From ec805351e60f9cb2352e96f15d2ec124d67f0d6f Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Mon, 2 Dec 2024 16:12:12 +0000 Subject: [PATCH 1/7] add helm template unit tests --- ...elmNICTemplate.appProtectDOS.approved.yaml | 440 ++++++++++++++++ ...elmNICTemplate.appProtectWAF.approved.yaml | 435 ++++++++++++++++ ...mNICTemplate.appProtectWAFV5.approved.yaml | 480 ++++++++++++++++++ ...ICTemplate.customerResources.approved.yaml | 398 +++++++++++++++ ...estHelmNICTemplate.daemonset.approved.yaml | 425 ++++++++++++++++ ...Template.default_values_file.approved.yaml | 425 ++++++++++++++++ ...HelmNICTemplate.globalConfig.approved.yaml | 447 ++++++++++++++++ ...HelmNICTemplate.ingressClass.approved.yaml | 427 ++++++++++++++++ ...estHelmNICTemplate.namespace.approved.yaml | 425 ++++++++++++++++ ...est.TestHelmNICTemplate.plus.approved.yaml | 425 ++++++++++++++++ charts/tests/go.mod | 93 ++++ charts/tests/go.sum | 283 +++++++++++ charts/tests/testdata/app-protect-dos.yaml | 13 + charts/tests/testdata/app-protect-waf.yaml | 4 + charts/tests/testdata/app-protect-wafv5.yaml | 21 + charts/tests/testdata/custom-resources.yaml | 2 + charts/tests/testdata/daemonset.yaml | 2 + .../tests/testdata/global-configuration.yaml | 11 + charts/tests/testdata/ingress-class.yaml | 5 + charts/tests/testdata/plus.yaml | 2 + charts/tests/unit_test.go | 118 +++++ 21 files changed, 4881 insertions(+) create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectDOS.approved.yaml create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAF.approved.yaml create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAFV5.approved.yaml create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.customerResources.approved.yaml create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.daemonset.approved.yaml create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.default_values_file.approved.yaml create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.globalConfig.approved.yaml create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.ingressClass.approved.yaml create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.namespace.approved.yaml create mode 100644 charts/tests/approvals/unit_test.TestHelmNICTemplate.plus.approved.yaml create mode 100644 charts/tests/go.mod create mode 100644 charts/tests/go.sum create mode 100644 charts/tests/testdata/app-protect-dos.yaml create mode 100644 charts/tests/testdata/app-protect-waf.yaml create mode 100644 charts/tests/testdata/app-protect-wafv5.yaml create mode 100644 charts/tests/testdata/custom-resources.yaml create mode 100644 charts/tests/testdata/daemonset.yaml create mode 100644 charts/tests/testdata/global-configuration.yaml create mode 100644 charts/tests/testdata/ingress-class.yaml create mode 100644 charts/tests/testdata/plus.yaml create mode 100644 charts/tests/unit_test.go diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectDOS.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectDOS.approved.yaml new file mode 100644 index 0000000000..c9aee9fd3c --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectDOS.approved.yaml @@ -0,0 +1,440 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-dos-nginx-ingress-leader-election + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - appprotectdos.f5.com + resources: + - apdospolicies + - apdoslogconfs + - dosprotectedresources + verbs: + - get + - watch + - list +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos +roleRef: + kind: ClusterRole + name: appprotect-dos-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-dos +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - appprotect-dos-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-dos +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appprotect-dos-nginx-ingress +subjects: +- kind: ServiceAccount + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: appprotect-dos-nginx-ingress-controller + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos +--- +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: appprotect-dos-nginx-ingress-controller + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: appprotect-dos-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=true + - -app-protect-dos-debug=true + - -app-protect-dos-max-daemons=10 + - -app-protect-dos-max-workers=5 + - -app-protect-dos-memory=1024 + + - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-dos-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=appprotect-dos-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=appprotect-dos-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: appprotect-dos-nginx-ingress-leader-election + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAF.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAF.approved.yaml new file mode 100644 index 0000000000..5816e2b720 --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAF.approved.yaml @@ -0,0 +1,435 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-waf-nginx-ingress-leader-election + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - appprotect.f5.com + resources: + - appolicies + - aplogconfs + - apusersigs + verbs: + - get + - watch + - list +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf +roleRef: + kind: ClusterRole + name: appprotect-waf-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-waf +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - appprotect-waf-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-waf +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appprotect-waf-nginx-ingress +subjects: +- kind: ServiceAccount + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: appprotect-waf-nginx-ingress-controller + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf +--- +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: appprotect-waf-nginx-ingress-controller + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: appprotect-waf-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=true + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-waf-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=appprotect-waf-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=appprotect-waf-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: appprotect-waf-nginx-ingress-leader-election + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAFV5.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAFV5.approved.yaml new file mode 100644 index 0000000000..6eba2f33c2 --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAFV5.approved.yaml @@ -0,0 +1,480 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-wafv5-nginx-ingress-leader-election + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - appprotect.f5.com + resources: + - appolicies + - aplogconfs + - apusersigs + verbs: + - get + - watch + - list +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 +roleRef: + kind: ClusterRole + name: appprotect-wafv5-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-wafv5 +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - appprotect-wafv5-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-wafv5 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appprotect-wafv5-nginx-ingress +subjects: +- kind: ServiceAccount + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: appprotect-wafv5-nginx-ingress-controller + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 +--- +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: appprotect-wafv5-nginx-ingress-controller + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: + + - emptyDir: {} + name: app-protect-bd-config + - emptyDir: {} + name: app-protect-config + - emptyDir: {} + name: app-protect-bundles + serviceAccountName: appprotect-wafv5-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: + + - name: app-protect-bd-config + mountPath: /opt/app_protect/bd_config + - name: app-protect-config + mountPath: /opt/app_protect/config + # app-protect-bundles is mounted so that Ingress Controller + # can verify that referenced bundles are present + - name: app-protect-bundles + mountPath: /etc/app_protect/bundles + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=true + - -app-protect-enforcer-address="localhost:50001" + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-wafv5-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=appprotect-wafv5-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=appprotect-wafv5-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false + + - name: waf-enforcer + image: my.private.reg/nap/waf-enforcer:5.3.0 + imagePullPolicy: "IfNotPresent" + env: + - name: ENFORCER_PORT + value: "50001" + volumeMounts: + - name: app-protect-bd-config + mountPath: /opt/app_protect/bd_config + - name: waf-config-mgr + image: my.private.reg/nap/waf-config-mgr:5.3.0 + imagePullPolicy: "IfNotPresent" + securityContext: + + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsNonRoot: true + runAsUser: 101 + volumeMounts: + - name: app-protect-bd-config + mountPath: /opt/app_protect/bd_config + - name: app-protect-config + mountPath: /opt/app_protect/config + - name: app-protect-bundles + mountPath: /etc/app_protect/bundles +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: appprotect-wafv5-nginx-ingress-leader-election + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.customerResources.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.customerResources.approved.yaml new file mode 100644 index 0000000000..8a8b166fcd --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.customerResources.approved.yaml @@ -0,0 +1,398 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: custom-resources-nginx-ingress + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-resources-nginx-ingress + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-resources-nginx-ingress-leader-election + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: custom-resources-nginx-ingress + namespace: custom-resources +roleRef: + kind: ClusterRole + name: custom-resources-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: custom-resources +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - custom-resources-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: custom-resources +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: custom-resources-nginx-ingress +subjects: +- kind: ServiceAccount + name: custom-resources-nginx-ingress + namespace: custom-resources +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-resources-nginx-ingress-controller + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources +--- +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: custom-resources-nginx-ingress-controller + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: custom-resources-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/custom-resources-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=custom-resources-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=custom-resources-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=false + - -enable-snippets=false + - -disable-ipv6=false + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: custom-resources-nginx-ingress-leader-election + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.daemonset.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.daemonset.approved.yaml new file mode 100644 index 0000000000..afb9f5a83a --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.daemonset.approved.yaml @@ -0,0 +1,425 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: daemonset-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: daemonset-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: daemonset-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: daemonset-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: daemonset-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - daemonset-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: daemonset-nginx-ingress +subjects: +- kind: ServiceAccount + name: daemonset-nginx-ingress + namespace: default +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: daemonset-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset +--- +# Source: nginx-ingress/templates/controller-daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: daemonset-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + serviceAccountName: daemonset-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + volumes: [] + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - name: nginx-ingress + image: nginx/nginx-ingress:4.0.0 + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + resources: + requests: + cpu: 100m + memory: 128Mi + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/daemonset-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=daemonset-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=daemonset-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: daemonset-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.default_values_file.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.default_values_file.approved.yaml new file mode 100644 index 0000000000..7ecfab6739 --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.default_values_file.approved.yaml @@ -0,0 +1,425 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: default-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: default-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: default-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: default-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: default-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - default-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: default-nginx-ingress +subjects: +- kind: ServiceAccount + name: default-nginx-ingress + namespace: default +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: default-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default +--- +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: default-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: default-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/default-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=default-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=default-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: default-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.globalConfig.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.globalConfig.approved.yaml new file mode 100644 index 0000000000..612eff8794 --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.globalConfig.approved.yaml @@ -0,0 +1,447 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: global-configuration-nginx-ingress + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: global-configuration-nginx-ingress + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: global-configuration-nginx-ingress-leader-election + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: global-configuration-nginx-ingress + namespace: gc +roleRef: + kind: ClusterRole + name: global-configuration-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: gc +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - global-configuration-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: gc +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: global-configuration-nginx-ingress +subjects: +- kind: ServiceAccount + name: global-configuration-nginx-ingress + namespace: gc +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: global-configuration-nginx-ingress-controller + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration +--- +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: global-configuration-nginx-ingress-controller + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: global-configuration-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/global-configuration-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=global-configuration-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=global-configuration-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -global-configuration=$(POD_NAMESPACE)/global-configuration-nginx-ingress-controller + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-globalconfiguration.yaml +apiVersion: k8s.nginx.org/v1 +kind: GlobalConfiguration +metadata: + name: global-configuration-nginx-ingress-controller + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + listeners: + - name: dns-udp + port: 5353 + protocol: UDP + - name: dns-tcp + port: 5353 + protocol: TCP +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: global-configuration-nginx-ingress-leader-election + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.ingressClass.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.ingressClass.approved.yaml new file mode 100644 index 0000000000..bf3ca2a268 --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.ingressClass.approved.yaml @@ -0,0 +1,427 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ingress-class-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-class-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-class-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: ingress-class-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: ingress-class-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - ingress-class-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-class-nginx-ingress +subjects: +- kind: ServiceAccount + name: ingress-class-nginx-ingress + namespace: default +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: ingress-class-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class +--- +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ingress-class-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: ingress-class-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/ingress-class-nginx-ingress + - -ingress-class=changed + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=ingress-class-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=ingress-class-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: changed + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: ingress-class-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.namespace.