Merge pull request #5306 from yanjunding/patch-1

Typo
Merge pull request #5864 from emissary-ingress/release-3.10-fix-CHANGELOG
2025-08-25 14:42:13 -05:00 · 2025-08-14 16:01:01 -05:00 · 2025-08-14 15:56:44 -05:00 · 2025-07-29 13:30:12 -04:00 · 2025-07-29 12:17:48 -05:00 · 2025-05-07 15:50:26 -04:00
81 changed files with 127 additions and 5794 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -85,8 +85,8 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
 ## RELEASE NOTES
-## [3.10.0-dev] TBD
+## [3.10.0] July 29, 2025
-[3.10.0-dev]: https://github.com/emissary-ingress/emissary/compare/v3.9.0...v3.10.0-dev
+[3.10.0]: https://github.com/emissary-ingress/emissary/compare/v3.9.0...v3.10.0
 ### Emissary-ingress and Ambassador Edge Stack
--- a/Community/SUPPORT.md
+++ b/Community/SUPPORT.md
@ -1,16 +1,12 @@
-## Support for deploying and using Ambassador
+## Support for deploying and using Emissary
-Welcome to Ambassador! We use GitHub for tracking bugs and feature requests. If you need support, the following resources are available. Thanks for understanding.
+Welcome to Emissary! The Emissary community is the best current resource for
 Emissary support, with the best options being:
-### Documentation
+- Checking out the [documentation] at https://emissary-ingress.dev/
 - Joining the `#emissary-ingress` channel in the [CNCF Slack]
 - [Opening an issue][GitHub] in [GitHub]
-* [User Documentation](https://www.getambassador.io/docs)
+[CNCF Slack]: https://communityinviter.com/apps/cloud-native/cncf)
-* [Troubleshooting Guide](https://www.getambassador.io/reference/debugging)
+[documentation]: https://emissary-ingress.dev/
-
+[GitHub]: https://github.com/emissary-ingress/emissary/issues
 ### Real-time Chat
 * [Slack](https://d6e.co/slack): The `#ambassador` channel is a good place to start.
 ### Commercial Support
 * Commercial Support is available as part of [Ambassador Pro](https://www.getambassador.io/pro/).
--- a/DevDocumentation/ARCHITECTURE.md
+++ b/DevDocumentation/ARCHITECTURE.md
@ -172,7 +172,7 @@ Provides two main functions:
 - Generate IR and envoy configs (load_ir function)
  - Take each Resource generated in ResourceFetcher and add it to the Config object as strongly typed objects
  - Store Config Object in `/ambassador/snapshots/aconf-tmp.json`
-  - Check Deltas for Mappings cach and determine if we needs to be reset
+  - Check Deltas for Mappings cache and determine if we needs to be reset
  - Create IR with a Config, Cache, and invalidated items
    - IR is generated which basically just converts our stuff to strongly typed generic "envoy" items (handling filters, clusters, listeners, removing duplicates, etc...)
  - IR is updated in-memory for diagd process
--- a/QUICKSTART.md
+++ b/QUICKSTART.md
@ -1,40 +1,48 @@
-# Emissary-ingress 3.10.0
+# Emissary-ingress 3.10 Quickstart
-Emissary 3.10 encompasses:
+**We recommend using Helm** to install Emissary.
- all the changes made in this repo by Ambassador Labs after Emissary 3.9.1;
+### Installing if you're starting fresh
 - updates to Go dependencies;
 - updates to the included Envoy Proxy; and
 - community updates (with huge thanks to [Ajay Choudhary], [Billy Lynch], and
  [Luke Shumaker]!)
-**Note well** that there is also an Ambassador Edge Stack 3.10.0, but
+**If you are already running Emissary and just want to upgrade, DO NOT FOLLOW
-**Emissary 3.10 and Edge Stack 3.10 are not equivalent**. Their codebases have
+THESE DIRECTIONS.** Instead, check out "Upgrading from an earlier Emissary"
-diverged and will continue to do so.
+below.
-[Ajay Choudhary]: https://github.com/ajaychoudhary-hotstar
+If you're starting from scratch and you don't need to worry about older CRD
-[Billy Lynch]: https://github.com/wlynch
+versions, install using `--set enableLegacyVersions=false` to avoid install
-[Luke Shumaker]: https://github.com/lukeshu
+the old versions of the CRDs and the conversion webhook:
-## Trying 3.10
+```bash
 helm install emissary-crds \
 --namespace emissary --create-namespace \
 oci://ghcr.io/emissary-ingress/emissary-crds-chart --version=3.10.0 \
 --set enableLegacyVersions=false \
 --wait
 ```
-The most current Emissary 3.10 is Emissary 3.10.0-rc.3. This is a **release
+This will install only v3alpha1 CRDs and skip the conversion webhook entirely.
-candidate**: it passes CI and is believed to be stable, but we'd like more
+It will create the `emissary` namespace for you, but there won't be anything
-people to try it out before we call it a final release.
+in it at this point.
-**3.10.0-rc.3 is the final RC planned for Emissary 3.10.0.**
+Next up, install Emissary itself, with `--set waitForApiext.enabled=false` to
 tell Emissary not to wait for the conversion webhook to be ready:
-By far the easiest way to try things is with Helm -- and note that Emissary
+```bash
-3.10 includes a Helm chart for CRDs.
+helm install emissary \
 --namespace emissary \
 oci://ghcr.io/emissary-ingress/emissary-ingress --version=3.10.0 \
 --set waitForApiext.enabled=false \
 --wait
 ```
-### Installing if you're already running an earlier Emissary
+### Upgrading from an earlier Emissary
 First, install the CRDs and the conversion webhook:
 ```bash
 helm install emissary-crds \
 --namespace emissary-system --create-namespace \
- oci://docker.io/dwflynn/emissary-crds-chart --version=3.10.0-rc.3 \
+ oci://ghcr.io/emissary-ingress/emissary-crds-chart --version=3.10.0 \
 --wait
 ```
@ -44,32 +52,7 @@ conversion webhook into the `emissary-system` namespace. Once that's done, you'l
 ```bash
 helm install emissary \
 --namespace emissary --create-namespace \
- oci://docker.io/dwflynn/emissary-ingress --version=3.10.0-rc.3 \
+ oci://ghcr.io/emissary-ingress/emissary-ingress --version=3.10.0 \
 --wait
 ```
 ### Installing if you're starting fresh
 If you're starting from scratch and you don't need to worry about older CRD
 versions, you can do things differently:
 ```bash
 helm install emissary-crds \
 --namespace emissary --create-namespace \
 oci://docker.io/dwflynn/emissary-crds-chart --version=3.10.0-rc.3 \
 --set enableLegacyVersions=false \
 --wait
 ```
 This will install only v3alpha1 CRDs and skip the conversion webhook entirely.
 It will create the `emissary` namespace for you, but there won't be anything
 in it until you install Emissary itself:
 ```bash
 helm install emissary \
 --namespace emissary \
 oci://docker.io/dwflynn/emissary-ingress --version=3.10.0-rc.3 \
 --set waitForApiext.enabled=false \
 --wait
 ```
--- a/README.md
+++ b/README.md
@ -23,64 +23,88 @@ Emissary-ingress
 ---
-## Want to try an Emissary 3.10.0 RC?
+## QUICKSTART
-We have a release candidate for Emissary 3.10.0 available for testing. If you're interested in giving it a shot, wonderful! Check out [trying 3.10].
+Looking to get started as quickly as possible? Check out [the
 QUICKSTART](https://emissary-ingress.dev/docs/3.10/quick-start/)!
-[trying 3.10]: https://github.com/emissary-ingress/emissary/tree/master/TRY-3.10.md
+### Latest Release
 The latest production version of Emissary is **3.10.0**.
 **Note well** that there is also an Ambassador Edge Stack 3.10.0, but
 **Emissary 3.10 and Edge Stack 3.10 are not equivalent**. Their codebases have
 diverged and will continue to do so.
 ---
-[Emissary-Ingress](https://www.getambassador.io/docs/open-source) is an open-source Kubernetes-native API Gateway +
+Emissary-ingress
-Layer 7 load balancer + Kubernetes Ingress built on [Envoy Proxy](https://www.envoyproxy.io).
+================
 Emissary-ingress is a CNCF incubation project (and was formerly known as Ambassador API Gateway).
-Emissary-ingress enables its users to:
+[Emissary-ingress](https://www.getambassador.io/docs/open-source) is an
-* Manage ingress traffic with [load balancing], support for multiple protocols ([gRPC and HTTP/2], [TCP], and [web sockets]), and Kubernetes integration
+open-source, developer-centric, Kubernetes-native API gateway built on [Envoy
-* Manage changes to routing with an easy to use declarative policy engine and [self-service configuration], via Kubernetes [CRDs] or annotations
+Proxy]. Emissary-ingress is a CNCF incubating project (and was formerly known
-* Secure microservices with [authentication], [rate limiting], and [TLS]
+as Ambassador API Gateway).
-* Ensure high availability with [sticky sessions], [rate limiting], and [circuit breaking]
+
-* Leverage observability with integrations with [Grafana], [Prometheus], and [Datadog], and comprehensive [metrics] support
+### Design Goals
-* Enable progressive delivery with [canary releases]
+
-* Connect service meshes including [Consul], [Linkerd], and [Istio]
+The first problem faced by any organization trying to develop cloud-native
 applications is the _ingress problem_: allowing users outside the cluster to
 access the application running inside the cluster. Emissary is built around
 the idea that the application developers should be able to solve the ingress
 problem themselves, without needing to become Kubernetes experts and without
 needing dedicated operations staff: a self-service, developer-centric workflow
 is necessary to develop at scale.
 Emissary is open-source, developer-centric, role-oriented, opinionated, and
 Kubernatives-native.
 - open-source: Emissary is licensed under the Apache 2 license, permitting use
  or modification by anyone.
 - developer-centric: Emissary is designed taking the application developer
  into account first.
 - role-oriented: Emissary's configuration deliberately tries to separate
  elements to allow separation of concerns between developers and operations.
 - opinionated: Emissary deliberately tries to make easy things easy, even if
  that comes of the cost of not allowing some uncommon features.
 ### Features
 Emissary supports all the table-stakes features needed for a modern API
 gateway:
 * Per-request [load balancing]
 * Support for routing [gRPC], [HTTP/2], [TCP], and [web sockets]
 * Declarative configuration via Kubernetes [custom resources]
 * Fine-grained [authentication] and [authorization]
 * Advanced routing features like [canary releases], [A/B testing], [dynamic routing], and [sticky sessions]
 * Resilience features like [retries], [rate limiting], and [circuit breaking]
 * Observability features including comprehensive [metrics] support using the [Prometheus] stack
 * Easy service mesh integration with [Linkerd], [Istio], [Consul], etc.
 * [Knative serverless integration]
 See the full list of [features](https://www.getambassador.io/docs/emissary) here.
-Branches
+### Branches
 ========
 (If you are looking at this list on a branch other than `master`, it
 may be out of date.)
- [`master`](https://github.com/emissary-ingress/emissary/tree/master) - branch for Emissary-ingress dev work ( :heavy_check_mark: upcoming release)
+- [`main`](https://github.com/emissary-ingress/emissary/tree/main): Emissary 4 development work
 - [`release/v3.9`](https://github.com/emissary-ingress/emissary/tree/release/v3.9) - branch for Emissary-ingress 3.9.z work
 - [`release/v2.5`](https://github.com/emissary-ingress/emissary/tree/release/v2.5) - branch for Emissary-ingress 2.5.z work ( :heavy_check_mark: maintenance)
-Architecture
+**No further development is planned on any branches listed below.**
 ============
-Emissary is configured via Kubernetes CRDs, or via annotations on Kubernetes `Service`s. Internally,
+- [`master`](https://github.com/emissary-ingress/emissary/tree/master) - **Frozen** at Emissary 3.10.0
-it uses the [Envoy Proxy] to actually handle routing data; externally, it relies on Kubernetes for
+- [`release/v3.10`](https://github.com/emissary-ingress/emissary/tree/release/v3.10) - Emissary-ingress 3.10.0 release branch
-scaling and resiliency. For more on Emissary's architecture and motivation, read [this blog post](https://blog.getambassador.io/building-ambassador-an-open-source-api-gateway-on-kubernetes-and-envoy-ed01ed520844).
+- [`release/v3.9`](https://github.com/emissary-ingress/emissary/tree/release/v3.9)
  - Emissary-ingress 3.9.1 release branch
 - [`release/v2.5`](https://github.com/emissary-ingress/emissary/tree/release/v2.5) - Emissary-ingress 2.5.1 release branch
-Getting Started
+**Note well** that there is also an Ambassador Edge Stack 3.10.0, but
-===============
+**Emissary 3.10 and Edge Stack 3.10 are not equivalent**. Their codebases have
 diverged and will continue to do so.
