Merge pull request #5306 from yanjunding/patch-1

Typo

CHANGELOG.md

@@ -85,8 +85,8 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
 
 ## RELEASE NOTES
 
-## [3.10.0-dev] TBD
-[3.10.0-dev]: https://github.com/emissary-ingress/emissary/compare/v3.9.0...v3.10.0-dev
+## [3.10.0] July 29, 2025
+[3.10.0]: https://github.com/emissary-ingress/emissary/compare/v3.9.0...v3.10.0
 
 ### Emissary-ingress and Ambassador Edge Stack
 

Community/SUPPORT.md

@@ -1,16 +1,12 @@
-## Support for deploying and using Ambassador
+## Support for deploying and using Emissary
 
-Welcome to Ambassador! We use GitHub for tracking bugs and feature requests. If you need support, the following resources are available. Thanks for understanding.
+Welcome to Emissary! The Emissary community is the best current resource for
+Emissary support, with the best options being:
 
-### Documentation
+- Checking out the [documentation] at https://emissary-ingress.dev/
+- Joining the `#emissary-ingress` channel in the [CNCF Slack]
+- [Opening an issue][GitHub] in [GitHub]
 
-* [User Documentation](https://www.getambassador.io/docs)
-* [Troubleshooting Guide](https://www.getambassador.io/reference/debugging)
-
-### Real-time Chat
-
-* [Slack](https://d6e.co/slack): The `#ambassador` channel is a good place to start.
-
-### Commercial Support
-
-* Commercial Support is available as part of [Ambassador Pro](https://www.getambassador.io/pro/).
+[CNCF Slack]: https://communityinviter.com/apps/cloud-native/cncf)
+[documentation]: https://emissary-ingress.dev/
+[GitHub]: https://github.com/emissary-ingress/emissary/issues

DevDocumentation/ARCHITECTURE.md

@@ -172,7 +172,7 @@ Provides two main functions:
 - Generate IR and envoy configs (load_ir function)
   - Take each Resource generated in ResourceFetcher and add it to the Config object as strongly typed objects
   - Store Config Object in `/ambassador/snapshots/aconf-tmp.json`
-  - Check Deltas for Mappings cach and determine if we needs to be reset
+  - Check Deltas for Mappings cache and determine if we needs to be reset
   - Create IR with a Config, Cache, and invalidated items
     - IR is generated which basically just converts our stuff to strongly typed generic "envoy" items (handling filters, clusters, listeners, removing duplicates, etc...)
   - IR is updated in-memory for diagd process

QUICKSTART.md

@@ -1,40 +1,48 @@
-# Emissary-ingress 3.10.0
+# Emissary-ingress 3.10 Quickstart
 
-Emissary 3.10 encompasses:
+**We recommend using Helm** to install Emissary.
 
-- all the changes made in this repo by Ambassador Labs after Emissary 3.9.1;
-- updates to Go dependencies;
-- updates to the included Envoy Proxy; and
-- community updates (with huge thanks to [Ajay Choudhary], [Billy Lynch], and
-  [Luke Shumaker]!)
+### Installing if you're starting fresh
 
-**Note well** that there is also an Ambassador Edge Stack 3.10.0, but
-**Emissary 3.10 and Edge Stack 3.10 are not equivalent**. Their codebases have
-diverged and will continue to do so.
+**If you are already running Emissary and just want to upgrade, DO NOT FOLLOW
+THESE DIRECTIONS.** Instead, check out "Upgrading from an earlier Emissary"
+below.
 
-[Ajay Choudhary]: https://github.com/ajaychoudhary-hotstar
-[Billy Lynch]: https://github.com/wlynch
-[Luke Shumaker]: https://github.com/lukeshu
+If you're starting from scratch and you don't need to worry about older CRD
+versions, install using `--set enableLegacyVersions=false` to avoid install
+the old versions of the CRDs and the conversion webhook:
 
-## Trying 3.10
+```bash
+helm install emissary-crds \
+ --namespace emissary --create-namespace \
+ oci://ghcr.io/emissary-ingress/emissary-crds-chart --version=3.10.0 \
+ --set enableLegacyVersions=false \
+ --wait
+```
 
-The most current Emissary 3.10 is Emissary 3.10.0-rc.3. This is a **release
-candidate**: it passes CI and is believed to be stable, but we'd like more
-people to try it out before we call it a final release.
+This will install only v3alpha1 CRDs and skip the conversion webhook entirely.
+It will create the `emissary` namespace for you, but there won't be anything
+in it at this point.
 