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.namespace.approved.yaml new file mode 100644 index 0000000000..379017ec52 --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.namespace.approved.yaml @@ -0,0 +1,425 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: namespace-nginx-ingress + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: namespace-nginx-ingress + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: namespace-nginx-ingress-leader-election + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: namespace-nginx-ingress + namespace: nginx-ingress +roleRef: + kind: ClusterRole + name: namespace-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: nginx-ingress +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - namespace-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: nginx-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: namespace-nginx-ingress +subjects: +- kind: ServiceAccount + name: namespace-nginx-ingress + namespace: nginx-ingress +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: namespace-nginx-ingress-controller + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace +--- +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: namespace-nginx-ingress-controller + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: namespace-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/namespace-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=namespace-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=namespace-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: namespace-nginx-ingress-leader-election + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.plus.approved.yaml b/charts/tests/approvals/unit_test.TestHelmNICTemplate.plus.approved.yaml new file mode 100644 index 0000000000..9089d09e1e --- /dev/null +++ b/charts/tests/approvals/unit_test.TestHelmNICTemplate.plus.approved.yaml @@ -0,0 +1,425 @@ +--- +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plus-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +--- +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +--- +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: plus-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: plus-nginx-ingress + apiGroup: rbac.authorization.k8s.io +--- +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - plus-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +--- +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plus-nginx-ingress +subjects: +- kind: ServiceAccount + name: plus-nginx-ingress + namespace: default +--- +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: plus-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus +--- +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plus-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: plus-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/plus-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=plus-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=plus-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +--- +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +--- +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: plus-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/go.mod b/charts/tests/go.mod new file mode 100644 index 0000000000..48f8791fe3 --- /dev/null +++ b/charts/tests/go.mod @@ -0,0 +1,93 @@ +module github.com/nginxinc/kubernetes-ingress/charts/tests + +go 1.23.3 + +require ( + github.com/approvals/go-approval-tests v0.0.0-20241122190619-11802f7330a5 + github.com/gruntwork-io/terratest v0.47.2 + github.com/matryer/is v1.4.1 +) + +require ( + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/aws/aws-sdk-go v1.44.122 // indirect + github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/ghodss/yaml v1.0.0 // indirect + github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-sql-driver/mysql v1.4.1 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/gonvenience/bunt v1.3.5 // indirect + github.com/gonvenience/neat v1.3.12 // indirect + github.com/gonvenience/term v1.0.2 // indirect + github.com/gonvenience/text v1.0.7 // indirect + github.com/gonvenience/wrap v1.1.2 // indirect + github.com/gonvenience/ytbx v1.4.4 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/websocket v1.5.0 // indirect + github.com/gruntwork-io/go-commons v0.8.0 // indirect + github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/go-multierror v1.1.0 // indirect + github.com/homeport/dyff v1.6.0 // indirect + github.com/imdario/mergo v0.3.11 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/go-ps v1.0.0 // indirect + github.com/mitchellh/hashstructure v1.1.0 // indirect + github.com/moby/spdystream v0.4.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/pquerna/otp v1.2.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/stretchr/testify v1.9.0 // indirect + github.com/texttheater/golang-levenshtein v1.0.1 // indirect + github.com/urfave/cli v1.22.2 // indirect + github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect + github.com/x448/float16 v0.8.4 // indirect + golang.org/x/crypto v0.29.0 // indirect + golang.org/x/net v0.31.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect + golang.org/x/sync v0.9.0 // indirect + golang.org/x/sys v0.27.0 // indirect + golang.org/x/term v0.26.0 // indirect + golang.org/x/text v0.20.0 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.27.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.31.3 // indirect + k8s.io/apimachinery v0.31.3 // indirect + k8s.io/client-go v0.31.3 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/charts/tests/go.sum b/charts/tests/go.sum new file mode 100644 index 0000000000..2a821ef144 --- /dev/null +++ b/charts/tests/go.sum @@ -0,0 +1,283 @@ +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/approvals/go-approval-tests v0.0.0-20241122190619-11802f7330a5 h1:0bYirGrRANl+CBOGVAwfhrY4zhfcGRMcJervbYyX1co= +github.com/approvals/go-approval-tests v0.0.0-20241122190619-11802f7330a5/go.mod h1:PJOqSY8IofNv3heAD6k8E7EfFS6okiSS9bSAasaAUME= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= +github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= +github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= +github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/gonvenience/bunt v1.3.5 h1:wSQquifvwEWtzn27k1ngLfeLaStyt0k1b/K6TrlCNAs= +github.com/gonvenience/bunt v1.3.5/go.mod h1:7ApqkVBEWvX04oJ28Q2WeI/BvJM6VtukaJAU/q/pTs8= +github.com/gonvenience/neat v1.3.12 h1:xwIyRbJcG9LgcDYys+HHLH9DqqHeQsUpS5CfBUeskbs= +github.com/gonvenience/neat v1.3.12/go.mod h1:8OljAIgPelN0uPPO94VBqxK+Kz98d6ZFwHDg5o/PfkE= +github.com/gonvenience/term v1.0.2 h1:qKa2RydbWIrabGjR/fegJwpW5m+JvUwFL8mLhHzDXn0= +github.com/gonvenience/term v1.0.2/go.mod h1:wThTR+3MzWtWn7XGVW6qQ65uaVf8GHED98KmwpuEQeo= +github.com/gonvenience/text v1.0.7 h1:YmIqmgTwxnACYCG59DykgMbomwteYyNhAmEUEJtPl14= +github.com/gonvenience/text v1.0.7/go.mod h1:OAjH+mohRszffLY6OjgQcUXiSkbrIavooFpfIt1ZwAs= +github.com/gonvenience/wrap v1.1.2 h1:xPKxNwL1HCguwyM+HlP/1CIuc9LRd7k8RodLwe9YTZA= +github.com/gonvenience/wrap v1.1.2/go.mod h1:GiryBSXoI3BAAhbWD1cZVj7RZmtiu0ERi/6R6eJfslI= +github.com/gonvenience/ytbx v1.4.4 h1:jQopwyaLsVGuwdxSiN4WkXjsEaFNPJ3V4lUj7eyEpzo= +github.com/gonvenience/ytbx v1.4.4/go.mod h1:w37+MKCPcCMY/jpPNmEklD4xKqrOAVBO6kIWW2+uI6M= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= +github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= +github.com/gruntwork-io/terratest v0.47.2 h1:t6iWwsqJH7Gx0RwXleU/vjc+2c0JXRMdj3DxYXTBssQ= +github.com/gruntwork-io/terratest v0.47.2/go.mod h1:LnYX8BN5WxUMpDr8rtD39oToSL4CBERWSCusbJ0d/64= +github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI= +github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= +github.com/homeport/dyff v1.6.0 h1:AN+ikld0Fy+qx34YE7655b/bpWuxS6cL9k852pE2GUc= +github.com/homeport/dyff v1.6.0/go.mod h1:FlAOFYzeKvxmU5nTrnG+qrlJVWpsFew7pt8L99p5q8k= +github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/matryer/is v1.4.1 h1:55ehd8zaGABKLXQUe2awZ99BD/PTc2ls+KV/dXphgEQ= +github.com/matryer/is v1.4.1/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= +github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= +github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= +github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c= +github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok= +github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= +github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= +github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= +github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= +k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= +k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= +k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= +k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/charts/tests/testdata/app-protect-dos.yaml b/charts/tests/testdata/app-protect-dos.yaml new file mode 100644 index 0000000000..8bd1603e94 --- /dev/null +++ b/charts/tests/testdata/app-protect-dos.yaml @@ -0,0 +1,13 @@ +controller: + nginxplus: true + appprotectdos: + ## Enable the App Protect DoS module in the Ingress Controller. + enable: true + ## Enable debugging for App Protect DoS. + debug: true + ## Max number of nginx processes to support. + maxWorkers: 5 + ## Max number of ADMD instances. + maxDaemons: 10 + ## RAM memory size to consume in MB. + memory: 1024 diff --git a/charts/tests/testdata/app-protect-waf.yaml b/charts/tests/testdata/app-protect-waf.yaml new file mode 100644 index 0000000000..152559ad63 --- /dev/null +++ b/charts/tests/testdata/app-protect-waf.yaml @@ -0,0 +1,4 @@ +controller: + nginxplus: true + appprotect: + enable: true diff --git a/charts/tests/testdata/app-protect-wafv5.yaml b/charts/tests/testdata/app-protect-wafv5.yaml new file mode 100644 index 0000000000..7b2808bf2e --- /dev/null +++ b/charts/tests/testdata/app-protect-wafv5.yaml @@ -0,0 +1,21 @@ +controller: + nginxplus: true + appprotect: + enable: true + v5: true + volumes: + - name: app-protect-bd-config + emptyDir: {} + - name: app-protect-config + emptyDir: {} + - name: app-protect-bundles + emptyDir: {} + + enforcer: + host: "localhost" + port: 50001 + image: + repository: my.private.reg/nap/waf-enforcer + configManager: + image: + repository: my.private.reg/nap/waf-config-mgr diff --git a/charts/tests/testdata/custom-resources.yaml b/charts/tests/testdata/custom-resources.yaml new file mode 100644 index 0000000000..356385776b --- /dev/null +++ b/charts/tests/testdata/custom-resources.yaml @@ -0,0 +1,2 @@ +controller: + enableCustomResources: false diff --git a/charts/tests/testdata/daemonset.yaml b/charts/tests/testdata/daemonset.yaml new file mode 100644 index 0000000000..3e78846b9d --- /dev/null +++ b/charts/tests/testdata/daemonset.yaml @@ -0,0 +1,2 @@ +controller: + kind: daemonset diff --git a/charts/tests/testdata/global-configuration.yaml b/charts/tests/testdata/global-configuration.yaml new file mode 100644 index 0000000000..500724f480 --- /dev/null +++ b/charts/tests/testdata/global-configuration.yaml @@ -0,0 +1,11 @@ +controller: + globalConfiguration: + create: true + spec: + listeners: + - name: dns-udp + port: 5353 + protocol: UDP + - name: dns-tcp + port: 5353 + protocol: TCP diff --git a/charts/tests/testdata/ingress-class.yaml b/charts/tests/testdata/ingress-class.yaml new file mode 100644 index 0000000000..a60fb0fe50 --- /dev/null +++ b/charts/tests/testdata/ingress-class.yaml @@ -0,0 +1,5 @@ +controller: + ingressClass: + name: changed + create: true + setAsDefaultIngress: true diff --git a/charts/tests/testdata/plus.yaml b/charts/tests/testdata/plus.yaml new file mode 100644 index 0000000000..60f7dc92af --- /dev/null +++ b/charts/tests/testdata/plus.yaml @@ -0,0 +1,2 @@ +controller: + nginxplus: true diff --git a/charts/tests/unit_test.go b/charts/tests/unit_test.go new file mode 100644 index 0000000000..9335b77be3 --- /dev/null +++ b/charts/tests/unit_test.go @@ -0,0 +1,118 @@ +//go:build helmunit + +package test + +import ( + "os" + "path/filepath" + "strings" + "testing" + + approvals "github.com/approvals/go-approval-tests" + testIs "github.com/matryer/is" + + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/gruntwork-io/terratest/modules/k8s" +) + +func TestMain(m *testing.M) { + approvals.UseFolder("./approvals/") + approvals.Options().WithExtension(".yaml") + code := m.Run() + os.Exit(code) +} + +// An example of how to verify the rendered template object of a Helm Chart given various inputs. +func TestHelmNICTemplate(t *testing.T) { + t.Parallel() + + tests := map[string]struct { + valuesFile string + releaseName string + namespace string + expectedErr error + }{ + "default values file": { + valuesFile: "", + expectedErr: nil, + releaseName: "default", + namespace: "default", + }, + "daemonset": { + valuesFile: "testdata/daemonset.yaml", + expectedErr: nil, + releaseName: "daemonset", + namespace: "default", + }, + "namespace": { + valuesFile: "", + expectedErr: nil, + releaseName: "namespace", + namespace: "nginx-ingress", + }, + "plus": { + valuesFile: "testdata/plus.yaml", + expectedErr: nil, + releaseName: "plus", + namespace: "default", + }, + "ingressClass": { + valuesFile: "testdata/ingress-class.yaml", + expectedErr: nil, + releaseName: "ingress-class", + namespace: "default", + }, + "globalConfig": { + valuesFile: "testdata/global-configuration.yaml", + expectedErr: nil, + releaseName: "global-configuration", + namespace: "gc", + }, + "customerResources": { + valuesFile: "testdata/custom-resources.yaml", + expectedErr: nil, + releaseName: "custom-resources", + namespace: "custom-resources", + }, + "appProtectWAF": { + valuesFile: "testdata/app-protect-waf.yaml", + expectedErr: nil, + releaseName: "appprotect-waf", + namespace: "appprotect-waf", + }, + "appProtectWAFV5": { + valuesFile: "testdata/app-protect-wafv5.yaml", + expectedErr: nil, + releaseName: "appprotect-wafv5", + namespace: "appprotect-wafv5", + }, + "appProtectDOS": { + valuesFile: "testdata/app-protect-dos.yaml", + expectedErr: nil, + releaseName: "appprotect-dos", + namespace: "appprotect-dos", + }, + } + + is := testIs.New(t) + + // Path to the helm chart we will test + helmChartPath, err := filepath.Abs("../nginx-ingress") + is.NoErr(err) + + for testName, tc := range tests { + t.Run(testName, func(t *testing.T) { + options := &helm.Options{ + KubectlOptions: k8s.NewKubectlOptions("", "", tc.namespace), + } + + if tc.valuesFile != "" { + options.ValuesFiles = []string{tc.valuesFile} + } + + output := helm.RenderTemplate(t, options, helmChartPath, tc.releaseName, make([]string, 0)) + approvals.Verify(t, strings.NewReader(output), approvals.Options().WithExtension(".yaml")) + }) + } + +} From 2072a491cf9c211df497ebec55b50e7e325b9d60 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Mon, 2 Dec 2024 16:27:18 +0000 Subject: [PATCH 2/7] switch to using go-snaps package --- .../appprotect-dos.yaml} | 0 .../appprotect-waf.yaml} | 0 .../appprotect-wafv5.yaml} | 0 .../custom-resources.yaml} | 0 .../daemonset.yaml} | 0 .../default.yaml} | 0 .../global-configuration.yaml} | 0 .../ingress-class.yaml} | 0 .../namespace.yaml} | 0 .../plus.yaml} | 0 charts/tests/go.mod | 13 ++++++++-- charts/tests/go.sum | 24 +++++++++++++++---- charts/tests/unit_test.go | 24 +++++++++++-------- 13 files changed, 45 insertions(+), 16 deletions(-) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.appProtectDOS.approved.yaml => __chart_manifests_snapshot__/appprotect-dos.yaml} (100%) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.appProtectWAF.approved.yaml => __chart_manifests_snapshot__/appprotect-waf.yaml} (100%) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.appProtectWAFV5.approved.yaml => __chart_manifests_snapshot__/appprotect-wafv5.yaml} (100%) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.customerResources.approved.yaml => __chart_manifests_snapshot__/custom-resources.yaml} (100%) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.daemonset.approved.yaml => __chart_manifests_snapshot__/daemonset.yaml} (100%) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.default_values_file.approved.yaml => __chart_manifests_snapshot__/default.yaml} (100%) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.globalConfig.approved.yaml => __chart_manifests_snapshot__/global-configuration.yaml} (100%) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.ingressClass.approved.yaml => __chart_manifests_snapshot__/ingress-class.yaml} (100%) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.namespace.approved.yaml => __chart_manifests_snapshot__/namespace.yaml} (100%) rename charts/tests/{approvals/unit_test.TestHelmNICTemplate.plus.approved.yaml => __chart_manifests_snapshot__/plus.yaml} (100%) diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectDOS.approved.yaml b/charts/tests/__chart_manifests_snapshot__/appprotect-dos.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectDOS.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/appprotect-dos.yaml diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAF.approved.yaml b/charts/tests/__chart_manifests_snapshot__/appprotect-waf.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAF.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/appprotect-waf.yaml diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAFV5.approved.yaml b/charts/tests/__chart_manifests_snapshot__/appprotect-wafv5.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.appProtectWAFV5.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/appprotect-wafv5.yaml diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.customerResources.approved.yaml b/charts/tests/__chart_manifests_snapshot__/custom-resources.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.customerResources.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/custom-resources.yaml diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.daemonset.approved.yaml b/charts/tests/__chart_manifests_snapshot__/daemonset.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.daemonset.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/daemonset.yaml diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.default_values_file.approved.yaml b/charts/tests/__chart_manifests_snapshot__/default.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.default_values_file.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/default.yaml diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.globalConfig.approved.yaml b/charts/tests/__chart_manifests_snapshot__/global-configuration.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.globalConfig.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/global-configuration.yaml diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.ingressClass.approved.yaml b/charts/tests/__chart_manifests_snapshot__/ingress-class.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.ingressClass.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/ingress-class.yaml diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.namespace.approved.yaml b/charts/tests/__chart_manifests_snapshot__/namespace.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.namespace.