-You can get Emissary up and running in just three steps. Follow the instructions here: https://www.getambassador.io/docs/emissary/latest/tutorials/getting-started/
+#### Community
 If you are looking for a Kubernetes ingress controller, Emissary provides a superset of the functionality of a typical ingress controller. (It does the traditional routing, and layers on a raft of configuration options.) This blog post covers [Kubernetes ingress](https://blog.getambassador.io/kubernetes-ingress-nodeport-load-balancers-and-ingress-controllers-6e29f1c44f2d).
 For other common questions, view this [FAQ page](https://www.getambassador.io/docs/emissary/latest/about/faq/).
 You can also use Helm to install Emissary. For more information, see the instructions in the [Helm installation documentation](https://www.getambassador.io/docs/emissary/latest/topics/install/helm/)
 Check out the full [Emissary
 documentation](https://www.getambassador.io/docs/emissary/) at
 www.getambassador.io/docs/open-source.
 Community
 =========
 Emissary-ingress is a CNCF Incubating project and welcomes any and all
 contributors.
@ -95,21 +119,21 @@ the way the community is run, including:
   regular trouble-shooting meetings and contributor meetings
 - how to get [`SUPPORT.md`](Community/SUPPORT.md).
-The best way to join the community is to join the [CNCF Slack](https://communityinviter.com/apps/cloud-native/cncf)
+The best way to join the community is to join the `#emissary-ingress` channel
-#emissary-ingress channel.
+in the [CNCF Slack]. This is also the best place for technical information
-
+about Emissary's architecture or development.
 Check out the [`DevDocumentation/`](DevDocumentation/) directory for
 information on the technicals of Emissary, most notably the
 [`CONTRIBUTING.md`](DevDocumentation/CONTRIBUTING.md) contributor's guide.
 If you're interested in contributing, here are some ways:
 * Write a blog post for [our blog](https://blog.getambassador.io)
 * Investigate an [open issue](https://github.com/emissary-ingress/emissary/issues)
-* Add [more tests](https://github.com/emissary-ingress/emissary/tree/master/ambassador/tests)
+* Add [more tests](https://github.com/emissary-ingress/emissary/tree/main/ambassador/tests)
 The Ambassador Edge Stack is a superset of Emissary-ingress that provides additional functionality including OAuth/OpenID Connect, advanced rate limiting, Swagger/OpenAPI support, integrated ACME support for automatic TLS certificate management, and a cloud-based UI. For more information, visit https://www.getambassador.io/editions/.
 <!-- Please keep this list sorted. -->
 [CNCF Slack]: https://communityinviter.com/apps/cloud-native/cncf
 [Envoy Proxy]: https://www.envoyproxy.io
 <!-- Legacy: clean up these links! -->
 [authentication]: https://www.getambassador.io/docs/emissary/latest/topics/running/services/auth-service/
 [canary releases]: https://www.getambassador.io/docs/emissary/latest/topics/using/canary/
 [circuit breaking]: https://www.getambassador.io/docs/emissary/latest/topics/using/circuit-breakers/
--- a/build-aux/main.mk
+++ b/build-aux/main.mk
@ -136,9 +136,7 @@ build-output/chart-%.tgz: build-output/chart-%.d
 # Convenience aliases for the Helm chart
 chart_dir = build-output/chart-$(patsubst v%,%,$(VERSION))_$(patsubst v%,%,$(CHART_VERSION)).d
 chart_tgz = $(patsubst %.d,%.tgz,$(chart_dir))
-# chart: $(chart_tgz)
+chart: $(chart_tgz)
 chart:
 	@echo "Don't use make chart -- instead, cd charts && make"
 PHONY: chart
 _major_version = $(firstword $(subst ., ,$(patsubst v%,%,$(VERSION))))
--- a/charts/Makefile
+++ b/charts/Makefile
@ -1,44 +0,0 @@
 IMAGE_REPO ?= ghcr.io/emissary-ingress/emissary
 all: charts
 charts: emissary-crds-chart emissary-ingress
 # These are just aliases
 emissary-crds-chart: emissary-crds-chart-$(VERSION).tgz
 emissary-ingress: emissary-ingress-$(VERSION).tgz
 version-check:
 	@if [ -z "$(VERSION)" ]; then \
 		echo "VERSION must be set (e.g. VERSION=1.0.0-alpha.3)" >&2 ;\
 		exit 1; \
 	fi
 .PHONY: version-check
 helm-registry-check:
 	@if [ -z "$(HELM_REGISTRY)" ]; then \
 		echo "HELM_REGISTRY must be set (e.g. HELM_REGISTRY=oci://docker.io/dwflynn)" >&2 ;\
 		exit 1; \
 	fi
 .PHONY: helm-registry-check
 emissary-crds-chart-$(VERSION).tgz: version-check emissary-crds
 	bash bin/build-chart emissary-crds $(VERSION) $(IMAGE_REPO) $$(pwd)
 	ls -l emissary-crds-chart-$(VERSION).tgz
 emissary-ingress-$(VERSION).tgz: version-check emissary-chart
 	bash bin/build-chart emissary-chart $(VERSION) $(IMAGE_REPO) $$(pwd)
 	ls -l emissary-ingress-$(VERSION).tgz
 push-chart: version-check helm-registry-check charts
 	if [ -n "$(HELM_REGISTRY)" ]; then \
 		helm push emissary-crds-chart-$(VERSION).tgz $(HELM_REGISTRY); \
 		helm push emissary-ingress-$(VERSION).tgz $(HELM_REGISTRY); \
 	else \
 		echo "HELM_REGISTRY not set, not pushing"; \
 	fi
 clean:
 	rm -rf emissary-crds-chart-*
 	rm -rf emissary-ingress-*
--- a/charts/bin/build-chart
+++ b/charts/bin/build-chart
@ -1,50 +0,0 @@
 #!/bin/sh
 check_arg () {
 	if [ -z "$2" ]; then
 		echo "$1 cannot be unset" >&2
 		exit 1
 	fi
 }
 if [ $# -ne 4 ]; then
  echo "Usage: $0 <chart-source> <version> <image-repo> <output-dir>" >&2
  exit 1
 fi
 set -e
 chart_source="$1"
 version="$2"
 image_repo="$3"
 output_dir="$4"
 check_arg chart_source "$chart_source"
 check_arg version "$version"
 check_arg image_repo "$image_repo"
 check_arg output_dir "$output_dir"
 # set -x
 workdir=$(mktemp -d -t build-chart)
 trap "rm -rf $workdir" EXIT
 cp -pr "$chart_source"/* "$workdir"
 for file in "$workdir/Chart.yaml" "$workdir/values.yaml"; do
 	sed \
 		-e "s/@version@/$version/g" \
 		-e "s/@chartVersion@/$version/g" \
 		-e "s,@imageRepo@,${image_repo},g" \
 		< ${file}.in > ${file}
 	rm -f ${file}.in
 done
 go run kubepack.dev/chart-doc-gen@v0.5.0 \
 	-d "$workdir/doc.yaml" \
 	-t "$workdir/readme.tpl" \
 	-v "$workdir/values.yaml" \
 	> $workdir/README.md
 helm package --destination="$output_dir" "$workdir"
--- a/charts/emissary-crds/.helmignore
+++ b/charts/emissary-crds/.helmignore
@ -1,22 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 OWNERS
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
--- a/charts/emissary-crds/CHANGELOG.md
+++ b/charts/emissary-crds/CHANGELOG.md
@ -1,8 +0,0 @@
 # Change Log
 This file documents all notable changes to Ambassador Helm Chart. The release
 numbering uses [semantic versioning](http://semver.org).
 ## v3.10.0 - TBD
 Initial release of the CRDs chart.
--- a/charts/emissary-crds/Chart.yaml.in
+++ b/charts/emissary-crds/Chart.yaml.in
@ -1,22 +0,0 @@
 apiVersion: "v2"
 appVersion: "@version@"
 description: |
  Emissary-ingress is a CNCF API Gateway built on Envoy Proxy, specializing
  in self-service operation with minimal operational complexity.
 type: application
 home: https://emissary-ingress.dev/
 keywords:
  - emissary-ingress
  - crds
  - ingress-controller
  - conversion-webhook
 kubeVersion: ">=1.25.0-0"
 name: "emissary-crds-chart"
 sources:
  - https://github.com/emissary-ingress/emissary/
 version: "@version@"
 #icon: https://linkerd.io/images/logo-only-200h.png
 maintainers:
  - name: Emissary authors
    email: cncf-emissary-ingress-maintainers@lists.cncf.io
    url: https://github.com/emissary-ingress/emissary/
--- a/charts/emissary-crds/README.md
+++ b/charts/emissary-crds/README.md
--- a/charts/emissary-crds/doc.yaml
+++ b/charts/emissary-crds/doc.yaml
@ -1,18 +0,0 @@
 project:
  name: Emissary-ingress CRDs
  shortName: emissary-crds
  url: https://github.com/emissary-ingress/emissary
  description: CRDs for the Emissary-ingress project
  app: Emissary-ingress
 repository:
  url: oci://ghcr.io/emissary-ingress/emissary-crds
  name: emissary-crds
 chart:
  name: emissary-crds
  values: "-- generate from values file --"
  valuesExample: "-- generate from values file --"
 prerequisites:
  - "Kubernetes v1.11+"
 release:
  name: emissary-crds
  namespace: emissary-system
--- a/charts/emissary-crds/readme.tpl
+++ b/charts/emissary-crds/readme.tpl
@ -1,66 +0,0 @@
 # {{ .Project.ShortName }}
 [{{ .Project.Name }}]({{ .Project.URL }}) - {{ .Project.Description }}
 ## Introduction
 This chart deploys the Emissary-ingress CRDS and (optionally) conversion
 webhook on a [Kubernetes](http://kubernetes.io) cluster using the
 [Helm](https://helm.sh) package manager.
 ## Prerequisites
 {{ range .Prerequisites }}
 - {{ . }}
 {{- end }}
 ## Installing the Chart
 A typical installation will use the `emissary-system` namespace:
 ```console
 helm install {{ .Release.Name }} \
     --namespace emissary-system --create-namespace \
     {{ .Repository.Name }}/{{ .Chart.Name }} \
     --version {{ .Chart.Version }} \
     --wait
 ```
 The command deploys the Emissary-ingress CRDs on the Kubernetes cluster in the
 default configuration. The [configuration](#configuration) section lists the
 parameters that can be configured during installation.
 ## Changelog
 Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md)
 {{ if .Chart.Values -}}
 ## Configuration
 The following table lists the configurable parameters of the `{{ .Chart.Name }}` chart and their default values.
 {{ .Chart.Values }}
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
 ```console
 helm install {{ .Release.Name }} \
     --namespace emissary-system --create-namespace \
     {{ .Repository.Name }}/{{ .Chart.Name }} \
     --version {{ .Chart.Version }} \
     --set {{ .Chart.ValuesExample }} \
     --wait
 ```
 Alternatively, a YAML file that specifies the values for the parameters can be provided while
 installing the chart. For example:
 ```console
 helm install {{ .Release.Name }} \
     --namespace emissary-system --create-namespace \
     {{ .Repository.Name }}/{{ .Chart.Name }} \
     --version {{ .Chart.Version }} \
     --values values.yaml \
     --wait
 ```
 {{- end }}
--- a/charts/emissary-crds/templates/NOTES.txt
+++ b/charts/emissary-crds/templates/NOTES.txt
@ -1,14 +0,0 @@
 The emissary-crds chart was successfully installed! 🎉
 To complete the Emissary-ingress installation, please now proceed to install
 the emissary-ingress chart in the {{ .Release.Namespace }} namespace.
 {{- if .Values.enableLegacyVersions }}
 The V2 CRDs and apiext are installed and available for use.
 {{- if .Values.enableV1 }}
 The V1 CRDs are available, too.
 {{- end -}}
 {{- end }}
 Looking for more? Visit https://emissary-ingress.dev/ !
