apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: name: contour.tanzu.vmware.com.1.28.2+vmware.1-tkg.1 spec: refName: contour.tanzu.vmware.com version: 1.28.2+vmware.1-tkg.1 releaseNotes: contour 1.28.2 https://github.com/projectcontour/contour/releases/tag/v1.28.2 releasedAt: "2024-03-19T00:00:00Z" licenses: - 'VMware’s End User License Agreement (Underlying OSS license: Apache License 2.0)' template: spec: fetch: - imgpkgBundle: image: projects.packages.broadcom.com/tkg/packages/standard/contour:v1.28.2_vmware.1-tkg.1 template: - ytt: paths: - config/ ignoreUnknownComments: true inline: paths: ipv4-overlay.yaml: |2 #@ load("@ytt:overlay", "overlay") #@overlay/match by=overlay.subset({"metadata":{"name":"contour"}, "kind": "Deployment"}) --- spec: template: spec: containers: #@overlay/match by="name" - name: contour #@overlay/replace args: - serve - --incluster - '--xds-address=0.0.0.0' - --xds-port=8001 - '--stats-address=0.0.0.0' - '--http-address=0.0.0.0' - '--envoy-service-http-address=0.0.0.0' - '--envoy-service-https-address=0.0.0.0' - '--health-address=0.0.0.0' - --contour-cafile=/certs/ca.crt - --contour-cert-file=/certs/tls.crt - --contour-key-file=/certs/tls.key - --config-path=/config/contour.yaml - kbld: paths: - '-' - .imgpkg/images.yml deploy: - kapp: rawOptions: - --wait-timeout=5m - --kube-api-qps=20 - --kube-api-burst=30 capacityRequirementsDescription: Varies significantly based on number of Services, Ingresses/HTTPProxies, etc. A starting point is 128MB RAM and 0.5 CPU for each Contour and Envoy pod, but this can and should be tuned based on observed usage. valuesSchema: openAPIv3: type: object additionalProperties: false description: OpenAPIv3 Schema for Contour 1.28.2 properties: infrastructure_provider: type: string description: The underlying infrastructure provider. Options are vsphere, aws, and azure. This field is not required, but enables better validation and defaulting if provided. default: vsphere kubernetes_distribution: type: string description: The distribution of Kubernetes, used to determine if distribution-specific configurations need to be applied. Options are empty and openshift. If running on an Openshift cluster, this must be set to openshift. When set to openshift, a Role and RoleBinding are created to associate Contour's controllers with the appropriate Openshift Security Context Constraint resource. default: "" kubernetes_version: type: string description: The version of Kubernetes being used, for enabling version-specific behaviors. Accept any valid major.minor.patch version of Kubernetes. This field is optional. Currently only has effect when kubernetes_distribution is set to openshift. default: 0.0.0 namespace: type: string description: The namespace in which to deploy Contour and Envoy. default: tanzu-system-ingress registry_secret_names: type: array description: The names of the placeholder secrets that will contain registry credentials to pull the Contour and Envoy images. items: type: string default: "" default: - contour-reg-creds contour: type: object additionalProperties: false description: Settings for the Contour component. properties: configFileContents: nullable: true description: The YAML contents of the Contour config file. See https://projectcontour.io/docs/1.28/configuration/#configuration-file for more information. default: null replicas: type: integer description: How many Contour pod replicas to have. default: 2 useProxyProtocol: type: boolean description: Whether to enable PROXY protocol for all Envoy listeners. default: false logLevel: type: string description: The Contour log level. Valid options are 'info' and 'debug'. default: info pspNames: type: string description: Pod security policy names to apply to Contour. default: vmware-system-restricted resources: type: object additionalProperties: false description: Resource requests and limits to apply to containers in the Contour pods. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information including allowed units. properties: contour: type: object additionalProperties: false nullable: true description: Resource requests and limits to apply to the contour container. properties: limits: type: object additionalProperties: false nullable: true description: Resource limits to apply to the contour container. properties: cpu: type: string description: CPU limit to apply to the contour container. default: "" memory: type: string description: Memory limit to apply to the contour container. default: "" requests: type: object additionalProperties: false nullable: true description: Resource requests to apply to the contour container. properties: cpu: type: string description: CPU request to apply to the contour container. default: "" memory: type: string description: Memory request to apply to the contour container. default: "" listenIPFamily: type: string description: The IP family for the Contour control plane's xDS, metrics and health servers. IPv6 (the default) listens on IPv6 and IPv4 addresses, while IPv4 only listens on IPv4. default: IPv6 service: type: object additionalProperties: false description: Contour service settings. properties: ipFamilyPolicy: type: string description: The IP family policy for the Contour service. If not specified, the Kubernetes default (SingleStack) applies. default: "" ipFamilies: type: array description: The IP families for the Contour service. If not specified, this is determined by Kubernetes based on the IP family policy and the cluster's configuration. items: type: string default: "" default: [] envoy: type: object additionalProperties: false description: Settings for the Envoy component. properties: workload: type: object additionalProperties: false description: Envoy workload settings. properties: type: type: string description: The type of Kubernetes workload Envoy is deployed as. Options are 'Deployment' or 'DaemonSet'. If not specified, will default to 'DaemonSet'. default: DaemonSet replicas: type: integer description: The number of Envoy replicas to deploy when 'type' is set to 'Deployment'. If not specified, it will default to '2'. default: 2 resources: type: object additionalProperties: false description: Resource requests and limits to apply to containers in the Envoy pods. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information including allowed units. properties: envoy: type: object additionalProperties: false nullable: true description: Resource requests and limits to apply to the envoy container. properties: limits: type: object additionalProperties: false nullable: true description: Resource limits to apply to the envoy container. properties: cpu: type: string description: CPU limit to apply to the envoy container. default: "" memory: type: string description: Memory limit to apply to the envoy container. default: "" requests: type: object additionalProperties: false nullable: true description: Resource requests to apply to the envoy container. properties: cpu: type: string description: CPU request to apply to the envoy container. default: "" memory: type: string description: Memory request to apply to the envoy container. default: "" shutdownManager: type: object additionalProperties: false nullable: true description: Resource requests and limits to apply to the shutdown-manager container. properties: limits: type: object additionalProperties: false nullable: true description: Resource limits to apply to the shutdown-manager container. properties: cpu: type: string description: CPU limit to apply to the shutdown-manager container. default: "" memory: type: string description: Memory limit to apply to the shutdown-manager container. default: "" requests: type: object additionalProperties: false nullable: true description: Resource requests to apply to the shutdown-manager container. properties: cpu: type: string description: CPU request to apply to the shutdown-manager container. default: "" memory: type: string description: Memory request to apply to the shutdown-manager container. default: "" service: type: object additionalProperties: false description: Envoy service settings. properties: type: type: string description: The type of Kubernetes service to provision for Envoy. Valid values are 'LoadBalancer', 'NodePort', and 'ClusterIP'. If not specified, will default to 'NodePort' for vsphere and 'LoadBalancer' for others. default: "" loadBalancerIP: type: string description: The desired load balancer IP. If type is not 'LoadBalancer', this field is ignored. It is up to the cloud provider whether to honor this request. If not specified, then load balancer IP will be assigned by the cloud provider. This field configures