spec.hashOn.cookie), has(self.spec.hashOn.header), has(self.spec.hashOn.uriCapture), has(self.spec.hashOn.queryArg)].filter(fieldSet, fieldSet == true).size() <= 1 : true' + - message: When spec.hashOn.cookie is set, spec.hashOn.cookiePath is required. + rule: 'has(self.spec.hashOn) && has(self.spec.hashOn.cookie) ? has(self.spec.hashOn.cookiePath) : true' + - message: When spec.hashOn.cookiePath is set, spec.hashOn.cookie is required. + rule: 'has(self.spec.hashOn) && has(self.spec.hashOn.cookiePath) ? has(self.spec.hashOn.cookie) : true' + - message: spec.algorithm must be set to "consistent-hashing" when spec.hashOn is set. + rule: 'has(self.spec.hashOn) ? has(self.spec.algorithm) && self.spec.algorithm == "consistent-hashing" : true' + - message: Only one of spec.hashOnFallback.(input|header|uriCapture|queryArg) can be set. + rule: 'has(self.spec.hashOnFallback) ? [has(self.spec.hashOnFallback.input), has(self.spec.hashOnFallback.header), has(self.spec.hashOnFallback.uriCapture), has(self.spec.hashOnFallback.queryArg)].filter(fieldSet, fieldSet == true).size() <= 1 : true' + - message: spec.algorithm must be set to "consistent-hashing" when spec.hashOnFallback is set. + rule: 'has(self.spec.hashOnFallback) ? has(self.spec.algorithm) && self.spec.algorithm == "consistent-hashing" : true' + - message: spec.hashOnFallback.cookie must not be set. + rule: 'has(self.spec.hashOnFallback) ? !has(self.spec.hashOnFallback.cookie) : true' + - message: spec.hashOnFallback.cookiePath must not be set. + rule: 'has(self.spec.hashOnFallback) ? !has(self.spec.hashOnFallback.cookiePath) : true' + - message: spec.healthchecks.passive.healthy.interval must not be set. + rule: 'has(self.spec.healthchecks) && has(self.spec.healthchecks.passive) && has(self.spec.healthchecks.passive.healthy) ? !has(self.spec.healthchecks.passive.healthy.interval) : true' + - message: spec.healthchecks.passive.unhealthy.interval must not be set. + rule: 'has(self.spec.healthchecks) && has(self.spec.healthchecks.passive) && has(self.spec.healthchecks.passive.unhealthy) ? !has(self.spec.healthchecks.passive.unhealthy.interval) : true' + - message: spec.hashOnFallback must not be set when spec.hashOn.cookie is set. + rule: 'has(self.spec.hashOn) && has(self.spec.hashOn.cookie) ? !has(self.spec.hashOnFallback) : true' + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: kongvaults.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: KongVault + listKind: KongVaultList + plural: kongvaults + shortNames: + - kv + singular: kongvault + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Name of the backend of the vault + jsonPath: .spec.backend + name: Backend Type + type: string + - description: Prefix of vault URI to reference the values in the vault + jsonPath: .spec.prefix + name: Prefix + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Description + jsonPath: .spec.description + name: Description + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Programmed")].status + name: Programmed + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + KongVault is the schema for kongvaults API which defines a custom Kong vault. + A Kong vault is a storage to store sensitive data, where the values can be referenced in configuration of plugins. + See: https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/ + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KongVaultSpec defines specification of a custom Kong vault. + properties: + backend: + description: |- + Backend is the type of the backend storing the secrets in the vault. + The supported backends of Kong is listed here: + https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/backends/ + minLength: 1 + type: string + config: + description: Config is the configuration of the vault. Varies for different backends. + x-kubernetes-preserve-unknown-fields: true + description: + description: Description is the additional information about the vault. + type: string + prefix: + description: |- + Prefix is the prefix of vault URI for referencing values in the vault. + It is immutable after created. + minLength: 1 + type: string + required: + - backend + - prefix + type: object + status: + description: KongVaultStatus represents the current status of the KongVault resource. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: |- + Conditions describe the current conditions of the KongVaultStatus. + + Known condition types are: + + * "Programmed" + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + required: + - conditions + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: The spec.prefix field is immutable + rule: self.spec.prefix == oldSelf.spec.prefix + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: tcpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: TCPIngress + listKind: TCPIngressList + plural: tcpingresses + singular: tcpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: TCPIngress is the Schema for the tcpingresses API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the TCPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: |- + IngressRule represents a rule to apply against incoming requests. + Matching is performed based on an (optional) SNI and port. + properties: + backend: + description: |- + Backend defines the referenced service endpoint to which the traffic + will be forwarded to. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + host: + description: |- + Host is the fully qualified domain name of a network host, as defined + by RFC 3986. + If a Host is not specified, then port-based TCP routing is performed. Kong + doesn't care about the content of the TCP stream in this case. + If a Host is specified, the protocol must be TLS over TCP. + A plain-text TCP request cannot be routed based on Host. It can only + be routed based on Port. + type: string + port: + description: |- + Port is the port on which to accept TCP or TLS over TCP sessions and + route. It is a required field. If a Host is not specified, the requested + are routed based only on Port. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + tls: + description: |- + TLS configuration. This is similar to the `tls` section in the + Ingress resource in networking.v1beta1 group. + The mapping of SNIs to TLS cert-key pair defined here will be + used for HTTP Ingress rules as well. Once can define the mapping in + this resource or the original Ingress resource, both have the same + effect. + items: + description: IngressTLS describes the transport layer security. + properties: + hosts: + description: |- + Hosts are a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret used to terminate SSL traffic. + type: string + type: object + type: array + type: object + status: + description: TCPIngressStatus defines the observed state of TCPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + items: + description: |- + LoadBalancerIngress represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + properties: + hostname: + description: |- + Hostname is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + ipMode: + description: |- + IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. + Setting this to "VIP" indicates that traffic is delivered to the node with + the destination set to the load-balancer's IP and port. + Setting this to "Proxy" indicates that traffic is delivered to the node or pod with + the destination set to the node's IP and node port or the pod's IP and port. + Service implementations may use this information to adjust traffic routing. + type: string + ports: + description: |- + Ports is a list of records of service ports + If used, every port defined in the service should have an entry in it + items: + properties: + error: + description: |- + Error is to record the problem with the service port + The format of the error shall comply with the following rules: + - built-in error values shall be specified in this file and those shall use + CamelCase names + - cloud provider specific error values must have names that comply with the + format foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service port of which status is recorded here + format: int32 + type: integer + protocol: + description: |- + Protocol is the protocol of the service port of which status is recorded here + The supported values are: "TCP", "UDP", "SCTP" + type: string + required: + - error + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: udpingresses.configuration.konghq.com +spec: + group: configuration.konghq.com + names: + categories: + - kong-ingress-controller + kind: UDPIngress + listKind: UDPIngressList + plural: udpingresses + singular: udpingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Address of the load balancer + jsonPath: .status.loadBalancer.ingress[*].ip + name: Address + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: UDPIngress is the Schema for the udpingresses API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the UDPIngress specification. + properties: + rules: + description: A list of rules used to configure the Ingress. + items: + description: |- + UDPIngressRule represents a rule to apply against incoming requests + wherein no Host matching is available for request routing, only the port + is used to match requests. + properties: + backend: + description: |- + Backend defines the Kubernetes service which accepts traffic from the + listening Port defined above. + properties: + serviceName: + description: Specifies the name of the referenced service. + minLength: 1 + type: string + servicePort: + description: Specifies the port of the referenced service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - serviceName + - servicePort + type: object + port: + description: |- + Port indicates the port for the Kong proxy to accept incoming traffic + on, which will then be routed to the service Backend. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - backend + - port + type: object + type: array + type: object + status: + description: UDPIngressStatus defines the observed state of UDPIngress. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + items: + description: |- + LoadBalancerIngress represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + properties: + hostname: + description: |- + Hostname is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + ipMode: + description: |- + IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. + Setting this to "VIP" indicates that traffic is delivered to the node with + the destination set to the load-balancer's IP and port. + Setting this to "Proxy" indicates that traffic is delivered to the node or pod with + the destination set to the node's IP and node port or the pod's IP and port. + Service implementations may use this information to adjust traffic routing. + type: string + ports: + description: |- + Ports is a list of records of service ports + If used, every port defined in the service should have an entry in it + items: + properties: + error: + description: |- + Error is to record the problem with the service port + The format of the error shall comply with the following rules: + - built-in error values shall be specified in this file and those shall use + CamelCase names + - cloud provider specific error values must have names that comply with the + format foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service port of which status is recorded here + format: int32 + type: integer + protocol: + description: |- + Protocol is the protocol of the service port of which status is recorded here + The supported values are: "TCP", "UDP", "SCTP" + type: string + required: + - error + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-api + app.kubernetes.io/version: 1.10.2 + app.kubernetes.io/component: api + name: dash-kubernetes-dashboard-api +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: dash + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-api + template: + metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-api + app.kubernetes.io/version: 1.10.2 + app.kubernetes.io/component: api + annotations: + checksum/config: bfcb52446574d39798cab2ca5a70561aff7562d356279bbe7ae471bae63c3754 + spec: + containers: + - name: kubernetes-dashboard-api + image: docker.io/kubernetesui/dashboard-api:1.10.2 + imagePullPolicy: IfNotPresent + args: + - --namespace=dash + - --metrics-scraper-service-name=dash-kubernetes-dashboard-metrics-scraper + env: + - name: CSRF_KEY + valueFrom: + secretKeyRef: + name: dash-kubernetes-dashboard-csrf + key: private.key + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: "1" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: "1" + ports: + - containerPort: 8000 + name: api + protocol: TCP + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 2001 + runAsUser: 1001 + resources: + limits: + cpu: 250m + memory: 400Mi + requests: + cpu: 100m + memory: 200Mi + automountServiceAccountToken: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumes: + - emptyDir: {} + name: tmp-volume + serviceAccountName: dash-kubernetes-dashboard-api +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-auth + app.kubernetes.io/version: 1.10.2 + app.kubernetes.io/component: auth + name: dash-kubernetes-dashboard-auth +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: dash + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-auth + template: + metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-auth + app.kubernetes.io/version: 1.2.3 + app.kubernetes.io/component: auth + annotations: + checksum/config: bfcb52446574d39798cab2ca5a70561aff7562d356279bbe7ae471bae63c3754 + spec: + containers: + - name: kubernetes-dashboard-auth + image: docker.io/kubernetesui/dashboard-auth:1.2.3 + imagePullPolicy: IfNotPresent + args: null + env: + - name: CSRF_KEY + valueFrom: + secretKeyRef: + name: dash-kubernetes-dashboard-csrf + key: private.key + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: "1" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: "1" + ports: + - containerPort: 8000 + name: auth + protocol: TCP + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 2001 + runAsUser: 1001 + resources: + limits: + cpu: 250m + memory: 400Mi + requests: + cpu: 100m + memory: 200Mi + automountServiceAccountToken: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumes: + - emptyDir: {} + name: tmp-volume +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper + app.kubernetes.io/version: 1.2.2 + app.kubernetes.io/component: metrics-scraper + name: dash-kubernetes-dashboard-metrics-scraper +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: dash + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper + template: + metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper + app.kubernetes.io/version: 1.2.2 + app.kubernetes.io/component: metrics-scraper + annotations: null + spec: + containers: + - name: kubernetes-dashboard-metrics-scraper + image: docker.io/kubernetesui/dashboard-metrics-scraper:1.2.2 + imagePullPolicy: IfNotPresent + env: + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: "1" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: "1" + ports: + - containerPort: 8000 + protocol: TCP + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 2001 + runAsUser: 1001 + resources: + limits: + cpu: 250m + memory: 400Mi + requests: + cpu: 100m + memory: 200Mi + livenessProbe: + httpGet: + path: / + port: 8000 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 30 + automountServiceAccountToken: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumes: + - emptyDir: {} + name: tmp-volume + serviceAccountName: dash-kubernetes-dashboard-metrics-scraper +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-web + app.kubernetes.io/version: 1.6.1 + app.kubernetes.io/component: web + name: dash-kubernetes-dashboard-web +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: dash + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-web + template: + metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-web + app.kubernetes.io/version: 1.6.1 + app.kubernetes.io/component: web + annotations: null + spec: + containers: + - name: kubernetes-dashboard-web + image: docker.io/kubernetesui/dashboard-web:1.6.1 + imagePullPolicy: IfNotPresent + args: + - --namespace=dash + - --settings-config-map-name=dash-kubernetes-dashboard-web-settings + env: + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: "1" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: "1" + ports: + - containerPort: 8000 + name: web + protocol: TCP + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 2001 + runAsUser: 1001 + resources: + limits: + cpu: 250m + memory: 400Mi + requests: + cpu: 100m + memory: 200Mi + automountServiceAccountToken: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumes: + - emptyDir: {} + name: tmp-volume + serviceAccountName: dash-kubernetes-dashboard-web +--- +# Source: kubernetes-dashboard/charts/kong/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dash-kong + namespace: dash + labels: + app.kubernetes.io/name: kong + helm.sh/chart: kong-2.46.0 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "3.8" + app.kubernetes.io/component: app +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/name: kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: dash + template: + metadata: + annotations: + kuma.io/service-account-token-volume: dash-kong-token + kuma.io/gateway: enabled + traffic.sidecar.istio.io/includeInboundPorts: "" + labels: + app.kubernetes.io/name: kong + helm.sh/chart: kong-2.46.0 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "3.8" + app.kubernetes.io/component: app + app: dash-kong + version: "3.8" + spec: + serviceAccountName: dash-kong + automountServiceAccountToken: false + initContainers: + - name: clear-stale-pid + image: kong:3.8 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + resources: {} + command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_DNS_ORDER + value: LAST,A,CNAME,AAAA,SRV + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "1" + - name: KONG_PLUGINS + value: "off" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + volumeMounts: + - name: dash-kong-prefix-dir + mountPath: /kong_prefix/ + - name: dash-kong-tmp + mountPath: /tmp + - name: kong-custom-dbless-config-volume + mountPath: /kong_dbless/ + containers: + - name: proxy + image: kong:3.8 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: "off" + - name: KONG_DATABASE + value: "off" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_DNS_ORDER + value: LAST,A,CNAME,AAAA,SRV + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: "1" + - name: KONG_PLUGINS + value: "off" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: "off" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: "off" + - name: KONG_NGINX_DAEMON + value: "off" + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + ports: + - name: proxy-tls + containerPort: 8443 + protocol: TCP + - name: status + containerPort: 8100 + protocol: TCP + volumeMounts: + - name: dash-kong-prefix-dir + mountPath: /kong_prefix/ + - name: dash-kong-tmp + mountPath: /tmp + - name: kong-custom-dbless-config-volume + mountPath: /kong_dbless/ + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - name: dash-kong-prefix-dir + emptyDir: + sizeLimit: 256Mi + - name: dash-kong-tmp + emptyDir: + sizeLimit: 1Gi + - name: dash-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: kong-custom-dbless-config-volume + configMap: + name: kong-dbless-config +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-metrics-scraper +rules: +# Allow Metrics Scraper to get metrics from the Metrics server +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-metrics-scraper +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dash-kubernetes-dashboard-metrics-scraper +subjects: +- kind: ServiceAccount + name: dash-kubernetes-dashboard-metrics-scraper + namespace: dash +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-api +rules: +# Allow Dashboard API to get metrics from metrics-scraper. +- apiGroups: + - "" + resources: + - services/proxy + resourceNames: + - dash-kubernetes-dashboard-metrics-scraper + - http:dash-kubernetes-dashboard-metrics-scraper + verbs: + - get +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-web +rules: +# Allow Dashboard Web to get and update 'kubernetes-dashboard-settings' config map. +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - dash-kubernetes-dashboard-web-settings + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-api +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dash-kubernetes-dashboard-api +subjects: +- kind: ServiceAccount + name: dash-kubernetes-dashboard-api +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-web +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dash-kubernetes-dashboard-web +subjects: +- kind: ServiceAccount + name: dash-kubernetes-dashboard-web +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-web-settings +data: + settings: '{"defaultNamespace":"_all"}' +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: kong-dbless-config +data: + kong.yml: | + _format_version: "3.0" + services: + - name: auth + host: dash-kubernetes-dashboard-auth + port: 8000 + protocol: http + routes: + - name: authLogin + paths: + - /api/v1/login + strip_path: false + - name: authCsrf + paths: + - /api/v1/csrftoken/login + strip_path: false + - name: authMe + paths: + - /api/v1/me + strip_path: false + - name: api + host: dash-kubernetes-dashboard-api + port: 8000 + protocol: http + routes: + - name: api + paths: + - /api + strip_path: false + - name: metrics + paths: + - /metrics + strip_path: false + - name: web + host: dash-kubernetes-dashboard-web + port: 8000 + protocol: http + routes: + - name: root + paths: + - / + strip_path: false +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-csrf +data: + private.key: ZmFrZQ== +--- +kind: Service +apiVersion: v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-api + app.kubernetes.io/version: 1.10.2 + app.kubernetes.io/component: api + name: dash-kubernetes-dashboard-api +spec: + type: ClusterIP + ports: + - name: api + port: 8000 + protocol: TCP + selector: + app.kubernetes.io/instance: dash + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-api +--- +kind: Service +apiVersion: v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-auth + app.kubernetes.io/version: 1.2.3 + app.kubernetes.io/component: auth + name: dash-kubernetes-dashboard-auth +spec: + type: ClusterIP + ports: + - name: auth + port: 8000 + protocol: TCP + selector: + app.kubernetes.io/instance: dash + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-auth +--- +kind: Service +apiVersion: v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper + app.kubernetes.io/version: 1.2.2 + app.kubernetes.io/component: metrics-scraper + name: dash-kubernetes-dashboard-metrics-scraper +spec: + type: ClusterIP + ports: + # Name is intentionally not used here as it breaks the connection between API <-> Scraper + # Named ports have an issue when trying to connect through in-cluster service proxy. + - port: 8000 + protocol: TCP + selector: + app.kubernetes.io/instance: dash + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-metrics-scraper +--- +kind: Service +apiVersion: v1 +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-web + app.kubernetes.io/version: 1.6.1 + app.kubernetes.io/component: web + name: dash-kubernetes-dashboard-web +spec: + type: ClusterIP + ports: + - name: web + port: 8000 + protocol: TCP + selector: + app.kubernetes.io/instance: dash + app.kubernetes.io/part-of: kubernetes-dashboard + app.kubernetes.io/name: kubernetes-dashboard-web +--- +# Source: kubernetes-dashboard/charts/kong/templates/service-kong-proxy.yaml +apiVersion: v1 +kind: Service +metadata: + name: dash-kong-proxy + namespace: dash + labels: + app.kubernetes.io/name: kong + helm.sh/chart: kong-2.46.0 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "3.8" + enable-metrics: "true" +spec: + type: ClusterIP + ports: + - name: kong-proxy-tls + port: 443 + targetPort: 8443 + protocol: TCP + selector: + app.kubernetes.io/name: kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: dash +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-api +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-metrics-scraper +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: kubernetes-dashboard-7.10.4 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + name: dash-kubernetes-dashboard-web +--- +# Source: kubernetes-dashboard/charts/kong/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dash-kong + namespace: dash + labels: + app.kubernetes.io/name: kong + helm.sh/chart: kong-2.46.0 + app.kubernetes.io/instance: dash + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "3.8" diff --git a/local-cluster/dash/ing/Kptfile b/local-cluster/dash/ing/Kptfile new file mode 100644 index 0000000..3617a5d --- /dev/null +++ b/local-cluster/dash/ing/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: ing + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /ingress + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /ingress + ref: main + commit: c58213d7a52130c977fdff0a51f4bd4fb5ca73a3 diff --git a/local-cluster/dash/ing/README.md b/local-cluster/dash/ing/README.md new file mode 100644 index 0000000..97e5308 --- /dev/null +++ b/local-cluster/dash/ing/README.md @@ -0,0 +1,40 @@ +# ingress + +## Description + +This package provides a bare-bones [`networking.k8s.io/v1.Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/) +that you can build upon and use in other packages. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/ingress ing-myname +``` + +Customize `ingress.yaml`: + +```yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: example +... +``` + +And then render to update resources: + +```shell +kpt fn render +``` + +This package is also a Kustomization, so it can also be referenced by other +Kustomizations: + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./ing-myname/ +``` diff --git a/local-cluster/dash/ing/ing.yaml b/local-cluster/dash/ing/ing.yaml new file mode 100644 index 0000000..be149e2 --- /dev/null +++ b/local-cluster/dash/ing/ing.yaml @@ -0,0 +1,20 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/ingress-networking-v1.json +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: # kpt-merge: /example + name: dash + annotations: + internal.kpt.dev/upstream-identifier: 'networking.k8s.io|Ingress|default|example' +spec: + ingressClassName: "nginx" + rules: + - host: "k8s.local.lco.earth" + http: + paths: + - pathType: "Prefix" + path: "/" + backend: + service: + name: "caddy" + port: + name: "http" diff --git a/local-cluster/dash/ing/kustomization.yaml b/local-cluster/dash/ing/kustomization.yaml new file mode 100644 index 0000000..5fc2ba0 --- /dev/null +++ b/local-cluster/dash/ing/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +metadata: # kpt-merge: /ing + name: ing + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Kustomization|default|ing' +resources: + - ./ing.yaml +components: + - ./remove-kpt-internal-annotations/ diff --git a/local-cluster/dash/ing/remove-kpt-internal-annotations/Kptfile b/local-cluster/dash/ing/remove-kpt-internal-annotations/Kptfile new file mode 100644 index 0000000..5bb95eb --- /dev/null +++ b/local-cluster/dash/ing/remove-kpt-internal-annotations/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + commit: 55ef6ccd0dcdcc1dd80940110bfec4ea1a49e4fe diff --git a/local-cluster/dash/ing/remove-kpt-internal-annotations/README.md b/local-cluster/dash/ing/remove-kpt-internal-annotations/README.md new file mode 100644 index 0000000..4ffea9f --- /dev/null +++ b/local-cluster/dash/ing/remove-kpt-internal-annotations/README.md @@ -0,0 +1,25 @@ +# remove-kpt-internal-annotations + +## Description + +This package provides a [Kustomize `Component`](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/1802-kustomize-components) +that can be used to remove `internal.kpt.dev/upstream-identifier` annotations from all rendered KRM objects. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/remove-kpt-internal-annotations +``` + +And then reference it from another Kustomization: + + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ./remove-kpt-internal-annotations/ +``` diff --git a/local-cluster/dash/ing/remove-kpt-internal-annotations/kustomization.yaml b/local-cluster/dash/ing/remove-kpt-internal-annotations/kustomization.yaml new file mode 100644 index 0000000..f11ff1a --- /dev/null +++ b/local-cluster/dash/ing/remove-kpt-internal-annotations/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +metadata: # kpt-merge: /remove-kpt-internal-annotations + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Component|default|remove-kpt-internal-annotations' +patches: + - target: + annotationSelector: internal.kpt.dev/upstream-identifier + patch: |- + - op: remove + path: /metadata/annotations/internal.kpt.dev~1upstream-identifier diff --git a/local-cluster/dash/kustomization.yaml b/local-cluster/dash/kustomization.yaml new file mode 100644 index 0000000..675e83b --- /dev/null +++ b/local-cluster/dash/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./ns/ + - ./helm/ + - ./sa.yaml + - ./deploy-caddy/ + - ./svc-caddy/ + - ./ing/ + +namespace: dash + +configMapGenerator: + - name: caddy-config + files: + - Caddyfile diff --git a/local-cluster/dash/ns/Kptfile b/local-cluster/dash/ns/Kptfile new file mode 100644 index 0000000..f47b369 --- /dev/null +++ b/local-cluster/dash/ns/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: ns + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /namespace + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /namespace + ref: main + commit: c58213d7a52130c977fdff0a51f4bd4fb5ca73a3 diff --git a/local-cluster/dash/ns/README.md b/local-cluster/dash/ns/README.md new file mode 100644 index 0000000..82f5d1d --- /dev/null +++ b/local-cluster/dash/ns/README.md @@ -0,0 +1,39 @@ +# namespace + +## Description + +This package provides a bare-bones `v1.Namespace` that you can build upon +and use in other packages. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/namespace ns +``` + +Customize `ns.yaml`: + +```yaml +apiVersion: v1 +kind: Namespace +metadata: + name: example # <--- Change name +``` + +And then render to update resources: + +```shell +kpt fn render +``` + +This package is also a Kustomization, so, it can also be referenced by other/parent +Kustomizations: + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./ns/ +``` diff --git a/local-cluster/dash/ns/kustomization.yaml b/local-cluster/dash/ns/kustomization.yaml new file mode 100644 index 0000000..baafa9a --- /dev/null +++ b/local-cluster/dash/ns/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +metadata: # kpt-merge: /ns + name: ns + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Kustomization|default|ns' +resources: + - ./ns.yaml +components: + - ./remove-kpt-internal-annotations/ diff --git a/local-cluster/dash/ns/ns.yaml