--- a/charts/emissary-crds/templates/_helpers.yaml
+++ b/charts/emissary-crds/templates/_helpers.yaml
@ -1,23 +0,0 @@
 {{- define "partials.conversion" -}}
 {{- if .Values.enableLegacyVersions }}
  conversion:
    strategy: Webhook
    webhook:
      clientConfig:
        service:
          name: emissary-apiext
          namespace: {{ .Release.Namespace }}
          path: /webhooks/crd-convert
          port: 443
      conversionReviewVersions:
      - v1
 {{- end -}}
 {{- end -}}
 {{- define "partials.v3alpha1storage" -}}
 {{- if .Values.enableLegacyVersions -}}
  false
 {{- else -}}
  true
 {{- end -}}
 {{- end -}}
--- a/charts/emissary-crds/templates/apiext.yaml
+++ b/charts/emissary-crds/templates/apiext.yaml
@ -1,218 +0,0 @@
 {{- if .Values.enableLegacyVersions }}
 ---
 ################################################################################
 # ServiceAccount                                                               #
 ################################################################################
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: emissary-apiext
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/instance: emissary-apiext
    app.kubernetes.io/managed-by: helm
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
 ---
 ################################################################################
 # Cluster permissions                                                          #
 ################################################################################
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: emissary-apiext
  labels:
    app.kubernetes.io/instance: emissary-apiext
    app.kubernetes.io/managed-by: helm
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
 rules:
  - apiGroups: [ "apiextensions.k8s.io" ]
    resources: [ "customresourcedefinitions" ]
    verbs: [ "list", "watch" ]
  - apiGroups: [ "apiextensions.k8s.io" ]
    resources: [ "customresourcedefinitions", "customresourcedefinitions/status" ]
    resourceNames:
      - authservices.getambassador.io
      - consulresolvers.getambassador.io
      - devportals.getambassador.io
      - hosts.getambassador.io
      - kubernetesendpointresolvers.getambassador.io
      - kubernetesserviceresolvers.getambassador.io
      - listeners.getambassador.io
      - logservices.getambassador.io
      - mappings.getambassador.io
      - modules.getambassador.io
      - ratelimitservices.getambassador.io
      - tcpmappings.getambassador.io
      - tlscontexts.getambassador.io
      - tracingservices.getambassador.io
    verbs: [ "update" ]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: emissary-apiext
  labels:
    app.kubernetes.io/instance: emissary-apiext
    app.kubernetes.io/managed-by: helm
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: emissary-apiext
 subjects:
  - kind: ServiceAccount
    namespace: {{ .Release.Namespace }}
    name: emissary-apiext
 ---
 ################################################################################
 # Namespaced permissions                                                       #
 ################################################################################
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: emissary-apiext
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/instance: emissary-apiext
    app.kubernetes.io/managed-by: helm
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
 rules:
  - apiGroups: [ "" ]
    resources: [ "secrets" ]
    verbs: [ "create", "list", "watch" ]
  - apiGroups: [ "" ]
    resources: [ "secrets" ]
    resourceNames: [ "emissary-ingress-webhook-ca" ]
    verbs: [ "get", "update" ]
  - apiGroups: [ "coordination.k8s.io" ]
    resources: [ "leases" ]
    verbs: [ "create" ]
  - apiGroups: [ "coordination.k8s.io" ]
    resources: [ "leases" ]
    resourceNames: [ "emissary-ca-mgr-leader" ]
    verbs: [ "get", "update" ]
  - apiGroups: [ "" ]
    resources: [ "events" ]
    verbs: [ "create" ]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: emissary-apiext
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/instance: emissary-apiext
    app.kubernetes.io/managed-by: helm
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: emissary-apiext
 subjects:
 - kind: ServiceAccount
  namespace: {{ .Release.Namespace }}
  name: emissary-apiext
 ---
 ################################################################################
 # Main                                                                         #
 ################################################################################
 apiVersion: v1
 kind: Service
 metadata:
  name: emissary-apiext
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/instance: emissary-apiext
    app.kubernetes.io/managed-by: helm
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
 spec:
  type: ClusterIP
  ports:
    - name: https
      port: 443
      targetPort: https
  selector:
    app.kubernetes.io/instance: emissary-apiext
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: emissary-apiext
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/instance: emissary-apiext
    app.kubernetes.io/managed-by: helm
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
 spec:
  selector:
    matchLabels:
      app.kubernetes.io/instance: emissary-apiext
      app.kubernetes.io/name: emissary-apiext
      app.kubernetes.io/part-of: emissary-apiext
  replicas: 3
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: emissary-apiext
        app.kubernetes.io/managed-by: helm
        app.kubernetes.io/name: emissary-apiext
        app.kubernetes.io/part-of: emissary-apiext
        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
        emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
    spec:
      serviceAccountName: emissary-apiext
      containers:
        - name: emissary-apiext
          image: {{ .Values.apiext.repository }}:{{ .Values.apiext.tag }}
          imagePullPolicy: {{ .Values.apiext.pullPolicy }}
          command: [ "apiext", "emissary-apiext" ]
          args: [ "--crd-label-selector", "app.kubernetes.io/part-of=emissary-apiext" ]
          ports:
            - name: http
              containerPort: 8080
            - name: https
              containerPort: 8443
          startupProbe:
            httpGet:
              path: /probes/live
              port: 8080
            failureThreshold: 10
            periodSeconds: 3
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /probes/live
              port: 8080
            periodSeconds: 3
            failureThreshold: 3
          readinessProbe:
            httpGet:
              scheme: HTTP
              path: /probes/ready
              port: 8080
            periodSeconds: 3
            failureThreshold: 3
 {{- end -}}
--- a/charts/emissary-crds/templates/authservices.yaml
+++ b/charts/emissary-crds/templates/authservices.yaml
@ -1,375 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: authservices.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: AuthService
    listKind: AuthServiceList
    plural: authservices
    singular: authservice
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: AuthService is the Schema for the authservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: AuthServiceSpec defines the desired state of AuthService
            properties:
              add_auth_headers:
                additionalProperties:
                  type: string
                type: object
              add_linkerd_headers:
                type: boolean
              allow_request_body:
                type: boolean
              allowed_authorization_headers:
                items:
                  type: string
                type: array
              allowed_request_headers:
                items:
                  type: string
                type: array
              auth_service:
                type: string
              failure_mode_allow:
                type: boolean
              include_body:
                properties:
                  allow_partial:
                    type: boolean
                  max_bytes:
                    description: These aren't pointer types because they are required.
                    type: integer
                required:
                - allow_partial
                - max_bytes
                type: object
              path_prefix:
                type: string
              proto:
                enum:
                - http
                - grpc
                type: string
              protocol_version:
                enum:
                - v2
                - v3
                type: string
              status_on_error:
                description: Why isn't this just an int??
                properties:
                  code:
                    type: integer
                type: object
              timeout_ms:
                type: integer
              v3CircuitBreakers:
                items:
                  properties:
                    max_connections:
                      type: integer
                    max_pending_requests:
                      type: integer
                    max_requests:
                      type: integer
                    max_retries:
                      type: integer
                    priority:
                      enum:
                      - default
                      - high
                      type: string
                  type: object
                type: array
              v3StatsName:
                type: string
            required:
            - auth_service
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: AuthService is the Schema for the authservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: AuthServiceSpec defines the desired state of AuthService
            properties:
              add_auth_headers:
                additionalProperties:
                  type: string
                type: object
              add_linkerd_headers:
                type: boolean
              allow_request_body:
                type: boolean
              allowed_authorization_headers:
                items:
                  type: string
                type: array
              allowed_request_headers:
                items:
                  type: string
                type: array
              auth_service:
                type: string
              failure_mode_allow:
                type: boolean
              include_body:
                properties:
                  allow_partial:
                    type: boolean
                  max_bytes:
                    description: These aren't pointer types because they are required.
                    type: integer
                required:
                - allow_partial
                - max_bytes
                type: object
              path_prefix:
                type: string
              proto:
                enum:
                - http
                - grpc
                type: string
              protocol_version:
                enum:
                - v2
                - v3
                type: string
              status_on_error:
                description: Why isn't this just an int??
                properties:
                  code:
                    type: integer
                type: object
              timeout_ms:
                type: integer
              v3CircuitBreakers:
                items:
                  properties:
                    max_connections:
                      type: integer
                    max_pending_requests:
                      type: integer
                    max_requests:
                      type: integer
                    max_retries:
                      type: integer
                    priority:
                      enum:
                      - default
                      - high
                      type: string
                  type: object
                type: array
              v3StatsName:
                type: string
            required:
            - auth_service
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: AuthService is the Schema for the authservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: AuthServiceSpec defines the desired state of AuthService
            properties:
              add_auth_headers:
                additionalProperties:
                  type: string
                type: object
              add_linkerd_headers:
                type: boolean
              allow_request_body:
                type: boolean
              allowed_authorization_headers:
                items:
                  type: string
                type: array
              allowed_request_headers:
                items:
                  type: string
                type: array
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
              auth_service:
                type: string
              circuit_breakers:
                items:
                  properties:
                    max_connections:
                      type: integer
                    max_pending_requests:
                      type: integer
                    max_requests:
                      type: integer
                    max_retries:
                      type: integer
                    priority:
                      enum:
                      - default
                      - high
                      type: string
                  type: object
                type: array
              failure_mode_allow:
                type: boolean
              include_body:
                properties:
                  allow_partial:
                    type: boolean
                  max_bytes:
                    description: These aren't pointer types because they are required.
                    type: integer
                required:
                - allow_partial
                - max_bytes
                type: object
              path_prefix:
                type: string
              proto:
                enum:
                - http
                - grpc
                type: string
              protocol_version:
                description: ProtocolVersion is the envoy api transport protocol version
                enum:
                - v2
                - v3
                type: string
              stats_name:
                type: string
              status_on_error:
                properties:
                  code:
                    type: integer
                type: object
              timeout_ms:
                type: integer
              tls:
                type: string
              v2ExplicitTLS:
                description: V2ExplicitTLS controls some vanity/stylistic elements
                  when converting from v3alpha1 to v2.  The values in an V2ExplicitTLS
                  should not in any way affect the runtime operation of Emissary;
                  except that it may affect internal names in the Envoy config, which
                  may in turn affect stats names.  But it should not affect any end-user
                  observable behavior.
                properties:
                  serviceScheme:
                    description: "ServiceScheme specifies how to spell and capitalize\
                      \ the scheme-part of the service URL. \n Acceptable values are\
                      \ \"http://\" (case-insensitive), \"https://\" (case-insensitive),\
                      \ or \"\".  The value is used if it agrees with whether or not\
                      \ this resource enables TLS origination, or if something else\
                      \ in the resource overrides the scheme."
                    pattern: ^([hH][tT][tT][pP][sS]?://)?$
                    type: string
                  tls:
                    description: "TLS controls whether and how to represent the \"\
                      tls\" field when its value could be implied by the \"service\"\
                      \ field.  In v2, there were a lot of different ways to spell\
                      \ an \"empty\" value, and this field specifies which way to\
                      \ spell it (and will therefore only be used if the value will\
                      \ indeed be empty). \n | Value        | Representation     \
                      \                   | Meaning of representation          | |--------------+---------------------------------------+------------------------------------|\
                      \ | \"\"           | omit the field                        |\
                      \ defer to service (no TLSContext)   | | \"null\"       | store\
                      \ an explicit \"null\" in the field | defer to service (no TLSContext)\
                      \   | | \"string\"     | store an empty string in the field\
                      \    | defer to service (no TLSContext)   | | \"bool:false\"\
                      \ | store a Boolean \"false\" in the field  | defer to service\
                      \ (no TLSContext)   | | \"bool:true\"  | store a Boolean \"\
                      true\" in the field   | originate TLS (no TLSContext)      |\
                      \ \n If the meaning of the representation contradicts anything\
                      \ else (if a TLSContext is to be used, or in the case of \"\
                      bool:true\" if TLS is not to be originated), then this field\
                      \ is ignored."
                    enum:
                    - ''
                    - 'null'
                    - bool:true
                    - bool:false
                    - string
                    type: string
                type: object
            required:
            - auth_service
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/consulresolvers.yaml
+++ b/charts/emissary-crds/templates/consulresolvers.yaml
@ -1,127 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: consulresolvers.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: ConsulResolver
    listKind: ConsulResolverList
    plural: consulresolvers
    singular: consulresolver
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: ConsulResolver is the Schema for the ConsulResolver API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: ConsulResolver tells Ambassador to use Consul to resolve
              services. In addition to the AmbassadorID, it needs information about
              which Consul server and DC to use.
            properties:
              address:
                type: string
              datacenter:
                type: string
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: ConsulResolver is the Schema for the ConsulResolver API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: ConsulResolver tells Ambassador to use Consul to resolve
              services. In addition to the AmbassadorID, it needs information about
              which Consul server and DC to use.
            properties:
              address:
                type: string
              datacenter:
                type: string
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: ConsulResolver is the Schema for the ConsulResolver API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: ConsulResolver tells Ambassador to use Consul to resolve
              services. In addition to the AmbassadorID, it needs information about
              which Consul server and DC to use.
            properties:
              address:
                type: string
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
              datacenter:
                type: string
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/devportals.yaml
+++ b/charts/emissary-crds/templates/devportals.yaml
@ -1,376 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: devportals.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: DevPortal
    listKind: DevPortalList
    plural: devportals
    singular: devportal
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: "DevPortal is the Schema for the DevPortals API \n DevPortal\
          \ resources specify the `what` and `how` is shown in a DevPortal: \n 1.\
          \ `what` is in a DevPortal can be controlled with \n - a `selector`, that\
          \ can be used for filtering `Mappings`. \n - a `docs` listing of (services,\
          \ url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git\
          \ repository with go-templates/markdown/css). \n Multiple `DevPortal`s can\
          \ exist in the cluster, and the Dev Portal server will show them at different\
          \ endpoints. A `DevPortal` resource with a special name, `ambassador`, will\
          \ be used for configuring the default Dev Portal (served at `/docs/` by\
          \ default)."