the Service.Spec.LoadBalancerIP field which is deprecated as of Kubernetes 1.24. Users are encouraged to use cloud-provider specific Service annotations instead. default: "" externalTrafficPolicy: type: string description: The external traffic policy for the Envoy service. If type is 'ClusterIP', this field is ignored. Otherwise, defaults to 'Cluster' for vsphere and 'Local' for others. default: "" annotations: nullable: true description: Annotations to set on the Envoy service. default: null nodePorts: type: object additionalProperties: false description: NodePort settings for the Envoy service. If type is not 'NodePort' or 'LoadBalancer', these settings are ignored. properties: http: type: integer description: The node port number to expose Envoy's HTTP listener on. If not specified, a node port will be auto-assigned by Kubernetes. If loadBalancerTLSTermination is true, this value will be ignored, as the http port entry will be removed. default: 0 https: type: integer description: The node port number to expose Envoy's HTTPS listener on. If not specified, a node port will be auto-assigned by Kubernetes. default: 0 aws: type: object additionalProperties: false description: AWS-specific settings for the Envoy service. If infrastructure provider is not 'aws', these settings are ignored. properties: LBType: type: string description: The type of AWS load balancer to provision. Options are 'classic' and 'nlb'. default: classic disableWait: type: boolean description: This setting is no longer supported and is included in the schema for backwards compatibility only. default: false loadBalancerTLSTermination: type: boolean description: When true, forwards traffic from 443 on the LoadBalancer to 8080 on the Envoy pod when terminating TLS at the LoadBalancer. Removes the http port entry on the Envoy Service. default: false ipFamilyPolicy: type: string description: The IP family policy for the Envoy service. If not specified, the Kubernetes default (SingleStack) applies. default: "" ipFamilies: type: array description: The IP families for the Envoy service. If not specified, this is determined by Kubernetes based on the IP family policy and the cluster's configuration. items: type: string default: "" default: [] hostPorts: type: object additionalProperties: false description: Host port settings for the Envoy pods. properties: enable: type: boolean description: Whether to enable host ports. If false, http & https are ignored. default: true http: type: integer description: If enable == true, the host port number to expose Envoy's HTTP listener on. default: 80 https: type: integer description: If enable == true, the host port number to expose Envoy's HTTPS listener on. default: 443 hostNetwork: type: boolean description: Whether to enable host networking for the Envoy pods. default: false terminationGracePeriodSeconds: type: integer description: The termination grace period, in seconds, for the Envoy pods. default: 300 logLevel: type: string description: The Envoy log level. default: info pspNames: type: string description: Pod security policy names to apply to Envoy. default: "" listenIPFamily: type: string description: The IP family for the Envoy listeners. IPv6 (the default) listens on IPv6 and IPv4 addresses, while IPv4 only listens on IPv4. default: IPv6 certificates: type: object additionalProperties: false description: Settings for the TLS certificates for securing communication between Contour and Envoy. properties: duration: type: string nullable: true description: 'How long the certificates should be valid for. Deprecated: Use caDuration and leafDuration instead. For backwards compatibility if this is set it will take precedence over caDuration and leafDuration.' default: null renewBefore: type: string nullable: true description: 'How long before expiration the certificates should be renewed. Deprecated: Use caRenewBefore and leafRenewBefore instead. For backwards compatibility if this is set it will take precedence over caRenewBefore and leafRenewBefore.' default: null caDuration: type: string description: How long the CA certificate should be valid for. default: 8760h caRenewBefore: type: string description: How long before expiration the CA certificate should be renewed. default: 720h leafDuration: type: string description: How long the leaf certificates