b/local-cluster/dash/ns/ns.yaml new file mode 100644 index 0000000..1d1696d --- /dev/null +++ b/local-cluster/dash/ns/ns.yaml @@ -0,0 +1,7 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/namespace.json +apiVersion: v1 +kind: Namespace +metadata: # kpt-merge: /example + name: dash + annotations: + internal.kpt.dev/upstream-identifier: '|Namespace|default|example' diff --git a/local-cluster/dash/ns/remove-kpt-internal-annotations/Kptfile b/local-cluster/dash/ns/remove-kpt-internal-annotations/Kptfile new file mode 100644 index 0000000..8cdcefa --- /dev/null +++ b/local-cluster/dash/ns/remove-kpt-internal-annotations/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + commit: f923df7f292b8eba9c092705d1b0b12504a47ffd diff --git a/local-cluster/dash/ns/remove-kpt-internal-annotations/README.md b/local-cluster/dash/ns/remove-kpt-internal-annotations/README.md new file mode 100644 index 0000000..4ffea9f --- /dev/null +++ b/local-cluster/dash/ns/remove-kpt-internal-annotations/README.md @@ -0,0 +1,25 @@ +# remove-kpt-internal-annotations + +## Description + +This package provides a [Kustomize `Component`](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/1802-kustomize-components) +that can be used to remove `internal.kpt.dev/upstream-identifier` annotations from all rendered KRM objects. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/remove-kpt-internal-annotations +``` + +And then reference it from another Kustomization: + + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ./remove-kpt-internal-annotations/ +``` diff --git a/local-cluster/dash/ns/remove-kpt-internal-annotations/kustomization.yaml b/local-cluster/dash/ns/remove-kpt-internal-annotations/kustomization.yaml new file mode 100644 index 0000000..f11ff1a --- /dev/null +++ b/local-cluster/dash/ns/remove-kpt-internal-annotations/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +metadata: # kpt-merge: /remove-kpt-internal-annotations + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Component|default|remove-kpt-internal-annotations' +patches: + - target: + annotationSelector: internal.kpt.dev/upstream-identifier + patch: |- + - op: remove + path: /metadata/annotations/internal.kpt.dev~1upstream-identifier diff --git a/local-cluster/dash/sa.yaml b/local-cluster/dash/sa.yaml new file mode 100644 index 0000000..fffbb18 --- /dev/null +++ b/local-cluster/dash/sa.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dash-user +automountServiceAccountToken: false +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dash-user +subjects: + - kind: ServiceAccount + name: dash-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +--- +apiVersion: v1 +kind: Secret +metadata: + name: dash-user-token + annotations: + kubernetes.io/service-account.name: dash-user +type: kubernetes.io/service-account-token diff --git a/local-cluster/dash/svc-caddy/Kptfile b/local-cluster/dash/svc-caddy/Kptfile new file mode 100644 index 0000000..fd6aa89 --- /dev/null +++ b/local-cluster/dash/svc-caddy/Kptfile @@ -0,0 +1,25 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: svc-caddy + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /service + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /service + ref: main + commit: c58213d7a52130c977fdff0a51f4bd4fb5ca73a3 +pipeline: + mutators: + - image: gcr.io/kpt-fn/apply-replacements:v0.1.1 + configPath: ./fn-replacements.yaml + name: apply-replacements diff --git a/local-cluster/dash/svc-caddy/README.md b/local-cluster/dash/svc-caddy/README.md new file mode 100644 index 0000000..8251832 --- /dev/null +++ b/local-cluster/dash/svc-caddy/README.md @@ -0,0 +1,47 @@ +# service + +## Description + +This package provides a bare-bones [`v1.Service`](https://kubernetes.io/docs/concepts/services-networking/service/) +that you can build upon and use in other packages. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/service svc-myname +``` + +Customize `svc.yaml`: + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: example +spec: + type: ClusterIP + selector: + app.kubernetes.io/component: test # <-- Target Pods with this label + ports: + - name: something + port: 1234 + targetPort: container-port-name +``` + +And then render to update resources: + +```shell +kpt fn render +``` + +This package is also a Kustomization, so it can also be referenced by other +Kustomizations: + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./svc-myname/ +``` diff --git a/local-cluster/dash/svc-caddy/fn-replacements.yaml b/local-cluster/dash/svc-caddy/fn-replacements.yaml new file mode 100644 index 0000000..48e31f3 --- /dev/null +++ b/local-cluster/dash/svc-caddy/fn-replacements.yaml @@ -0,0 +1,18 @@ +apiVersion: fn.kpt.dev/v1alpha1 +kind: ApplyReplacements +metadata: # kpt-merge: /svc + name: svc + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'fn.kpt.dev|ApplyReplacements|default|svc' +replacements: + - source: + kind: Service + fieldPath: spec.selector.[app.kubernetes.io/component] + targets: + - select: + kind: Service + fieldPaths: + - metadata.labels.