-**3.10.0-rc.3 is the final RC planned for Emissary 3.10.0.**
+Next up, install Emissary itself, with `--set waitForApiext.enabled=false` to
+tell Emissary not to wait for the conversion webhook to be ready:
 
-By far the easiest way to try things is with Helm -- and note that Emissary
-3.10 includes a Helm chart for CRDs.
+```bash
+helm install emissary \
+ --namespace emissary \
+ oci://ghcr.io/emissary-ingress/emissary-ingress --version=3.10.0 \
+ --set waitForApiext.enabled=false \
+ --wait
+```
 
-### Installing if you're already running an earlier Emissary
+### Upgrading from an earlier Emissary
 
 First, install the CRDs and the conversion webhook:
 
 ```bash
 helm install emissary-crds \
  --namespace emissary-system --create-namespace \
- oci://docker.io/dwflynn/emissary-crds-chart --version=3.10.0-rc.3 \
+ oci://ghcr.io/emissary-ingress/emissary-crds-chart --version=3.10.0 \
  --wait
 ```
 
@@ -44,32 +52,7 @@ conversion webhook into the `emissary-system` namespace. Once that's done, you'l
 ```bash
 helm install emissary \
  --namespace emissary --create-namespace \
- oci://docker.io/dwflynn/emissary-ingress --version=3.10.0-rc.3 \
- --wait
-```
-
-### Installing if you're starting fresh
-
-If you're starting from scratch and you don't need to worry about older CRD
-versions, you can do things differently:
-
-```bash
-helm install emissary-crds \
- --namespace emissary --create-namespace \
- oci://docker.io/dwflynn/emissary-crds-chart --version=3.10.0-rc.3 \
- --set enableLegacyVersions=false \
- --wait
-```
-
-This will install only v3alpha1 CRDs and skip the conversion webhook entirely.
-It will create the `emissary` namespace for you, but there won't be anything
-in it until you install Emissary itself:
-
-```bash
-helm install emissary \
- --namespace emissary \
- oci://docker.io/dwflynn/emissary-ingress --version=3.10.0-rc.3 \
- --set waitForApiext.enabled=false \
+ oci://ghcr.io/emissary-ingress/emissary-ingress --version=3.10.0 \
  --wait
 ```
 

README.md

@@ -23,64 +23,88 @@ Emissary-ingress
 
 ---
 
-## Want to try an Emissary 3.10.0 RC?
+## QUICKSTART
 
-We have a release candidate for Emissary 3.10.0 available for testing. If you're interested in giving it a shot, wonderful! Check out [trying 3.10].
+Looking to get started as quickly as possible? Check out [the
+QUICKSTART](https://emissary-ingress.dev/docs/3.10/quick-start/)!
 
-[trying 3.10]: https://github.com/emissary-ingress/emissary/tree/master/TRY-3.10.md
+### Latest Release
+
+The latest production version of Emissary is **3.10.0**.
+
+**Note well** that there is also an Ambassador Edge Stack 3.10.0, but
+**Emissary 3.10 and Edge Stack 3.10 are not equivalent**. Their codebases have
+diverged and will continue to do so.
 
 ---
 
-[Emissary-Ingress](https://www.getambassador.io/docs/open-source) is an open-source Kubernetes-native API Gateway +
-Layer 7 load balancer + Kubernetes Ingress built on [Envoy Proxy](https://www.envoyproxy.io).
-Emissary-ingress is a CNCF incubation project (and was formerly known as Ambassador API Gateway).
+Emissary-ingress
+================
 
