apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: name: contour.tanzu.vmware.com.1.24.4+vmware.1-tkg.1 spec: refName: contour.tanzu.vmware.com version: 1.24.4+vmware.1-tkg.1 releaseNotes: contour 1.24.4 https://github.com/projectcontour/contour/releases/tag/v1.24.4 releasedAt: "2023-04-28T00:00:00Z" licenses: - 'VMware’s End User License Agreement (Underlying OSS license: Apache License 2.0)' template: spec: fetch: - imgpkgBundle: image: projects.registry.vmware.com/tkg/packages/standard/contour:v1.24.4_vmware.1-tkg.1 template: - ytt: paths: - config/ ignoreUnknownComments: true inline: paths: "ipv4-overlay.yaml": | #@ load("@ytt:overlay", "overlay") #@overlay/match by=overlay.subset({"metadata":{"name":"contour"}, "kind": "Deployment"}) --- spec: template: spec: containers: #@overlay/match by="name" - name: contour #@overlay/replace args: - serve - --incluster - '--xds-address=0.0.0.0' - --xds-port=8001 - '--stats-address=0.0.0.0' - '--http-address=0.0.0.0' - '--envoy-service-http-address=0.0.0.0' - '--envoy-service-https-address=0.0.0.0' - '--health-address=0.0.0.0' - --contour-cafile=/certs/ca.crt - --contour-cert-file=/certs/tls.crt - --contour-key-file=/certs/tls.key - --config-path=/config/contour.yaml - kbld: paths: - '-' - .imgpkg/images.yml deploy: - kapp: rawOptions: - --wait-timeout=5m - --kube-api-qps=20 - --kube-api-burst=30 capacityRequirementsDescription: Varies significantly based on number of Services, Ingresses/HTTPProxies, etc. A starting point is 128MB RAM and 0.5 CPU for each Contour and Envoy pod, but this can and should be tuned based on observed usage. valuesSchema: openAPIv3: type: object additionalProperties: false description: OpenAPIv3 Schema for Contour 1.24.4 properties: infrastructure_provider: type: string description: The underlying infrastructure provider. Options are vsphere, aws, and azure. This field is not required, but enables better validation and defaulting if provided. default: vsphere kubernetes_distribution: type: string description: The distribution of Kubernetes, used to determine if distribution-specific configurations need to be applied. Options are empty and openshift. If running on an Openshift cluster, this must be set to openshift. When set to openshift, a Role and RoleBinding are created to associate Contour's controllers with the appropriate Openshift Security Context Constraint resource. default: "" kubernetes_version: type: string description: The version of Kubernetes being used, for enabling version-specific behaviors. Accept any valid major.minor.patch version of Kubernetes. This field is optional. Currently only has effect when kubernetes_distribution is set to openshift. default: 0.0.0 namespace: type: string description: The namespace in which to deploy Contour and Envoy. default: tanzu-system-ingress registry_secret_names: type: array description: The names of the placeholder secrets that will contain registry credentials to pull the Contour and Envoy images. items: type: string default: "" default: - contour-reg-creds contour: type: object additionalProperties: false description: Settings for the Contour component. properties: configFileContents: nullable: true description: The YAML contents of the Contour config file. See https://projectcontour.io/docs/1.24/configuration/#configuration-file for more information. default: null replicas: type: integer description: How many Contour pod replicas to have. default: 2 useProxyProtocol: type: boolean description: Whether to enable PROXY protocol for all Envoy listeners. default: false logLevel: type: string description: The Contour log level. Valid options are 'info' and 'debug'. default: info pspNames: type: string description: Pod security policy names to apply to Contour. default: vmware-system-restricted resources: type: object additionalProperties: false description: Resource requests and limits to apply to containers in the Contour pods. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information including allowed units. properties: contour: type: object additionalProperties: false nullable: true description: Resource requests and limits to apply to the contour container. properties: limits: type: object additionalProperties: false nullable: true description: Resource limits to apply to the contour container. properties: cpu: type: string description: CPU limit to apply to the contour container. default: "" memory: type: string description: Memory limit to apply to the contour container. default: "" requests: type: object additionalProperties: false nullable: true description: Resource requests to apply to the contour container. properties: cpu: type: string description: CPU request to apply to the contour container. default: "" memory: type: string description: Memory request to apply to the contour container. default: "" envoy: type: object additionalProperties: false description: Settings for the Envoy component. properties: workload: type: object additionalProperties: false description: Envoy workload settings. properties: type: type: string description: The type of Kubernetes workload Envoy is deployed as. Options are 'Deployment' or 'DaemonSet'. If not specified, will default to 'DaemonSet'. default: DaemonSet replicas: type: integer description: The number of Envoy replicas to deploy when 'type' is set to 'Deployment'. If not specified, it will default to '2'. default: 2 resources: type: object additionalProperties: false description: Resource requests and limits to apply to containers in the Envoy pods. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information including allowed units. properties: envoy: type: object additionalProperties: false nullable: true description: Resource requests and limits to apply to the envoy container. properties: limits: type: object additionalProperties: false nullable: true description: Resource limits to apply to the envoy container. properties: cpu: type: string description: CPU limit to apply to the envoy container. default: "" memory: type: string description: Memory limit to apply to the envoy container. default: "" requests: type: object additionalProperties: false nullable: true description: Resource requests to apply to the envoy container. properties: cpu: type: string description: CPU request to apply to the envoy container. default: "" memory: type: string description: Memory request to apply to the envoy container. default: "" shutdownManager: type: object additionalProperties: false nullable: true description: Resource requests and limits to apply to the shutdown-manager container. properties: limits: type: object additionalProperties: false nullable: true description: Resource limits to apply to the shutdown-manager container. properties: cpu: type: string description: CPU limit to apply to the shutdown-manager container. default: "" memory: type: string description: Memory limit to apply to the shutdown-manager container. default: "" requests: type: object additionalProperties: false nullable: true description: Resource requests to apply to the shutdown-manager container. properties: cpu: type: string description: CPU request to apply to the shutdown-manager