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: DevPortalSpec defines the desired state of DevPortal
            properties:
              content:
                description: Content specifies where the content shown in the DevPortal
                  come from
                properties:
                  branch:
                    type: string
                  dir:
                    type: string
                  url:
                    type: string
                type: object
              default:
                description: Default must be true when this is the default DevPortal
                type: boolean
              docs:
                description: Docs is a static docs definition
                items:
                  description: 'DevPortalDocsSpec is a static documentation definition:
                    instead of using a Selector for finding documentation for services,
                    users can provide a static list of <service>:<URL> tuples. These
                    services will be shown in the Dev Portal with the documentation
                    obtained from this URL.'
                  properties:
                    service:
                      description: Service is the service being documented
                      type: string
                    timeout_ms:
                      description: Timeout specifies the amount of time devportal
                        will wait for the downstream service to report an openapi
                        spec back
                      type: integer
                    url:
                      description: URL is the URL used for obtaining docs
                      type: string
                  type: object
                type: array
              naming_scheme:
                description: Describes how to display "services" in the DevPortal.
                  Default namespace.name
                enum:
                - namespace.name
                - name.prefix
                type: string
              preserve_servers:
                description: Configures this DevPortal to use server definitions from
                  the openAPI doc instead of rewriting them based on the url used
                  for the connection.
                type: boolean
              search:
                description: DevPortalSearchSpec allows configuration over search
                  functionality for the DevPortal
                properties:
                  enabled:
                    type: boolean
                  type:
                    description: 'Type of search. "title-only" does a fuzzy search
                      over openapi and page titles "all-content" will fuzzy search
                      over all openapi and page content. "title-only" is the default.
                      warning:  using all-content may incur a larger memory footprint'
                    enum:
                    - title-only
                    - all-content
                    type: string
                type: object
              selector:
                description: Selector is used for choosing what is shown in the DevPortal
                properties:
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: MatchLabels specifies the list of labels that must
                      be present in Mappings for being present in this DevPortal.
                    type: object
                  matchNamespaces:
                    description: MatchNamespaces is a list of namespaces that will
                      be included in this DevPortal.
                    items:
                      type: string
                    type: array
                type: object
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: "DevPortal is the Schema for the DevPortals API \n DevPortal\
          \ resources specify the `what` and `how` is shown in a DevPortal: \n 1.\
          \ `what` is in a DevPortal can be controlled with \n - a `selector`, that\
          \ can be used for filtering `Mappings`. \n - a `docs` listing of (services,\
          \ url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git\
          \ repository with go-templates/markdown/css). \n Multiple `DevPortal`s can\
          \ exist in the cluster, and the Dev Portal server will show them at different\
          \ endpoints. A `DevPortal` resource with a special name, `ambassador`, will\
          \ be used for configuring the default Dev Portal (served at `/docs/` by\
          \ default)."
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: DevPortalSpec defines the desired state of DevPortal
            properties:
              content:
                description: Content specifies where the content shown in the DevPortal
                  come from
                properties:
                  branch:
                    type: string
                  dir:
                    type: string
                  url:
                    type: string
                type: object
              default:
                description: Default must be true when this is the default DevPortal
                type: boolean
              docs:
                description: Docs is a static docs definition
                items:
                  description: 'DevPortalDocsSpec is a static documentation definition:
                    instead of using a Selector for finding documentation for services,
                    users can provide a static list of <service>:<URL> tuples. These
                    services will be shown in the Dev Portal with the documentation
                    obtained from this URL.'
                  properties:
                    service:
                      description: Service is the service being documented
                      type: string
                    timeout_ms:
                      description: Timeout specifies the amount of time devportal
                        will wait for the downstream service to report an openapi
                        spec back
                      type: integer
                    url:
                      description: URL is the URL used for obtaining docs
                      type: string
                  type: object
                type: array
              naming_scheme:
                description: Describes how to display "services" in the DevPortal.
                  Default namespace.name
                enum:
                - namespace.name
                - name.prefix
                type: string
              preserve_servers:
                description: Configures this DevPortal to use server definitions from
                  the openAPI doc instead of rewriting them based on the url used
                  for the connection.
                type: boolean
              search:
                description: DevPortalSearchSpec allows configuration over search
                  functionality for the DevPortal
                properties:
                  enabled:
                    type: boolean
                  type:
                    description: 'Type of search. "title-only" does a fuzzy search
                      over openapi and page titles "all-content" will fuzzy search
                      over all openapi and page content. "title-only" is the default.
                      warning:  using all-content may incur a larger memory footprint'
                    enum:
                    - title-only
                    - all-content
                    type: string
                type: object
              selector:
                description: Selector is used for choosing what is shown in the DevPortal
                properties:
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: MatchLabels specifies the list of labels that must
                      be present in Mappings for being present in this DevPortal.
                    type: object
                  matchNamespaces:
                    description: MatchNamespaces is a list of namespaces that will
                      be included in this DevPortal.
                    items:
                      type: string
                    type: array
                type: object
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: "DevPortal is the Schema for the DevPortals API \n DevPortal\
          \ resources specify the `what` and `how` is shown in a DevPortal: \n 1.\
          \ `what` is in a DevPortal can be controlled with \n - a `selector`, that\
          \ can be used for filtering `Mappings`. \n - a `docs` listing of (services,\
          \ url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git\
          \ repository with go-templates/markdown/css). \n Multiple `DevPortal`s can\
          \ exist in the cluster, and the Dev Portal server will show them at different\
          \ endpoints. A `DevPortal` resource with a special name, `ambassador`, will\
          \ be used for configuring the default Dev Portal (served at `/docs/` by\
          \ default)."
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: DevPortalSpec defines the desired state of DevPortal
            properties:
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
              content:
                description: Content specifies where the content shown in the DevPortal
                  come from
                properties:
                  branch:
                    type: string
                  dir:
                    type: string
                  url:
                    type: string
                type: object
              default:
                description: Default must be true when this is the default DevPortal
                type: boolean
              docs:
                description: Docs is a static docs definition
                items:
                  description: 'DevPortalDocsSpec is a static documentation definition:
                    instead of using a Selector for finding documentation for services,
                    users can provide a static list of <service>:<URL> tuples. These
                    services will be shown in the Dev Portal with the documentation
                    obtained from this URL.'
                  properties:
                    service:
                      description: Service is the service being documented
                      type: string
                    timeout_ms:
                      description: Timeout specifies the amount of time devportal
                        will wait for the downstream service to report an openapi
                        spec back
                      type: integer
                    url:
                      description: URL is the URL used for obtaining docs
                      type: string
                  type: object
                type: array
              naming_scheme:
                description: Describes how to display "services" in the DevPortal.
                  Default namespace.name
                enum:
                - namespace.name
                - name.prefix
                type: string
              preserve_servers:
                description: Configures this DevPortal to use server definitions from
                  the openAPI doc instead of rewriting them based on the url used
                  for the connection.
                type: boolean
              search:
                description: DevPortalSearchSpec allows configuration over search
                  functionality for the DevPortal
                properties:
                  enabled:
                    type: boolean
                  type:
                    description: 'Type of search. "title-only" does a fuzzy search
                      over openapi and page titles "all-content" will fuzzy search
                      over all openapi and page content. "title-only" is the default.
                      warning:  using all-content may incur a larger memory footprint'
                    enum:
                    - title-only
                    - all-content
                    type: string
                type: object
              selector:
                description: Selector is used for choosing what is shown in the DevPortal
                properties:
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: MatchLabels specifies the list of labels that must
                      be present in Mappings for being present in this DevPortal.
                    type: object
                  matchNamespaces:
                    description: MatchNamespaces is a list of namespaces that will
                      be included in this DevPortal.
                    items:
                      type: string
                    type: array
                type: object
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/hosts.yaml
+++ b/charts/emissary-crds/templates/hosts.yaml
@ -1,657 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: hosts.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: Host
    listKind: HostList
    plural: hosts
    singular: host
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions }}
  - additionalPrinterColumns:
    - jsonPath: .spec.hostname
      name: Hostname
      type: string
    - jsonPath: .status.state
      name: State
      type: string
    - jsonPath: .status.phaseCompleted
      name: Phase Completed
      type: string
    - jsonPath: .status.phasePending
      name: Phase Pending
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    name: v2
    schema:
      openAPIV3Schema:
        description: Host is the Schema for the hosts API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: HostSpec defines the desired state of Host
            properties:
              acmeProvider:
                description: Specifies whether/who to talk ACME with to automatically
                  manage the $tlsSecret.
                properties:
                  authority:
                    description: Specifies who to talk ACME with to get certs. Defaults
                      to Let's Encrypt; if "none" (case-insensitive), do not try to
                      do ACME for this Host.
                    type: string
                  email:
                    type: string
                  privateKeySecret:
                    description: "Specifies the Kubernetes Secret to use to store\
                      \ the private key of the ACME account (essentially, where to\
                      \ store the auto-generated password for the auto-created ACME\
                      \ account).  You should not normally need to set this--the default\
                      \ value is based on a combination of the ACME authority being\
                      \ registered wit and the email address associated with the account.\
                      \ \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference,\
                      \ not an Ambassador-style `{name}.{namespace}` string.  Because\
                      \ we're opinionated, it does not support referencing a Secret\
                      \ in another namespace (because most native Kubernetes resources\
                      \ don't support that), but if we ever abandon that opinion and\
                      \ decide to support non-local references it, it would be by\
                      \ adding a `namespace:` field by changing it from a core.v1.LocalObjectReference\
                      \ to a core.v1.SecretReference, not by adopting the `{name}.{namespace}`\
                      \ notation."
                    properties:
                      name:
                        default: ''
                        description: 'Name of the referent. This field is effectively
                          required, but due to backwards compatibility is allowed
                          to be empty. Instances of this type with an empty value
                          here are almost certainly wrong. TODO: Add other useful
                          fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                          TODO: Drop `kubebuilder:default` when controller-gen doesn''t
                          need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
                        type: string
                    type: object
                    x-kubernetes-map-type: atomic
                  registration:
                    description: This is normally set automatically
                    type: string
                type: object
              hostname:
                description: Hostname by which the Ambassador can be reached.
                type: string
              previewUrl:
                description: Configuration for the Preview URL feature of Service
                  Preview. Defaults to preview URLs not enabled.
                properties:
                  enabled:
                    description: Is the Preview URL feature enabled?
                    type: boolean
                  type:
                    description: What type of Preview URL is allowed?
                    enum:
                    - Path
                    type: string
                type: object
              requestPolicy:
                description: Request policy definition.
                properties:
                  insecure:
                    properties:
                      action:
                        enum:
                        - Redirect
                        - Reject
                        - Route
                        type: string
                      additionalPort:
                        type: integer
                    type: object
                type: object
              selector:
                description: Selector by which we can find further configuration.