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/namespace.yaml diff --git a/charts/tests/approvals/unit_test.TestHelmNICTemplate.plus.approved.yaml b/charts/tests/__chart_manifests_snapshot__/plus.yaml similarity index 100% rename from charts/tests/approvals/unit_test.TestHelmNICTemplate.plus.approved.yaml rename to charts/tests/__chart_manifests_snapshot__/plus.yaml diff --git a/charts/tests/go.mod b/charts/tests/go.mod index 48f8791fe3..09ce5cbe37 100644 --- a/charts/tests/go.mod +++ b/charts/tests/go.mod @@ -3,9 +3,8 @@ module github.com/nginxinc/kubernetes-ingress/charts/tests go 1.23.3 require ( - github.com/approvals/go-approval-tests v0.0.0-20241122190619-11802f7330a5 + github.com/gkampitakis/go-snaps v0.5.7 github.com/gruntwork-io/terratest v0.47.2 - github.com/matryer/is v1.4.1 ) require ( @@ -17,6 +16,8 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect + github.com/gkampitakis/ciinfo v0.3.0 // indirect + github.com/gkampitakis/go-diff v1.3.2 // indirect github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect @@ -44,8 +45,11 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/kr/pretty v0.3.1 // indirect + github.com/kr/text v0.2.0 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/maruel/natural v1.1.1 // indirect github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect github.com/mattn/go-isatty v0.0.19 // indirect github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect @@ -59,11 +63,16 @@ require ( github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/pquerna/otp v1.2.0 // indirect + github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.3.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/testify v1.9.0 // indirect github.com/texttheater/golang-levenshtein v1.0.1 // indirect + github.com/tidwall/gjson v1.17.0 // indirect + github.com/tidwall/match v1.1.1 // indirect + github.com/tidwall/pretty v1.2.1 // indirect + github.com/tidwall/sjson v1.2.5 // indirect github.com/urfave/cli v1.22.2 // indirect github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect github.com/x448/float16 v0.8.4 // indirect diff --git a/charts/tests/go.sum b/charts/tests/go.sum index 2a821ef144..04cb4cc186 100644 --- a/charts/tests/go.sum +++ b/charts/tests/go.sum @@ -1,8 +1,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/approvals/go-approval-tests v0.0.0-20241122190619-11802f7330a5 h1:0bYirGrRANl+CBOGVAwfhrY4zhfcGRMcJervbYyX1co= -github.com/approvals/go-approval-tests v0.0.0-20241122190619-11802f7330a5/go.mod h1:PJOqSY8IofNv3heAD6k8E7EfFS6okiSS9bSAasaAUME= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= @@ -27,6 +25,12 @@ github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gkampitakis/ciinfo v0.3.0 h1:gWZlOC2+RYYttL0hBqcoQhM7h1qNkVqvRCV1fOvpAv8= +github.com/gkampitakis/ciinfo v0.3.0/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo= +github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZdC4M= +github.com/gkampitakis/go-diff v1.3.2/go.mod h1:LLgOrpqleQe26cte8s36HTWcTmMEur6OPYerdAAS9tk= +github.com/gkampitakis/go-snaps v0.5.7 h1:uVGjHR4t4pPHU944udMx7VKHpwepZXmvDMF+yDmI0rg= +github.com/gkampitakis/go-snaps v0.5.7/go.mod h1:ZABkO14uCuVxBHAXAfKG+bqNz+aa1bGPAg8jkI0Nk8Y= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= @@ -112,8 +116,8 @@ github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matryer/is v1.4.1 h1:55ehd8zaGABKLXQUe2awZ99BD/PTc2ls+KV/dXphgEQ= -github.com/matryer/is v1.4.1/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= +github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= +github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -149,6 +153,7 @@ github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c= github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -156,6 +161,7 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok= github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -181,6 +187,16 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= +github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= +github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= +github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= +github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= diff --git a/charts/tests/unit_test.go b/charts/tests/unit_test.go index 9335b77be3..3a8d8df6f2 100644 --- a/charts/tests/unit_test.go +++ b/charts/tests/unit_test.go @@ -5,20 +5,19 @@ package test import ( "os" "path/filepath" - "strings" "testing" - approvals "github.com/approvals/go-approval-tests" - testIs "github.com/matryer/is" - + "github.com/gkampitakis/go-snaps/snaps" "github.com/gruntwork-io/terratest/modules/helm" "github.com/gruntwork-io/terratest/modules/k8s" + "github.com/gruntwork-io/terratest/modules/logger" ) func TestMain(m *testing.M) { - approvals.UseFolder("./approvals/") - approvals.Options().WithExtension(".yaml") code := m.Run() + + // After all tests have run `go-snaps` will sort snapshots + snaps.Clean(m, snaps.CleanOpts{Sort: true}) os.Exit(code) } @@ -94,11 +93,11 @@ func TestHelmNICTemplate(t *testing.T) { }, } - is := testIs.New(t) - // Path to the helm chart we will test helmChartPath, err := filepath.Abs("../nginx-ingress") - is.NoErr(err) + if err != nil { + t.Error("Failed to open helm chart path ../nginx-ingress") + } for testName, tc := range tests { t.Run(testName, func(t *testing.T) { @@ -111,7 +110,12 @@ func TestHelmNICTemplate(t *testing.T) { } output := helm.RenderTemplate(t, options, helmChartPath, tc.releaseName, make([]string, 0)) - approvals.Verify(t, strings.NewReader(output), approvals.Options().WithExtension(".yaml")) + + options = &helm.Options{ + Logger: logger.Default, + SnapshotPath: "__chart_manifests_snapshot__", + } + helm.UpdateSnapshot(t, options, output, tc.releaseName) }) } From 22de525e6b918ce9738118bda06ff1da53b5501d Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Tue, 3 Dec 2024 09:14:33 +0000 Subject: [PATCH 3/7] switch to using go-snaps --- .pre-commit-config.yaml | 1 + .../appprotect-dos.yaml | 440 -- .../appprotect-waf.yaml | 435 -- .../appprotect-wafv5.yaml | 480 -- .../custom-resources.yaml | 398 -- .../daemonset.yaml | 425 -- .../__chart_manifests_snapshot__/default.yaml | 425 -- .../global-configuration.yaml | 447 -- .../ingress-class.yaml | 427 -- .../namespace.yaml | 425 -- .../__chart_manifests_snapshot__/plus.yaml | 425 -- charts/tests/__snapshots__/unit_test.snap | 4357 +++++++++++++++++ charts/tests/unit_test.go | 11 +- 13 files changed, 4362 insertions(+), 4334 deletions(-) delete mode 100644 charts/tests/__chart_manifests_snapshot__/appprotect-dos.yaml delete mode 100644 charts/tests/__chart_manifests_snapshot__/appprotect-waf.yaml delete mode 100644 charts/tests/__chart_manifests_snapshot__/appprotect-wafv5.yaml delete mode 100644 charts/tests/__chart_manifests_snapshot__/custom-resources.yaml delete mode 100644 charts/tests/__chart_manifests_snapshot__/daemonset.yaml delete mode 100644 charts/tests/__chart_manifests_snapshot__/default.yaml delete mode 100644 charts/tests/__chart_manifests_snapshot__/global-configuration.yaml delete mode 100644 charts/tests/__chart_manifests_snapshot__/ingress-class.yaml delete mode 100644 charts/tests/__chart_manifests_snapshot__/namespace.yaml delete mode 100644 charts/tests/__chart_manifests_snapshot__/plus.yaml create mode 100755 charts/tests/__snapshots__/unit_test.snap diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 845de20362..8dbae7a780 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,6 +17,7 @@ repos: - id: check-merge-conflict - id: check-shebang-scripts-are-executable - id: check-executables-have-shebangs + exclude: '(\.snap)$' - id: check-symlinks - id: check-case-conflict - id: check-vcs-permalinks diff --git a/charts/tests/__chart_manifests_snapshot__/appprotect-dos.yaml b/charts/tests/__chart_manifests_snapshot__/appprotect-dos.yaml deleted file mode 100644 index c9aee9fd3c..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/appprotect-dos.yaml +++ /dev/null @@ -1,440 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: appprotect-dos-nginx-ingress - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-dos-nginx-ingress - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-dos-nginx-ingress-leader-election - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-dos-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - appprotectdos.f5.com - resources: - - apdospolicies - - apdoslogconfs - - dosprotectedresources - verbs: - - get - - watch - - list -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-dos-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: appprotect-dos-nginx-ingress - namespace: appprotect-dos -roleRef: - kind: ClusterRole - name: appprotect-dos-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-dos-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-dos -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - appprotect-dos-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-dos-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-dos -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appprotect-dos-nginx-ingress -subjects: -- kind: ServiceAccount - name: appprotect-dos-nginx-ingress - namespace: appprotect-dos ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: appprotect-dos-nginx-ingress-controller - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos ---- -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: appprotect-dos-nginx-ingress-controller - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: appprotect-dos-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=true - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=true - - -app-protect-dos-debug=true - - -app-protect-dos-max-daemons=10 - - -app-protect-dos-max-workers=5 - - -app-protect-dos-memory=1024 - - - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-dos-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=appprotect-dos-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=appprotect-dos-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: appprotect-dos-nginx-ingress-leader-election - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__chart_manifests_snapshot__/appprotect-waf.yaml b/charts/tests/__chart_manifests_snapshot__/appprotect-waf.yaml deleted file mode 100644 index 5816e2b720..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/appprotect-waf.yaml +++ /dev/null @@ -1,435 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: appprotect-waf-nginx-ingress - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-waf-nginx-ingress - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-waf-nginx-ingress-leader-election - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-waf-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - appprotect.f5.com - resources: - - appolicies - - aplogconfs - - apusersigs - verbs: - - get - - watch - - list -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-waf-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: appprotect-waf-nginx-ingress - namespace: appprotect-waf -roleRef: - kind: ClusterRole - name: appprotect-waf-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-waf-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-waf -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - appprotect-waf-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-waf-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-waf -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appprotect-waf-nginx-ingress -subjects: -- kind: ServiceAccount - name: appprotect-waf-nginx-ingress - namespace: appprotect-waf ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: appprotect-waf-nginx-ingress-controller - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf ---- -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: appprotect-waf-nginx-ingress-controller - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: appprotect-waf-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=true - - -nginx-reload-timeout=60000 - - -enable-app-protect=true - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-waf-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=appprotect-waf-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=appprotect-waf-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: appprotect-waf-nginx-ingress-leader-election - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__chart_manifests_snapshot__/appprotect-wafv5.yaml b/charts/tests/__chart_manifests_snapshot__/appprotect-wafv5.yaml deleted file mode 100644 index 6eba2f33c2..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/appprotect-wafv5.yaml +++ /dev/null @@ -1,480 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: appprotect-wafv5-nginx-ingress - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-wafv5-nginx-ingress - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-wafv5-nginx-ingress-leader-election - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-wafv5-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - appprotect.f5.com - resources: - - appolicies - - aplogconfs - - apusersigs - verbs: - - get - - watch - - list -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-wafv5-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: appprotect-wafv5-nginx-ingress - namespace: appprotect-wafv5 -roleRef: - kind: ClusterRole - name: appprotect-wafv5-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-wafv5-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-wafv5 -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - appprotect-wafv5-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-wafv5-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-wafv5 -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appprotect-wafv5-nginx-ingress -subjects: -- kind: ServiceAccount - name: appprotect-wafv5-nginx-ingress - namespace: appprotect-wafv5 ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: appprotect-wafv5-nginx-ingress-controller - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 ---- -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: appprotect-wafv5-nginx-ingress-controller - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: - - - emptyDir: {} - name: app-protect-bd-config - - emptyDir: {} - name: app-protect-config - - emptyDir: {} - name: app-protect-bundles - serviceAccountName: appprotect-wafv5-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: - - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - # app-protect-bundles is mounted so that Ingress Controller - # can verify that referenced bundles are present - - name: app-protect-bundles - mountPath: /etc/app_protect/bundles - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=true - - -nginx-reload-timeout=60000 - - -enable-app-protect=true - - -app-protect-enforcer-address="localhost:50001" - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-wafv5-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=appprotect-wafv5-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=appprotect-wafv5-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false - - - name: waf-enforcer - image: my.private.reg/nap/waf-enforcer:5.3.0 - imagePullPolicy: "IfNotPresent" - env: - - name: ENFORCER_PORT - value: "50001" - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: waf-config-mgr - image: my.private.reg/nap/waf-config-mgr:5.3.0 - imagePullPolicy: "IfNotPresent" - securityContext: - - allowPrivilegeEscalation: false - capabilities: - drop: - - all - runAsNonRoot: true - runAsUser: 101 - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - - name: app-protect-bundles - mountPath: /etc/app_protect/bundles ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: appprotect-wafv5-nginx-ingress-leader-election - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__chart_manifests_snapshot__/custom-resources.yaml b/charts/tests/__chart_manifests_snapshot__/custom-resources.yaml deleted file mode 100644 index 8a8b166fcd..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/custom-resources.yaml +++ /dev/null @@ -1,398 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: custom-resources-nginx-ingress - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: custom-resources-nginx-ingress - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: custom-resources-nginx-ingress-leader-election - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: custom-resources-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: custom-resources-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: custom-resources-nginx-ingress - namespace: custom-resources -roleRef: - kind: ClusterRole - name: custom-resources-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: custom-resources-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: custom-resources -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - custom-resources-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: custom-resources-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: custom-resources -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: custom-resources-nginx-ingress -subjects: -- kind: ServiceAccount - name: custom-resources-nginx-ingress - namespace: custom-resources ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: custom-resources-nginx-ingress-controller - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources ---- -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: custom-resources-nginx-ingress-controller - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: custom-resources-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/custom-resources-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=custom-resources-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=custom-resources-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=false - - -enable-snippets=false - - -disable-ipv6=false - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: custom-resources-nginx-ingress-leader-election - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__chart_manifests_snapshot__/daemonset.yaml b/charts/tests/__chart_manifests_snapshot__/daemonset.yaml deleted file mode 100644 index afb9f5a83a..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/daemonset.yaml +++ /dev/null @@ -1,425 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: daemonset-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: daemonset-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: daemonset-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: daemonset-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: daemonset-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: daemonset-nginx-ingress - namespace: default -roleRef: - kind: ClusterRole - name: daemonset-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: daemonset-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - daemonset-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: daemonset-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: daemonset-nginx-ingress -subjects: -- kind: ServiceAccount - name: daemonset-nginx-ingress - namespace: default ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: daemonset-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset ---- -# Source: nginx-ingress/templates/controller-daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: daemonset-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - serviceAccountName: daemonset-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - volumes: [] - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - name: nginx-ingress - image: nginx/nginx-ingress:4.0.0 - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - resources: - requests: - cpu: 100m - memory: 128Mi - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/daemonset-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=daemonset-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=daemonset-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: daemonset-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__chart_manifests_snapshot__/default.yaml b/charts/tests/__chart_manifests_snapshot__/default.yaml deleted file mode 100644 index 7ecfab6739..