container. default: "" memory: type: string description: Memory request to apply to the shutdown-manager container. default: "" service: type: object additionalProperties: false description: Envoy service settings. properties: type: type: string description: The type of Kubernetes service to provision for Envoy. Valid values are 'LoadBalancer', 'NodePort', and 'ClusterIP'. If not specified, will default to 'NodePort' for vsphere and 'LoadBalancer' for others. default: "" loadBalancerIP: type: string description: The desired load balancer IP. If type is not 'LoadBalancer', this field is ignored. It is up to the cloud provider whether to honor this request. If not specified, then load balancer IP will be assigned by the cloud provider. default: "" externalTrafficPolicy: type: string description: The external traffic policy for the Envoy service. If type is 'ClusterIP', this field is ignored. Otherwise, defaults to 'Cluster' for vsphere and 'Local' for others. default: "" annotations: nullable: true description: Annotations to set on the Envoy service. default: null nodePorts: type: object additionalProperties: false description: NodePort settings for the Envoy service. If type is not 'NodePort' or 'LoadBalancer', these settings are ignored. properties: http: type: integer description: The node port number to expose Envoy's HTTP listener on. If not specified, a node port will be auto-assigned by Kubernetes. default: 0 https: type: integer description: The node port number to expose Envoy's HTTPS listener on. If not specified, a node port will be auto-assigned by Kubernetes. default: 0 aws: type: object additionalProperties: false description: AWS-specific settings for the Envoy service. If infrastructure provider is not 'aws', these settings are ignored. properties: LBType: type: string description: The type of AWS load balancer to provision. Options are 'classic' and 'nlb'. default: classic disableWait: type: boolean description: This setting is no longer supported and is included in the schema for backwards compatibility only. default: false hostPorts: type: object additionalProperties: false description: Host port settings for the Envoy pods. properties: enable: type: boolean description: Whether to enable host ports. If false, http & https are ignored. default: true http: type: integer description: If enable == true, the host port number to expose Envoy's HTTP listener on. default: 80 https: type: integer description: If enable == true, the host port number to expose Envoy's HTTPS listener on. default: 443 hostNetwork: type: boolean description: Whether to enable host networking for the Envoy pods. default: false terminationGracePeriodSeconds: type: integer description: The termination grace period, in seconds, for the Envoy pods. default: 300 logLevel: type: string description: The Envoy log level. default: info pspNames: type: string description: Pod security policy names to apply to Envoy. default: "" certificates: type: object additionalProperties: false description: Settings for the TLS certificates for securing communication between Contour and Envoy. properties: duration: type: string description: How long the certificates should be valid for. default: 8760h renewBefore: type: string description: How long before expiration the certificates should be renewed. default: 360h title: contour.tanzu.vmware.com.1.24.4+vmware.1-tkg.1 values schema --- apiVersion: data.packaging.carvel.dev/v1alpha1 kind: PackageMetadata metadata: name: contour.tanzu.vmware.com spec: displayName: contour shortDescription: An ingress controller longDescription: An Envoy-based ingress controller that supports dynamic configuration updates and multi-team ingress delegation. See https://projectcontour.io for more information. providerName: VMware maintainers: - name: Steve Kriss - name: Sunjay Bhatia categories: - ingress - envoy - contour supportDescription: Support provided by VMware for deployment on Tanzu clusters. Best-effort support for deployment on any conformant Kubernetes cluster. Contact support by opening a support request via VMware Cloud Services or my.vmware.com. iconSVGBase64: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAzNjAgMzYwIj48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6IzAwOWNkYzt9PC9zdHlsZT48L2RlZnM+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMjMzLjQ5MzU0LDEzLjYwNzQyQTE3Mi41NDE2NiwxNzIuNTQxNjYsMCwwLDAsMTg5LjYwMSw1LjQzODE0Yy0xOC4xMDk1OSw5OS44NzYtNjguMDE5MzUsMTY5Ljc2MzQyLTExMS4yOTYzNCwyMTMuNTM4QTQzMC42MDM4OCw0MzAuNjAzODgsMCwwLDEsMjcuOTk3LDI2Mi40ODQzN2ExNzQuMTU5ODMsMTc0LjE1OTgzLDAsMCwwLDEzLjk4MDY2LDIxLjQwNzc1YzI3LjIyMi0xNy4yMzI0Niw1Mi4xNzU4Mi0zNi44MDY1OCw3MS42ODAzLTU1LjM4NTc3QzE2MC4yODkzNiwxODQuMDg3NTgsMjE0LjA3NzQ2LDExMy40OTg1NSwyMzMuNDkzNTQsMTMuNjA3NDJaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMjkxLjg4OTM3LDEyMy45NDY3QTM3Mi41NDI4OSwzNzIuNTQyODksMCwwLDAsMzE1LjI5NjE5LDcwLjAzOSwxNzUuMTA3NzIsMTc1LjEwNzcyLDAsMCwwLDI4NC42NjU3Nyw0MC4zMDMyYy0yMy44NDQxMiw5NC4xNzk4Ny03OS40NDQ1NywxNjIuMTA2MTMtMTI3Ljk3OTI4LDIwNS45MDM1OWE0OTcuNjM2NjIsNDk3LjYzNjYyLDAsMCwxLTg5LjYyNDgyLDY0LjI1NDI5LDE3NC43NzM3MywxNzQuNzczNzMsMCwwLDAsMTQuNzE4NywxMS4zNzIzN0E1MTcuMTc5NDksNTE3LjE3OTQ5LDAsMCwwLDE4OC4yNzg2NSwyNTEuMTM2QzIzMi4xOTIxLDIxMy40MDI2NywyNjcuMDUyMTIsMTcwLjYwOTcxLDI5MS44ODkzNywxMjMuOTQ2N1oiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yNzcuMTUwODIsMzQuODk4ODFBMTczLjI0MjA2LDE3My4yNDIwNiwwLDAsMCwyMzguODU1OSwxNS40MjU3MkMyMTkuMDU2MSwxMTYuMzIxLDE2NC42ODA0MiwxODcuNjQ2MjUsMTE3LjUyMzI4LDIzMi41NjUxYTQ2NC4xMzgyNyw0NjQuMTM4MjcsMCwwLDEtNzEuODE3NzcsNTYuMDY4MDYsMTc1LjAzNSwxNzUuMDM1LDAsMCwwLDE0LjYyNDM1LDE1LjcyODI1LDQ4NS4yMjExNyw0ODUuMjIxMTcsMCwwLDAsOTAuNjEzMjYtNjQuNTE4OTVDMTk5LjA2NTQyLDE5Ni40MTY4MiwyNTQuMjY4MjYsMTI4Ljc5ODg3LDI3Ny4xNTA4MiwzNC44OTg4MVoiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0zMzYuMTM0MDUsMTMzLjIwMDIxYzIuNTE3MzctNC40ODYxMyw0Ljg5Mjc2LTkuMDA2MTcsNy4yMDMtMTMuNTQxMzdBMTczLjI1NTE3LDE3My4yNTUxNywwLDAsMCwzMjMuNjQxNTQsODEuMjQ4MSwzODYuMDQ3MywzODYuMDQ3MywwLDAsMSwzMDIuMDc2NjYsMTI5LjM2OWMtMjUuNTEzNzgsNDcuOTM0ODctNjEuMjcxMyw5MS44NDgzMi0xMDYuMjc3MTEsMTMwLjUyMDgzQTUzMy40ODk2Niw1MzMuNDg5NjYsMCwwLDEsOTMuMTcyLDMyOS4wMzE2MXE3LjA2MTUxLDQuMTAxNiwxNC41MjQ1OCw3LjU0NGE1NTAuMDcyMDUsNTUwLjA3MjA1LDAsMCwwLDExNy45Ni03NC4xNzkyN0MyNzIuNDI3MSwyMjMuOTYzNTgsMzA5LjU5NjMsMTgwLjQ5NTU0LDMzNi4xMzQwNSwxMzMuMjAwMjFaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMTg2LjkzNzg4LDUuMzQwMzZjLTIuMjc3MDctLjA4OTEyLTQuNTU1NDEtLjE3MzkxLTYuODUzOTUtLjE3MzkxLTk1Ljc0NDcsMC0xNzMuNjM5NTksNzcuODk3MDYtMTczLjYzOTU5LDE3My42Mzk2YTE3Mi41MzM5NCwxNzIuNTMzOTQsMCwwLDAsMjAuMjg4MzQsODEuMzMzMjMsNDI3Ljk2NDczLDQyNy45NjQ3MywwLDAsMCw0OS42OTY1MS00My4wMTc5MkMxMTkuMzY5NzMsMTczLjY4Njg4LDE2OC44ODQzOSwxMDQuMzc1MjksMTg2LjkzNzg4LDUuMzQwMzZaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNMzQ4Ljc4NjU3LDE0MC4yOTk4N2MtMjcuNDIyNDYsNDguODczMzMtNjUuNzQ5ODUsOTMuNzI0NTMtMTEzLjkxNzgsMTMzLjMwNjQ2QTU3MS4zMjU2Niw1NzEuMzI1NjYsMCwwLDEsMTI2LjExOSwzNDMuODE2NTJhMTcyLjg4MDA3LDE3Mi44ODAwNywwLDAsMCw1My45NjQ4OSw4LjYyOTEzYzk1Ljc0NDM1LDAsMTczLjYzOTYtNzcuODk2ODgsMTczLjYzOTYtMTczLjYzOTZBMTczLjM3NTE4LDE3My4zNzUxOCwwLDAsMCwzNDkuMTkxLDEzOS41NDJDMzQ5LjA1MDg2LDEzOS43OTMyOSwzNDguOTI3NDcsMTQwLjA0ODc1LDM0OC43ODY1NywxNDAuMjk5ODdaIi8+PC9zdmc+