                  Defaults to hostname=$hostname
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                          x-kubernetes-list-type: atomic
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              tls:
                description: TLS configuration.  It is not valid to specify both `tlsContext`
                  and `tls`.
                properties:
                  alpn_protocols:
                    type: string
                  ca_secret:
                    type: string
                  cacert_chain_file:
                    type: string
                  cert_chain_file:
                    type: string
                  cert_required:
                    type: boolean
                  cipher_suites:
                    items:
                      type: string
                    type: array
                  ecdh_curves:
                    items:
                      type: string
                    type: array
                  max_tls_version:
                    type: string
                  min_tls_version:
                    type: string
                  private_key_file:
                    type: string
                  redirect_cleartext_from:
                    type: integer
                  sni:
                    type: string
                  v3CRLSecret:
                    type: string
                type: object
              tlsContext:
                description: "Name of the TLSContext the Host resource is linked with.\
                  \ It is not valid to specify both `tlsContext` and `tls`. \n Note\
                  \ that this is a native-Kubernetes-style core.v1.LocalObjectReference,\
                  \ not an Ambassador-style `{name}.{namespace}` string.  Because\
                  \ we're opinionated, it does not support referencing a Secret in\
                  \ another namespace (because most native Kubernetes resources don't\
                  \ support that), but if we ever abandon that opinion and decide\
                  \ to support non-local references it, it would be by adding a `namespace:`\
                  \ field by changing it from a core.v1.LocalObjectReference to a\
                  \ core.v1.SecretReference, not by adopting the `{name}.{namespace}`\
                  \ notation."
                properties:
                  name:
                    default: ''
                    description: 'Name of the referent. This field is effectively
                      required, but due to backwards compatibility is allowed to be
                      empty. Instances of this type with an empty value here are almost
                      certainly wrong. TODO: Add other useful fields. apiVersion,
                      kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                      TODO: Drop `kubebuilder:default` when controller-gen doesn''t
                      need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
                    type: string
                type: object
                x-kubernetes-map-type: atomic
              tlsSecret:
                description: Name of the Kubernetes secret into which to save generated
                  certificates.  If ACME is enabled (see $acmeProvider), then the
                  default is $hostname; otherwise the default is "".  If the value
                  is "", then we do not do TLS for this Host.
                properties:
                  name:
                    description: name is unique within a namespace to reference a
                      secret resource.
                    type: string
                  namespace:
                    description: namespace defines the space within which the secret
                      name must be unique.
                    type: string
                type: object
                x-kubernetes-map-type: atomic
            type: object
            x-kubernetes-preserve-unknown-fields: true
          status:
            description: HostStatus defines the observed state of Host
            properties:
              errorBackoff:
                type: string
              errorReason:
                description: errorReason, errorTimestamp, and errorBackoff are valid
                  when state==Error.
                type: string
              errorTimestamp:
                format: date-time
                type: string
              phaseCompleted:
                description: phaseCompleted and phasePending are valid when state==Pending
                  or state==Error.
                enum:
                - NA
                - DefaultsFilled
                - ACMEUserPrivateKeyCreated
                - ACMEUserRegistered
                - ACMECertificateChallenge
                type: string
              phasePending:
                description: phaseCompleted and phasePending are valid when state==Pending
                  or state==Error.
                enum:
                - NA
                - DefaultsFilled
                - ACMEUserPrivateKeyCreated
                - ACMEUserRegistered
                - ACMECertificateChallenge
                type: string
              state:
                enum:
                - Initial
                - Pending
                - Ready
                - Error
                type: string
              tlsCertificateSource:
                enum:
                - Unknown
                - None
                - Other
                - ACME
                type: string
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}
 {{- end }}
  - additionalPrinterColumns:
    - jsonPath: .spec.hostname
      name: Hostname
      type: string
    - jsonPath: .status.state
      name: State
      type: string
    - jsonPath: .status.phaseCompleted
      name: Phase Completed
      type: string
    - jsonPath: .status.phasePending
      name: Phase Pending
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    name: v3alpha1
    schema:
      openAPIV3Schema:
        description: Host is the Schema for the hosts API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: HostSpec defines the desired state of Host
            properties:
              acmeProvider:
                description: Specifies whether/who to talk ACME with to automatically
                  manage the $tlsSecret.
                properties:
                  authority:
                    description: Specifies who to talk ACME with to get certs. Defaults
                      to Let's Encrypt; if "none" (case-insensitive), do not try to
                      do ACME for this Host.
                    type: string
                  email:
                    type: string
                  privateKeySecret:
                    description: "Specifies the Kubernetes Secret to use to store\
                      \ the private key of the ACME account (essentially, where to\
                      \ store the auto-generated password for the auto-created ACME\
                      \ account).  You should not normally need to set this--the default\
                      \ value is based on a combination of the ACME authority being\
                      \ registered wit and the email address associated with the account.\
                      \ \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference,\
                      \ not an Ambassador-style `{name}.{namespace}` string.  Because\
                      \ we're opinionated, it does not support referencing a Secret\
                      \ in another namespace (because most native Kubernetes resources\
                      \ don't support that), but if we ever abandon that opinion and\
                      \ decide to support non-local references it, it would be by\
                      \ adding a `namespace:` field by changing it from a core.v1.LocalObjectReference\
                      \ to a core.v1.SecretReference, not by adopting the `{name}.{namespace}`\
                      \ notation."
                    properties:
                      name:
                        default: ''
                        description: 'Name of the referent. This field is effectively
                          required, but due to backwards compatibility is allowed
                          to be empty. Instances of this type with an empty value
                          here are almost certainly wrong. TODO: Add other useful
                          fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                          TODO: Drop `kubebuilder:default` when controller-gen doesn''t
                          need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
                        type: string
                    type: object
                    x-kubernetes-map-type: atomic
                  registration:
                    description: This is normally set automatically
                    type: string
                type: object
              ambassador_id:
                description: Common to all Ambassador objects (and optional).
                items:
                  type: string
                type: array
              hostname:
                description: Hostname by which the Ambassador can be reached.
                type: string
              mappingSelector:
                description: Selector for Mappings we'll associate with this Host.
                  At the moment, Selector and MappingSelector are synonyms, but that
                  will change soon.
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                          x-kubernetes-list-type: atomic
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              previewUrl:
                description: Configuration for the Preview URL feature of Service
                  Preview. Defaults to preview URLs not enabled.
                properties:
                  enabled:
                    description: Is the Preview URL feature enabled?
                    type: boolean
                  type:
                    description: What type of Preview URL is allowed?
                    enum:
                    - Path
                    type: string
                type: object
              requestPolicy:
                description: Request policy definition.
                properties:
                  insecure:
                    properties:
                      action:
                        enum:
                        - Redirect
                        - Reject
                        - Route
                        type: string
                      additionalPort:
                        type: integer
                    type: object
                type: object
              selector:
                description: 'DEPRECATED: Selector by which we can find further configuration.
                  Use MappingSelector instead.'
                properties:
                  matchExpressions:
                    description: matchExpressions is a list of label selector requirements.
                      The requirements are ANDed.
                    items:
                      description: A label selector requirement is a selector that
                        contains values, a key, and an operator that relates the key
                        and values.
                      properties:
                        key:
                          description: key is the label key that the selector applies
                            to.
                          type: string
                        operator:
                          description: operator represents a key's relationship to
                            a set of values. Valid operators are In, NotIn, Exists
                            and DoesNotExist.
                          type: string
                        values:
                          description: values is an array of string values. If the
                            operator is In or NotIn, the values array must be non-empty.
                            If the operator is Exists or DoesNotExist, the values
                            array must be empty. This array is replaced during a strategic
                            merge patch.
                          items:
                            type: string
                          type: array
                          x-kubernetes-list-type: atomic
                      required:
                      - key
                      - operator
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
                  matchLabels:
                    additionalProperties:
                      type: string
                    description: matchLabels is a map of {key,value} pairs. A single
                      {key,value} in the matchLabels map is equivalent to an element
                      of matchExpressions, whose key field is "key", the operator
                      is "In", and the values array contains only "value". The requirements
                      are ANDed.
                    type: object
                type: object
                x-kubernetes-map-type: atomic
              tls:
                description: TLS configuration.  It is not valid to specify both `tlsContext`
                  and `tls`.
                properties:
                  alpn_protocols:
                    type: string
                  ca_secret:
                    type: string
                  cacert_chain_file:
                    type: string
                  cert_chain_file:
                    type: string
                  cert_required:
                    type: boolean
                  cipher_suites:
                    items:
                      type: string
                    type: array
                  crl_secret:
                    type: string
                  ecdh_curves:
                    items:
                      type: string
                    type: array
                  max_tls_version:
                    type: string
                  min_tls_version:
                    type: string
                  private_key_file:
                    type: string
                  redirect_cleartext_from:
                    type: integer
                  sni:
                    type: string
                type: object
              tlsContext:
                description: "Name of the TLSContext the Host resource is linked with.\
                  \ It is not valid to specify both `tlsContext` and `tls`. \n Note\
                  \ that this is a native-Kubernetes-style core.v1.LocalObjectReference,\
                  \ not an Ambassador-style `{name}.{namespace}` string.  Because\
                  \ we're opinionated, it does not support referencing a Secret in\
                  \ another namespace (because most native Kubernetes resources don't\
                  \ support that), but if we ever abandon that opinion and decide\
                  \ to support non-local references it, it would be by adding a `namespace:`\
                  \ field by changing it from a core.v1.LocalObjectReference to a\
                  \ core.v1.SecretReference, not by adopting the `{name}.{namespace}`\
                  \ notation."
                properties:
                  name:
                    default: ''
                    description: 'Name of the referent. This field is effectively
                      required, but due to backwards compatibility is allowed to be
                      empty. Instances of this type with an empty value here are almost
                      certainly wrong. TODO: Add other useful fields. apiVersion,
                      kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                      TODO: Drop `kubebuilder:default` when controller-gen doesn''t
                      need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
                    type: string
                type: object
                x-kubernetes-map-type: atomic
              tlsSecret:
                description: Name of the Kubernetes secret into which to save generated
                  certificates.  If ACME is enabled (see $acmeProvider), then the
                  default is $hostname; otherwise the default is "".  If the value
                  is "", then we do not do TLS for this Host.
                properties:
                  name:
                    description: name is unique within a namespace to reference a
                      secret resource.
                    type: string
                  namespace:
                    description: namespace defines the space within which the secret
                      name must be unique.
                    type: string
                type: object
                x-kubernetes-map-type: atomic
            type: object
          status:
            description: HostStatus defines the observed state of Host
            properties:
              errorBackoff:
                type: string
              errorReason:
                description: errorReason, errorTimestamp, and errorBackoff are valid
                  when state==Error.
                type: string
              errorTimestamp:
                format: date-time
                type: string
              phaseCompleted:
                description: phaseCompleted and phasePending are valid when state==Pending
                  or state==Error.
                enum:
                - NA
                - DefaultsFilled
                - ACMEUserPrivateKeyCreated
                - ACMEUserRegistered
                - ACMECertificateChallenge
                type: string
              phasePending:
                description: phaseCompleted and phasePending are valid when state==Pending
                  or state==Error.
                enum:
                - NA
                - DefaultsFilled
                - ACMEUserPrivateKeyCreated
                - ACMEUserRegistered
                - ACMECertificateChallenge
                type: string
              state:
                enum:
                - Initial
                - Pending
                - Ready
                - Error
                type: string
              tlsCertificateSource:
                enum:
                - Unknown
                - None
                - Other
                - ACME
                type: string
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
    subresources:
      status: {}
--- a/charts/emissary-crds/templates/kubernetesendpointresolvers.yaml
+++ b/charts/emissary-crds/templates/kubernetesendpointresolvers.yaml
@ -1,116 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: kubernetesendpointresolvers.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: KubernetesEndpointResolver
    listKind: KubernetesEndpointResolverList
    plural: kubernetesendpointresolvers
    singular: kubernetesendpointresolver
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver
          API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: KubernetesEndpointResolver tells Ambassador to use Kubernetes
              Endpoints resources to resolve services. It actually has no spec other
              than the AmbassadorID.
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver
          API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: KubernetesEndpointResolver tells Ambassador to use Kubernetes
              Endpoints resources to resolve services. It actually has no spec other
              than the AmbassadorID.
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver
          API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: KubernetesEndpointResolver tells Ambassador to use Kubernetes
              Endpoints resources to resolve services. It actually has no spec other
              than the AmbassadorID.
            properties:
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/kubernetesserviceresolvers.yaml
+++ b/charts/emissary-crds/templates/kubernetesserviceresolvers.yaml
@ -1,116 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: kubernetesserviceresolvers.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: KubernetesServiceResolver
    listKind: KubernetesServiceResolverList
    plural: kubernetesserviceresolvers
    singular: kubernetesserviceresolver
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver
          API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: KubernetesServiceResolver tells Ambassador to use Kubernetes
              Service resources to resolve services. It actually has no spec other
              than the AmbassadorID.
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver
          API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: KubernetesServiceResolver tells Ambassador to use Kubernetes
              Service resources to resolve services. It actually has no spec other
              than the AmbassadorID.
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver
          API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: KubernetesServiceResolver tells Ambassador to use Kubernetes
              Service resources to resolve services. It actually has no spec other
              than the AmbassadorID.
            properties:
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/listeners.yaml
+++ b/charts/emissary-crds/templates/listeners.yaml
@ -1,195 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: listeners.getambassador.io
 spec:
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: Listener
    listKind: ListenerList
    plural: listeners
    singular: listener
  preserveUnknownFields: false
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .spec.port
      name: Port
      type: string
    - jsonPath: .spec.protocol
      name: Protocol
      type: string
    - jsonPath: .spec.protocolStack
      name: Stack
      type: string
    - jsonPath: .spec.statsPrefix
      name: StatsPrefix
      type: string
    - jsonPath: .spec.securityModel
      name: Security
      type: string
    - jsonPath: .spec.l7Depth
      name: L7Depth
      type: string
    name: v3alpha1
    schema:
      openAPIV3Schema:
        description: Listener is the Schema for the hosts API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: ListenerSpec defines the desired state of this Port
            properties:
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
              hostBinding:
                description: HostBinding allows restricting which Hosts will be used
                  for this Listener.
                properties:
                  namespace:
                    description: NamespaceBindingType defines we we specify which
                      namespaces to look for Hosts in.
                    properties:
                      from:
                        description: NamespaceFromType defines how we evaluate a NamespaceBindingType.