-Emissary-ingress enables its users to:
-* Manage ingress traffic with [load balancing], support for multiple protocols ([gRPC and HTTP/2], [TCP], and [web sockets]), and Kubernetes integration
-* Manage changes to routing with an easy to use declarative policy engine and [self-service configuration], via Kubernetes [CRDs] or annotations
-* Secure microservices with [authentication], [rate limiting], and [TLS]
-* Ensure high availability with [sticky sessions], [rate limiting], and [circuit breaking]
-* Leverage observability with integrations with [Grafana], [Prometheus], and [Datadog], and comprehensive [metrics] support
-* Enable progressive delivery with [canary releases]
-* Connect service meshes including [Consul], [Linkerd], and [Istio]
+[Emissary-ingress](https://www.getambassador.io/docs/open-source) is an
+open-source, developer-centric, Kubernetes-native API gateway built on [Envoy
+Proxy]. Emissary-ingress is a CNCF incubating project (and was formerly known
+as Ambassador API Gateway).
+
+### Design Goals
+
+The first problem faced by any organization trying to develop cloud-native
+applications is the _ingress problem_: allowing users outside the cluster to
+access the application running inside the cluster. Emissary is built around
+the idea that the application developers should be able to solve the ingress
+problem themselves, without needing to become Kubernetes experts and without
+needing dedicated operations staff: a self-service, developer-centric workflow
+is necessary to develop at scale.
+
+Emissary is open-source, developer-centric, role-oriented, opinionated, and
+Kubernatives-native.
+
+- open-source: Emissary is licensed under the Apache 2 license, permitting use
+  or modification by anyone.
+- developer-centric: Emissary is designed taking the application developer
+  into account first.
+- role-oriented: Emissary's configuration deliberately tries to separate
+  elements to allow separation of concerns between developers and operations.
+- opinionated: Emissary deliberately tries to make easy things easy, even if
+  that comes of the cost of not allowing some uncommon features.
+
+### Features
+
+Emissary supports all the table-stakes features needed for a modern API
+gateway:
+
+* Per-request [load balancing]
+* Support for routing [gRPC], [HTTP/2], [TCP], and [web sockets]
+* Declarative configuration via Kubernetes [custom resources]
+* Fine-grained [authentication] and [authorization]
+* Advanced routing features like [canary releases], [A/B testing], [dynamic routing], and [sticky sessions]
+* Resilience features like [retries], [rate limiting], and [circuit breaking]
+* Observability features including comprehensive [metrics] support using the [Prometheus] stack
+* Easy service mesh integration with [Linkerd], [Istio], [Consul], etc.
 * [Knative serverless integration]
 
 See the full list of [features](https://www.getambassador.io/docs/emissary) here.
 
-Branches
-========
+### Branches
 
 (If you are looking at this list on a branch other than `master`, it
 may be out of date.)
 
-- [`master`](https://github.com/emissary-ingress/emissary/tree/master) - branch for Emissary-ingress dev work ( :heavy_check_mark: upcoming release)
-- [`release/v3.9`](https://github.com/emissary-ingress/emissary/tree/release/v3.9) - branch for Emissary-ingress 3.9.z work
-- [`release/v2.5`](https://github.com/emissary-ingress/emissary/tree/release/v2.5) - branch for Emissary-ingress 2.5.z work ( :heavy_check_mark: maintenance)
+- [`main`](https://github.com/emissary-ingress/emissary/tree/main): Emissary 4 development work
 
-Architecture
-============
+**No further development is planned on any branches listed below.**
 
-Emissary is configured via Kubernetes CRDs, or via annotations on Kubernetes `Service`s. Internally,
-it uses the [Envoy Proxy] to actually handle routing data; externally, it relies on Kubernetes for
-scaling and resiliency. For more on Emissary's architecture and motivation, read [this blog post](https://blog.getambassador.io/building-ambassador-an-open-source-api-gateway-on-kubernetes-and-envoy-ed01ed520844).
+- [`master`](https://github.com/emissary-ingress/emissary/tree/master) - **Frozen** at Emissary 3.10.0
+- [`release/v3.10`](https://github.com/emissary-ingress/emissary/tree/release/v3.10) - Emissary-ingress 3.10.0 release branch
+- [`release/v3.9`](https://github.com/emissary-ingress/emissary/tree/release/v3.9)
+  - Emissary-ingress 3.9.1 release branch
+- [`release/v2.5`](https://github.com/emissary-ingress/emissary/tree/release/v2.5) - Emissary-ingress 2.5.1 release branch
 
-Getting Started
-===============
+**Note well** that there is also an Ambassador Edge Stack 3.10.0, but
+**Emissary 3.10 and Edge Stack 3.10 are not equivalent**. Their codebases have
+diverged and will continue to do so.
 