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/default.yaml +++ /dev/null @@ -1,425 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: default-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: default-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: default-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: default-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: default-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: default-nginx-ingress - namespace: default -roleRef: - kind: ClusterRole - name: default-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: default-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - default-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: default-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: default-nginx-ingress -subjects: -- kind: ServiceAccount - name: default-nginx-ingress - namespace: default ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: default-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default ---- -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: default-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: default-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/default-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=default-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=default-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: default-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__chart_manifests_snapshot__/global-configuration.yaml b/charts/tests/__chart_manifests_snapshot__/global-configuration.yaml deleted file mode 100644 index 612eff8794..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/global-configuration.yaml +++ /dev/null @@ -1,447 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: global-configuration-nginx-ingress - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: global-configuration-nginx-ingress - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: global-configuration-nginx-ingress-leader-election - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: global-configuration-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: global-configuration-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: global-configuration-nginx-ingress - namespace: gc -roleRef: - kind: ClusterRole - name: global-configuration-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: global-configuration-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: gc -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - global-configuration-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: global-configuration-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: gc -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: global-configuration-nginx-ingress -subjects: -- kind: ServiceAccount - name: global-configuration-nginx-ingress - namespace: gc ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: global-configuration-nginx-ingress-controller - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration ---- -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: global-configuration-nginx-ingress-controller - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: global-configuration-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/global-configuration-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=global-configuration-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=global-configuration-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -global-configuration=$(POD_NAMESPACE)/global-configuration-nginx-ingress-controller - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-globalconfiguration.yaml -apiVersion: k8s.nginx.org/v1 -kind: GlobalConfiguration -metadata: - name: global-configuration-nginx-ingress-controller - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - listeners: - - name: dns-udp - port: 5353 - protocol: UDP - - name: dns-tcp - port: 5353 - protocol: TCP ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: global-configuration-nginx-ingress-leader-election - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__chart_manifests_snapshot__/ingress-class.yaml b/charts/tests/__chart_manifests_snapshot__/ingress-class.yaml deleted file mode 100644 index bf3ca2a268..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/ingress-class.yaml +++ /dev/null @@ -1,427 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ingress-class-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: ingress-class-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: ingress-class-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ingress-class-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ingress-class-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: ingress-class-nginx-ingress - namespace: default -roleRef: - kind: ClusterRole - name: ingress-class-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ingress-class-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - ingress-class-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ingress-class-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-class-nginx-ingress -subjects: -- kind: ServiceAccount - name: ingress-class-nginx-ingress - namespace: default ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: ingress-class-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class ---- -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ingress-class-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: ingress-class-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/ingress-class-nginx-ingress - - -ingress-class=changed - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=ingress-class-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=ingress-class-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: changed - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - annotations: - ingressclass.kubernetes.io/is-default-class: "true" -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: ingress-class-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__chart_manifests_snapshot__/namespace.yaml b/charts/tests/__chart_manifests_snapshot__/namespace.yaml deleted file mode 100644 index 379017ec52..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/namespace.yaml +++ /dev/null @@ -1,425 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: namespace-nginx-ingress - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: namespace-nginx-ingress - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: namespace-nginx-ingress-leader-election - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: namespace-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: namespace-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: namespace-nginx-ingress - namespace: nginx-ingress -roleRef: - kind: ClusterRole - name: namespace-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: namespace-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: nginx-ingress -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - namespace-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: namespace-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: nginx-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: namespace-nginx-ingress -subjects: -- kind: ServiceAccount - name: namespace-nginx-ingress - namespace: nginx-ingress ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: namespace-nginx-ingress-controller - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace ---- -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: namespace-nginx-ingress-controller - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: namespace-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/namespace-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=namespace-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=namespace-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: namespace-nginx-ingress-leader-election - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__chart_manifests_snapshot__/plus.yaml b/charts/tests/__chart_manifests_snapshot__/plus.yaml deleted file mode 100644 index 9089d09e1e..0000000000 --- a/charts/tests/__chart_manifests_snapshot__/plus.yaml +++ /dev/null @@ -1,425 +0,0 @@ ---- -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: plus-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} ---- -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: plus-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update ---- -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: plus-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: plus-nginx-ingress - namespace: default -roleRef: - kind: ClusterRole - name: plus-nginx-ingress - apiGroup: rbac.authorization.k8s.io ---- -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: plus-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - plus-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create ---- -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: plus-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: plus-nginx-ingress -subjects: -- kind: ServiceAccount - name: plus-nginx-ingress - namespace: default ---- -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: plus-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus ---- -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: plus-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: plus-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=true - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=plus-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=plus-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false ---- -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller ---- -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: plus-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm diff --git a/charts/tests/__snapshots__/unit_test.snap b/charts/tests/__snapshots__/unit_test.snap new file mode 100755 index 0000000000..a7c1beac8f --- /dev/null +++ b/charts/tests/__snapshots__/unit_test.snap @@ -0,0 +1,4357 @@ + +[TestHelmNICTemplate/appProtectDOS - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-dos-nginx-ingress-leader-election + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - appprotectdos.f5.com + resources: + - apdospolicies + - apdoslogconfs + - dosprotectedresources + verbs: + - get + - watch + - list +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos +roleRef: + kind: ClusterRole + name: appprotect-dos-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-dos +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - appprotect-dos-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-dos +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appprotect-dos-nginx-ingress +subjects: +- kind: ServiceAccount + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: appprotect-dos-nginx-ingress-controller + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: appprotect-dos-nginx-ingress-controller + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: appprotect-dos-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=true + - -app-protect-dos-debug=true + - -app-protect-dos-max-daemons=10 + - -app-protect-dos-max-workers=5 + - -app-protect-dos-memory=1024 + + - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-dos-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=appprotect-dos-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=appprotect-dos-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: appprotect-dos-nginx-ingress-leader-election + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/appProtectWAF - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-waf-nginx-ingress-leader-election + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - appprotect.f5.com + resources: + - appolicies + - aplogconfs + - apusersigs + verbs: + - get + - watch + - list +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf +roleRef: + kind: ClusterRole + name: appprotect-waf-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-waf +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - appprotect-waf-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-waf +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appprotect-waf-nginx-ingress +subjects: +- kind: ServiceAccount + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: appprotect-waf-nginx-ingress-controller + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: appprotect-waf-nginx-ingress-controller + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: appprotect-waf-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=true + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-waf-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=appprotect-waf-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=appprotect-waf-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: appprotect-waf-nginx-ingress-leader-election + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/appProtectWAFV5 - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-wafv5-nginx-ingress-leader-election + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - appprotect.f5.com + resources: + - appolicies + - aplogconfs + - apusersigs + verbs: + - get + - watch + - list +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 +roleRef: + kind: ClusterRole + name: appprotect-wafv5-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-wafv5 +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - appprotect-wafv5-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-wafv5 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appprotect-wafv5-nginx-ingress +subjects: +- kind: ServiceAccount + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: appprotect-wafv5-nginx-ingress-controller + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: appprotect-wafv5-nginx-ingress-controller + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: + + - emptyDir: {} + name: app-protect-bd-config + - emptyDir: {} + name: app-protect-config + - emptyDir: {} + name: app-protect-bundles + serviceAccountName: appprotect-wafv5-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: + + - name: app-protect-bd-config + mountPath: /opt/app_protect/bd_config + - name: app-protect-config + mountPath: /opt/app_protect/config + # app-protect-bundles is mounted so that Ingress Controller + # can verify that referenced bundles are present + - name: app-protect-bundles + mountPath: /etc/app_protect/bundles + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=true + - -app-protect-enforcer-address="localhost:50001" + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-wafv5-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=appprotect-wafv5-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=appprotect-wafv5-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false + + - name: waf-enforcer + image: my.private.reg/nap/waf-enforcer:5.3.0 + imagePullPolicy: "IfNotPresent" + env: + - name: ENFORCER_PORT + value: "50001" + volumeMounts: + - name: app-protect-bd-config + mountPath: /opt/app_protect/bd_config + - name: waf-config-mgr + image: my.private.reg/nap/waf-config-mgr:5.3.0 + imagePullPolicy: "IfNotPresent" + securityContext: + + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsNonRoot: true + runAsUser: 101 + volumeMounts: + - name: app-protect-bd-config + mountPath: /opt/app_protect/bd_config + - name: app-protect-config + mountPath: /opt/app_protect/config + - name: app-protect-bundles + mountPath: /etc/app_protect/bundles +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: appprotect-wafv5-nginx-ingress-leader-election + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/customResources - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: custom-resources-nginx-ingress + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-resources-nginx-ingress + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-resources-nginx-ingress-leader-election + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: custom-resources-nginx-ingress + namespace: custom-resources +roleRef: + kind: ClusterRole + name: custom-resources-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: custom-resources +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - custom-resources-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: custom-resources +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: custom-resources-nginx-ingress +subjects: +- kind: ServiceAccount + name: custom-resources-nginx-ingress + namespace: custom-resources +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-resources-nginx-ingress-controller + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: custom-resources-nginx-ingress-controller + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: custom-resources-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/custom-resources-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=custom-resources-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=custom-resources-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=false + - -enable-snippets=false + - -disable-ipv6=false + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: custom-resources-nginx-ingress-leader-election + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/daemonset - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: daemonset-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: daemonset-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: daemonset-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: daemonset-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: daemonset-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - daemonset-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: daemonset-nginx-ingress +subjects: +- kind: ServiceAccount + name: daemonset-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: daemonset-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset +/-/-/-/ +# Source: nginx-ingress/templates/controller-daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: daemonset-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + serviceAccountName: daemonset-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + volumes: [] + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - name: nginx-ingress + image: nginx/nginx-ingress:4.0.0 + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + resources: + requests: + cpu: 100m + memory: 128Mi + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/daemonset-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=daemonset-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=daemonset-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: daemonset-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/default_values_file - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: default-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: default-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: default-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: default-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: default-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - default-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: default-nginx-ingress +subjects: +- kind: ServiceAccount + name: default-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: default-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: default-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: default-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/default-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=default-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=default-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: default-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/globalConfig - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: global-configuration-nginx-ingress + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: global-configuration-nginx-ingress + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: global-configuration-nginx-ingress-leader-election + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: global-configuration-nginx-ingress + namespace: gc +roleRef: + kind: ClusterRole + name: global-configuration-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: gc +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - global-configuration-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: gc +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: global-configuration-nginx-ingress +subjects: +- kind: ServiceAccount + name: global-configuration-nginx-ingress + namespace: gc +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: global-configuration-nginx-ingress-controller + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: global-configuration-nginx-ingress-controller + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: global-configuration-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/global-configuration-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=global-configuration-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=global-configuration-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -global-configuration=$(POD_NAMESPACE)/global-configuration-nginx-ingress-controller + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-globalconfiguration.yaml +apiVersion: k8s.nginx.org/v1 +kind: GlobalConfiguration +metadata: + name: global-configuration-nginx-ingress-controller + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + listeners: + - name: dns-udp + port: 5353 + protocol: UDP + - name: dns-tcp + port: 5353 + protocol: TCP +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: global-configuration-nginx-ingress-leader-election + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/ingressClass - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ingress-class-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-class-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-class-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: ingress-class-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: ingress-class-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - ingress-class-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-class-nginx-ingress +subjects: +- kind: ServiceAccount + name: ingress-class-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: ingress-class-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ingress-class-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: ingress-class-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/ingress-class-nginx-ingress + - -ingress-class=changed + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=ingress-class-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=ingress-class-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: changed + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: ingress-class-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/namespace - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: namespace-nginx-ingress + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: namespace-nginx-ingress + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: namespace-nginx-ingress-leader-election + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: namespace-nginx-ingress + namespace: nginx-ingress +roleRef: + kind: ClusterRole + name: namespace-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: nginx-ingress +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - namespace-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: nginx-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: namespace-nginx-ingress +subjects: +- kind: ServiceAccount + name: namespace-nginx-ingress + namespace: nginx-ingress +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: namespace-nginx-ingress-controller + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: namespace-nginx-ingress-controller + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: namespace-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/namespace-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=namespace-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=namespace-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: namespace-nginx-ingress-leader-election + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/plus - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plus-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: plus-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: plus-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - plus-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plus-nginx-ingress +subjects: +- kind: ServiceAccount + name: plus-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: plus-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plus-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: plus-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/plus-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=plus-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=plus-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: plus-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- diff --git a/charts/tests/unit_test.go b/charts/tests/unit_test.go index 3a8d8df6f2..68280b252b 100644 --- a/charts/tests/unit_test.go +++ b/charts/tests/unit_test.go @@ -10,7 +10,6 @@ import ( "github.com/gkampitakis/go-snaps/snaps" "github.com/gruntwork-io/terratest/modules/helm" "github.com/gruntwork-io/terratest/modules/k8s" - "github.com/gruntwork-io/terratest/modules/logger" ) func TestMain(m *testing.M) { @@ -18,6 +17,7 @@ func TestMain(m *testing.M) { // After all tests have run `go-snaps` will sort snapshots snaps.Clean(m, snaps.CleanOpts{Sort: true}) + os.Exit(code) } @@ -67,7 +67,7 @@ func TestHelmNICTemplate(t *testing.T) { releaseName: "global-configuration", namespace: "gc", }, - "customerResources": { + "customResources": { valuesFile: "testdata/custom-resources.yaml", expectedErr: nil, releaseName: "custom-resources", @@ -111,11 +111,8 @@ func TestHelmNICTemplate(t *testing.T) { output := helm.RenderTemplate(t, options, helmChartPath, tc.releaseName, make([]string, 0)) - options = &helm.Options{ - Logger: logger.Default, - SnapshotPath: "__chart_manifests_snapshot__", - } - helm.UpdateSnapshot(t, options, output, tc.releaseName) + snaps.MatchSnapshot(t, output) + t.Log(output) }) } From c42377ebe0779e7b6eab32ae76200170b01d6c21 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Tue, 3 Dec 2024 09:18:46 +0000 Subject: [PATCH 4/7] add helm unit tests to main unit tests --- Makefile | 4 +- charts/tests/__snapshots__/helmunit_test.snap | 4357 +++++++++++++++++ charts/tests/go.mod | 102 - charts/tests/go.sum | 299 -- .../tests/{unit_test.go => helmunit_test.go} | 1 - go.mod | 35 + go.sum | 102 + 7 files changed, 4496 insertions(+), 404 deletions(-) create mode 100755 charts/tests/__snapshots__/helmunit_test.snap delete mode 100644 charts/tests/go.mod delete mode 100644 charts/tests/go.sum rename charts/tests/{unit_test.go => helmunit_test.go} (99%) diff --git a/Makefile b/Makefile index 010db8190f..b3b63b076b 100644 --- a/Makefile +++ b/Makefile @@ -71,11 +71,11 @@ staticcheck: ## Run staticcheck linter .PHONY: test test: ## Run GoLang tests - go test -tags=aws -shuffle=on -race -coverprofile=coverage.txt -covermode=atomic ./... + go test -tags=aws,helmunit -shuffle=on -race -coverprofile=coverage.txt -covermode=atomic ./... .PHONY: test-update-snaps test-update-snaps: - UPDATE_SNAPS=true go test -tags=aws -shuffle=on -race ./... + UPDATE_SNAPS=true go test -tags=aws,helmunit -shuffle=on -race ./... cover: test ## Generate coverage report diff --git a/charts/tests/__snapshots__/helmunit_test.snap b/charts/tests/__snapshots__/helmunit_test.snap new file mode 100755 index 0000000000..a7c1beac8f --- /dev/null +++ b/charts/tests/__snapshots__/helmunit_test.snap @@ -0,0 +1,4357 @@ + +[TestHelmNICTemplate/appProtectDOS - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-dos-nginx-ingress-leader-election + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - appprotectdos.f5.com + resources: + - apdospolicies + - apdoslogconfs + - dosprotectedresources + verbs: + - get + - watch + - list +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos +roleRef: + kind: ClusterRole + name: appprotect-dos-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-dos +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - appprotect-dos-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-dos-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-dos +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appprotect-dos-nginx-ingress +subjects: +- kind: ServiceAccount + name: appprotect-dos-nginx-ingress + namespace: appprotect-dos +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: appprotect-dos-nginx-ingress-controller + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: appprotect-dos-nginx-ingress-controller + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: appprotect-dos-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=true + - -app-protect-dos-debug=true + - -app-protect-dos-max-daemons=10 + - -app-protect-dos-max-workers=5 + - -app-protect-dos-memory=1024 + + - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-dos-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=appprotect-dos-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=appprotect-dos-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: appprotect-dos-nginx-ingress-leader-election + namespace: appprotect-dos + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-dos + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/appProtectWAF - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-waf-nginx-ingress-leader-election + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - appprotect.f5.com + resources: + - appolicies + - aplogconfs + - apusersigs + verbs: + - get + - watch + - list +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf +roleRef: + kind: ClusterRole + name: appprotect-waf-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-waf +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - appprotect-waf-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-waf-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-waf +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appprotect-waf-nginx-ingress +subjects: +- kind: ServiceAccount + name: appprotect-waf-nginx-ingress + namespace: appprotect-waf +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: appprotect-waf-nginx-ingress-controller + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: appprotect-waf-nginx-ingress-controller + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: appprotect-waf-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=true + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-waf-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=appprotect-waf-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=appprotect-waf-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: appprotect-waf-nginx-ingress-leader-election + namespace: appprotect-waf + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-waf + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/appProtectWAFV5 - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: appprotect-wafv5-nginx-ingress-leader-election + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - appprotect.f5.com + resources: + - appolicies + - aplogconfs + - apusersigs + verbs: + - get + - watch + - list +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 +roleRef: + kind: ClusterRole + name: appprotect-wafv5-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-wafv5 +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - appprotect-wafv5-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: appprotect-wafv5-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: appprotect-wafv5 +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: appprotect-wafv5-nginx-ingress +subjects: +- kind: ServiceAccount + name: appprotect-wafv5-nginx-ingress + namespace: appprotect-wafv5 +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: appprotect-wafv5-nginx-ingress-controller + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: appprotect-wafv5-nginx-ingress-controller + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: + + - emptyDir: {} + name: app-protect-bd-config + - emptyDir: {} + name: app-protect-config + - emptyDir: {} + name: app-protect-bundles + serviceAccountName: appprotect-wafv5-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: + + - name: app-protect-bd-config + mountPath: /opt/app_protect/bd_config + - name: app-protect-config + mountPath: /opt/app_protect/config + # app-protect-bundles is mounted so that Ingress Controller + # can verify that referenced bundles are present + - name: app-protect-bundles + mountPath: /etc/app_protect/bundles + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=true + - -app-protect-enforcer-address="localhost:50001" + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-wafv5-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=appprotect-wafv5-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=appprotect-wafv5-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false + + - name: waf-enforcer + image: my.private.reg/nap/waf-enforcer:5.3.0 + imagePullPolicy: "IfNotPresent" + env: + - name: ENFORCER_PORT + value: "50001" + volumeMounts: + - name: app-protect-bd-config + mountPath: /opt/app_protect/bd_config + - name: waf-config-mgr + image: my.private.reg/nap/waf-config-mgr:5.3.0 + imagePullPolicy: "IfNotPresent" + securityContext: + + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsNonRoot: true + runAsUser: 101 + volumeMounts: + - name: app-protect-bd-config + mountPath: /opt/app_protect/bd_config + - name: app-protect-config + mountPath: /opt/app_protect/config + - name: app-protect-bundles + mountPath: /etc/app_protect/bundles +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: appprotect-wafv5-nginx-ingress-leader-election + namespace: appprotect-wafv5 + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: appprotect-wafv5 + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/customResources - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: custom-resources-nginx-ingress + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-resources-nginx-ingress + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-resources-nginx-ingress-leader-election + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: custom-resources-nginx-ingress + namespace: custom-resources +roleRef: + kind: ClusterRole + name: custom-resources-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: custom-resources +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - custom-resources-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: custom-resources-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: custom-resources +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: custom-resources-nginx-ingress +subjects: +- kind: ServiceAccount + name: custom-resources-nginx-ingress + namespace: custom-resources +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-resources-nginx-ingress-controller + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: custom-resources-nginx-ingress-controller + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: custom-resources-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/custom-resources-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=custom-resources-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=custom-resources-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=false + - -enable-snippets=false + - -disable-ipv6=false + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: custom-resources-nginx-ingress-leader-election + namespace: custom-resources + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: custom-resources + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/daemonset - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: daemonset-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: daemonset-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: daemonset-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: daemonset-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: daemonset-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - daemonset-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: daemonset-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: daemonset-nginx-ingress +subjects: +- kind: ServiceAccount + name: daemonset-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: daemonset-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset +/-/-/-/ +# Source: nginx-ingress/templates/controller-daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: daemonset-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + serviceAccountName: daemonset-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + volumes: [] + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - name: nginx-ingress + image: nginx/nginx-ingress:4.0.0 + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + resources: + requests: + cpu: 100m + memory: 128Mi + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/daemonset-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=daemonset-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=daemonset-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: daemonset-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: daemonset + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/default_values_file - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: default-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: default-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: default-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: default-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: default-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - default-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: default-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: default-nginx-ingress +subjects: +- kind: ServiceAccount + name: default-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: default-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: default-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: default-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/default-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=default-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=default-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: default-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: default + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/globalConfig - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: global-configuration-nginx-ingress + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: global-configuration-nginx-ingress + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: global-configuration-nginx-ingress-leader-election + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: global-configuration-nginx-ingress + namespace: gc +roleRef: + kind: ClusterRole + name: global-configuration-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: gc +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - global-configuration-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: global-configuration-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: gc +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: global-configuration-nginx-ingress +subjects: +- kind: ServiceAccount + name: global-configuration-nginx-ingress + namespace: gc +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: global-configuration-nginx-ingress-controller + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: global-configuration-nginx-ingress-controller + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: global-configuration-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/global-configuration-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=global-configuration-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=global-configuration-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -global-configuration=$(POD_NAMESPACE)/global-configuration-nginx-ingress-controller + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-globalconfiguration.yaml +apiVersion: k8s.nginx.org/v1 +kind: GlobalConfiguration +metadata: + name: global-configuration-nginx-ingress-controller + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + listeners: + - name: dns-udp + port: 5353 + protocol: UDP + - name: dns-tcp + port: 5353 + protocol: TCP +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: global-configuration-nginx-ingress-leader-election + namespace: gc + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: global-configuration + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/ingressClass - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ingress-class-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-class-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-class-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: ingress-class-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: ingress-class-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - ingress-class-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ingress-class-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-class-nginx-ingress +subjects: +- kind: ServiceAccount + name: ingress-class-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: ingress-class-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ingress-class-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: ingress-class-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/ingress-class-nginx-ingress + - -ingress-class=changed + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=ingress-class-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=ingress-class-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: changed + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + annotations: + ingressclass.kubernetes.io/is-default-class: "true" +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: ingress-class-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: ingress-class + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/namespace - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: namespace-nginx-ingress + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: namespace-nginx-ingress + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: namespace-nginx-ingress-leader-election + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: namespace-nginx-ingress + namespace: nginx-ingress +roleRef: + kind: ClusterRole + name: namespace-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: nginx-ingress +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - namespace-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: namespace-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: nginx-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: namespace-nginx-ingress +subjects: +- kind: ServiceAccount + name: namespace-nginx-ingress + namespace: nginx-ingress +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: namespace-nginx-ingress-controller + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: namespace-nginx-ingress-controller + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: namespace-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=false + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/namespace-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=namespace-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=namespace-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: namespace-nginx-ingress-leader-election + namespace: nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: namespace + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- + +[TestHelmNICTemplate/plus - 1] +/-/-/-/ +# Source: nginx-ingress/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: plus-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-nginx-ingress + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +data: + {} +/-/-/-/ +# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: plus-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +/-/-/-/ +# Source: nginx-ingress/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "apps" + resources: + - replicasets + - daemonsets + verbs: + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers + - virtualserverroutes + - globalconfigurations + - transportservers + - policies + verbs: + - list + - watch + - get +- apiGroups: + - k8s.nginx.org + resources: + - virtualservers/status + - virtualserverroutes/status + - policies/status + - transportservers/status + verbs: + - update +/-/-/-/ +# Source: nginx-ingress/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: plus-nginx-ingress + namespace: default +roleRef: + kind: ClusterRole + name: plus-nginx-ingress + apiGroup: rbac.authorization.k8s.io +/-/-/-/ +# Source: nginx-ingress/templates/controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - list +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - plus-nginx-ingress-leader-election + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +/-/-/-/ +# Source: nginx-ingress/templates/controller-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: plus-nginx-ingress + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: plus-nginx-ingress +subjects: +- kind: ServiceAccount + name: plus-nginx-ingress + namespace: default +/-/-/-/ +# Source: nginx-ingress/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: plus-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + nodePort: + - port: 443 + targetPort: 443 + protocol: TCP + name: https + nodePort: + selector: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus +/-/-/-/ +# Source: nginx-ingress/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: plus-nginx-ingress-controller + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + template: + metadata: + labels: + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9113" + prometheus.io/scheme: "http" + spec: + volumes: [] + serviceAccountName: plus-nginx-ingress + automountServiceAccountToken: true + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 30 + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - image: nginx/nginx-ingress:4.0.0 + name: nginx-ingress + imagePullPolicy: "IfNotPresent" + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: prometheus + containerPort: 9113 + - name: readiness-port + containerPort: 8081 + readinessProbe: + httpGet: + path: /nginx-ready + port: readiness-port + periodSeconds: 1 + initialDelaySeconds: 0 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsUser: 101 #nginx + runAsNonRoot: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: [] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - -nginx-plus=true + - -nginx-reload-timeout=60000 + - -enable-app-protect=false + - -enable-app-protect-dos=false + - -nginx-configmaps=$(POD_NAMESPACE)/plus-nginx-ingress + - -ingress-class=nginx + - -health-status=false + - -health-status-uri=/nginx-health + - -nginx-debug=false + - -log-level=info + - -log-format=glog + - -nginx-status=true + - -nginx-status-port=8080 + - -nginx-status-allow-cidrs=127.0.0.1 + - -report-ingress-status + - -external-service=plus-nginx-ingress-controller + - -enable-leader-election=true + - -leader-election-lock-name=plus-nginx-ingress-leader-election + - -enable-prometheus-metrics=true + - -prometheus-metrics-listen-port=9113 + - -prometheus-tls-secret= + - -enable-service-insight=false + - -service-insight-listen-port=9114 + - -service-insight-tls-secret= + - -enable-custom-resources=true + - -enable-snippets=false + - -disable-ipv6=false + - -enable-tls-passthrough=false + - -enable-cert-manager=false + - -enable-oidc=false + - -enable-external-dns=false + - -default-http-listener-port=80 + - -default-https-listener-port=443 + - -ready-status=true + - -ready-status-port=8081 + - -enable-latency-metrics=false + - -ssl-dynamic-reload=true + - -enable-telemetry-reporting=true + - -weight-changes-dynamic-reload=false +/-/-/-/ +# Source: nginx-ingress/templates/controller-ingress-class.yaml +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: nginx + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +spec: + controller: nginx.org/ingress-controller +/-/-/-/ +# Source: nginx-ingress/templates/controller-lease.yaml +apiVersion: coordination.k8s.io/v1 +kind: Lease +metadata: + name: plus-nginx-ingress-leader-election + namespace: default + labels: + helm.sh/chart: nginx-ingress-1.5.0 + app.kubernetes.io/name: nginx-ingress + app.kubernetes.io/instance: plus + app.kubernetes.io/version: "4.0.0" + app.kubernetes.io/managed-by: Helm +--- diff --git a/charts/tests/go.mod b/charts/tests/go.mod deleted file mode 100644 index 09ce5cbe37..0000000000 --- a/charts/tests/go.mod +++ /dev/null @@ -1,102 +0,0 @@ -module github.com/nginxinc/kubernetes-ingress/charts/tests - -go 1.23.3 - -require ( - github.com/gkampitakis/go-snaps v0.5.7 - github.com/gruntwork-io/terratest v0.47.2 -) - -require ( - github.com/BurntSushi/toml v1.3.2 // indirect - github.com/aws/aws-sdk-go v1.44.122 // indirect - github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect - github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/ghodss/yaml v1.0.0 // indirect - github.com/gkampitakis/ciinfo v0.3.0 // indirect - github.com/gkampitakis/go-diff v1.3.2 // indirect - github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect - github.com/go-logr/logr v1.4.2 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.4 // indirect - github.com/go-sql-driver/mysql v1.4.1 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.4 // indirect - github.com/gonvenience/bunt v1.3.5 // indirect - github.com/gonvenience/neat v1.3.12 // indirect - github.com/gonvenience/term v1.0.2 // indirect - github.com/gonvenience/text v1.0.7 // indirect - github.com/gonvenience/wrap v1.1.2 // indirect - github.com/gonvenience/ytbx v1.4.4 // indirect - github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.6.0 // indirect - github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.6.0 // indirect - github.com/gorilla/websocket v1.5.0 // indirect - github.com/gruntwork-io/go-commons v0.8.0 // indirect - github.com/hashicorp/errwrap v1.0.0 // indirect - github.com/hashicorp/go-multierror v1.1.0 // indirect - github.com/homeport/dyff v1.6.0 // indirect - github.com/imdario/mergo v0.3.11 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect - github.com/josharian/intern v1.0.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/kr/pretty v0.3.1 // indirect - github.com/kr/text v0.2.0 // indirect - github.com/lucasb-eyer/go-colorful v1.2.0 // indirect - github.com/mailru/easyjson v0.7.7 // indirect - github.com/maruel/natural v1.1.1 // indirect - github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect - github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect - github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/go-ps v1.0.0 // indirect - github.com/mitchellh/hashstructure v1.1.0 // indirect - github.com/moby/spdystream v0.4.0 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect - github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/pquerna/otp v1.2.0 // indirect - github.com/rogpeppe/go-internal v1.12.0 // indirect - github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/sergi/go-diff v1.3.1 // indirect - github.com/spf13/pflag v1.0.5 // indirect - github.com/stretchr/testify v1.9.0 // indirect - github.com/texttheater/golang-levenshtein v1.0.1 // indirect - github.com/tidwall/gjson v1.17.0 // indirect - github.com/tidwall/match v1.1.1 // indirect - github.com/tidwall/pretty v1.2.1 // indirect - github.com/tidwall/sjson v1.2.5 // indirect - github.com/urfave/cli v1.22.2 // indirect - github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect - github.com/x448/float16 v0.8.4 // indirect - golang.org/x/crypto v0.29.0 // indirect - golang.org/x/net v0.31.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sync v0.9.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/term v0.26.0 // indirect - golang.org/x/text v0.20.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.27.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.34.2 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.31.3 // indirect - k8s.io/apimachinery v0.31.3 // indirect - k8s.io/client-go v0.31.3 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect - sigs.k8s.io/yaml v1.4.0 // indirect -) diff --git a/charts/tests/go.sum b/charts/tests/go.sum deleted file mode 100644 index 04cb4cc186..0000000000 --- a/charts/tests/go.sum +++ /dev/null @@ -1,299 +0,0 @@ -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= -github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= -github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= -github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= -github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= -github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gkampitakis/ciinfo v0.3.0 h1:gWZlOC2+RYYttL0hBqcoQhM7h1qNkVqvRCV1fOvpAv8= -github.com/gkampitakis/ciinfo v0.3.0/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo= -github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZdC4M= -github.com/gkampitakis/go-diff v1.3.2/go.mod h1:LLgOrpqleQe26cte8s36HTWcTmMEur6OPYerdAAS9tk= -github.com/gkampitakis/go-snaps v0.5.7 h1:uVGjHR4t4pPHU944udMx7VKHpwepZXmvDMF+yDmI0rg= -github.com/gkampitakis/go-snaps v0.5.7/go.mod h1:ZABkO14uCuVxBHAXAfKG+bqNz+aa1bGPAg8jkI0Nk8Y= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= -github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= -github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/gonvenience/bunt v1.3.5 h1:wSQquifvwEWtzn27k1ngLfeLaStyt0k1b/K6TrlCNAs= -github.com/gonvenience/bunt v1.3.5/go.mod h1:7ApqkVBEWvX04oJ28Q2WeI/BvJM6VtukaJAU/q/pTs8= -github.com/gonvenience/neat v1.3.12 h1:xwIyRbJcG9LgcDYys+HHLH9DqqHeQsUpS5CfBUeskbs= -github.com/gonvenience/neat v1.3.12/go.mod h1:8OljAIgPelN0uPPO94VBqxK+Kz98d6ZFwHDg5o/PfkE= -github.com/gonvenience/term v1.0.2 h1:qKa2RydbWIrabGjR/fegJwpW5m+JvUwFL8mLhHzDXn0= -github.com/gonvenience/term v1.0.2/go.mod h1:wThTR+3MzWtWn7XGVW6qQ65uaVf8GHED98KmwpuEQeo= -github.com/gonvenience/text v1.0.7 h1:YmIqmgTwxnACYCG59DykgMbomwteYyNhAmEUEJtPl14= -github.com/gonvenience/text v1.0.7/go.mod h1:OAjH+mohRszffLY6OjgQcUXiSkbrIavooFpfIt1ZwAs= -github.com/gonvenience/wrap v1.1.2 h1:xPKxNwL1HCguwyM+HlP/1CIuc9LRd7k8RodLwe9YTZA= -github.com/gonvenience/wrap v1.1.2/go.mod h1:GiryBSXoI3BAAhbWD1cZVj7RZmtiu0ERi/6R6eJfslI= -github.com/gonvenience/ytbx v1.4.4 h1:jQopwyaLsVGuwdxSiN4WkXjsEaFNPJ3V4lUj7eyEpzo= -github.com/gonvenience/ytbx v1.4.4/go.mod h1:w37+MKCPcCMY/jpPNmEklD4xKqrOAVBO6kIWW2+uI6M= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= -github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= -github.com/gruntwork-io/terratest v0.47.2 h1:t6iWwsqJH7Gx0RwXleU/vjc+2c0JXRMdj3DxYXTBssQ= -github.com/gruntwork-io/terratest v0.47.2/go.mod h1:LnYX8BN5WxUMpDr8rtD39oToSL4CBERWSCusbJ0d/64= -github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI= -github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= -github.com/homeport/dyff v1.6.0 h1:AN+ikld0Fy+qx34YE7655b/bpWuxS6cL9k852pE2GUc= -github.com/homeport/dyff v1.6.0/go.mod h1:FlAOFYzeKvxmU5nTrnG+qrlJVWpsFew7pt8L99p5q8k= -github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= -github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= -github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= -github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= -github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= -github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= -github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= -github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= -github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= -github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= -github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= -github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= -github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c= -github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok= -github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= -github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= -github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= -github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= -github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= -github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= -github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= -github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= -github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= -github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= -github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= -github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= -github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= -golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= -k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= -k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= -k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= -k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= -sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/charts/tests/unit_test.go b/charts/tests/helmunit_test.go similarity index 99% rename from charts/tests/unit_test.go rename to charts/tests/helmunit_test.go index 68280b252b..715987eaac 100644 --- a/charts/tests/unit_test.go +++ b/charts/tests/helmunit_test.go @@ -115,5 +115,4 @@ func TestHelmNICTemplate(t *testing.T) { t.Log(output) }) } - } diff --git a/go.mod b/go.mod index 96ca928655..2281fb64df 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/go-kit/log v0.2.1 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.6.0 + github.com/gruntwork-io/terratest v0.47.2 github.com/jinzhu/copier v0.4.0 github.com/nginxinc/nginx-plus-go-client v1.3.0 github.com/nginxinc/nginx-prometheus-exporter v1.3.0 @@ -32,7 +33,9 @@ require ( require ( github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect + github.com/aws/aws-sdk-go v1.44.122 // indirect github.com/aws/aws-sdk-go-v2 v1.32.5 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.46 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect @@ -47,18 +50,22 @@ require ( github.com/aws/smithy-go v1.22.