                        enum:
                        - SELF
                        - ALL
                        - SELECTOR
                        type: string
                    type: object
                  selector:
                    description: A label selector is a label query over a set of resources.
                      The result of matchLabels and matchExpressions are ANDed. An
                      empty label selector matches all objects. A null label selector
                      matches no objects.
                    properties:
                      matchExpressions:
                        description: matchExpressions is a list of label selector
                          requirements. The requirements are ANDed.
                        items:
                          description: A label selector requirement is a selector
                            that contains values, a key, and an operator that relates
                            the key and values.
                          properties:
                            key:
                              description: key is the label key that the selector
                                applies to.
                              type: string
                            operator:
                              description: operator represents a key's relationship
                                to a set of values. Valid operators are In, NotIn,
                                Exists and DoesNotExist.
                              type: string
                            values:
                              description: values is an array of string values. If
                                the operator is In or NotIn, the values array must
                                be non-empty. If the operator is Exists or DoesNotExist,
                                the values array must be empty. This array is replaced
                                during a strategic merge patch.
                              items:
                                type: string
                              type: array
                          required:
                          - key
                          - operator
                          type: object
                        type: array
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: matchLabels is a map of {key,value} pairs. A
                          single {key,value} in the matchLabels map is equivalent
                          to an element of matchExpressions, whose key field is "key",
                          the operator is "In", and the values array contains only
                          "value". The requirements are ANDed.
                        type: object
                    type: object
                    x-kubernetes-map-type: atomic
                type: object
              l7Depth:
                description: L7Depth specifies how many layer 7 load balancers are
                  between us and the edge of the network.
                format: int32
                type: integer
              port:
                description: Port is the network port. Only one Listener can use a
                  given port.
                format: int32
                maximum: 65535
                minimum: 1
                type: integer
              protocol:
                description: Protocol is a shorthand for certain predefined stacks.
                  Exactly one of Protocol or ProtocolStack must be supplied.
                enum:
                - HTTP
                - HTTPS
                - HTTPPROXY
                - HTTPSPROXY
                - TCP
                - TLS
                - UDP
                type: string
              protocolStack:
                description: ProtocolStack explicitly specifies the protocol stack
                  to set up. Exactly one of Protocol or ProtocolStack must be supplied.
                items:
                  description: ProtocolStackElement defines specific layers that may
                    be combined in a protocol stack for processing connections to
                    a port.
                  enum:
                  - HTTP
                  - PROXY
                  - TLS
                  - TCP
                  - UDP
                  type: string
                type: array
              securityModel:
                description: SecurityModel specifies how to determine whether connections
                  to this port are secure or insecure.
                enum:
                - XFP
                - SECURE
                - INSECURE
                type: string
              statsPrefix:
                description: 'StatsPrefix specifies the prefix for statistics sent
                  by Envoy about this Listener. The default depends on the protocol:
                  "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".'
                type: string
            required:
            - hostBinding
            - port
            - securityModel
            type: object
        type: object
    served: true
    storage: true
    subresources: {}
--- a/charts/emissary-crds/templates/logservices.yaml
+++ b/charts/emissary-crds/templates/logservices.yaml
@ -1,218 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: logservices.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: LogService
    listKind: LogServiceList
    plural: logservices
    singular: logservice
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: LogService is the Schema for the logservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: LogServiceSpec defines the desired state of LogService
            properties:
              driver:
                enum:
                - tcp
                - http
                type: string
              driver_config:
                properties:
                  additional_log_headers:
                    items:
                      properties:
                        during_request:
                          type: boolean
                        during_response:
                          type: boolean
                        during_trailer:
                          type: boolean
                        header_name:
                          type: string
                      type: object
                    type: array
                type: object
              flush_interval_byte_size:
                type: integer
              flush_interval_time:
                type: integer
              grpc:
                type: boolean
              service:
                type: string
              v3ProtocolVersion:
                enum:
                - v2
                - v3
                type: string
              v3StatsName:
                type: string
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: LogService is the Schema for the logservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: LogServiceSpec defines the desired state of LogService
            properties:
              driver:
                enum:
                - tcp
                - http
                type: string
              driver_config:
                properties:
                  additional_log_headers:
                    items:
                      properties:
                        during_request:
                          type: boolean
                        during_response:
                          type: boolean
                        during_trailer:
                          type: boolean
                        header_name:
                          type: string
                      type: object
                    type: array
                type: object
              flush_interval_byte_size:
                type: integer
              flush_interval_time:
                type: integer
              grpc:
                type: boolean
              service:
                type: string
              v3ProtocolVersion:
                enum:
                - v2
                - v3
                type: string
              v3StatsName:
                type: string
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: LogService is the Schema for the logservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: LogServiceSpec defines the desired state of LogService
            properties:
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
              driver:
                enum:
                - tcp
                - http
                type: string
              driver_config:
                properties:
                  additional_log_headers:
                    items:
                      properties:
                        during_request:
                          type: boolean
                        during_response:
                          type: boolean
                        during_trailer:
                          type: boolean
                        header_name:
                          type: string
                      type: object
                    type: array
                type: object
              flush_interval_byte_size:
                type: integer
              flush_interval_time:
                type: integer
              grpc:
                type: boolean
              protocol_version:
                description: ProtocolVersion is the envoy api transport protocol version
                enum:
                - v2
                - v3
                type: string
              service:
                type: string
              stats_name:
                type: string
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/mappings.yaml
+++ b/charts/emissary-crds/templates/mappings.yaml
--- a/charts/emissary-crds/templates/modules.yaml
+++ b/charts/emissary-crds/templates/modules.yaml
@ -1,126 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: modules.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: Module
    listKind: ModuleList
    plural: modules
    singular: module
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: "A Module defines system-wide configuration.  The type of module\
          \ is controlled by the .metadata.name; valid names are \"ambassador\" or\
          \ \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module\
          \ https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            properties:
              config:
                type: object
                x-kubernetes-preserve-unknown-fields: true
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: "A Module defines system-wide configuration.  The type of module\
          \ is controlled by the .metadata.name; valid names are \"ambassador\" or\
          \ \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module\
          \ https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            properties:
              config:
                type: object
                x-kubernetes-preserve-unknown-fields: true
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: "A Module defines system-wide configuration.  The type of module\
          \ is controlled by the .metadata.name; valid names are \"ambassador\" or\
          \ \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module\
          \ https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            properties:
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
              config:
                type: object
                x-kubernetes-preserve-unknown-fields: true
            required:
            - config
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/ratelimitservices.yaml
+++ b/charts/emissary-crds/templates/ratelimitservices.yaml
@ -1,236 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: ratelimitservices.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: RateLimitService
    listKind: RateLimitServiceList
    plural: ratelimitservices
    singular: ratelimitservice
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: RateLimitService is the Schema for the ratelimitservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: RateLimitServiceSpec defines the desired state of RateLimitService
            properties:
              domain:
                type: string
              failure_mode_deny:
                description: FailureModeDeny when set to true, envoy will deny traffic
                  if it is unable to communicate with the rate limit service.
                type: boolean
              protocol_version:
                enum:
                - v2
                - v3
                type: string
              service:
                type: string
              timeout_ms:
                type: integer
              v3GRPC:
                properties:
                  use_resource_exhausted_code:
                    description: UseResourceExhaustedCode, when set to true, will
                      cause envoy to return a `RESOURCE_EXHAUSTED` gRPC code instead
                      of the default `UNAVAILABLE` gRPC code.
                    type: boolean
                type: object
              v3StatsName:
                type: string
            required:
            - service
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: RateLimitService is the Schema for the ratelimitservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: RateLimitServiceSpec defines the desired state of RateLimitService
            properties:
              domain:
                type: string
              failure_mode_deny:
                description: FailureModeDeny when set to true, envoy will deny traffic
                  if it is unable to communicate with the rate limit service.
                type: boolean
              protocol_version:
                enum:
                - v2
                - v3
                type: string
              service:
                type: string
              timeout_ms:
                type: integer
              v3GRPC:
                properties:
                  use_resource_exhausted_code:
                    description: UseResourceExhaustedCode, when set to true, will
                      cause envoy to return a `RESOURCE_EXHAUSTED` gRPC code instead
                      of the default `UNAVAILABLE` gRPC code.
                    type: boolean
                type: object
              v3StatsName:
                type: string
            required:
            - service
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: RateLimitService is the Schema for the ratelimitservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: RateLimitServiceSpec defines the desired state of RateLimitService
            properties:
              ambassador_id:
                description: Common to all Ambassador objects.
                items:
                  type: string
                type: array
              domain:
                type: string
              failure_mode_deny:
                description: FailureModeDeny when set to true, envoy will deny traffic
                  if it is unable to communicate with the rate limit service.
                type: boolean
              grpc:
                properties:
                  use_resource_exhausted_code:
                    description: UseResourceExhaustedCode, when set to true, will
                      cause envoy to return a `RESOURCE_EXHAUSTED` gRPC code instead
                      of the default `UNAVAILABLE` gRPC code.
                    type: boolean
                type: object
              protocol_version:
                description: ProtocolVersion is the envoy api transport protocol version
                enum:
                - v2
                - v3
                type: string
              service:
                type: string
              stats_name:
                type: string
              timeout_ms:
                type: integer
              tls:
                type: string
              v2ExplicitTLS:
                description: V2ExplicitTLS controls some vanity/stylistic elements
                  when converting from v3alpha1 to v2.  The values in an V2ExplicitTLS
                  should not in any way affect the runtime operation of Emissary;
                  except that it may affect internal names in the Envoy config, which
                  may in turn affect stats names.  But it should not affect any end-user
                  observable behavior.
                properties:
                  serviceScheme:
                    description: "ServiceScheme specifies how to spell and capitalize\
                      \ the scheme-part of the service URL. \n Acceptable values are\
                      \ \"http://\" (case-insensitive), \"https://\" (case-insensitive),\
                      \ or \"\".  The value is used if it agrees with whether or not\
                      \ this resource enables TLS origination, or if something else\
                      \ in the resource overrides the scheme."
                    pattern: ^([hH][tT][tT][pP][sS]?://)?$
                    type: string
                  tls:
                    description: "TLS controls whether and how to represent the \"\
                      tls\" field when its value could be implied by the \"service\"\
                      \ field.  In v2, there were a lot of different ways to spell\
                      \ an \"empty\" value, and this field specifies which way to\
                      \ spell it (and will therefore only be used if the value will\
                      \ indeed be empty). \n | Value        | Representation     \
                      \                   | Meaning of representation          | |--------------+---------------------------------------+------------------------------------|\
                      \ | \"\"           | omit the field                        |\
                      \ defer to service (no TLSContext)   | | \"null\"       | store\
                      \ an explicit \"null\" in the field | defer to service (no TLSContext)\
                      \   | | \"string\"     | store an empty string in the field\
                      \    | defer to service (no TLSContext)   | | \"bool:false\"\
                      \ | store a Boolean \"false\" in the field  | defer to service\
                      \ (no TLSContext)   | | \"bool:true\"  | store a Boolean \"\
                      true\" in the field   | originate TLS (no TLSContext)      |\
                      \ \n If the meaning of the representation contradicts anything\
                      \ else (if a TLSContext is to be used, or in the case of \"\
                      bool:true\" if TLS is not to be originated), then this field\
                      \ is ignored."
                    enum:
                    - ''
                    - 'null'
                    - bool:true
                    - bool:false
                    - string
                    type: string
                type: object
            required:
            - service
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/tcpmappings.yaml
+++ b/charts/emissary-crds/templates/tcpmappings.yaml
@ -1,288 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: tcpmappings.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: TCPMapping
    listKind: TCPMappingList
    plural: tcpmappings
    singular: tcpmapping
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: TCPMapping is the Schema for the tcpmappings API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: TCPMappingSpec defines the desired state of TCPMapping
            properties:
              address:
                type: string
              circuit_breakers:
                items:
                  properties:
                    max_connections:
                      type: integer
                    max_pending_requests:
                      type: integer
                    max_requests:
                      type: integer
                    max_retries:
                      type: integer
                    priority:
                      enum:
                      - default
                      - high
                      type: string
                  type: object
                type: array
              cluster_tag:
                type: string
              enable_ipv4:
                type: boolean
              enable_ipv6:
                type: boolean
              host:
                type: string
              idle_timeout_ms:
                type: string
              port:
                description: Port isn't a pointer because it's required.