-You can get Emissary up and running in just three steps. Follow the instructions here: https://www.getambassador.io/docs/emissary/latest/tutorials/getting-started/
-
-If you are looking for a Kubernetes ingress controller, Emissary provides a superset of the functionality of a typical ingress controller. (It does the traditional routing, and layers on a raft of configuration options.) This blog post covers [Kubernetes ingress](https://blog.getambassador.io/kubernetes-ingress-nodeport-load-balancers-and-ingress-controllers-6e29f1c44f2d).
-
-For other common questions, view this [FAQ page](https://www.getambassador.io/docs/emissary/latest/about/faq/).
-
-You can also use Helm to install Emissary. For more information, see the instructions in the [Helm installation documentation](https://www.getambassador.io/docs/emissary/latest/topics/install/helm/)
-
-Check out the full [Emissary
-documentation](https://www.getambassador.io/docs/emissary/) at
-www.getambassador.io/docs/open-source.
-
-Community
-=========
+#### Community
 
 Emissary-ingress is a CNCF Incubating project and welcomes any and all
 contributors.
@@ -95,21 +119,21 @@ the way the community is run, including:
    regular trouble-shooting meetings and contributor meetings
  - how to get [`SUPPORT.md`](Community/SUPPORT.md).
 
-The best way to join the community is to join the [CNCF Slack](https://communityinviter.com/apps/cloud-native/cncf)
-#emissary-ingress channel.
-
-Check out the [`DevDocumentation/`](DevDocumentation/) directory for
-information on the technicals of Emissary, most notably the
-[`CONTRIBUTING.md`](DevDocumentation/CONTRIBUTING.md) contributor's guide.
+The best way to join the community is to join the `#emissary-ingress` channel
+in the [CNCF Slack]. This is also the best place for technical information
+about Emissary's architecture or development.
 
 If you're interested in contributing, here are some ways:
 * Write a blog post for [our blog](https://blog.getambassador.io)
 * Investigate an [open issue](https://github.com/emissary-ingress/emissary/issues)
-* Add [more tests](https://github.com/emissary-ingress/emissary/tree/master/ambassador/tests)
-
-The Ambassador Edge Stack is a superset of Emissary-ingress that provides additional functionality including OAuth/OpenID Connect, advanced rate limiting, Swagger/OpenAPI support, integrated ACME support for automatic TLS certificate management, and a cloud-based UI. For more information, visit https://www.getambassador.io/editions/.
+* Add [more tests](https://github.com/emissary-ingress/emissary/tree/main/ambassador/tests)
 
 <!-- Please keep this list sorted. -->
+[CNCF Slack]: https://communityinviter.com/apps/cloud-native/cncf
+[Envoy Proxy]: https://www.envoyproxy.io
+
+<!-- Legacy: clean up these links! -->
+
 [authentication]: https://www.getambassador.io/docs/emissary/latest/topics/running/services/auth-service/
 [canary releases]: https://www.getambassador.io/docs/emissary/latest/topics/using/canary/
 [circuit breaking]: https://www.getambassador.io/docs/emissary/latest/topics/using/circuit-breakers/

build-aux/main.mk

@@ -136,9 +136,7 @@ build-output/chart-%.tgz: build-output/chart-%.d
 # Convenience aliases for the Helm chart
 chart_dir = build-output/chart-$(patsubst v%,%,$(VERSION))_$(patsubst v%,%,$(CHART_VERSION)).d
 chart_tgz = $(patsubst %.d,%.tgz,$(chart_dir))
-# chart: $(chart_tgz)
-chart:
-	@echo "Don't use make chart -- instead, cd charts && make"
+chart: $(chart_tgz)
 PHONY: chart
 
 _major_version = $(firstword $(subst ., ,$(patsubst v%,%,$(VERSION))))

charts/Makefile

@@ -1,44 +0,0 @@
-IMAGE_REPO ?= ghcr.io/emissary-ingress/emissary
-
-all: charts
-
-charts: emissary-crds-chart emissary-ingress
-
-# These are just aliases
-emissary-crds-chart: emissary-crds-chart-$(VERSION).tgz
-emissary-ingress: emissary-ingress-$(VERSION).tgz
-
-version-check:
-	@if [ -z "$(VERSION)" ]; then \
-		echo "VERSION must be set (e.g. VERSION=1.0.0-alpha.3)" >&2 ;\
-		exit 1; \
-	fi
-.PHONY: version-check
-
-helm-registry-check:
-	@if [ -z "$(HELM_REGISTRY)" ]; then \
-		echo "HELM_REGISTRY must be set (e.g. HELM_REGISTRY=oci://docker.io/dwflynn)" >&2 ;\
-		exit 1; \
-	fi
-.PHONY: helm-registry-check
-
-emissary-crds-chart-$(VERSION).tgz: version-check emissary-crds
-	bash bin/build-chart emissary-crds $(VERSION) $(IMAGE_REPO) $$(pwd)
-	ls -l emissary-crds-chart-$(VERSION).tgz
-
-emissary-ingress-$(VERSION).tgz: version-check emissary-chart
-	bash bin/build-chart emissary-chart $(VERSION) $(IMAGE_REPO) $$(pwd)
-	ls -l emissary-ingress-$(VERSION).tgz
-
-push-chart: version-check helm-registry-check charts
-	if [ -n "$(HELM_REGISTRY)" ]; then \
-		helm push emissary-crds-chart-$(VERSION).tgz $(HELM_REGISTRY); \
-		helm push emissary-ingress-$(VERSION).tgz $(HELM_REGISTRY); \
-	else \
-		echo "HELM_REGISTRY not set, not pushing"; \
-	fi
-
-clean:
-	rm -rf emissary-crds-chart-*
-	rm -rf emissary-ingress-*
-