[app.kubernetes.io/component] + options: + create: true diff --git a/local-cluster/dash/svc-caddy/kustomization.yaml b/local-cluster/dash/svc-caddy/kustomization.yaml new file mode 100644 index 0000000..8cc3245 --- /dev/null +++ b/local-cluster/dash/svc-caddy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +metadata: # kpt-merge: /svc + name: svc + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Kustomization|default|svc' +resources: + - ./svc.yaml +components: + - ./remove-kpt-internal-annotations/ diff --git a/local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/Kptfile b/local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/Kptfile new file mode 100644 index 0000000..cec6f4e --- /dev/null +++ b/local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/Kptfile @@ -0,0 +1,20 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" +upstream: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/LCOGT/kpt-pkg-catalog + directory: /remove-kpt-internal-annotations + ref: main + commit: 9716d0c2e2ec7b2878b11cb4ee625d8cba7c5d16 diff --git a/local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/README.md b/local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/README.md new file mode 100644 index 0000000..4ffea9f --- /dev/null +++ b/local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/README.md @@ -0,0 +1,25 @@ +# remove-kpt-internal-annotations + +## Description + +This package provides a [Kustomize `Component`](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/1802-kustomize-components) +that can be used to remove `internal.kpt.dev/upstream-identifier` annotations from all rendered KRM objects. + +## Usage + +Clone this package: + +```shell +kpt pkg get https://github.com/LCOGT/kpt-pkg-catalog/remove-kpt-internal-annotations +``` + +And then reference it from another Kustomization: + + +```yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ./remove-kpt-internal-annotations/ +``` diff --git a/local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/kustomization.yaml b/local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/kustomization.yaml new file mode 100644 index 0000000..f11ff1a --- /dev/null +++ b/local-cluster/dash/svc-caddy/remove-kpt-internal-annotations/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +metadata: # kpt-merge: /remove-kpt-internal-annotations + name: remove-kpt-internal-annotations + annotations: + config.kubernetes.io/local-config: "true" + internal.kpt.dev/upstream-identifier: 'kustomize.config.k8s.io|Component|default|remove-kpt-internal-annotations' +patches: + - target: + annotationSelector: internal.kpt.dev/upstream-identifier + patch: |- + - op: remove + path: /metadata/annotations/internal.kpt.dev~1upstream-identifier diff --git a/local-cluster/dash/svc-caddy/svc.yaml b/local-cluster/dash/svc-caddy/svc.yaml new file mode 100644 index 0000000..70a3986 --- /dev/null +++ b/local-cluster/dash/svc-caddy/svc.yaml @@ -0,0 +1,17 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone/service.json +apiVersion: v1 +kind: Service +metadata: # kpt-merge: /example + name: caddy + labels: + app.kubernetes.io/component: caddy + annotations: + internal.kpt.dev/upstream-identifier: '|Service|default|example' +spec: + type: ClusterIP + selector: + app.kubernetes.io/component: caddy + ports: + - name: http + port: 80 + targetPort: "http" diff --git a/local-cluster/default.nix b/local-cluster/default.nix index e5e6c59..2af8743 100644 --- a/local-cluster/default.nix +++ b/local-cluster/default.nix @@ -3,20 +3,40 @@ let cfg = config.devenv-k8s.local-cluster; in { options.devenv-k8s.local-cluster = { - enable = lib.mkEnableOption "Whether to setup the local development K8s cluster"; + enable = lib.mkEnableOption "Setup the local development K8s cluster"; + dashboard = { + disable = lib.mkEnableOption "Disable K8s dashboard"; + }; }; config = lib.mkIf cfg.enable { enterShell = '' export KUBECONFIG=~/.kube/config-devenv-k8s local-cluster-up || exit 1 + + ${if !cfg.dashboard.disable then '' + echo "" + echo "K8s dashboard running at http://k8s.local.lco.earth" + echo "" + '' else ""} ''; + tasks = { + "devenv-k8s:local-cluster:setupNginxIngress" = { + exec = "local-cluster-nginx-ingress-up"; + before = [ "devenv:enterShell" ]; + }; + + "devenv-k8s:local-cluster:setupK8sDashboard" = lib.mkIf (!cfg.dashboard.disable) { + exec = "local-cluster-k8s-dashboard-up"; + before = [ "devenv-k8s:local-cluster:setupNginxIngress" ]; + }; + }; + scripts = { local-cluster-up.exec = '' set -ex ctlptl apply -f "${./local-cluster-registry.yaml}" -f "${./local-cluster.yaml}" - kubectl apply -k "${./ingress-nginx}" kubectl cluster-info ''; @@ -29,6 +49,26 @@ in { set -ex ctlptl delete -f "${./local-cluster-registry.yaml}" ''; + + local-cluster-nginx-ingress-up.exec = '' + set -ex -o pipefail + kustomize build "${./ingress-nginx}" | kubectl apply -f - + ''; + + local-cluster-nginx-ingress-down.exec = '' + set -ex -o pipefail + kustomize build "${./ingress-nginx}" | kubectl delete -f - + ''; + + local-cluster-k8s-dashboard-up.exec = '' + set -ex -o pipefail + kustomize build "${./dash}" | kubectl apply -f - + ''; + + local-cluster-k8s-dashboard-down.exec = '' + set -ex -o pipefail + kustomize build "${./dash}" | kubectl delete -f - + ''; }; }; }