                type: integer
              resolver:
                type: string
              service:
                type: string
              v3StatsName:
                type: string
              weight:
                type: integer
            required:
            - port
            - service
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: TCPMapping is the Schema for the tcpmappings API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: TCPMappingSpec defines the desired state of TCPMapping
            properties:
              address:
                type: string
              circuit_breakers:
                items:
                  properties:
                    max_connections:
                      type: integer
                    max_pending_requests:
                      type: integer
                    max_requests:
                      type: integer
                    max_retries:
                      type: integer
                    priority:
                      enum:
                      - default
                      - high
                      type: string
                  type: object
                type: array
              cluster_tag:
                type: string
              enable_ipv4:
                type: boolean
              enable_ipv6:
                type: boolean
              host:
                type: string
              idle_timeout_ms:
                type: string
              port:
                description: Port isn't a pointer because it's required.
                type: integer
              resolver:
                type: string
              service:
                type: string
              v3StatsName:
                type: string
              weight:
                type: integer
            required:
            - port
            - service
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: TCPMapping is the Schema for the tcpmappings API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: TCPMappingSpec defines the desired state of TCPMapping
            properties:
              address:
                type: string
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
              circuit_breakers:
                items:
                  properties:
                    max_connections:
                      type: integer
                    max_pending_requests:
                      type: integer
                    max_requests:
                      type: integer
                    max_retries:
                      type: integer
                    priority:
                      enum:
                      - default
                      - high
                      type: string
                  type: object
                type: array
              cluster_tag:
                type: string
              enable_ipv4:
                type: boolean
              enable_ipv6:
                type: boolean
              host:
                type: string
              idle_timeout_ms:
                type: string
              port:
                description: Port isn't a pointer because it's required.
                type: integer
              resolver:
                type: string
              service:
                type: string
              stats_name:
                type: string
              tls:
                type: string
              v2ExplicitTLS:
                description: V2ExplicitTLS controls some vanity/stylistic elements
                  when converting from v3alpha1 to v2.  The values in an V2ExplicitTLS
                  should not in any way affect the runtime operation of Emissary;
                  except that it may affect internal names in the Envoy config, which
                  may in turn affect stats names.  But it should not affect any end-user
                  observable behavior.
                properties:
                  serviceScheme:
                    description: "ServiceScheme specifies how to spell and capitalize\
                      \ the scheme-part of the service URL. \n Acceptable values are\
                      \ \"http://\" (case-insensitive), \"https://\" (case-insensitive),\
                      \ or \"\".  The value is used if it agrees with whether or not\
                      \ this resource enables TLS origination, or if something else\
                      \ in the resource overrides the scheme."
                    pattern: ^([hH][tT][tT][pP][sS]?://)?$
                    type: string
                  tls:
                    description: "TLS controls whether and how to represent the \"\
                      tls\" field when its value could be implied by the \"service\"\
                      \ field.  In v2, there were a lot of different ways to spell\
                      \ an \"empty\" value, and this field specifies which way to\
                      \ spell it (and will therefore only be used if the value will\
                      \ indeed be empty). \n | Value        | Representation     \
                      \                   | Meaning of representation          | |--------------+---------------------------------------+------------------------------------|\
                      \ | \"\"           | omit the field                        |\
                      \ defer to service (no TLSContext)   | | \"null\"       | store\
                      \ an explicit \"null\" in the field | defer to service (no TLSContext)\
                      \   | | \"string\"     | store an empty string in the field\
                      \    | defer to service (no TLSContext)   | | \"bool:false\"\
                      \ | store a Boolean \"false\" in the field  | defer to service\
                      \ (no TLSContext)   | | \"bool:true\"  | store a Boolean \"\
                      true\" in the field   | originate TLS (no TLSContext)      |\
                      \ \n If the meaning of the representation contradicts anything\
                      \ else (if a TLSContext is to be used, or in the case of \"\
                      bool:true\" if TLS is not to be originated), then this field\
                      \ is ignored."
                    enum:
                    - ''
                    - 'null'
                    - bool:true
                    - bool:false
                    - string
                    type: string
                type: object
              weight:
                type: integer
            required:
            - port
            - service
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/tlscontexts.yaml
+++ b/charts/emissary-crds/templates/tlscontexts.yaml
@ -1,253 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: tlscontexts.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: TLSContext
    listKind: TLSContextList
    plural: tlscontexts
    singular: tlscontext
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: TLSContext is the Schema for the tlscontexts API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: TLSContextSpec defines the desired state of TLSContext
            properties:
              alpn_protocols:
                type: string
              ca_secret:
                type: string
              cacert_chain_file:
                type: string
              cert_chain_file:
                type: string
              cert_required:
                type: boolean
              cipher_suites:
                items:
                  type: string
                type: array
              ecdh_curves:
                items:
                  type: string
                type: array
              hosts:
                items:
                  type: string
                type: array
              max_tls_version:
                enum:
                - v1.0
                - v1.1
                - v1.2
                - v1.3
                type: string
              min_tls_version:
                enum:
                - v1.0
                - v1.1
                - v1.2
                - v1.3
                type: string
              private_key_file:
                type: string
              redirect_cleartext_from:
                type: integer
              secret:
                type: string
              secret_namespacing:
                type: boolean
              sni:
                type: string
              v3CRLSecret:
                type: string
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: TLSContext is the Schema for the tlscontexts API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: TLSContextSpec defines the desired state of TLSContext
            properties:
              alpn_protocols:
                type: string
              ca_secret:
                type: string
              cacert_chain_file:
                type: string
              cert_chain_file:
                type: string
              cert_required:
                type: boolean
              cipher_suites:
                items:
                  type: string
                type: array
              ecdh_curves:
                items:
                  type: string
                type: array
              hosts:
                items:
                  type: string
                type: array
              max_tls_version:
                enum:
                - v1.0
                - v1.1
                - v1.2
                - v1.3
                type: string
              min_tls_version:
                enum:
                - v1.0
                - v1.1
                - v1.2
                - v1.3
                type: string
              private_key_file:
                type: string
              redirect_cleartext_from:
                type: integer
              secret:
                type: string
              secret_namespacing:
                type: boolean
              sni:
                type: string
              v3CRLSecret:
                type: string
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: TLSContext is the Schema for the tlscontexts API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: TLSContextSpec defines the desired state of TLSContext
            properties:
              alpn_protocols:
                type: string
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
              ca_secret:
                type: string
              cacert_chain_file:
                type: string
              cert_chain_file:
                type: string
              cert_required:
                type: boolean
              cipher_suites:
                items:
                  type: string
                type: array
              crl_secret:
                type: string
              ecdh_curves:
                items:
                  type: string
                type: array
              hosts:
                items:
                  type: string
                type: array
              max_tls_version:
                enum:
                - v1.0
                - v1.1
                - v1.2
                - v1.3
                type: string
              min_tls_version:
                enum:
                - v1.0
                - v1.1
                - v1.2
                - v1.3
                type: string
              private_key_file:
                type: string
              redirect_cleartext_from:
                type: integer
              secret:
                type: string
              secret_namespacing:
                type: boolean
              sni:
                type: string
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/templates/tracingservices.yaml
+++ b/charts/emissary-crds/templates/tracingservices.yaml
@ -1,424 +0,0 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.13.0
  labels:
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: tracingservices.getambassador.io
 spec:
  {{- include "partials.conversion" . }}
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: TracingService
    listKind: TracingServiceList
    plural: tracingservices
    singular: tracingservice
  preserveUnknownFields: false
  scope: Namespaced
  versions:
 {{- if .Values.enableLegacyVersions -}}
 {{- if .Values.enableV1 }}
  - name: v1
    schema:
      openAPIV3Schema:
        description: TracingService is the Schema for the tracingservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: TracingServiceSpec defines the desired state of TracingService
            properties:
              config:
                properties:
                  access_token_file:
                    type: string
                  collector_cluster:
                    type: string
                  collector_endpoint:
                    type: string
                  collector_endpoint_version:
                    enum:
                    - HTTP_JSON_V1
                    - HTTP_JSON
                    - HTTP_PROTO
                    type: string
                  collector_hostname:
                    type: string
                  service_name:
                    type: string
                  shared_span_context:
                    type: boolean
                  trace_id_128bit:
                    type: boolean
                  v3PropagationModes:
                    items:
                      enum:
                      - ENVOY
                      - LIGHTSTEP
                      - B3
                      - TRACE_CONTEXT
                      type: string
                    type: array
                type: object
              driver:
                enum:
                - lightstep
                - zipkin
                - datadog
                - opentelemetry
                type: string
              sampling:
                properties:
                  client:
                    type: integer
                  overall:
                    type: integer
                  random:
                    type: integer
                type: object
              service:
                type: string
              tag_headers:
                items:
                  type: string
                type: array
              v3CustomTags:
                items:
                  description: TracingCustomTag provides a data structure for capturing
                    envoy's `type.tracing.v3.CustomTag`
                  properties:
                    environment:
                      description: Environment explicitly specifies the protocol stack
                        to set up. Exactly one of Literal, Environment or Header must
                        be supplied.
                      properties:
                        default_value:
                          type: string
                        name:
                          type: string
                      required:
                      - name
                      type: object
                    literal:
                      description: Literal explicitly specifies the protocol stack
                        to set up. Exactly one of Literal, Environment or Header must
                        be supplied.
                      properties:
                        value:
                          type: string
                      required:
                      - value
                      type: object
                    request_header:
                      description: Header explicitly specifies the protocol stack
                        to set up. Exactly one of Literal, Environment or Header must
                        be supplied.
                      properties:
                        default_value:
                          type: string
                        name:
                          type: string
                      required:
                      - name
                      type: object
                    tag:
                      type: string
                  required:
                  - tag
                  type: object
                type: array
              v3StatsName:
                type: string
            required:
            - driver
            - service
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: false
 {{- end }}
  - name: v2
    schema:
      openAPIV3Schema:
        description: TracingService is the Schema for the tracingservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: TracingServiceSpec defines the desired state of TracingService
            properties:
              config:
                properties:
                  access_token_file:
                    type: string
                  collector_cluster:
                    type: string
                  collector_endpoint:
                    type: string
                  collector_endpoint_version:
                    enum:
                    - HTTP_JSON_V1
                    - HTTP_JSON
                    - HTTP_PROTO
                    type: string
                  collector_hostname:
                    type: string
                  service_name:
                    type: string
                  shared_span_context:
                    type: boolean
                  trace_id_128bit:
                    type: boolean
                  v3PropagationModes:
                    items:
                      enum:
                      - ENVOY
                      - LIGHTSTEP
                      - B3
                      - TRACE_CONTEXT
                      type: string
                    type: array
                type: object
              driver:
                enum:
                - lightstep
                - zipkin
                - datadog
                - opentelemetry
                type: string
              sampling:
                properties:
                  client:
                    type: integer
                  overall:
                    type: integer
                  random:
                    type: integer
                type: object
              service:
                type: string
              tag_headers:
                items:
                  type: string
                type: array
              v3CustomTags:
                items:
                  description: TracingCustomTag provides a data structure for capturing
                    envoy's `type.tracing.v3.CustomTag`
                  properties:
                    environment:
                      description: Environment explicitly specifies the protocol stack
                        to set up. Exactly one of Literal, Environment or Header must
                        be supplied.
                      properties:
                        default_value:
                          type: string
                        name:
                          type: string
                      required:
                      - name
                      type: object
                    literal:
                      description: Literal explicitly specifies the protocol stack
                        to set up. Exactly one of Literal, Environment or Header must
                        be supplied.
                      properties:
                        value:
                          type: string
                      required:
                      - value
                      type: object
                    request_header:
                      description: Header explicitly specifies the protocol stack
                        to set up. Exactly one of Literal, Environment or Header must
                        be supplied.
                      properties:
                        default_value:
                          type: string
                        name:
                          type: string
                      required:
                      - name
                      type: object
                    tag:
                      type: string
                  required:
                  - tag
                  type: object
                type: array
              v3StatsName:
                type: string
            required:
            - driver
            - service
            type: object
            x-kubernetes-preserve-unknown-fields: true
        type: object
    served: true
    storage: true
 {{- end }}
  - name: v3alpha1
    schema:
      openAPIV3Schema:
        description: TracingService is the Schema for the tracingservices API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: TracingServiceSpec defines the desired state of TracingService
            properties:
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should\
                  \ pay attention to this resource. If no value is provided, the default\
                  \ is: \n ambassador_id: - \"default\""
                items:
                  type: string
                type: array
              config:
                properties:
                  access_token_file:
                    type: string
                  collector_cluster:
                    type: string
                  collector_endpoint:
                    type: string
                  collector_endpoint_version:
                    enum:
                    - HTTP_JSON_V1
                    - HTTP_JSON
                    - HTTP_PROTO
                    type: string
                  collector_hostname:
                    type: string
                  propagation_modes:
                    items:
                      enum:
                      - ENVOY
                      - LIGHTSTEP
                      - B3
                      - TRACE_CONTEXT
                      type: string
                    type: array
                  service_name:
                    type: string
                  shared_span_context:
                    type: boolean
                  trace_id_128bit:
                    type: boolean
                type: object
              custom_tags:
                items:
                  description: TracingCustomTag provides a data structure for capturing
                    envoy's `type.tracing.v3.CustomTag`
                  properties:
                    environment:
                      description: Environment explicitly specifies the protocol stack
                        to set up. Exactly one of Literal, Environment or Header must
                        be supplied.