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect + github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/ghodss/yaml v1.0.0 // indirect github.com/gkampitakis/ciinfo v0.3.0 // indirect github.com/gkampitakis/go-diff v1.3.2 // indirect github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect + github.com/go-errors/errors v1.4.2 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-ldap/ldap/v3 v3.4.8 // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect @@ -68,42 +75,69 @@ require ( github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-sql-driver/mysql v1.4.1 // indirect github.com/gobuffalo/flect v1.0.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect + github.com/gonvenience/bunt v1.3.5 // indirect + github.com/gonvenience/neat v1.3.12 // indirect + github.com/gonvenience/term v1.0.2 // indirect + github.com/gonvenience/text v1.0.7 // indirect + github.com/gonvenience/wrap v1.1.2 // indirect + github.com/gonvenience/ytbx v1.4.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/websocket v1.5.1 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect + github.com/gruntwork-io/go-commons v0.8.0 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect + github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/homeport/dyff v1.6.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.9 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/kr/text v0.2.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/maruel/natural v1.1.1 // indirect + github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/go-ps v1.0.0 // indirect + github.com/mitchellh/hashstructure v1.1.0 // indirect + github.com/moby/spdystream v0.4.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/pquerna/otp v1.2.0 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/rogpeppe/go-internal v1.13.1 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect github.com/spf13/cobra v1.8.1 // indirect github.com/spf13/pflag v1.0.5 // indirect + github.com/texttheater/golang-levenshtein v1.0.1 // indirect github.com/tidwall/gjson v1.17.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect + github.com/urfave/cli v1.22.2 // indirect + github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/zeebo/errs v1.3.0 // indirect go.etcd.io/etcd/api/v3 v3.5.14 // indirect @@ -128,6 +162,7 @@ require ( golang.org/x/text v0.20.0 // indirect golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.26.0 // indirect + google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect google.golang.org/grpc v1.67.1 // indirect diff --git a/go.sum b/go.sum index aeff8492dd..83bf6f3a06 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,16 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= +github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo= github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0= @@ -34,8 +41,11 @@ github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cert-manager/cert-manager v1.16.2 h1:c9UU2E+8XWGruyvC/mdpc1wuLddtgmNr8foKdP7a8Jg= @@ -46,6 +56,8 @@ github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -58,6 +70,7 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -66,6 +79,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gkampitakis/ciinfo v0.3.0 h1:gWZlOC2+RYYttL0hBqcoQhM7h1qNkVqvRCV1fOvpAv8= github.com/gkampitakis/ciinfo v0.3.0/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo= github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZdC4M= @@ -75,6 +90,9 @@ github.com/gkampitakis/go-snaps v0.5.7/go.mod h1:ZABkO14uCuVxBHAXAfKG+bqNz+aa1bG github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-asn1-ber/asn1-ber v1.5.6 h1:CYsqysemXfEaQbyrLJmdsCRuufHoLa3P/gGWGl5TDrM= github.com/go-asn1-ber/asn1-ber v1.5.6/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU= @@ -96,6 +114,9 @@ github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= +github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4= @@ -107,8 +128,21 @@ github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQg github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/gonvenience/bunt v1.3.5 h1:wSQquifvwEWtzn27k1ngLfeLaStyt0k1b/K6TrlCNAs= +github.com/gonvenience/bunt v1.3.5/go.mod h1:7ApqkVBEWvX04oJ28Q2WeI/BvJM6VtukaJAU/q/pTs8= +github.com/gonvenience/neat v1.3.12 h1:xwIyRbJcG9LgcDYys+HHLH9DqqHeQsUpS5CfBUeskbs= +github.com/gonvenience/neat v1.3.12/go.mod h1:8OljAIgPelN0uPPO94VBqxK+Kz98d6ZFwHDg5o/PfkE= +github.com/gonvenience/term v1.0.2 h1:qKa2RydbWIrabGjR/fegJwpW5m+JvUwFL8mLhHzDXn0= +github.com/gonvenience/term v1.0.2/go.mod h1:wThTR+3MzWtWn7XGVW6qQ65uaVf8GHED98KmwpuEQeo= +github.com/gonvenience/text v1.0.7 h1:YmIqmgTwxnACYCG59DykgMbomwteYyNhAmEUEJtPl14= +github.com/gonvenience/text v1.0.7/go.mod h1:OAjH+mohRszffLY6OjgQcUXiSkbrIavooFpfIt1ZwAs= +github.com/gonvenience/wrap v1.1.2 h1:xPKxNwL1HCguwyM+HlP/1CIuc9LRd7k8RodLwe9YTZA= +github.com/gonvenience/wrap v1.1.2/go.mod h1:GiryBSXoI3BAAhbWD1cZVj7RZmtiu0ERi/6R6eJfslI= +github.com/gonvenience/ytbx v1.4.4 h1:jQopwyaLsVGuwdxSiN4WkXjsEaFNPJ3V4lUj7eyEpzo= +github.com/gonvenience/ytbx v1.4.4/go.mod h1:w37+MKCPcCMY/jpPNmEklD4xKqrOAVBO6kIWW2+uI6M= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= @@ -123,6 +157,8 @@ github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSF github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= @@ -135,9 +171,20 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU= github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0= +github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= +github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= +github.com/gruntwork-io/terratest v0.47.2 h1:t6iWwsqJH7Gx0RwXleU/vjc+2c0JXRMdj3DxYXTBssQ= +github.com/gruntwork-io/terratest v0.47.2/go.mod h1:LnYX8BN5WxUMpDr8rtD39oToSL4CBERWSCusbJ0d/64= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/homeport/dyff v1.6.0 h1:AN+ikld0Fy+qx34YE7655b/bpWuxS6cL9k852pE2GUc= +github.com/homeport/dyff v1.6.0/go.mod h1:FlAOFYzeKvxmU5nTrnG+qrlJVWpsFew7pt8L99p5q8k= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -156,6 +203,11 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8= github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY= +github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -166,21 +218,43 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= +github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= +github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= +github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -188,6 +262,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nginxinc/nginx-plus-go-client v1.3.0 h1:q/aeT4B5k0KLwWlefoBzfLfraBBvIKLuDg+lLFWAo4I= github.com/nginxinc/nginx-plus-go-client v1.3.0/go.mod h1:n8OFLzrJulJ2fur28Cwa1Qp5DZNS2VicLV+Adt30LQ4= github.com/nginxinc/nginx-prometheus-exporter v1.3.0 h1:1JtdxsZH0Uwhu1nL/j/QyOXytP5V5j68AEo2X+DFWb0= @@ -210,6 +286,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok= +github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= @@ -221,7 +299,13 @@ github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoG github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= @@ -233,8 +317,10 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spiffe/go-spiffe/v2 v2.4.0 h1:j/FynG7hi2azrBG5cvjRcnQ4sux/VNj8FAVc99Fl66c= github.com/spiffe/go-spiffe/v2 v2.4.0/go.mod h1:m5qJ1hGzjxjtrkGHZupoXHo/FDWwCB1MdSyBzfHugx0= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -242,6 +328,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= +github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= @@ -254,6 +342,10 @@ github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= +github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= +github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= @@ -321,11 +413,13 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= @@ -344,10 +438,14 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -367,6 +465,7 @@ golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -388,6 +487,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= @@ -399,6 +500,7 @@ google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFN google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= From 1d2ddbd50a1efe15f09c03cb040a262f6ec65ab8 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Tue, 3 Dec 2024 09:20:05 +0000 Subject: [PATCH 5/7] tidy up --- charts/tests/__snapshots__/unit_test.snap | 4357 --------------------- 1 file changed, 4357 deletions(-) delete mode 100755 charts/tests/__snapshots__/unit_test.snap diff --git a/charts/tests/__snapshots__/unit_test.snap b/charts/tests/__snapshots__/unit_test.snap deleted file mode 100755 index a7c1beac8f..0000000000 --- a/charts/tests/__snapshots__/unit_test.snap +++ /dev/null @@ -1,4357 +0,0 @@ - -[TestHelmNICTemplate/appProtectDOS - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: appprotect-dos-nginx-ingress - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-dos-nginx-ingress - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-dos-nginx-ingress-leader-election - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-dos-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - appprotectdos.f5.com - resources: - - apdospolicies - - apdoslogconfs - - dosprotectedresources - verbs: - - get - - watch - - list -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-dos-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: appprotect-dos-nginx-ingress - namespace: appprotect-dos -roleRef: - kind: ClusterRole - name: appprotect-dos-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-dos-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-dos -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - appprotect-dos-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-dos-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-dos -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appprotect-dos-nginx-ingress -subjects: -- kind: ServiceAccount - name: appprotect-dos-nginx-ingress - namespace: appprotect-dos -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: appprotect-dos-nginx-ingress-controller - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos -/-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: appprotect-dos-nginx-ingress-controller - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: appprotect-dos-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=true - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=true - - -app-protect-dos-debug=true - - -app-protect-dos-max-daemons=10 - - -app-protect-dos-max-workers=5 - - -app-protect-dos-memory=1024 - - - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-dos-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=appprotect-dos-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=appprotect-dos-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: appprotect-dos-nginx-ingress-leader-election - namespace: appprotect-dos - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-dos - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- - -[TestHelmNICTemplate/appProtectWAF - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: appprotect-waf-nginx-ingress - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-waf-nginx-ingress - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-waf-nginx-ingress-leader-election - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-waf-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - appprotect.f5.com - resources: - - appolicies - - aplogconfs - - apusersigs - verbs: - - get - - watch - - list -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-waf-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: appprotect-waf-nginx-ingress - namespace: appprotect-waf -roleRef: - kind: ClusterRole - name: appprotect-waf-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-waf-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-waf -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - appprotect-waf-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-waf-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-waf -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appprotect-waf-nginx-ingress -subjects: -- kind: ServiceAccount - name: appprotect-waf-nginx-ingress - namespace: appprotect-waf -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: appprotect-waf-nginx-ingress-controller - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf -/-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: appprotect-waf-nginx-ingress-controller - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: appprotect-waf-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=true - - -nginx-reload-timeout=60000 - - -enable-app-protect=true - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-waf-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=appprotect-waf-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=appprotect-waf-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: appprotect-waf-nginx-ingress-leader-election - namespace: appprotect-waf - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-waf - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- - -[TestHelmNICTemplate/appProtectWAFV5 - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: appprotect-wafv5-nginx-ingress - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-wafv5-nginx-ingress - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: appprotect-wafv5-nginx-ingress-leader-election - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-wafv5-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - appprotect.f5.com - resources: - - appolicies - - aplogconfs - - apusersigs - verbs: - - get - - watch - - list -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-wafv5-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: appprotect-wafv5-nginx-ingress - namespace: appprotect-wafv5 -roleRef: - kind: ClusterRole - name: appprotect-wafv5-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-wafv5-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-wafv5 -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - appprotect-wafv5-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appprotect-wafv5-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: appprotect-wafv5 -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: appprotect-wafv5-nginx-ingress -subjects: -- kind: ServiceAccount - name: appprotect-wafv5-nginx-ingress - namespace: appprotect-wafv5 -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: appprotect-wafv5-nginx-ingress-controller - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 -/-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: appprotect-wafv5-nginx-ingress-controller - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: - - - emptyDir: {} - name: app-protect-bd-config - - emptyDir: {} - name: app-protect-config - - emptyDir: {} - name: app-protect-bundles - serviceAccountName: appprotect-wafv5-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: - - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - # app-protect-bundles is mounted so that Ingress Controller - # can verify that referenced bundles are present - - name: app-protect-bundles - mountPath: /etc/app_protect/bundles - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=true - - -nginx-reload-timeout=60000 - - -enable-app-protect=true - - -app-protect-enforcer-address="localhost:50001" - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/appprotect-wafv5-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=appprotect-wafv5-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=appprotect-wafv5-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false - - - name: waf-enforcer - image: my.private.reg/nap/waf-enforcer:5.3.0 - imagePullPolicy: "IfNotPresent" - env: - - name: ENFORCER_PORT - value: "50001" - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: waf-config-mgr - image: my.private.reg/nap/waf-config-mgr:5.3.0 - imagePullPolicy: "IfNotPresent" - securityContext: - - allowPrivilegeEscalation: false - capabilities: - drop: - - all - runAsNonRoot: true - runAsUser: 101 - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - - name: app-protect-bundles - mountPath: /etc/app_protect/bundles -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: appprotect-wafv5-nginx-ingress-leader-election - namespace: appprotect-wafv5 - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: appprotect-wafv5 - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- - -[TestHelmNICTemplate/customResources - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: custom-resources-nginx-ingress - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: custom-resources-nginx-ingress - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: custom-resources-nginx-ingress-leader-election - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: custom-resources-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: custom-resources-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: custom-resources-nginx-ingress - namespace: custom-resources -roleRef: - kind: ClusterRole - name: custom-resources-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: custom-resources-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: custom-resources -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - custom-resources-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: custom-resources-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: custom-resources -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: custom-resources-nginx-ingress -subjects: -- kind: ServiceAccount - name: custom-resources-nginx-ingress - namespace: custom-resources -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: custom-resources-nginx-ingress-controller - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources -/-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: custom-resources-nginx-ingress-controller - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: custom-resources-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/custom-resources-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=custom-resources-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=custom-resources-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=false - - -enable-snippets=false - - -disable-ipv6=false - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: custom-resources-nginx-ingress-leader-election - namespace: custom-resources - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: custom-resources - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- - -[TestHelmNICTemplate/daemonset - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: daemonset-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: daemonset-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: daemonset-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: daemonset-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: daemonset-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: daemonset-nginx-ingress - namespace: default -roleRef: - kind: ClusterRole - name: daemonset-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: daemonset-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - daemonset-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: daemonset-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: daemonset-nginx-ingress -subjects: -- kind: ServiceAccount - name: daemonset-nginx-ingress - namespace: default -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: daemonset-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset -/-/-/-/ -# Source: nginx-ingress/templates/controller-daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: daemonset-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - serviceAccountName: daemonset-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - volumes: [] - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - name: nginx-ingress - image: nginx/nginx-ingress:4.0.0 - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - resources: - requests: - cpu: 100m - memory: 128Mi - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/daemonset-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=daemonset-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=daemonset-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: daemonset-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: daemonset - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- - -[TestHelmNICTemplate/default_values_file - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: default-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: default-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: default-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: default-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: default-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: default-nginx-ingress - namespace: default -roleRef: - kind: ClusterRole - name: default-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: default-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - default-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: default-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: default-nginx-ingress -subjects: -- kind: ServiceAccount - name: default-nginx-ingress - namespace: default -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: default-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default -/-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: default-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: default-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/default-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=default-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=default-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: default-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: default - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- - -[TestHelmNICTemplate/globalConfig - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: global-configuration-nginx-ingress - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: global-configuration-nginx-ingress - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: global-configuration-nginx-ingress-leader-election - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: global-configuration-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: global-configuration-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: global-configuration-nginx-ingress - namespace: gc -roleRef: - kind: ClusterRole - name: global-configuration-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: global-configuration-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: gc -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - global-configuration-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: global-configuration-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: gc -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: global-configuration-nginx-ingress -subjects: -- kind: ServiceAccount - name: global-configuration-nginx-ingress - namespace: gc -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: global-configuration-nginx-ingress-controller - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration -/-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: global-configuration-nginx-ingress-controller - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: global-configuration-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/global-configuration-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=global-configuration-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=global-configuration-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -global-configuration=$(POD_NAMESPACE)/global-configuration-nginx-ingress-controller - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-globalconfiguration.yaml -apiVersion: k8s.nginx.org/v1 -kind: GlobalConfiguration -metadata: - name: global-configuration-nginx-ingress-controller - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - listeners: - - name: dns-udp - port: 5353 - protocol: UDP - - name: dns-tcp - port: 5353 - protocol: TCP -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: global-configuration-nginx-ingress-leader-election - namespace: gc - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: global-configuration - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- - -[TestHelmNICTemplate/ingressClass - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ingress-class-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: ingress-class-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: ingress-class-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ingress-class-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ingress-class-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: ingress-class-nginx-ingress - namespace: default -roleRef: - kind: ClusterRole - name: ingress-class-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ingress-class-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - ingress-class-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ingress-class-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-class-nginx-ingress -subjects: -- kind: ServiceAccount - name: ingress-class-nginx-ingress - namespace: default -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: ingress-class-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class -/-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ingress-class-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: ingress-class-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/ingress-class-nginx-ingress - - -ingress-class=changed - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=ingress-class-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=ingress-class-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: changed - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - annotations: - ingressclass.kubernetes.io/is-default-class: "true" -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: ingress-class-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: ingress-class - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- - -[TestHelmNICTemplate/namespace - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: namespace-nginx-ingress - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: namespace-nginx-ingress - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: namespace-nginx-ingress-leader-election - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: namespace-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: namespace-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: namespace-nginx-ingress - namespace: nginx-ingress -roleRef: - kind: ClusterRole - name: namespace-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: namespace-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: nginx-ingress -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - namespace-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: namespace-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: nginx-ingress -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: namespace-nginx-ingress -subjects: -- kind: ServiceAccount - name: namespace-nginx-ingress - namespace: nginx-ingress -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: namespace-nginx-ingress-controller - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace -/-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: namespace-nginx-ingress-controller - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: namespace-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=false - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/namespace-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=namespace-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=namespace-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: namespace-nginx-ingress-leader-election - namespace: nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: namespace - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- - -[TestHelmNICTemplate/plus - 1] -/-/-/-/ -# Source: nginx-ingress/templates/controller-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: plus-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/controller-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-nginx-ingress - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -data: - {} -/-/-/-/ -# Source: nginx-ingress/templates/controller-leader-election-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: plus-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -/-/-/-/ -# Source: nginx-ingress/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: plus-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: - - "" - resources: - - configmaps - - namespaces - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - list -- apiGroups: - - "apps" - resources: - - replicasets - - daemonsets - verbs: - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers - - virtualserverroutes - - globalconfigurations - - transportservers - - policies - verbs: - - list - - watch - - get -- apiGroups: - - k8s.nginx.org - resources: - - virtualservers/status - - virtualserverroutes/status - - policies/status - - transportservers/status - verbs: - - update -/-/-/-/ -# Source: nginx-ingress/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: plus-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -subjects: -- kind: ServiceAccount - name: plus-nginx-ingress - namespace: default -roleRef: - kind: ClusterRole - name: plus-nginx-ingress - apiGroup: rbac.authorization.k8s.io -/-/-/-/ -# Source: nginx-ingress/templates/controller-role.yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: plus-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -rules: -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - plus-nginx-ingress-leader-election - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -/-/-/-/ -# Source: nginx-ingress/templates/controller-rolebinding.yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: plus-nginx-ingress - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: plus-nginx-ingress -subjects: -- kind: ServiceAccount - name: plus-nginx-ingress - namespace: default -/-/-/-/ -# Source: nginx-ingress/templates/controller-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: plus-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - externalTrafficPolicy: Local - type: LoadBalancer - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - nodePort: - - port: 443 - targetPort: 443 - protocol: TCP - name: https - nodePort: - selector: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus -/-/-/-/ -# Source: nginx-ingress/templates/controller-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: plus-nginx-ingress-controller - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - template: - metadata: - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9113" - prometheus.io/scheme: "http" - spec: - volumes: [] - serviceAccountName: plus-nginx-ingress - automountServiceAccountToken: true - securityContext: - seccompProfile: - type: RuntimeDefault - terminationGracePeriodSeconds: 30 - hostNetwork: false - dnsPolicy: ClusterFirst - containers: - - image: nginx/nginx-ingress:4.0.0 - name: nginx-ingress - imagePullPolicy: "IfNotPresent" - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: prometheus - containerPort: 9113 - - name: readiness-port - containerPort: 8081 - readinessProbe: - httpGet: - path: /nginx-ready - port: readiness-port - periodSeconds: 1 - initialDelaySeconds: 0 - resources: - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsUser: 101 #nginx - runAsNonRoot: true - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - volumeMounts: [] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - -nginx-plus=true - - -nginx-reload-timeout=60000 - - -enable-app-protect=false - - -enable-app-protect-dos=false - - -nginx-configmaps=$(POD_NAMESPACE)/plus-nginx-ingress - - -ingress-class=nginx - - -health-status=false - - -health-status-uri=/nginx-health - - -nginx-debug=false - - -log-level=info - - -log-format=glog - - -nginx-status=true - - -nginx-status-port=8080 - - -nginx-status-allow-cidrs=127.0.0.1 - - -report-ingress-status - - -external-service=plus-nginx-ingress-controller - - -enable-leader-election=true - - -leader-election-lock-name=plus-nginx-ingress-leader-election - - -enable-prometheus-metrics=true - - -prometheus-metrics-listen-port=9113 - - -prometheus-tls-secret= - - -enable-service-insight=false - - -service-insight-listen-port=9114 - - -service-insight-tls-secret= - - -enable-custom-resources=true - - -enable-snippets=false - - -disable-ipv6=false - - -enable-tls-passthrough=false - - -enable-cert-manager=false - - -enable-oidc=false - - -enable-external-dns=false - - -default-http-listener-port=80 - - -default-https-listener-port=443 - - -ready-status=true - - -ready-status-port=8081 - - -enable-latency-metrics=false - - -ssl-dynamic-reload=true - - -enable-telemetry-reporting=true - - -weight-changes-dynamic-reload=false -/-/-/-/ -# Source: nginx-ingress/templates/controller-ingress-class.yaml -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: nginx - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm -spec: - controller: nginx.org/ingress-controller -/-/-/-/ -# Source: nginx-ingress/templates/controller-lease.yaml -apiVersion: coordination.k8s.io/v1 -kind: Lease -metadata: - name: plus-nginx-ingress-leader-election - namespace: default - labels: - helm.sh/chart: nginx-ingress-1.5.0 - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/instance: plus - app.kubernetes.io/version: "4.0.0" - app.kubernetes.io/managed-by: Helm ---- From 544848aec16e7fa304914b66a777d85cdece3a3c Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Tue, 3 Dec 2024 10:31:25 +0000 Subject: [PATCH 6/7] update from error to fatal if the chart is not found --- charts/tests/helmunit_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tests/helmunit_test.go b/charts/tests/helmunit_test.go index 715987eaac..fe22d91e09 100644 --- a/charts/tests/helmunit_test.go +++ b/charts/tests/helmunit_test.go @@ -96,7 +96,7 @@ func TestHelmNICTemplate(t *testing.T) { // Path to the helm chart we will test helmChartPath, err := filepath.Abs("../nginx-ingress") if err != nil { - t.Error("Failed to open helm chart path ../nginx-ingress") + t.Fatal("Failed to open helm chart path ../nginx-ingress") } for testName, tc := range tests { From ceb47f997fe051b9a1e760ed201298cf2ebb9d77 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Tue, 3 Dec 2024 10:34:27 +0000 Subject: [PATCH 7/7] remove unused struct field --- charts/tests/helmunit_test.go | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/charts/tests/helmunit_test.go b/charts/tests/helmunit_test.go index fe22d91e09..0e9752fe6e 100644 --- a/charts/tests/helmunit_test.go +++ b/charts/tests/helmunit_test.go @@ -29,65 +29,54 @@ func TestHelmNICTemplate(t *testing.T) { valuesFile string releaseName string namespace string - expectedErr error }{ "default values file": { valuesFile: "", - expectedErr: nil, releaseName: "default", namespace: "default", }, "daemonset": { valuesFile: "testdata/daemonset.yaml", - expectedErr: nil, releaseName: "daemonset", namespace: "default", }, "namespace": { valuesFile: "", - expectedErr: nil, releaseName: "namespace", namespace: "nginx-ingress", }, "plus": { valuesFile: "testdata/plus.yaml", - expectedErr: nil, releaseName: "plus", namespace: "default", }, "ingressClass": { valuesFile: "testdata/ingress-class.yaml", - expectedErr: nil, releaseName: "ingress-class", namespace: "default", }, "globalConfig": { valuesFile: "testdata/global-configuration.yaml", - expectedErr: nil, releaseName: "global-configuration", namespace: "gc", }, "customResources": { valuesFile: "testdata/custom-resources.yaml", - expectedErr: nil, releaseName: "custom-resources", namespace: "custom-resources", }, "appProtectWAF": { valuesFile: "testdata/app-protect-waf.yaml", - expectedErr: nil, releaseName: "appprotect-waf", namespace: "appprotect-waf", }, "appProtectWAFV5": { valuesFile: "testdata/app-protect-wafv5.yaml", - expectedErr: nil, releaseName: "appprotect-wafv5", namespace: "appprotect-wafv5", }, "appProtectDOS": { valuesFile: "testdata/app-protect-dos.yaml", - expectedErr: nil, releaseName: "appprotect-dos", namespace: "appprotect-dos", },