From a2b10137f9e652e4ebfbaa3c073989494bbaf2f9 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 29 Aug 2023 14:44:15 -0700 Subject: [PATCH] Refactor Helm Chart location --- .github/labeler.yml | 2 +- .github/workflows/ci.yml | 10 +- .github/workflows/lint.yml | 2 +- .pre-commit-config.yaml | 6 +- Makefile | 1 - README.md | 2 +- .../nginx-ingress}/.helmignore | 0 .../nginx-ingress}/Chart.yaml | 4 +- .../nginx-ingress}/README.md | 0 .../nginx-ingress}/chart-icon.png | Bin charts/nginx-ingress/crds | 1 + .../nginx-ingress}/templates/NOTES.txt | 0 .../nginx-ingress}/templates/_helpers.tpl | 0 .../templates/controller-configmap.yaml | 0 .../templates/controller-daemonset.yaml | 0 .../templates/controller-deployment.yaml | 0 .../controller-globalconfiguration.yaml | 0 .../templates/controller-hpa.yaml | 0 .../templates/controller-ingress-class.yaml | 0 .../controller-leader-election-configmap.yaml | 0 .../templates/controller-pdb.yaml | 0 .../controller-prometheus-service.yaml | 0 .../templates/controller-secret.yaml | 0 .../templates/controller-service.yaml | 0 .../templates/controller-serviceaccount.yaml | 0 .../templates/controller-servicemonitor.yaml | 0 .../templates/controller-wildcard-secret.yaml | 0 .../nginx-ingress}/templates/rbac.yaml | 0 .../nginx-ingress}/values-icp.yaml | 0 .../nginx-ingress}/values-nsm.yaml | 0 .../nginx-ingress}/values-plus.yaml | 0 .../nginx-ingress}/values.schema.json | 0 .../nginx-ingress}/values.yaml | 0 .../crds/appprotect.f5.com_aplogconfs.yaml | 80 - .../crds/appprotect.f5.com_appolicies.yaml | 1903 ----------------- .../crds/appprotect.f5.com_apusersigs.yaml | 93 - .../appprotectdos.f5.com_apdoslogconfs.yaml | 68 - .../appprotectdos.f5.com_apdospolicy.yaml | 68 - ...otectdos.f5.com_dosprotectedresources.yaml | 81 - .../externaldns.nginx.org_dnsendpoints.yaml | 84 - .../k8s.nginx.org_globalconfigurations.yaml | 51 - .../crds/k8s.nginx.org_policies.yaml | 303 --- .../crds/k8s.nginx.org_transportservers.yaml | 156 -- .../k8s.nginx.org_virtualserverroutes.yaml | 638 ------ .../crds/k8s.nginx.org_virtualservers.yaml | 731 ------- docs/content/configuration/security.md | 2 +- hack/common-release-prep.sh | 18 +- 47 files changed, 24 insertions(+), 4280 deletions(-) rename {deployments/helm-chart => charts/nginx-ingress}/.helmignore (100%) rename {deployments/helm-chart => charts/nginx-ingress}/Chart.yaml (73%) rename {deployments/helm-chart => charts/nginx-ingress}/README.md (100%) rename {deployments/helm-chart => charts/nginx-ingress}/chart-icon.png (100%) create mode 120000 charts/nginx-ingress/crds rename {deployments/helm-chart => charts/nginx-ingress}/templates/NOTES.txt (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/_helpers.tpl (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-configmap.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-daemonset.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-deployment.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-globalconfiguration.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-hpa.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-ingress-class.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-leader-election-configmap.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-pdb.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-prometheus-service.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-secret.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-service.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-serviceaccount.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-servicemonitor.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/controller-wildcard-secret.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/templates/rbac.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/values-icp.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/values-nsm.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/values-plus.yaml (100%) rename {deployments/helm-chart => charts/nginx-ingress}/values.schema.json (100%) rename {deployments/helm-chart => charts/nginx-ingress}/values.yaml (100%) delete mode 100644 deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml delete mode 100644 deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml delete mode 100644 deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml delete mode 100644 deployments/helm-chart/crds/appprotectdos.f5.com_apdoslogconfs.yaml delete mode 100644 deployments/helm-chart/crds/appprotectdos.f5.com_apdospolicy.yaml delete mode 100644 deployments/helm-chart/crds/appprotectdos.f5.com_dosprotectedresources.yaml delete mode 100644 deployments/helm-chart/crds/externaldns.nginx.org_dnsendpoints.yaml delete mode 100644 deployments/helm-chart/crds/k8s.nginx.org_globalconfigurations.yaml delete mode 100644 deployments/helm-chart/crds/k8s.nginx.org_policies.yaml delete mode 100644 deployments/helm-chart/crds/k8s.nginx.org_transportservers.yaml delete mode 100644 deployments/helm-chart/crds/k8s.nginx.org_virtualserverroutes.yaml delete mode 100644 deployments/helm-chart/crds/k8s.nginx.org_virtualservers.yaml diff --git a/.github/labeler.yml b/.github/labeler.yml index ffbc8e3bc6..1dcdbea5a2 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -26,4 +26,4 @@ dependencies: - changed-files: ['go.mod', 'go.sum'] helm_chart: - - changed-files: ['deployments/helm-chart/**/*'] + - changed-files: ['charts/nginx-ingress/**/*'] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b31bd03582..c34b465224 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,14 +46,14 @@ jobs: id: vars run: | echo "k8s_latest=$(grep -m1 'FROM kindest/node' > $GITHUB_OUTPUT - echo "chart_version=$(yq '.version' > $GITHUB_OUTPUT + echo "chart_version=$(yq '.version' > $GITHUB_OUTPUT echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT - name: Check if go.mod and go.sum are up to date run: go mod tidy && git diff --exit-code -- go.mod go.sum - name: Check if CRDs changed - run: make update-crds && git diff --name-only --exit-code deployments/common/crds* deployments/helm-chart/crds* + run: make update-crds && git diff --name-only --exit-code deployments/common/crds* - name: Check if Codegen changed run: | @@ -127,7 +127,7 @@ jobs: ## Resources - Documentation -- https://docs.nginx.com/nginx-ingress-controller/ - Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/{{version}}/examples - - Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/{{version}}/deployments/helm-chart + - Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/{{version}}/charts/nginx-ingress - Operator -- https://github.com/nginxinc/nginx-ingress-helm-operator if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }} @@ -215,7 +215,7 @@ jobs: --set controller.service.type=NodePort --set controller.nginxplus=${{ contains(matrix.type, 'plus') && 'true' || 'false' }} --wait - working-directory: ${{ github.workspace }}/deployments/helm-chart + working-directory: ${{ github.workspace }}/charts/nginx-ingress - name: Expose Test Ingresses run: | @@ -419,7 +419,7 @@ jobs: - name: Package id: package run: | - output=$(helm package ${{ github.ref_type != 'tag' && '--app-version edge --version 0.0.0-edge' || '' }} kic/deployments/helm-chart) + output=$(helm package ${{ github.ref_type != 'tag' && '--app-version edge --version 0.0.0-edge' || '' }} kic/charts/nginx-ingress) echo "path=$(basename -- $(echo $output | cut -d: -f2))" >> $GITHUB_OUTPUT - name: Push to OCI registries diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8d78c3e8cc..8b539a1e00 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -56,7 +56,7 @@ jobs: uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Lint chart - run: helm lint deployments/helm-chart + run: helm lint charts/nginx-ingress markdown-lint: name: Markdown Lint diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8fdd666707..eb13ffc542 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,7 +9,7 @@ repos: - id: end-of-file-fixer - id: check-yaml args: [--allow-multiple-documents] - exclude: ^(deployments/helm-chart.*/templates|deployments/helm-chart/crds) + exclude: ^(charts/nginx-ingress/templates) - id: check-ast - id: check-added-large-files - id: check-merge-conflict @@ -67,9 +67,9 @@ repos: hooks: - id: check-jsonschema name: "Check Helm Chart JSON Schema" - files: deployments/helm-chart/values.yaml + files: charts/nginx-ingress/values.yaml types: [yaml] - args: ['--schemafile', 'deployments/helm-chart/values.schema.json'] + args: ['--schemafile', 'charts/nginx-ingress/values.schema.json'] - repo: https://github.com/DavidAnson/markdownlint-cli2 rev: v0.10.0 diff --git a/Makefile b/Makefile index 2377c8b9c3..74fb30cf3b 100644 --- a/Makefile +++ b/Makefile @@ -64,7 +64,6 @@ update-codegen: ## Generate code .PHONY: update-crds update-crds: ## Update CRDs go run sigs.k8s.io/controller-tools/cmd/controller-gen crd:crdVersions=v1 schemapatch:manifests=./deployments/common/crds/ paths=./pkg/apis/... output:dir=./deployments/common/crds - @cp -Rp deployments/common/crds/* deployments/helm-chart/crds/ .PHONY: certificate-and-key certificate-and-key: ## Create default cert and key diff --git a/README.md b/README.md index 4baa62c57b..db2e9a3bf8 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ your links to the correct versions: | Version | Description | Image for NGINX | Image for NGINX Plus | Installation Manifests and Helm Chart | Documentation and Examples | | ------- | ----------- | --------------- | -------------------- | ---------------------------------------| -------------------------- | | Latest stable release | For production use | Use the 3.3.0 images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | Use the 3.3.0 images from the [F5 Container Registry](https://docs.nginx.com/nginx-ingress-controller/installation/pulling-ingress-controller-image/) or the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE) or [Build your own image](https://docs.nginx.com/nginx-ingress-controller/installation/building-ingress-controller-image/). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.0/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.0/deployments/helm-chart). | [Documentation](https://docs.nginx.com/nginx-ingress-controller/). [Examples](https://docs.nginx.com/nginx-ingress-controller/configuration/configuration-examples/). | -| Edge/Nightly | For testing and experimenting | Use the edge or nightly images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments/helm-chart). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/main/examples). | +| Edge/Nightly | For testing and experimenting | Use the edge or nightly images from [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress) or [build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Build your own image](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content/installation/building-ingress-controller-image.md). | [Manifests](https://github.com/nginxinc/kubernetes-ingress/tree/main/deployments). [Helm chart](https://github.com/nginxinc/kubernetes-ingress/tree/main/charts/nginx-ingress). | [Documentation](https://github.com/nginxinc/kubernetes-ingress/tree/main/docs/content). [Examples](https://github.com/nginxinc/kubernetes-ingress/tree/main/examples). | ## SBOM (Software Bill of Materials) diff --git a/deployments/helm-chart/.helmignore b/charts/nginx-ingress/.helmignore similarity index 100% rename from deployments/helm-chart/.helmignore rename to charts/nginx-ingress/.helmignore diff --git a/deployments/helm-chart/Chart.yaml b/charts/nginx-ingress/Chart.yaml similarity index 73% rename from deployments/helm-chart/Chart.yaml rename to charts/nginx-ingress/Chart.yaml index 7b02053beb..444b47f4e5 100644 --- a/deployments/helm-chart/Chart.yaml +++ b/charts/nginx-ingress/Chart.yaml @@ -5,10 +5,10 @@ appVersion: 3.3.0 kubeVersion: ">= 1.22.0-0" type: application description: NGINX Ingress Controller -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.0/deployments/helm-chart/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.0/charts/nginx-ingress/chart-icon.png home: https://github.com/nginxinc/kubernetes-ingress sources: - - https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.0/deployments/helm-chart + - https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.0/charts/nginx-ingress keywords: - ingress - nginx diff --git a/deployments/helm-chart/README.md b/charts/nginx-ingress/README.md similarity index 100% rename from deployments/helm-chart/README.md rename to charts/nginx-ingress/README.md diff --git a/deployments/helm-chart/chart-icon.png b/charts/nginx-ingress/chart-icon.png similarity index 100% rename from deployments/helm-chart/chart-icon.png rename to charts/nginx-ingress/chart-icon.png diff --git a/charts/nginx-ingress/crds b/charts/nginx-ingress/crds new file mode 120000 index 0000000000..240a481587 --- /dev/null +++ b/charts/nginx-ingress/crds @@ -0,0 +1 @@ +../../deployments/common/crds/ \ No newline at end of file diff --git a/deployments/helm-chart/templates/NOTES.txt b/charts/nginx-ingress/templates/NOTES.txt similarity index 100% rename from deployments/helm-chart/templates/NOTES.txt rename to charts/nginx-ingress/templates/NOTES.txt diff --git a/deployments/helm-chart/templates/_helpers.tpl b/charts/nginx-ingress/templates/_helpers.tpl similarity index 100% rename from deployments/helm-chart/templates/_helpers.tpl rename to charts/nginx-ingress/templates/_helpers.tpl diff --git a/deployments/helm-chart/templates/controller-configmap.yaml b/charts/nginx-ingress/templates/controller-configmap.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-configmap.yaml rename to charts/nginx-ingress/templates/controller-configmap.yaml diff --git a/deployments/helm-chart/templates/controller-daemonset.yaml b/charts/nginx-ingress/templates/controller-daemonset.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-daemonset.yaml rename to charts/nginx-ingress/templates/controller-daemonset.yaml diff --git a/deployments/helm-chart/templates/controller-deployment.yaml b/charts/nginx-ingress/templates/controller-deployment.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-deployment.yaml rename to charts/nginx-ingress/templates/controller-deployment.yaml diff --git a/deployments/helm-chart/templates/controller-globalconfiguration.yaml b/charts/nginx-ingress/templates/controller-globalconfiguration.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-globalconfiguration.yaml rename to charts/nginx-ingress/templates/controller-globalconfiguration.yaml diff --git a/deployments/helm-chart/templates/controller-hpa.yaml b/charts/nginx-ingress/templates/controller-hpa.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-hpa.yaml rename to charts/nginx-ingress/templates/controller-hpa.yaml diff --git a/deployments/helm-chart/templates/controller-ingress-class.yaml b/charts/nginx-ingress/templates/controller-ingress-class.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-ingress-class.yaml rename to charts/nginx-ingress/templates/controller-ingress-class.yaml diff --git a/deployments/helm-chart/templates/controller-leader-election-configmap.yaml b/charts/nginx-ingress/templates/controller-leader-election-configmap.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-leader-election-configmap.yaml rename to charts/nginx-ingress/templates/controller-leader-election-configmap.yaml diff --git a/deployments/helm-chart/templates/controller-pdb.yaml b/charts/nginx-ingress/templates/controller-pdb.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-pdb.yaml rename to charts/nginx-ingress/templates/controller-pdb.yaml diff --git a/deployments/helm-chart/templates/controller-prometheus-service.yaml b/charts/nginx-ingress/templates/controller-prometheus-service.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-prometheus-service.yaml rename to charts/nginx-ingress/templates/controller-prometheus-service.yaml diff --git a/deployments/helm-chart/templates/controller-secret.yaml b/charts/nginx-ingress/templates/controller-secret.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-secret.yaml rename to charts/nginx-ingress/templates/controller-secret.yaml diff --git a/deployments/helm-chart/templates/controller-service.yaml b/charts/nginx-ingress/templates/controller-service.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-service.yaml rename to charts/nginx-ingress/templates/controller-service.yaml diff --git a/deployments/helm-chart/templates/controller-serviceaccount.yaml b/charts/nginx-ingress/templates/controller-serviceaccount.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-serviceaccount.yaml rename to charts/nginx-ingress/templates/controller-serviceaccount.yaml diff --git a/deployments/helm-chart/templates/controller-servicemonitor.yaml b/charts/nginx-ingress/templates/controller-servicemonitor.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-servicemonitor.yaml rename to charts/nginx-ingress/templates/controller-servicemonitor.yaml diff --git a/deployments/helm-chart/templates/controller-wildcard-secret.yaml b/charts/nginx-ingress/templates/controller-wildcard-secret.yaml similarity index 100% rename from deployments/helm-chart/templates/controller-wildcard-secret.yaml rename to charts/nginx-ingress/templates/controller-wildcard-secret.yaml diff --git a/deployments/helm-chart/templates/rbac.yaml b/charts/nginx-ingress/templates/rbac.yaml similarity index 100% rename from deployments/helm-chart/templates/rbac.yaml rename to charts/nginx-ingress/templates/rbac.yaml diff --git a/deployments/helm-chart/values-icp.yaml b/charts/nginx-ingress/values-icp.yaml similarity index 100% rename from deployments/helm-chart/values-icp.yaml rename to charts/nginx-ingress/values-icp.yaml diff --git a/deployments/helm-chart/values-nsm.yaml b/charts/nginx-ingress/values-nsm.yaml similarity index 100% rename from deployments/helm-chart/values-nsm.yaml rename to charts/nginx-ingress/values-nsm.yaml diff --git a/deployments/helm-chart/values-plus.yaml b/charts/nginx-ingress/values-plus.yaml similarity index 100% rename from deployments/helm-chart/values-plus.yaml rename to charts/nginx-ingress/values-plus.yaml diff --git a/deployments/helm-chart/values.schema.json b/charts/nginx-ingress/values.schema.json similarity index 100% rename from deployments/helm-chart/values.schema.json rename to charts/nginx-ingress/values.schema.json diff --git a/deployments/helm-chart/values.yaml b/charts/nginx-ingress/values.yaml similarity index 100% rename from deployments/helm-chart/values.yaml rename to charts/nginx-ingress/values.yaml diff --git a/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml b/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml deleted file mode 100644 index 53b7fb40d7..0000000000 --- a/deployments/helm-chart/crds/appprotect.f5.com_aplogconfs.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null - name: aplogconfs.appprotect.f5.com -spec: - group: appprotect.f5.com - names: - kind: APLogConf - listKind: APLogConfList - plural: aplogconfs - singular: aplogconf - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: APLogConf is the Schema for the APLogConfs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: APLogConfSpec defines the desired state of APLogConf - properties: - content: - properties: - escaping_characters: - items: - properties: - from: - type: string - to: - type: string - type: object - type: array - format: - enum: - - splunk - - arcsight - - default - - user-defined - - grpc - type: string - format_string: - type: string - list_delimiter: - type: string - list_prefix: - type: string - list_suffix: - type: string - max_message_size: - pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$ - type: string - max_request_size: - pattern: ^([1-9]|[1-9][0-9]|[1-9][0-9]{2}|1[0-9]{3}|20[1-3][0-9]|204[1-8]|any)$ - type: string - type: object - filter: - properties: - request_type: - enum: - - all - - illegal - - blocked - type: string - type: object - type: object - type: object - served: true - storage: true diff --git a/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml b/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml deleted file mode 100644 index 8c494414cb..0000000000 --- a/deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml +++ /dev/null @@ -1,1903 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null - name: appolicies.appprotect.f5.com -spec: - group: appprotect.f5.com - names: - kind: APPolicy - listKind: APPolicyList - plural: appolicies - singular: appolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: APPolicyConfig is the Schema for the APPolicyconfigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: APPolicySpec defines the desired state of APPolicy - properties: - modifications: - items: - properties: - action: - type: string - description: - type: string - entity: - properties: - name: - type: string - type: object - entityChanges: - properties: - type: - type: string - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - modificationsReference: - properties: - link: - pattern: ^http - type: string - type: object - policy: - description: Defines the App Protect policy - properties: - applicationLanguage: - enum: - - iso-8859-10 - - iso-8859-6 - - windows-1255 - - auto-detect - - koi8-r - - gb18030 - - iso-8859-8 - - windows-1250 - - iso-8859-9 - - windows-1252 - - iso-8859-16 - - gb2312 - - iso-8859-2 - - iso-8859-5 - - windows-1257 - - windows-1256 - - iso-8859-13 - - windows-874 - - windows-1253 - - iso-8859-3 - - euc-jp - - utf-8 - - gbk - - windows-1251 - - big5 - - iso-8859-1 - - shift_jis - - euc-kr - - iso-8859-4 - - iso-8859-7 - - iso-8859-15 - type: string - blocking-settings: - properties: - evasions: - items: - properties: - description: - enum: - - '%u decoding' - - Apache whitespace - - Bad unescape - - Bare byte decoding - - Directory traversals - - IIS backslashes - - IIS Unicode codepoints - - Multiple decoding - type: string - enabled: - type: boolean - maxDecodingPasses: - type: integer - type: object - type: array - http-protocols: - items: - properties: - description: - enum: - - Unescaped space in URL - - Unparsable request content - - Several Content-Length headers - - 'POST request with Content-Length: 0' - - Null in request - - No Host header in HTTP/1.1 request - - Multiple host headers - - Host header contains IP address - - High ASCII characters in headers - - Header name with no header value - - CRLF characters before request start - - Content length should be a positive number - - Chunked request with Content-Length header - - Check maximum number of parameters - - Check maximum number of headers - - Body in GET or HEAD requests - - Bad multipart/form-data request parsing - - Bad multipart parameters parsing - - Bad HTTP version - - Bad host header value - type: string - enabled: - type: boolean - maxHeaders: - type: integer - maxParams: - type: integer - type: object - type: array - violations: - items: - properties: - alarm: - type: boolean - block: - type: boolean - description: - type: string - name: - enum: - - VIOL_GRPC_FORMAT - - VIOL_GRPC_MALFORMED - - VIOL_GRPC_METHOD - - VIOL_PARAMETER_ARRAY_VALUE - - VIOL_PARAMETER_VALUE_REGEXP - - VIOL_CSRF - - VIOL_PARAMETER_VALUE_BASE64 - - VIOL_MANDATORY_HEADER - - VIOL_HEADER_REPEATED - - VIOL_ASM_COOKIE_MODIFIED - - VIOL_BLACKLISTED_IP - - VIOL_COOKIE_EXPIRED - - VIOL_COOKIE_LENGTH - - VIOL_COOKIE_MALFORMED - - VIOL_COOKIE_MODIFIED - - VIOL_DATA_GUARD - - VIOL_ENCODING - - VIOL_EVASION - - VIOL_FILETYPE - - VIOL_FILE_UPLOAD - - VIOL_FILE_UPLOAD_IN_BODY - - VIOL_HEADER_LENGTH - - VIOL_HEADER_METACHAR - - VIOL_HTTP_PROTOCOL - - VIOL_HTTP_RESPONSE_STATUS - - VIOL_JSON_FORMAT - - VIOL_JSON_MALFORMED - - VIOL_JSON_SCHEMA - - VIOL_MANDATORY_PARAMETER - - VIOL_MANDATORY_REQUEST_BODY - - VIOL_METHOD - - VIOL_PARAMETER - - VIOL_PARAMETER_DATA_TYPE - - VIOL_PARAMETER_EMPTY_VALUE - - VIOL_PARAMETER_LOCATION - - VIOL_PARAMETER_MULTIPART_NULL_VALUE - - VIOL_PARAMETER_NAME_METACHAR - - VIOL_PARAMETER_NUMERIC_VALUE - - VIOL_PARAMETER_REPEATED - - VIOL_PARAMETER_STATIC_VALUE - - VIOL_PARAMETER_VALUE_LENGTH - - VIOL_PARAMETER_VALUE_METACHAR - - VIOL_POST_DATA_LENGTH - - VIOL_QUERY_STRING_LENGTH - - VIOL_RATING_THREAT - - VIOL_RATING_NEED_EXAMINATION - - VIOL_REQUEST_MAX_LENGTH - - VIOL_REQUEST_LENGTH - - VIOL_THREAT_CAMPAIGN - - VIOL_URL - - VIOL_URL_CONTENT_TYPE - - VIOL_URL_LENGTH - - VIOL_URL_METACHAR - - VIOL_XML_FORMAT - - VIOL_XML_MALFORMED - type: string - type: object - type: array - type: object - blockingSettingReference: - properties: - link: - pattern: ^http - type: string - type: object - bot-defense: - properties: - mitigations: - properties: - anomalies: - items: - properties: - $action: - enum: - - delete - type: string - action: - enum: - - alarm - - block - - default - - detect - - ignore - type: string - name: - type: string - scoreThreshold: - pattern: '[0-9]|[1-9][0-9]|1[0-4][0-9]|150|default' - type: string - type: object - type: array - browsers: - items: - properties: - $action: - enum: - - delete - type: string - action: - enum: - - alarm - - block - - detect - type: string - browserDefinition: - properties: - $action: - enum: - - delete - type: string - isUserDefined: - type: boolean - matchRegex: - type: string - matchString: - type: string - name: - type: string - type: object - maxVersion: - maximum: 2147483647 - minimum: 0 - type: integer - minVersion: - maximum: 2147483647 - minimum: 0 - type: integer - name: - type: string - type: object - type: array - classes: - items: - properties: - action: - enum: - - alarm - - block - - detect - - ignore - type: string - name: - enum: - - browser - - malicious-bot - - suspicious-browser - - trusted-bot - - unknown - - untrusted-bot - type: string - type: object - type: array - signatures: - items: - properties: - $action: - enum: - - delete - type: string - action: - enum: - - alarm - - block - - detect - - ignore - type: string - name: - type: string - type: object - type: array - type: object - settings: - properties: - caseSensitiveHttpHeaders: - type: boolean - isEnabled: - type: boolean - type: object - type: object - browser-definitions: - items: - properties: - $action: - enum: - - delete - type: string - isUserDefined: - type: boolean - matchRegex: - type: string - matchString: - type: string - name: - type: string - type: object - type: array - caseInsensitive: - type: boolean - character-sets: - items: - properties: - characterSet: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - characterSetType: - enum: - - gwt-content - - header - - json-content - - parameter-name - - parameter-value - - plain-text-content - - url - - xml-content - type: string - type: object - type: array - characterSetReference: - properties: - link: - pattern: ^http - type: string - type: object - cookie-settings: - properties: - maximumCookieHeaderLength: - pattern: any|\d+ - type: string - type: object - cookieReference: - properties: - link: - pattern: ^http - type: string - type: object - cookieSettingsReference: - properties: - link: - pattern: ^http - type: string - type: object - cookies: - items: - properties: - $action: - enum: - - delete - type: string - accessibleOnlyThroughTheHttpProtocol: - type: boolean - attackSignaturesCheck: - type: boolean - decodeValueAsBase64: - enum: - - enabled - - disabled - - required - type: string - enforcementType: - type: string - insertSameSiteAttribute: - enum: - - lax - - none - - none-value - - strict - type: string - name: - type: string - securedOverHttpsConnection: - type: boolean - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - type: - enum: - - explicit - - wildcard - type: string - wildcardOrder: - type: integer - type: object - type: array - csrf-protection: - properties: - enabled: - type: boolean - expirationTimeInSeconds: - pattern: disabled|\d+ - type: string - sslOnly: - type: boolean - type: object - csrf-urls: - items: - properties: - $action: - enum: - - delete - type: string - enforcementAction: - enum: - - verify-origin - - none - type: string - method: - enum: - - GET - - POST - - any - type: string - url: - type: string - wildcardOrder: - type: integer - type: object - type: array - data-guard: - properties: - creditCardNumbers: - type: boolean - enabled: - type: boolean - enforcementMode: - enum: - - ignore-urls-in-list - - enforce-urls-in-list - type: string - enforcementUrls: - items: - type: string - type: array - lastCcnDigitsToExpose: - type: integer - lastSsnDigitsToExpose: - type: integer - maskData: - type: boolean - usSocialSecurityNumbers: - type: boolean - type: object - dataGuardReference: - properties: - link: - pattern: ^http - type: string - type: object - description: - type: string - enablePassiveMode: - type: boolean - enforcementMode: - enum: - - transparent - - blocking - type: string - enforcer-settings: - properties: - enforcerStateCookies: - properties: - httpOnlyAttribute: - type: boolean - sameSiteAttribute: - enum: - - lax - - none - - none-value - - strict - type: string - secureAttribute: - enum: - - always - - never - type: string - type: object - type: object - filetypeReference: - properties: - link: - pattern: ^http - type: string - type: object - filetypes: - items: - properties: - $action: - enum: - - delete - type: string - allowed: - type: boolean - checkPostDataLength: - type: boolean - checkQueryStringLength: - type: boolean - checkRequestLength: - type: boolean - checkUrlLength: - type: boolean - name: - type: string - postDataLength: - type: integer - queryStringLength: - type: integer - requestLength: - type: integer - responseCheck: - type: boolean - type: - enum: - - explicit - - wildcard - type: string - urlLength: - type: integer - wildcardOrder: - type: integer - type: object - type: array - fullPath: - type: string - general: - properties: - allowedResponseCodes: - items: - format: int32 - maximum: 999 - minimum: 100 - type: integer - type: array - customXffHeaders: - items: - type: string - type: array - maskCreditCardNumbersInRequest: - type: boolean - trustXff: - type: boolean - type: object - generalReference: - properties: - link: - pattern: ^http - type: string - type: object - grpc-profiles: - items: - properties: - $action: - enum: - - delete - type: string - associateUrls: - type: boolean - attackSignaturesCheck: - type: boolean - defenseAttributes: - properties: - allowUnknownFields: - type: boolean - maximumDataLength: - pattern: any|\d+ - type: string - type: object - description: - type: string - hasIdlFiles: - type: boolean - idlFiles: - items: - properties: - idlFile: - properties: - contents: - type: string - fileName: - type: string - isBase64: - type: boolean - type: object - importUrl: - type: string - isPrimary: - type: boolean - primaryIdlFileName: - type: string - type: object - type: array - metacharElementCheck: - type: boolean - name: - type: string - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - type: object - type: array - header-settings: - properties: - maximumHttpHeaderLength: - pattern: any|\d+ - type: string - type: object - headerReference: - properties: - link: - pattern: ^http - type: string - type: object - headerSettingsReference: - properties: - link: - pattern: ^http - type: string - type: object - headers: - items: - properties: - $action: - enum: - - delete - type: string - allowRepeatedOccurrences: - type: boolean - base64Decoding: - type: boolean - checkSignatures: - type: boolean - decodeValueAsBase64: - enum: - - enabled - - disabled - - required - type: string - htmlNormalization: - type: boolean - mandatory: - type: boolean - maskValueInLogs: - type: boolean - name: - type: string - normalizationViolations: - type: boolean - percentDecoding: - type: boolean - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - type: - enum: - - explicit - - wildcard - type: string - urlNormalization: - type: boolean - wildcardOrder: - type: integer - type: object - type: array - host-names: - items: - properties: - $action: - enum: - - delete - type: string - includeSubdomains: - type: boolean - name: - type: string - type: object - type: array - idl-files: - items: - properties: - contents: - type: string - fileName: - type: string - isBase64: - type: boolean - type: object - type: array - json-profiles: - items: - properties: - $action: - enum: - - delete - type: string - attackSignaturesCheck: - type: boolean - defenseAttributes: - properties: - maximumArrayLength: - pattern: any|\d+ - type: string - maximumStructureDepth: - pattern: any|\d+ - type: string - maximumTotalLengthOfJSONData: - pattern: any|\d+ - type: string - maximumValueLength: - pattern: any|\d+ - type: string - tolerateJSONParsingWarnings: - type: boolean - type: object - description: - type: string - handleJsonValuesAsParameters: - type: boolean - hasValidationFiles: - type: boolean - metacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - name: - type: string - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - validationFiles: - items: - properties: - importUrl: - type: string - isPrimary: - type: boolean - jsonValidationFile: - properties: - $action: - enum: - - delete - type: string - contents: - type: string - fileName: - type: string - isBase64: - type: boolean - type: object - type: object - type: array - type: object - type: array - json-validation-files: - items: - properties: - $action: - enum: - - delete - type: string - contents: - type: string - fileName: - type: string - isBase64: - type: boolean - type: object - type: array - jsonProfileReference: - properties: - link: - pattern: ^http - type: string - type: object - jsonValidationFileReference: - properties: - link: - pattern: ^http - type: string - type: object - methodReference: - properties: - link: - pattern: ^http - type: string - type: object - methods: - items: - properties: - $action: - enum: - - delete - type: string - name: - type: string - type: object - type: array - name: - type: string - open-api-files: - items: - properties: - link: - pattern: ^http - type: string - type: object - type: array - parameterReference: - properties: - link: - pattern: ^http - type: string - type: object - parameters: - items: - properties: - $action: - enum: - - delete - type: string - allowEmptyValue: - type: boolean - allowRepeatedParameterName: - type: boolean - arraySerializationFormat: - enum: - - csv - - form - - label - - matrix - - multi - - multipart - - pipe - - ssv - - tsv - type: string - attackSignaturesCheck: - type: boolean - checkMaxValue: - type: boolean - checkMaxValueLength: - type: boolean - checkMetachars: - type: boolean - checkMinValue: - type: boolean - checkMinValueLength: - type: boolean - checkMultipleOfValue: - type: boolean - contentProfile: - properties: - name: - type: string - type: object - dataType: - enum: - - alpha-numeric - - binary - - boolean - - decimal - - email - - integer - - none - - phone - type: string - decodeValueAsBase64: - enum: - - enabled - - disabled - - required - type: string - disallowFileUploadOfExecutables: - type: boolean - enableRegularExpression: - type: boolean - exclusiveMax: - type: boolean - exclusiveMin: - type: boolean - isBase64: - type: boolean - isCookie: - type: boolean - isHeader: - type: boolean - level: - enum: - - global - - url - type: string - mandatory: - type: boolean - maximumLength: - type: integer - maximumValue: - type: integer - metacharsOnParameterValueCheck: - type: boolean - minimumLength: - type: integer - minimumValue: - type: integer - multipleOf: - type: integer - name: - type: string - nameMetacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - objectSerializationStyle: - type: string - parameterEnumValues: - items: - type: string - type: array - parameterLocation: - enum: - - any - - cookie - - form-data - - header - - path - - query - type: string - regularExpression: - type: string - sensitiveParameter: - type: boolean - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - staticValues: - type: string - type: - enum: - - explicit - - wildcard - type: string - url: - type: object - valueMetacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - valueType: - enum: - - array - - auto-detect - - dynamic-content - - dynamic-parameter-name - - ignore - - json - - object - - openapi-array - - static-content - - user-input - - xml - type: string - wildcardOrder: - type: integer - type: object - type: array - response-pages: - items: - properties: - ajaxActionType: - enum: - - alert-popup - - custom - - redirect - type: string - ajaxCustomContent: - type: string - ajaxEnabled: - type: boolean - ajaxPopupMessage: - type: string - ajaxRedirectUrl: - type: string - grpcStatusCode: - pattern: ABORTED|ALREADY_EXISTS|CANCELLED|DATA_LOSS|DEADLINE_EXCEEDED|FAILED_PRECONDITION|INTERNAL|INVALID_ARGUMENT|NOT_FOUND|OK|OUT_OF_RANGE|PERMISSION_DENIED|RESOURCE_EXHAUSTED|UNAUTHENTICATED|UNAVAILABLE|UNIMPLEMENTED|UNKNOWN|d+ - type: string - grpcStatusMessage: - type: string - responseActionType: - enum: - - custom - - default - - erase-cookies - - redirect - - soap-fault - type: string - responseContent: - type: string - responseHeader: - type: string - responsePageType: - enum: - - ajax - - ajax-login - - captcha - - captcha-fail - - default - - failed-login-honeypot - - failed-login-honeypot-ajax - - hijack - - leaked-credentials - - leaked-credentials-ajax - - mobile - - persistent-flow - - xml - - grpc - type: string - responseRedirectUrl: - type: string - type: object - type: array - responsePageReference: - properties: - link: - pattern: ^http - type: string - type: object - sensitive-parameters: - items: - properties: - $action: - enum: - - delete - type: string - name: - type: string - type: object - type: array - sensitiveParameterReference: - properties: - link: - pattern: ^http - type: string - type: object - server-technologies: - items: - properties: - $action: - enum: - - delete - type: string - serverTechnologyName: - enum: - - Jenkins - - SharePoint - - Oracle Application Server - - Python - - Oracle Identity Manager - - Spring Boot - - CouchDB - - SQLite - - Handlebars - - Mustache - - Prototype - - Zend - - Redis - - Underscore.js - - Ember.js - - ZURB Foundation - - ef.js - - Vue.js - - UIKit - - TYPO3 CMS - - RequireJS - - React - - MooTools - - Laravel - - GraphQL - - Google Web Toolkit - - Express.js - - CodeIgniter - - Backbone.js - - AngularJS - - JavaScript - - Nginx - - Jetty - - Joomla - - JavaServer Faces (JSF) - - Ruby - - MongoDB - - Django - - Node.js - - Citrix - - JBoss - - Elasticsearch - - Apache Struts - - XML - - PostgreSQL - - IBM DB2 - - Sybase/ASE - - CGI - - Proxy Servers - - SSI (Server Side Includes) - - Cisco - - Novell - - Macromedia JRun - - BEA Systems WebLogic Server - - Lotus Domino - - MySQL - - Oracle - - Microsoft SQL Server - - PHP - - Outlook Web Access - - Apache/NCSA HTTP Server - - Apache Tomcat - - WordPress - - Macromedia ColdFusion - - Unix/Linux - - Microsoft Windows - - ASP.NET - - Front Page Server Extensions (FPSE) - - IIS - - WebDAV - - ASP - - Java Servlets/JSP - - jQuery - type: string - type: object - type: array - serverTechnologyReference: - properties: - link: - pattern: ^http - type: string - type: object - signature-requirements: - items: - properties: - $action: - enum: - - delete - type: string - tag: - type: string - type: object - type: array - signature-sets: - items: - properties: - $action: - enum: - - delete - type: string - alarm: - type: boolean - block: - type: boolean - name: - type: string - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - signature-settings: - properties: - attackSignatureFalsePositiveMode: - enum: - - detect - - detect-and-allow - - disabled - type: string - minimumAccuracyForAutoAddedSignatures: - enum: - - high - - low - - medium - type: string - type: object - signatureReference: - properties: - link: - pattern: ^http - type: string - type: object - signatureSetReference: - properties: - link: - pattern: ^http - type: string - type: object - signatureSettingReference: - properties: - link: - pattern: ^http - type: string - type: object - signatures: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - softwareVersion: - type: string - template: - properties: - name: - type: string - type: object - threat-campaigns: - items: - properties: - isEnabled: - type: boolean - name: - type: string - type: object - type: array - threatCampaignReference: - properties: - link: - pattern: ^http - type: string - type: object - urlReference: - properties: - link: - pattern: ^http - type: string - type: object - urls: - items: - properties: - $action: - enum: - - delete - type: string - allowRenderingInFrames: - enum: - - never - - only-same - type: string - allowRenderingInFramesOnlyFrom: - type: string - attackSignaturesCheck: - type: boolean - clickjackingProtection: - type: boolean - description: - type: string - disallowFileUploadOfExecutables: - type: boolean - html5CrossOriginRequestsEnforcement: - properties: - allowOriginsEnforcementMode: - enum: - - replace-with - - unmodified - type: string - checkAllowedMethods: - type: boolean - crossDomainAllowedOrigin: - items: - properties: - includeSubDomains: - type: boolean - originName: - type: string - originPort: - pattern: any|\d+ - type: string - originProtocol: - enum: - - http - - http/https - - https - type: string - type: object - type: array - enforcementMode: - enum: - - disabled - - enforce - type: string - type: object - isAllowed: - type: boolean - mandatoryBody: - type: boolean - metacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - metacharsOnUrlCheck: - type: boolean - method: - enum: - - ACL - - BCOPY - - BDELETE - - BMOVE - - BPROPFIND - - BPROPPATCH - - CHECKIN - - CHECKOUT - - CONNECT - - COPY - - DELETE - - GET - - HEAD - - LINK - - LOCK - - MERGE - - MKCOL - - MKWORKSPACE - - MOVE - - NOTIFY - - OPTIONS - - PATCH - - POLL - - POST - - PROPFIND - - PROPPATCH - - PUT - - REPORT - - RPC_IN_DATA - - RPC_OUT_DATA - - SEARCH - - SUBSCRIBE - - TRACE - - TRACK - - UNLINK - - UNLOCK - - UNSUBSCRIBE - - VERSION_CONTROL - - X-MS-ENUMATTS - - '*' - type: string - methodOverrides: - items: - properties: - allowed: - type: boolean - method: - enum: - - ACL - - BCOPY - - BDELETE - - BMOVE - - BPROPFIND - - BPROPPATCH - - CHECKIN - - CHECKOUT - - CONNECT - - COPY - - DELETE - - GET - - HEAD - - LINK - - LOCK - - MERGE - - MKCOL - - MKWORKSPACE - - MOVE - - NOTIFY - - OPTIONS - - PATCH - - POLL - - POST - - PROPFIND - - PROPPATCH - - PUT - - REPORT - - RPC_IN_DATA - - RPC_OUT_DATA - - SEARCH - - SUBSCRIBE - - TRACE - - TRACK - - UNLINK - - UNLOCK - - UNSUBSCRIBE - - VERSION_CONTROL - - X-MS-ENUMATTS - type: string - type: object - type: array - methodsOverrideOnUrlCheck: - type: boolean - name: - type: string - operationId: - type: string - positionalParameters: - items: - properties: - parameter: - properties: - $action: - enum: - - delete - type: string - allowEmptyValue: - type: boolean - allowRepeatedParameterName: - type: boolean - arraySerializationFormat: - enum: - - csv - - form - - label - - matrix - - multi - - multipart - - pipe - - ssv - - tsv - type: string - attackSignaturesCheck: - type: boolean - checkMaxValue: - type: boolean - checkMaxValueLength: - type: boolean - checkMetachars: - type: boolean - checkMinValue: - type: boolean - checkMinValueLength: - type: boolean - checkMultipleOfValue: - type: boolean - contentProfile: - properties: - name: - type: string - type: object - dataType: - enum: - - alpha-numeric - - binary - - boolean - - decimal - - email - - integer - - none - - phone - type: string - decodeValueAsBase64: - enum: - - enabled - - disabled - - required - type: string - disallowFileUploadOfExecutables: - type: boolean - enableRegularExpression: - type: boolean - exclusiveMax: - type: boolean - exclusiveMin: - type: boolean - isBase64: - type: boolean - isCookie: - type: boolean - isHeader: - type: boolean - level: - enum: - - global - - url - type: string - mandatory: - type: boolean - maximumLength: - type: integer - maximumValue: - type: integer - metacharsOnParameterValueCheck: - type: boolean - minimumLength: - type: integer - minimumValue: - type: integer - multipleOf: - type: integer - name: - type: string - nameMetacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - objectSerializationStyle: - type: string - parameterEnumValues: - items: - type: string - type: array - parameterLocation: - enum: - - any - - cookie - - form-data - - header - - path - - query - type: string - regularExpression: - type: string - sensitiveParameter: - type: boolean - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - staticValues: - type: string - type: - enum: - - explicit - - wildcard - type: string - url: - type: object - valueMetacharOverrides: - items: - properties: - isAllowed: - type: boolean - metachar: - type: string - type: object - type: array - valueType: - enum: - - array - - auto-detect - - dynamic-content - - dynamic-parameter-name - - ignore - - json - - object - - openapi-array - - static-content - - user-input - - xml - type: string - wildcardOrder: - type: integer - type: object - urlSegmentIndex: - type: integer - type: object - type: array - protocol: - enum: - - http - - https - type: string - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - type: - enum: - - explicit - - wildcard - type: string - urlContentProfiles: - items: - properties: - contentProfile: - properties: - name: - type: string - type: object - headerName: - type: string - headerOrder: - type: string - headerValue: - type: string - name: - type: string - type: - enum: - - apply-content-signatures - - apply-value-and-content-signatures - - disallow - - do-nothing - - form-data - - gwt - - json - - xml - - grpc - type: string - type: object - type: array - wildcardOrder: - type: integer - type: object - type: array - whitelist-ips: - items: - properties: - $action: - enum: - - delete - type: string - blockRequests: - enum: - - always - - never - - policy-default - type: string - ipAddress: - pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' - type: string - ipMask: - pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' - type: string - neverLogRequests: - type: boolean - type: object - type: array - whitelistIpReference: - properties: - link: - pattern: ^http - type: string - type: object - xml-profiles: - items: - properties: - $action: - enum: - - delete - type: string - attackSignaturesCheck: - type: boolean - defenseAttributes: - properties: - allowCDATA: - type: boolean - allowDTDs: - type: boolean - allowExternalReferences: - type: boolean - allowProcessingInstructions: - type: boolean - maximumAttributeValueLength: - pattern: any|\d+ - type: string - maximumAttributesPerElement: - pattern: any|\d+ - type: string - maximumChildrenPerElement: - pattern: any|\d+ - type: string - maximumDocumentDepth: - pattern: any|\d+ - type: string - maximumDocumentSize: - pattern: any|\d+ - type: string - maximumElements: - pattern: any|\d+ - type: string - maximumNSDeclarations: - pattern: any|\d+ - type: string - maximumNameLength: - pattern: any|\d+ - type: string - maximumNamespaceLength: - pattern: any|\d+ - type: string - tolerateCloseTagShorthand: - type: boolean - tolerateLeadingWhiteSpace: - type: boolean - tolerateNumericNames: - type: boolean - type: object - description: - type: string - enableWss: - type: boolean - followSchemaLinks: - type: boolean - name: - type: string - signatureOverrides: - items: - properties: - enabled: - type: boolean - name: - type: string - signatureId: - type: integer - tag: - type: string - type: object - type: array - type: object - type: array - xml-validation-files: - items: - properties: - $action: - enum: - - delete - type: string - contents: - type: string - fileName: - type: string - isBase64: - type: boolean - type: object - type: array - xmlProfileReference: - properties: - link: - pattern: ^http - type: string - type: object - xmlValidationFileReference: - properties: - link: - pattern: ^http - type: string - type: object - type: object - type: object - type: object - served: true - storage: true diff --git a/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml b/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml deleted file mode 100644 index 34eb0784f4..0000000000 --- a/deployments/helm-chart/crds/appprotect.f5.com_apusersigs.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null - name: apusersigs.appprotect.f5.com -spec: - group: appprotect.f5.com - names: - kind: APUserSig - listKind: APUserSigList - plural: apusersigs - singular: apusersig - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: APUserSig is the Schema for the apusersigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: APUserSigSpec defines the desired state of APUserSig - properties: - properties: - type: string - signatures: - items: - properties: - accuracy: - enum: - - high - - medium - - low - type: string - attackType: - properties: - name: - type: string - type: object - description: - type: string - name: - type: string - references: - properties: - type: - enum: - - bugtraq - - cve - - nessus - - url - type: string - value: - type: string - type: object - risk: - enum: - - high - - medium - - low - type: string - rule: - type: string - signatureType: - enum: - - request - - response - type: string - systems: - items: - properties: - name: - type: string - type: object - type: array - type: object - type: array - tag: - type: string - type: object - type: object - served: true - storage: true diff --git a/deployments/helm-chart/crds/appprotectdos.f5.com_apdoslogconfs.yaml b/deployments/helm-chart/crds/appprotectdos.f5.com_apdoslogconfs.yaml deleted file mode 100644 index e23e87184b..0000000000 --- a/deployments/helm-chart/crds/appprotectdos.f5.com_apdoslogconfs.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: apdoslogconfs.appprotectdos.f5.com -spec: - group: appprotectdos.f5.com - names: - kind: APDosLogConf - listKind: APDosLogConfList - plural: apdoslogconfs - singular: apdoslogconf - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: APDosLogConf is the Schema for the APDosLogConfs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: APDosLogConfSpec defines the desired state of APDosLogConf - properties: - content: - properties: - format: - enum: - - splunk - - arcsight - - user-defined - type: string - format_string: - type: string - max_message_size: - pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$ - type: string - type: object - filter: - properties: - traffic-mitigation-stats: - enum: - - none - - all - default: all - type: string - bad-actors: - pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$ - default: top 10 - type: string - attack-signatures: - pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$ - default: top 10 - type: string - type: object - type: object - type: object - served: true - storage: true diff --git a/deployments/helm-chart/crds/appprotectdos.f5.com_apdospolicy.yaml b/deployments/helm-chart/crds/appprotectdos.f5.com_apdospolicy.yaml deleted file mode 100644 index a16399a1a2..0000000000 --- a/deployments/helm-chart/crds/appprotectdos.f5.com_apdospolicy.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: apdospolicies.appprotectdos.f5.com -spec: - group: appprotectdos.f5.com - names: - kind: APDosPolicy - listKind: APDosPoliciesList - plural: apdospolicies - singular: apdospolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - type: object - description: APDosPolicy is the Schema for the APDosPolicy API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - description: APDosPolicySpec defines the desired state of APDosPolicy - properties: - mitigation_mode: - enum: - - "standard" - - "conservative" - - "none" - default: "standard" - type: string - signatures: - enum: - - "on" - - "off" - default: "on" - type: string - bad_actors: - enum: - - "on" - - "off" - default: "on" - type: string - automation_tools_detection: - enum: - - "on" - - "off" - default: "on" - type: string - tls_fingerprint: - enum: - - "on" - - "off" - default: "on" - type: string - served: true - storage: true diff --git a/deployments/helm-chart/crds/appprotectdos.f5.com_dosprotectedresources.yaml b/deployments/helm-chart/crds/appprotectdos.f5.com_dosprotectedresources.yaml deleted file mode 100644 index 53a51c4939..0000000000 --- a/deployments/helm-chart/crds/appprotectdos.f5.com_dosprotectedresources.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: dosprotectedresources.appprotectdos.f5.com -spec: - group: appprotectdos.f5.com - names: - kind: DosProtectedResource - listKind: DosProtectedResourceList - plural: dosprotectedresources - shortNames: - - pr - singular: dosprotectedresource - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: DosProtectedResource defines a Dos protected resource. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DosProtectedResourceSpec defines the properties and values a DosProtectedResource can have. - type: object - properties: - apDosMonitor: - description: 'ApDosMonitor is how NGINX App Protect DoS monitors the stress level of the protected object. The monitor requests are sent from localhost (127.0.0.1). Default value: URI - None, protocol - http1, timeout - NGINX App Protect DoS default.' - type: object - properties: - protocol: - description: Protocol determines if the server listens on http1 / http2 / grpc / websocket. The default is http1. - type: string - enum: - - http1 - - http2 - - grpc - - websocket - timeout: - description: Timeout determines how long (in seconds) should NGINX App Protect DoS wait for a response. Default is 10 seconds for http1/http2 and 5 seconds for grpc. - type: integer - format: int64 - uri: - description: 'URI is the destination to the desired protected object in the nginx.conf:' - type: string - apDosPolicy: - description: ApDosPolicy is the namespace/name of a ApDosPolicy resource - type: string - dosAccessLogDest: - description: DosAccessLogDest is the network address for the access logs - type: string - dosSecurityLog: - description: DosSecurityLog defines the security log of the DosProtectedResource. - type: object - properties: - apDosLogConf: - description: ApDosLogConf is the namespace/name of a APDosLogConf resource - type: string - dosLogDest: - description: DosLogDest is the network address of a logging service, can be either IP or DNS name. - type: string - enable: - description: Enable enables the security logging feature if set to true - type: boolean - enable: - description: Enable enables the DOS feature if set to true - type: boolean - name: - description: Name is the name of protected object, max of 63 characters. - type: string - served: true - storage: true diff --git a/deployments/helm-chart/crds/externaldns.nginx.org_dnsendpoints.yaml b/deployments/helm-chart/crds/externaldns.nginx.org_dnsendpoints.yaml deleted file mode 100644 index 82790713bf..0000000000 --- a/deployments/helm-chart/crds/externaldns.nginx.org_dnsendpoints.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: dnsendpoints.externaldns.nginx.org -spec: - group: externaldns.nginx.org - names: - kind: DNSEndpoint - listKind: DNSEndpointList - plural: dnsendpoints - singular: dnsendpoint - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: DNSEndpoint is the CRD wrapper for Endpoint - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DNSEndpointSpec holds information about endpoints. - type: object - properties: - endpoints: - type: array - items: - description: Endpoint describes DNS Endpoint. - type: object - properties: - dnsName: - description: The hostname for the DNS record - type: string - labels: - description: Labels stores labels defined for the Endpoint - type: object - additionalProperties: - type: string - providerSpecific: - description: ProviderSpecific stores provider specific config - type: array - items: - description: ProviderSpecificProperty represents provider specific config property. - type: object - properties: - name: - description: Name of the property - type: string - value: - description: Value of the property - type: string - recordTTL: - description: TTL for the record - type: integer - format: int64 - recordType: - description: RecordType type of record, e.g. CNAME, A, SRV, TXT, MX - type: string - targets: - description: The targets the DNS service points to - type: array - items: - type: string - status: - description: DNSEndpointStatus represents generation observed by the external dns controller. - type: object - properties: - observedGeneration: - description: The generation observed by by the external-dns controller. - type: integer - format: int64 - served: true - storage: true - subresources: - status: {} diff --git a/deployments/helm-chart/crds/k8s.nginx.org_globalconfigurations.yaml b/deployments/helm-chart/crds/k8s.nginx.org_globalconfigurations.yaml deleted file mode 100644 index b0dc371fd7..0000000000 --- a/deployments/helm-chart/crds/k8s.nginx.org_globalconfigurations.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: globalconfigurations.k8s.nginx.org -spec: - group: k8s.nginx.org - names: - kind: GlobalConfiguration - listKind: GlobalConfigurationList - plural: globalconfigurations - shortNames: - - gc - singular: globalconfiguration - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: GlobalConfiguration defines the GlobalConfiguration resource. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GlobalConfigurationSpec is the spec of the GlobalConfiguration resource. - type: object - properties: - listeners: - type: array - items: - description: Listener defines a listener. - type: object - properties: - name: - type: string - port: - type: integer - protocol: - type: string - ssl: - type: boolean - served: true - storage: true diff --git a/deployments/helm-chart/crds/k8s.nginx.org_policies.yaml b/deployments/helm-chart/crds/k8s.nginx.org_policies.yaml deleted file mode 100644 index 907c22a88f..0000000000 --- a/deployments/helm-chart/crds/k8s.nginx.org_policies.yaml +++ /dev/null @@ -1,303 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: policies.k8s.nginx.org -spec: - group: k8s.nginx.org - names: - kind: Policy - listKind: PolicyList - plural: policies - shortNames: - - pol - singular: policy - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Current state of the Policy. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller. - jsonPath: .status.state - name: State - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed. - type: object - properties: - accessControl: - description: AccessControl defines an access policy based on the source IP of a request. - type: object - properties: - allow: - type: array - items: - type: string - deny: - type: array - items: - type: string - basicAuth: - description: 'BasicAuth holds HTTP Basic authentication configuration policy status: preview' - type: object - properties: - realm: - type: string - secret: - type: string - egressMTLS: - description: EgressMTLS defines an Egress MTLS policy. - type: object - properties: - ciphers: - type: string - protocols: - type: string - serverName: - type: boolean - sessionReuse: - type: boolean - sslName: - type: string - tlsSecret: - type: string - trustedCertSecret: - type: string - verifyDepth: - type: integer - verifyServer: - type: boolean - ingressClassName: - type: string - ingressMTLS: - description: IngressMTLS defines an Ingress MTLS policy. - type: object - properties: - clientCertSecret: - type: string - crlFileName: - type: string - verifyClient: - type: string - verifyDepth: - type: integer - jwt: - description: JWTAuth holds JWT authentication configuration. - type: object - properties: - jwksURI: - type: string - keyCache: - type: string - realm: - type: string - secret: - type: string - token: - type: string - oidc: - description: OIDC defines an Open ID Connect policy. - type: object - properties: - accessTokenEnable: - type: boolean - authEndpoint: - type: string - authExtraArgs: - type: array - items: - type: string - clientID: - type: string - clientSecret: - type: string - jwksURI: - type: string - redirectURI: - type: string - scope: - type: string - tokenEndpoint: - type: string - zoneSyncLeeway: - type: integer - rateLimit: - description: RateLimit defines a rate limit policy. - type: object - properties: - burst: - type: integer - delay: - type: integer - dryRun: - type: boolean - key: - type: string - logLevel: - type: string - noDelay: - type: boolean - rate: - type: string - rejectCode: - type: integer - zoneSize: - type: string - waf: - description: WAF defines an WAF policy. - type: object - properties: - apBundle: - type: string - apPolicy: - type: string - enable: - type: boolean - securityLog: - description: SecurityLog defines the security log of a WAF policy. - type: object - properties: - apLogConf: - type: string - enable: - type: boolean - logDest: - type: string - securityLogs: - type: array - items: - description: SecurityLog defines the security log of a WAF policy. - type: object - properties: - apLogConf: - type: string - enable: - type: boolean - logDest: - type: string - status: - description: PolicyStatus is the status of the policy resource - type: object - properties: - message: - type: string - reason: - type: string - state: - type: string - served: true - storage: true - subresources: - status: {} - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Policy defines a Policy for VirtualServer and VirtualServerRoute resources. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PolicySpec is the spec of the Policy resource. The spec includes multiple fields, where each field represents a different policy. Only one policy (field) is allowed. - type: object - properties: - accessControl: - description: AccessControl defines an access policy based on the source IP of a request. - type: object - properties: - allow: - type: array - items: - type: string - deny: - type: array - items: - type: string - egressMTLS: - description: EgressMTLS defines an Egress MTLS policy. - type: object - properties: - ciphers: - type: string - protocols: - type: string - serverName: - type: boolean - sessionReuse: - type: boolean - sslName: - type: string - tlsSecret: - type: string - trustedCertSecret: - type: string - verifyDepth: - type: integer - verifyServer: - type: boolean - ingressMTLS: - description: IngressMTLS defines an Ingress MTLS policy. - type: object - properties: - clientCertSecret: - type: string - verifyClient: - type: string - verifyDepth: - type: integer - jwt: - description: JWTAuth holds JWT authentication configuration. - type: object - properties: - realm: - type: string - secret: - type: string - token: - type: string - rateLimit: - description: RateLimit defines a rate limit policy. - type: object - properties: - burst: - type: integer - delay: - type: integer - dryRun: - type: boolean - key: - type: string - logLevel: - type: string - noDelay: - type: boolean - rate: - type: string - rejectCode: - type: integer - zoneSize: - type: string - served: true - storage: false diff --git a/deployments/helm-chart/crds/k8s.nginx.org_transportservers.yaml b/deployments/helm-chart/crds/k8s.nginx.org_transportservers.yaml deleted file mode 100644 index b1448e9e3b..0000000000 --- a/deployments/helm-chart/crds/k8s.nginx.org_transportservers.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: transportservers.k8s.nginx.org -spec: - group: k8s.nginx.org - names: - kind: TransportServer - listKind: TransportServerList - plural: transportservers - shortNames: - - ts - singular: transportserver - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Current state of the TransportServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller. - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.reason - name: Reason - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: TransportServer defines the TransportServer resource. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TransportServerSpec is the spec of the TransportServer resource. - type: object - properties: - action: - description: Action defines an action. - type: object - properties: - pass: - type: string - host: - type: string - ingressClassName: - type: string - listener: - description: TransportServerListener defines a listener for a TransportServer. - type: object - properties: - name: - type: string - protocol: - type: string - serverSnippets: - type: string - sessionParameters: - description: SessionParameters defines session parameters. - type: object - properties: - timeout: - type: string - streamSnippets: - type: string - tls: - description: TLS defines TLS configuration for a TransportServer. - type: object - properties: - secret: - type: string - upstreamParameters: - description: UpstreamParameters defines parameters for an upstream. - type: object - properties: - connectTimeout: - type: string - nextUpstream: - type: boolean - nextUpstreamTimeout: - type: string - nextUpstreamTries: - type: integer - udpRequests: - type: integer - udpResponses: - type: integer - upstreams: - type: array - items: - description: Upstream defines an upstream. - type: object - properties: - failTimeout: - type: string - healthCheck: - description: HealthCheck defines the parameters for active Upstream HealthChecks. - type: object - properties: - enable: - type: boolean - fails: - type: integer - interval: - type: string - jitter: - type: string - match: - description: Match defines the parameters of a custom health check. - type: object - properties: - expect: - type: string - send: - type: string - passes: - type: integer - port: - type: integer - timeout: - type: string - loadBalancingMethod: - type: string - maxConns: - type: integer - maxFails: - type: integer - name: - type: string - port: - type: integer - service: - type: string - status: - description: TransportServerStatus defines the status for the TransportServer resource. - type: object - properties: - message: - type: string - reason: - type: string - state: - type: string - served: true - storage: true - subresources: - status: {} diff --git a/deployments/helm-chart/crds/k8s.nginx.org_virtualserverroutes.yaml b/deployments/helm-chart/crds/k8s.nginx.org_virtualserverroutes.yaml deleted file mode 100644 index d21640a398..0000000000 --- a/deployments/helm-chart/crds/k8s.nginx.org_virtualserverroutes.yaml +++ /dev/null @@ -1,638 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: virtualserverroutes.k8s.nginx.org -spec: - group: k8s.nginx.org - names: - kind: VirtualServerRoute - listKind: VirtualServerRouteList - plural: virtualserverroutes - shortNames: - - vsr - singular: virtualserverroute - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Current state of the VirtualServerRoute. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller. - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.host - name: Host - type: string - - jsonPath: .status.externalEndpoints[*].ip - name: IP - type: string - - jsonPath: .status.externalEndpoints[*].hostname - name: ExternalHostname - priority: 1 - type: string - - jsonPath: .status.externalEndpoints[*].ports - name: Ports - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VirtualServerRoute defines the VirtualServerRoute resource. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VirtualServerRouteSpec is the spec of the VirtualServerRoute resource. - type: object - properties: - host: - type: string - ingressClassName: - type: string - subroutes: - type: array - items: - description: Route defines a route. - type: object - properties: - action: - description: Action defines an action. - type: object - properties: - pass: - type: string - proxy: - description: ActionProxy defines a proxy in an Action. - type: object - properties: - requestHeaders: - description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. - type: object - properties: - pass: - type: boolean - set: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - responseHeaders: - description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. - type: object - properties: - add: - type: array - items: - description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. - type: object - properties: - always: - type: boolean - name: - type: string - value: - type: string - hide: - type: array - items: - type: string - ignore: - type: array - items: - type: string - pass: - type: array - items: - type: string - rewritePath: - type: string - upstream: - type: string - redirect: - description: ActionRedirect defines a redirect in an Action. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ActionReturn defines a return in an Action. - type: object - properties: - body: - type: string - code: - type: integer - type: - type: string - dos: - type: string - errorPages: - type: array - items: - description: ErrorPage defines an ErrorPage in a Route. - type: object - properties: - codes: - type: array - items: - type: integer - redirect: - description: ErrorPageRedirect defines a redirect for an ErrorPage. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ErrorPageReturn defines a return for an ErrorPage. - type: object - properties: - body: - type: string - code: - type: integer - headers: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - type: - type: string - location-snippets: - type: string - matches: - type: array - items: - description: Match defines a match. - type: object - properties: - action: - description: Action defines an action. - type: object - properties: - pass: - type: string - proxy: - description: ActionProxy defines a proxy in an Action. - type: object - properties: - requestHeaders: - description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. - type: object - properties: - pass: - type: boolean - set: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - responseHeaders: - description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. - type: object - properties: - add: - type: array - items: - description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. - type: object - properties: - always: - type: boolean - name: - type: string - value: - type: string - hide: - type: array - items: - type: string - ignore: - type: array - items: - type: string - pass: - type: array - items: - type: string - rewritePath: - type: string - upstream: - type: string - redirect: - description: ActionRedirect defines a redirect in an Action. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ActionReturn defines a return in an Action. - type: object - properties: - body: - type: string - code: - type: integer - type: - type: string - conditions: - type: array - items: - description: Condition defines a condition in a MatchRule. - type: object - properties: - argument: - type: string - cookie: - type: string - header: - type: string - value: - type: string - variable: - type: string - splits: - type: array - items: - description: Split defines a split. - type: object - properties: - action: - description: Action defines an action. - type: object - properties: - pass: - type: string - proxy: - description: ActionProxy defines a proxy in an Action. - type: object - properties: - requestHeaders: - description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. - type: object - properties: - pass: - type: boolean - set: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - responseHeaders: - description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. - type: object - properties: - add: - type: array - items: - description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. - type: object - properties: - always: - type: boolean - name: - type: string - value: - type: string - hide: - type: array - items: - type: string - ignore: - type: array - items: - type: string - pass: - type: array - items: - type: string - rewritePath: - type: string - upstream: - type: string - redirect: - description: ActionRedirect defines a redirect in an Action. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ActionReturn defines a return in an Action. - type: object - properties: - body: - type: string - code: - type: integer - type: - type: string - weight: - type: integer - path: - type: string - policies: - type: array - items: - description: PolicyReference references a policy by name and an optional namespace. - type: object - properties: - name: - type: string - namespace: - type: string - route: - type: string - splits: - type: array - items: - description: Split defines a split. - type: object - properties: - action: - description: Action defines an action. - type: object - properties: - pass: - type: string - proxy: - description: ActionProxy defines a proxy in an Action. - type: object - properties: - requestHeaders: - description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. - type: object - properties: - pass: - type: boolean - set: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - responseHeaders: - description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. - type: object - properties: - add: - type: array - items: - description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. - type: object - properties: - always: - type: boolean - name: - type: string - value: - type: string - hide: - type: array - items: - type: string - ignore: - type: array - items: - type: string - pass: - type: array - items: - type: string - rewritePath: - type: string - upstream: - type: string - redirect: - description: ActionRedirect defines a redirect in an Action. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ActionReturn defines a return in an Action. - type: object - properties: - body: - type: string - code: - type: integer - type: - type: string - weight: - type: integer - upstreams: - type: array - items: - description: Upstream defines an upstream. - type: object - properties: - buffer-size: - type: string - buffering: - type: boolean - buffers: - description: UpstreamBuffers defines Buffer Configuration for an Upstream. - type: object - properties: - number: - type: integer - size: - type: string - client-max-body-size: - type: string - connect-timeout: - type: string - fail-timeout: - type: string - healthCheck: - description: HealthCheck defines the parameters for active Upstream HealthChecks. - type: object - properties: - connect-timeout: - type: string - enable: - type: boolean - fails: - type: integer - grpcService: - type: string - grpcStatus: - type: integer - headers: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - interval: - type: string - jitter: - type: string - keepalive-time: - type: string - mandatory: - type: boolean - passes: - type: integer - path: - type: string - persistent: - type: boolean - port: - type: integer - read-timeout: - type: string - send-timeout: - type: string - statusMatch: - type: string - tls: - description: UpstreamTLS defines a TLS configuration for an Upstream. - type: object - properties: - enable: - type: boolean - keepalive: - type: integer - lb-method: - type: string - max-conns: - type: integer - max-fails: - type: integer - name: - type: string - next-upstream: - type: string - next-upstream-timeout: - type: string - next-upstream-tries: - type: integer - ntlm: - type: boolean - port: - type: integer - queue: - description: UpstreamQueue defines Queue Configuration for an Upstream. - type: object - properties: - size: - type: integer - timeout: - type: string - read-timeout: - type: string - send-timeout: - type: string - service: - type: string - sessionCookie: - description: SessionCookie defines the parameters for session persistence. - type: object - properties: - domain: - type: string - enable: - type: boolean - expires: - type: string - httpOnly: - type: boolean - name: - type: string - path: - type: string - samesite: - type: string - secure: - type: boolean - slow-start: - type: string - subselector: - type: object - additionalProperties: - type: string - tls: - description: UpstreamTLS defines a TLS configuration for an Upstream. - type: object - properties: - enable: - type: boolean - type: - type: string - use-cluster-ip: - type: boolean - status: - description: VirtualServerRouteStatus defines the status for the VirtualServerRoute resource. - type: object - properties: - externalEndpoints: - type: array - items: - description: ExternalEndpoint defines the IP/ Hostname and ports used to connect to this resource. - type: object - properties: - hostname: - type: string - ip: - type: string - ports: - type: string - message: - type: string - reason: - type: string - referencedBy: - type: string - state: - type: string - served: true - storage: true - subresources: - status: {} diff --git a/deployments/helm-chart/crds/k8s.nginx.org_virtualservers.yaml b/deployments/helm-chart/crds/k8s.nginx.org_virtualservers.yaml deleted file mode 100644 index 189cce4f6e..0000000000 --- a/deployments/helm-chart/crds/k8s.nginx.org_virtualservers.yaml +++ /dev/null @@ -1,731 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.13.0 - name: virtualservers.k8s.nginx.org -spec: - group: k8s.nginx.org - names: - kind: VirtualServer - listKind: VirtualServerList - plural: virtualservers - shortNames: - - vs - singular: virtualserver - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Current state of the VirtualServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller. - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.host - name: Host - type: string - - jsonPath: .status.externalEndpoints[*].ip - name: IP - type: string - - jsonPath: .status.externalEndpoints[*].hostname - name: ExternalHostname - priority: 1 - type: string - - jsonPath: .status.externalEndpoints[*].ports - name: Ports - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VirtualServer defines the VirtualServer resource. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VirtualServerSpec is the spec of the VirtualServer resource. - type: object - properties: - dos: - type: string - externalDNS: - description: ExternalDNS defines externaldns sub-resource of a virtual server. - type: object - properties: - enable: - type: boolean - labels: - description: Labels stores labels defined for the Endpoint - type: object - additionalProperties: - type: string - providerSpecific: - description: ProviderSpecific stores provider specific config - type: array - items: - description: ProviderSpecificProperty defines specific property for using with ExternalDNS sub-resource. - type: object - properties: - name: - description: Name of the property - type: string - value: - description: Value of the property - type: string - recordTTL: - description: TTL for the record - type: integer - format: int64 - recordType: - type: string - gunzip: - type: boolean - host: - type: string - http-snippets: - type: string - ingressClassName: - type: string - internalRoute: - description: InternalRoute allows for the configuration of internal routing. - type: boolean - listener: - description: Listener references a custom http and/or https listener defined in GlobalConfiguration. - type: object - properties: - http: - type: string - https: - type: string - policies: - type: array - items: - description: PolicyReference references a policy by name and an optional namespace. - type: object - properties: - name: - type: string - namespace: - type: string - routes: - type: array - items: - description: Route defines a route. - type: object - properties: - action: - description: Action defines an action. - type: object - properties: - pass: - type: string - proxy: - description: ActionProxy defines a proxy in an Action. - type: object - properties: - requestHeaders: - description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. - type: object - properties: - pass: - type: boolean - set: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - responseHeaders: - description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. - type: object - properties: - add: - type: array - items: - description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. - type: object - properties: - always: - type: boolean - name: - type: string - value: - type: string - hide: - type: array - items: - type: string - ignore: - type: array - items: - type: string - pass: - type: array - items: - type: string - rewritePath: - type: string - upstream: - type: string - redirect: - description: ActionRedirect defines a redirect in an Action. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ActionReturn defines a return in an Action. - type: object - properties: - body: - type: string - code: - type: integer - type: - type: string - dos: - type: string - errorPages: - type: array - items: - description: ErrorPage defines an ErrorPage in a Route. - type: object - properties: - codes: - type: array - items: - type: integer - redirect: - description: ErrorPageRedirect defines a redirect for an ErrorPage. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ErrorPageReturn defines a return for an ErrorPage. - type: object - properties: - body: - type: string - code: - type: integer - headers: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - type: - type: string - location-snippets: - type: string - matches: - type: array - items: - description: Match defines a match. - type: object - properties: - action: - description: Action defines an action. - type: object - properties: - pass: - type: string - proxy: - description: ActionProxy defines a proxy in an Action. - type: object - properties: - requestHeaders: - description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. - type: object - properties: - pass: - type: boolean - set: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - responseHeaders: - description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. - type: object - properties: - add: - type: array - items: - description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. - type: object - properties: - always: - type: boolean - name: - type: string - value: - type: string - hide: - type: array - items: - type: string - ignore: - type: array - items: - type: string - pass: - type: array - items: - type: string - rewritePath: - type: string - upstream: - type: string - redirect: - description: ActionRedirect defines a redirect in an Action. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ActionReturn defines a return in an Action. - type: object - properties: - body: - type: string - code: - type: integer - type: - type: string - conditions: - type: array - items: - description: Condition defines a condition in a MatchRule. - type: object - properties: - argument: - type: string - cookie: - type: string - header: - type: string - value: - type: string - variable: - type: string - splits: - type: array - items: - description: Split defines a split. - type: object - properties: - action: - description: Action defines an action. - type: object - properties: - pass: - type: string - proxy: - description: ActionProxy defines a proxy in an Action. - type: object - properties: - requestHeaders: - description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. - type: object - properties: - pass: - type: boolean - set: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - responseHeaders: - description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. - type: object - properties: - add: - type: array - items: - description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. - type: object - properties: - always: - type: boolean - name: - type: string - value: - type: string - hide: - type: array - items: - type: string - ignore: - type: array - items: - type: string - pass: - type: array - items: - type: string - rewritePath: - type: string - upstream: - type: string - redirect: - description: ActionRedirect defines a redirect in an Action. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ActionReturn defines a return in an Action. - type: object - properties: - body: - type: string - code: - type: integer - type: - type: string - weight: - type: integer - path: - type: string - policies: - type: array - items: - description: PolicyReference references a policy by name and an optional namespace. - type: object - properties: - name: - type: string - namespace: - type: string - route: - type: string - splits: - type: array - items: - description: Split defines a split. - type: object - properties: - action: - description: Action defines an action. - type: object - properties: - pass: - type: string - proxy: - description: ActionProxy defines a proxy in an Action. - type: object - properties: - requestHeaders: - description: ProxyRequestHeaders defines the request headers manipulation in an ActionProxy. - type: object - properties: - pass: - type: boolean - set: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - responseHeaders: - description: ProxyResponseHeaders defines the response headers manipulation in an ActionProxy. - type: object - properties: - add: - type: array - items: - description: AddHeader defines an HTTP Header with an optional Always field to use with the add_header NGINX directive. - type: object - properties: - always: - type: boolean - name: - type: string - value: - type: string - hide: - type: array - items: - type: string - ignore: - type: array - items: - type: string - pass: - type: array - items: - type: string - rewritePath: - type: string - upstream: - type: string - redirect: - description: ActionRedirect defines a redirect in an Action. - type: object - properties: - code: - type: integer - url: - type: string - return: - description: ActionReturn defines a return in an Action. - type: object - properties: - body: - type: string - code: - type: integer - type: - type: string - weight: - type: integer - server-snippets: - type: string - tls: - description: TLS defines TLS configuration for a VirtualServer. - type: object - properties: - cert-manager: - description: CertManager defines a cert manager config for a TLS. - type: object - properties: - cluster-issuer: - type: string - common-name: - type: string - duration: - type: string - issuer: - type: string - issuer-group: - type: string - issuer-kind: - type: string - renew-before: - type: string - usages: - type: string - redirect: - description: TLSRedirect defines a redirect for a TLS. - type: object - properties: - basedOn: - type: string - code: - type: integer - enable: - type: boolean - secret: - type: string - upstreams: - type: array - items: - description: Upstream defines an upstream. - type: object - properties: - buffer-size: - type: string - buffering: - type: boolean - buffers: - description: UpstreamBuffers defines Buffer Configuration for an Upstream. - type: object - properties: - number: - type: integer - size: - type: string - client-max-body-size: - type: string - connect-timeout: - type: string - fail-timeout: - type: string - healthCheck: - description: HealthCheck defines the parameters for active Upstream HealthChecks. - type: object - properties: - connect-timeout: - type: string - enable: - type: boolean - fails: - type: integer - grpcService: - type: string - grpcStatus: - type: integer - headers: - type: array - items: - description: Header defines an HTTP Header. - type: object - properties: - name: - type: string - value: - type: string - interval: - type: string - jitter: - type: string - keepalive-time: - type: string - mandatory: - type: boolean - passes: - type: integer - path: - type: string - persistent: - type: boolean - port: - type: integer - read-timeout: - type: string - send-timeout: - type: string - statusMatch: - type: string - tls: - description: UpstreamTLS defines a TLS configuration for an Upstream. - type: object - properties: - enable: - type: boolean - keepalive: - type: integer - lb-method: - type: string - max-conns: - type: integer - max-fails: - type: integer - name: - type: string - next-upstream: - type: string - next-upstream-timeout: - type: string - next-upstream-tries: - type: integer - ntlm: - type: boolean - port: - type: integer - queue: - description: UpstreamQueue defines Queue Configuration for an Upstream. - type: object - properties: - size: - type: integer - timeout: - type: string - read-timeout: - type: string - send-timeout: - type: string - service: - type: string - sessionCookie: - description: SessionCookie defines the parameters for session persistence. - type: object - properties: - domain: - type: string - enable: - type: boolean - expires: - type: string - httpOnly: - type: boolean - name: - type: string - path: - type: string - samesite: - type: string - secure: - type: boolean - slow-start: - type: string - subselector: - type: object - additionalProperties: - type: string - tls: - description: UpstreamTLS defines a TLS configuration for an Upstream. - type: object - properties: - enable: - type: boolean - type: - type: string - use-cluster-ip: - type: boolean - status: - description: VirtualServerStatus defines the status for the VirtualServer resource. - type: object - properties: - externalEndpoints: - type: array - items: - description: ExternalEndpoint defines the IP/ Hostname and ports used to connect to this resource. - type: object - properties: - hostname: - type: string - ip: - type: string - ports: - type: string - message: - type: string - reason: - type: string - state: - type: string - served: true - storage: true - subresources: - status: {} diff --git a/docs/content/configuration/security.md b/docs/content/configuration/security.md index 9097b580b7..472369b450 100644 --- a/docs/content/configuration/security.md +++ b/docs/content/configuration/security.md @@ -26,7 +26,7 @@ We strongly recommend using the [RBAC configuration](https://github.com/nginxinc It is configured with the least amount of privilege required for the Ingress Controller to work. We strongly recommend inspecting the RBAC configuration (for [manifests installation](https://github.com/nginxinc/kubernetes-ingress/blob/main/deployments/rbac/rbac.yaml) -or for [helm](https://github.com/nginxinc/kubernetes-ingress/blob/main/deployments/helm-chart/templates/rbac.yaml)) +or for [helm](https://github.com/nginxinc/kubernetes-ingress/blob/main/charts/nginx-ingress/templates/rbac.yaml)) to understand what access the Ingress Controller service account has and to which resources. For example, by default the service account has access to all Secret resources in the cluster. diff --git a/hack/common-release-prep.sh b/hack/common-release-prep.sh index 7875c5746a..8c006b615d 100755 --- a/hack/common-release-prep.sh +++ b/hack/common-release-prep.sh @@ -16,17 +16,17 @@ FILES_TO_UPDATE_IC_VERSION=( deployments/daemon-set/nginx-plus-ingress.yaml deployments/deployment/nginx-ingress.yaml deployments/deployment/nginx-plus-ingress.yaml - deployments/helm-chart/Chart.yaml - deployments/helm-chart/README.md - deployments/helm-chart/values-icp.yaml - deployments/helm-chart/values-nsm.yaml - deployments/helm-chart/values-plus.yaml - deployments/helm-chart/values.yaml + charts/nginx-ingress/Chart.yaml + charts/nginx-ingress/README.md + charts/nginx-ingress/values-icp.yaml + charts/nginx-ingress/values-nsm.yaml + charts/nginx-ingress/values-plus.yaml + charts/nginx-ingress/values.yaml ) FILE_TO_UPDATE_HELM_CHART_VERSION=( - deployments/helm-chart/Chart.yaml - deployments/helm-chart/README.md + charts/nginx-ingress/Chart.yaml + charts/nginx-ingress/README.md ) DOCS_TO_UPDATE_FOLDER=docs/content @@ -42,7 +42,7 @@ sed -i "" "s/$prev_helm_chart_version/$helm_chart_version/g" ${FILE_TO_UPDATE_HE # copy the helm chart README to the docs { sed -n '1,10p' docs/content/installation/installation-with-helm.md - sed -n '3,$p' deployments/helm-chart/README.md + sed -n '3,$p' charts/nginx-ingress/README.md } >file2.new && mv file2.new docs/content/installation/installation-with-helm.md sed -i '' '/^|Parameter | Description | Default |/i\