                      properties:
                        default_value:
                          type: string
                        name:
                          type: string
                      required:
                      - name
                      type: object
                    literal:
                      description: Literal explicitly specifies the protocol stack
                        to set up. Exactly one of Literal, Environment or Header must
                        be supplied.
                      properties:
                        value:
                          type: string
                      required:
                      - value
                      type: object
                    request_header:
                      description: Header explicitly specifies the protocol stack
                        to set up. Exactly one of Literal, Environment or Header must
                        be supplied.
                      properties:
                        default_value:
                          type: string
                        name:
                          type: string
                      required:
                      - name
                      type: object
                    tag:
                      type: string
                  required:
                  - tag
                  type: object
                type: array
              driver:
                enum:
                - lightstep
                - zipkin
                - datadog
                - opentelemetry
                type: string
              sampling:
                properties:
                  client:
                    type: integer
                  overall:
                    type: integer
                  random:
                    type: integer
                type: object
              service:
                type: string
              stats_name:
                type: string
              tag_headers:
                description: 'Deprecated: tag_headers is deprecated. Use custom_tags
                  instead. `tag_headers: ["header"]` can be defined as `custom_tags:
                  [{"request_header": {"name": "header"}}]`.'
                items:
                  type: string
                type: array
            required:
            - driver
            - service
            type: object
        type: object
    served: true
    storage: {{ include "partials.v3alpha1storage" . }}
--- a/charts/emissary-crds/values.yaml.in
+++ b/charts/emissary-crds/values.yaml.in
@ -1,16 +0,0 @@
 # Set to true to include the v2 versions and the conversion webhook.
 enableLegacyVersions: true
 # Set to true to also include v1 versions; requires enableLegacyVersions to be true.
 enableV1: true
 emissary:
  # Namespace for the main Emissary installation
  namespace: emissary
 apiext:
  # Repository and image name for apiext images
  repository: @imageRepo@
  # Version tag for apiext images
  tag: @version@
  # imagePullPolicy for apiext images
  pullPolicy: IfNotPresent
--- a/charts/emissary-ingress/.gitignore
+++ b/charts/emissary-ingress/.gitignore
--- a/charts/emissary-ingress/.helmignore
+++ b/charts/emissary-ingress/.helmignore
--- a/charts/emissary-ingress/CHANGELOG.md
+++ b/charts/emissary-ingress/CHANGELOG.md
--- a/charts/emissary-ingress/CONTRIBUTING.md
+++ b/charts/emissary-ingress/CONTRIBUTING.md
--- a/charts/emissary-ingress/Chart.yaml.in
+++ b/charts/emissary-ingress/Chart.yaml.in
@ -16,8 +16,10 @@ keywords:
 - emissary
 - emissary ingress
 maintainers:
 - name: flydiverny
  email: markus@maga.se
 - name: kflynn
-  email: flynn@buoyant.io
+  email: flynn@datawire.io
- name: aliceproxy
+- name: nbkrause
-  email:
+  email: nkrause@datawire.io
 engine: gotpl
--- a/charts/emissary-ingress/OWNERS
+++ b/charts/emissary-ingress/OWNERS
--- a/charts/emissary-ingress/ci.in/01-psp-values.yaml
+++ b/charts/emissary-ingress/ci.in/01-psp-values.yaml
--- a/charts/emissary-ingress/ci.in/06-hpa-values.yaml
+++ b/charts/emissary-ingress/ci.in/06-hpa-values.yaml
--- a/charts/emissary-ingress/ci.in/08-single-namespace-values.yaml
+++ b/charts/emissary-ingress/ci.in/08-single-namespace-values.yaml
--- a/charts/emissary-ingress/ci.in/09-redis-false-values.yaml
+++ b/charts/emissary-ingress/ci.in/09-redis-false-values.yaml
--- a/charts/emissary-ingress/ci.in/12-daemonset-values.yaml
+++ b/charts/emissary-ingress/ci.in/12-daemonset-values.yaml
--- a/charts/emissary-ingress/ci.in/14-deployment-labels.yaml
+++ b/charts/emissary-ingress/ci.in/14-deployment-labels.yaml
--- a/charts/emissary-ingress/ci.in/15-test-resolvers.yaml
+++ b/charts/emissary-ingress/ci.in/15-test-resolvers.yaml
--- a/charts/emissary-ingress/ci.in/16-test-module.yaml
+++ b/charts/emissary-ingress/ci.in/16-test-module.yaml
--- a/charts/emissary-ingress/ci.in/17-test-canary.yaml
+++ b/charts/emissary-ingress/ci.in/17-test-canary.yaml
--- a/charts/emissary-ingress/ci.in/18-test-progress-deadline.yaml
+++ b/charts/emissary-ingress/ci.in/18-test-progress-deadline.yaml
--- a/charts/emissary-ingress/ci.in/19-test-lifecycle-values.yaml
+++ b/charts/emissary-ingress/ci.in/19-test-lifecycle-values.yaml
--- a/charts/emissary-ingress/ci.in/tests/manifests/backend.yaml
+++ b/charts/emissary-ingress/ci.in/tests/manifests/backend.yaml
--- a/charts/emissary-ingress/ci.in/tests/manifests/ci-default-values.yaml
+++ b/charts/emissary-ingress/ci.in/tests/manifests/ci-default-values.yaml
--- a/charts/emissary-ingress/ci.in/tests/manifests/helm-init.yaml
+++ b/charts/emissary-ingress/ci.in/tests/manifests/helm-init.yaml
--- a/charts/emissary-ingress/ci.in/tests/manifests/helm2-values.yaml
+++ b/charts/emissary-ingress/ci.in/tests/manifests/helm2-values.yaml
--- a/charts/emissary-ingress/ci.in/tests/manifests/tls.yaml
+++ b/charts/emissary-ingress/ci.in/tests/manifests/tls.yaml
--- a/charts/emissary-ingress/ct.yaml
+++ b/charts/emissary-ingress/ct.yaml
--- a/charts/emissary-ingress/doc.yaml
+++ b/charts/emissary-ingress/doc.yaml
@ -12,7 +12,7 @@ chart:
  values: "-- generate from values file --"
  valuesExample: "-- generate from values file --"
 prerequisites:
-  - "Kubernetes v1.11+"
+- "Kubernetes v1.11+"
 release:
  name: emissary-ingress
  namespace: ambassador
--- a/charts/emissary-ingress/readme.tpl
+++ b/charts/emissary-ingress/readme.tpl
--- a/charts/emissary-ingress/templates/NOTES.txt
+++ b/charts/emissary-ingress/templates/NOTES.txt
@ -1,5 +1,5 @@
 -------------------------------------------------------------------------------
-  Congratulations! You've successfully installed Emissary-ingress!
+  Congratulations! You've successfully installed Emissary Ingress!
 -------------------------------------------------------------------------------
 To get the IP address of Emissary, run the following commands:
--- a/charts/emissary-ingress/templates/_helpers.tpl
+++ b/charts/emissary-ingress/templates/_helpers.tpl
--- a/charts/emissary-ingress/templates/admin-service.yaml
+++ b/charts/emissary-ingress/templates/admin-service.yaml
--- a/charts/emissary-ingress/templates/ambassador-agent.yaml
+++ b/charts/emissary-ingress/templates/ambassador-agent.yaml
--- a/charts/emissary-ingress/templates/config.yaml
+++ b/charts/emissary-ingress/templates/config.yaml
--- a/charts/emissary-ingress/templates/controller-ingressclass.yaml
+++ b/charts/emissary-ingress/templates/controller-ingressclass.yaml
--- a/charts/emissary-ingress/templates/deployment-canary.yaml
+++ b/charts/emissary-ingress/templates/deployment-canary.yaml
--- a/charts/emissary-ingress/templates/deployment.yaml
+++ b/charts/emissary-ingress/templates/deployment.yaml
--- a/charts/emissary-ingress/templates/exporter-config.yaml
+++ b/charts/emissary-ingress/templates/exporter-config.yaml
--- a/charts/emissary-ingress/templates/hpa.yaml
+++ b/charts/emissary-ingress/templates/hpa.yaml
--- a/charts/emissary-ingress/templates/listener.yaml
+++ b/charts/emissary-ingress/templates/listener.yaml
--- a/charts/emissary-ingress/templates/module.yaml
+++ b/charts/emissary-ingress/templates/module.yaml
--- a/charts/emissary-ingress/templates/namespace.yaml
+++ b/charts/emissary-ingress/templates/namespace.yaml
--- a/charts/emissary-ingress/templates/pdb.yaml
+++ b/charts/emissary-ingress/templates/pdb.yaml
--- a/charts/emissary-ingress/templates/podsecuritypolicy.yaml
+++ b/charts/emissary-ingress/templates/podsecuritypolicy.yaml
--- a/charts/emissary-ingress/templates/rbac.yaml
+++ b/charts/emissary-ingress/templates/rbac.yaml
--- a/charts/emissary-ingress/templates/resolvers.yaml
+++ b/charts/emissary-ingress/templates/resolvers.yaml
--- a/charts/emissary-ingress/templates/service-canary.yaml
+++ b/charts/emissary-ingress/templates/service-canary.yaml
--- a/charts/emissary-ingress/templates/service.yaml
+++ b/charts/emissary-ingress/templates/service.yaml
--- a/charts/emissary-ingress/templates/serviceaccount.yaml
+++ b/charts/emissary-ingress/templates/serviceaccount.yaml
--- a/charts/emissary-ingress/templates/servicemonitor.yaml
+++ b/charts/emissary-ingress/templates/servicemonitor.yaml
--- a/charts/emissary-ingress/templates/tests/test-ready.yaml
+++ b/charts/emissary-ingress/templates/tests/test-ready.yaml
--- a/charts/emissary-ingress/values.yaml.in
+++ b/charts/emissary-ingress/values.yaml.in
@ -208,7 +208,7 @@ adminService:
  type: ClusterIP
  port: 8877
  snapshotPort: 8005
-  goPluginMetricsPort:
+  goPluginMetricsPort: 
  # If explicit NodePort for admin service is required
  nodePort:
  # Annotations to apply to Ambassador admin service
--- a/docs/releaseNotes.yml
+++ b/docs/releaseNotes.yml
@ -32,9 +32,9 @@
 changelog: https://github.com/emissary-ingress/emissary/blob/$branch$/CHANGELOG.md
 items:
-  - version: 3.10.0-dev
+  - version: 3.10.0
    prevVersion: 3.9.0
-    date: "TBD"
+    date: "2025-07-29"
    notes:
      - title: Upgrade to Envoy 1.30.2
        type: feature
Author	SHA1	Message	Date
Phil Peble	9081324e6b	Merge pull request #5306 from yanjunding/patch-1 Typo	2025-08-25 14:42:13 -05:00
Phil Peble	cc19ca0746	Merge pull request #5864 from emissary-ingress/release-3.10-fix-CHANGELOG Update CHANGELOG with correct metadata for 3.10 release	2025-08-14 16:01:01 -05:00
Phil Peble	db5d38e826	Update CHANGELOG with correct metadata for 3.10 release Signed-off-by: Phil Peble <ppeble@activecampaign.com>	2025-08-14 15:56:44 -05:00
Flynn	a8e8f4aacd	Merge pull request #5849 from emissary-ingress/release-3-10-quickstart Point quickstart link in README to emissary-ingress.dev	2025-07-29 13:30:12 -04:00
Phil Peble	e6fa8e56e3	Point quickstart link in README to emissary-ingress.dev Signed-off-by: Phil Peble <ppeble@activecampaign.com>	2025-07-29 12:17:48 -05:00
Flynn	4f12337556	Merge pull request #5839 from emissary-ingress/flynn/update-docs Update README and QUICKSTART for 3.10.0	2025-05-07 15:50:26 -04:00
Flynn	dd98ecd66a	Minor tweaks Signed-off-by: Flynn <emissary@flynn.kodachi.com>	2025-05-07 10:15:53 -04:00
Flynn	c815e182b2	Update README and SUPPORT.md Signed-off-by: Flynn <emissary@flynn.kodachi.com>	2025-05-07 10:15:47 -04:00
Flynn	96a49735a8	TRY-3.10 -> QUICKSTART Signed-off-by: Flynn <emissary@flynn.kodachi.com>	2025-05-07 10:15:41 -04:00
Adrian Ding	7f56afa587	Typo	2023-09-19 07:26:27 +12:00