should be valid for. The leaf certificates are the certificates signed by the CA certificate. default: 720h leafRenewBefore: type: string description: How long before expiration the leaf certificates should be renewed. The leaf certificates are the certificates signed by the CA certificate. It is recommended to set this to a value that is at least the leaf duration minus the ca certificate renew before, so the leaf certificates can be rotated every CA renew cycle. default: 360h title: contour.tanzu.vmware.com.1.28.2+vmware.1-tkg.1 values schema --- apiVersion: data.packaging.carvel.dev/v1alpha1 kind: PackageMetadata metadata: name: contour.tanzu.vmware.com spec: displayName: contour shortDescription: An ingress controller longDescription: An Envoy-based ingress controller that supports dynamic configuration updates and multi-team ingress delegation. See https://projectcontour.io for more information. providerName: VMware maintainers: - name: Steve Kriss - name: Sunjay Bhatia categories: - ingress - envoy - contour supportDescription: Support provided by VMware for deployment on Tanzu clusters. Best-effort support for deployment on any conformant Kubernetes cluster. Contact support by opening a support request via VMware Cloud Services or my.vmware.com. iconSVGBase64: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAzNjAgMzYwIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6IzAwOWNkYzt9PC9zdHlsZT48L2RlZnM+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMjMzLjQ5MzU0LDEzLjYwNzQyQTE3Mi41NDE2NiwxNzIuNTQxNjYsMCwwLDAsMTg5LjYwMSw1LjQzODE0Yy0xOC4xMDk1OSw5OS44NzYtNjguMDE5MzUsMTY5Ljc2MzQyLTExMS4yOTYzNCwyMTMuNTM4QTQzMC42MDM4OCw0MzAuNjAzODgsMCwwLDEsMjcuOTk3LDI2Mi40ODQzN2ExNzQuMTU5ODMsMTc0LjE1OTgzLDAsMCwwLDEzLjk4MDY2LDIxLjQwNzc1YzI3LjIyMi0xNy4yMzI0Niw1Mi4xNzU4Mi0zNi44MDY1OCw3MS42ODAzLTU1LjM4NTc3QzE2MC4yODkzNiwxODQuMDg3NTgsMjE0LjA3NzQ2LDExMy40OTg1NSwyMzMuNDkzNTQsMTMuNjA3NDJaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMjkxLjg4OTM3LDEyMy45NDY3QTM3Mi41NDI4OSwzNzIuNTQyODksMCwwLDAsMzE1LjI5NjE5LDcwLjAzOSwxNzUuMTA3NzIsMTc1LjEwNzcyLDAsMCwwLDI4NC42NjU3Nyw0MC4zMDMyYy0yMy44NDQxMiw5NC4xNzk4Ny03OS40NDQ1NywxNjIuMTA2MTMtMTI3Ljk3OTI4LDIwNS45MDM1OWE0OTcuNjM2NjIsNDk3LjYzNjYyLDAsMCwxLTg5LjYyNDgyLDY0LjI1NDI5LDE3NC43NzM3MywxNzQuNzczNzMsMCwwLDAsMTQuNzE4NywxMS4zNzIzN0E1MTcuMTc5NDksNTE3LjE3OTQ5LDAsMCwwLDE4OC4yNzg2NSwyNTEuMTM2QzIzMi4xOTIxLDIxMy40MDI2NywyNjcuMDUyMTIsMTcwLjYwOTcxLDI5MS44ODkzNywxMjMuOTQ2N1oiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yNzcuMTUwODIsMzQuODk4ODFBMTczLjI0MjA2LDE3My4yNDIwNiwwLDAsMCwyMzguODU1OSwxNS40MjU3MkMyMTkuMDU2MSwxMTYuMzIxLDE2NC42ODA0MiwxODcuNjQ2MjUsMTE3LjUyMzI4LDIzMi41NjUxYTQ2NC4xMzgyNyw0NjQuMTM4MjcsMCwwLDEtNzEuODE3NzcsNTYuMDY4MDYsMTc1LjAzNSwxNzUuMDM1LDAsMCwwLDE0LjYyNDM1LDE1LjcyODI1LDQ4NS4yMjExNyw0ODUuMjIxMTcsMCwwLDAsOTAuNjEzMjYtNjQuNTE4OTVDMTk5LjA2NTQyLDE5Ni40MTY4MiwyNTQuMjY4MjYsMTI4Ljc5ODg3LDI3Ny4xNTA4MiwzNC44OTg4MVoiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0zMzYuMTM0MDUsMTMzLjIwMDIxYzIuNTE3MzctNC40ODYxMyw0Ljg5Mjc2LTkuMDA2MTcsNy4yMDMtMTMuNTQxMzdBMTczLjI1NTE3LDE3My4yNTUxNywwLDAsMCwzMjMuNjQxNTQsODEuMjQ4MSwzODYuMDQ3MywzODYuMDQ3MywwLDAsMSwzMDIuMDc2NjYsMTI5LjM2OWMtMjUuNTEzNzgsNDcuOTM0ODctNjEuMjcxMyw5MS44NDgzMi0xMDYuMjc3MTEsMTMwLjUyMDgzQTUzMy40ODk2Niw1MzMuNDg5NjYsMCwwLDEsOTMuMTcyLDMyOS4wMzE2MXE3LjA2MTUxLDQuMTAxNiwxNC41MjQ1OCw3LjU0NGE1NTAuMDcyMDUsNTUwLjA3MjA1LDAsMCwwLDExNy45Ni03NC4xNzkyN0MyNzIuNDI3MSwyMjMuOTYzNTgsMzA5LjU5NjMsMTgwLjQ5NTU0LDMzNi4xMzQwNSwxMzMuMjAwMjFaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMTg2LjkzNzg4LDUuMzQwMzZjLTIuMjc3MDctLjA4OTEyLTQuNTU1NDEtLjE3MzkxLTYuODUzOTUtLjE3MzkxLTk1Ljc0NDcsMC0xNzMuNjM5NTksNzcuODk3MDYtMTczLjYzOTU5LDE3My42Mzk2YTE3Mi41MzM5NCwxNzIuNTMzOTQsMCwwLDAsMjAuMjg4MzQsODEuMzMzMjMsNDI3Ljk2NDczLDQyNy45NjQ3MywwLDAsMCw0OS42OTY1MS00My4wMTc5MkMxMTkuMzY5NzMsMTczLjY4Njg4LDE2OC44ODQzOSwxMDQuMzc1MjksMTg2LjkzNzg4LDUuMzQwMzZaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMzQ4Ljc4NjU3LDE0MC4yOTk4N2MtMjcuNDIyNDYsNDguODczMzMtNjUuNzQ5ODUsOTMuNzI0NTMtMTEzLjkxNzgsMTMzLjMwNjQ2QTU3MS4zMjU2Niw1NzEuMzI1NjYsMCwwLDEsMTI2LjExOSwzNDMuODE2NTJhMTcyLjg4MDA3LDE3Mi44ODAwNywwLDAsMCw1My45NjQ4OSw4LjYyOTEzYzk1Ljc0NDM1LDAsMTczLjYzOTYtNzcuODk2ODgsMTczLjYzOTYtMTczLjYzOTZBMTczLjM3NTE4LDE3My4zNzUxOCwwLDAsMCwzNDkuMTkxLDEzOS41NDJDMzQ5LjA1MDg2LDEzOS43OTMyOSwzNDguOTI3NDcsMTQwLjA0ODc1LDM0OC43ODY1NywxNDAuMjk5ODdaIi8+PC9zdmc+