charts/bin/build-chart

@@ -1,50 +0,0 @@
-#!/bin/sh
-
-check_arg () {
-	if [ -z "$2" ]; then
-		echo "$1 cannot be unset" >&2
-		exit 1
-	fi
-}
-
-if [ $# -ne 4 ]; then
-  echo "Usage: $0 <chart-source> <version> <image-repo> <output-dir>" >&2
-  exit 1
-fi
-
-set -e
-
-chart_source="$1"
-version="$2"
-image_repo="$3"
-output_dir="$4"
-
-check_arg chart_source "$chart_source"
-check_arg version "$version"
-check_arg image_repo "$image_repo"
-check_arg output_dir "$output_dir"
-
-# set -x
-
-workdir=$(mktemp -d -t build-chart)
-trap "rm -rf $workdir" EXIT
-
-cp -pr "$chart_source"/* "$workdir"
-
-for file in "$workdir/Chart.yaml" "$workdir/values.yaml"; do
-	sed \
-		-e "s/@version@/$version/g" \
-		-e "s/@chartVersion@/$version/g" \
-		-e "s,@imageRepo@,${image_repo},g" \
-		< ${file}.in > ${file}
-	rm -f ${file}.in
-done
-
-go run kubepack.dev/chart-doc-gen@v0.5.0 \
-	-d "$workdir/doc.yaml" \
-	-t "$workdir/readme.tpl" \
-	-v "$workdir/values.yaml" \
-	> $workdir/README.md
-
-helm package --destination="$output_dir" "$workdir"
-

charts/emissary-crds/.helmignore

@@ -1,22 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-OWNERS
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

charts/emissary-crds/CHANGELOG.md

@@ -1,8 +0,0 @@
-# Change Log
-
-This file documents all notable changes to Ambassador Helm Chart. The release
-numbering uses [semantic versioning](http://semver.org).
-
-## v3.10.0 - TBD
-
-Initial release of the CRDs chart.

charts/emissary-crds/Chart.yaml.in

@@ -1,22 +0,0 @@
-apiVersion: "v2"
-appVersion: "@version@"
-description: |
-  Emissary-ingress is a CNCF API Gateway built on Envoy Proxy, specializing
-  in self-service operation with minimal operational complexity.
-type: application
-home: https://emissary-ingress.dev/
-keywords:
-  - emissary-ingress
-  - crds
-  - ingress-controller
-  - conversion-webhook
-kubeVersion: ">=1.25.0-0"
-name: "emissary-crds-chart"
-sources:
-  - https://github.com/emissary-ingress/emissary/
-version: "@version@"
-#icon: https://linkerd.io/images/logo-only-200h.png
-maintainers:
-  - name: Emissary authors
-    email: cncf-emissary-ingress-maintainers@lists.cncf.io
-    url: https://github.com/emissary-ingress/emissary/

charts/emissary-crds/doc.yaml

@@ -1,18 +0,0 @@
-project:
-  name: Emissary-ingress CRDs
-  shortName: emissary-crds
-  url: https://github.com/emissary-ingress/emissary
-  description: CRDs for the Emissary-ingress project
-  app: Emissary-ingress
-repository:
-  url: oci://ghcr.io/emissary-ingress/emissary-crds
-  name: emissary-crds
-chart:
-  name: emissary-crds
-  values: "-- generate from values file --"
-  valuesExample: "-- generate from values file --"
-prerequisites:
-  - "Kubernetes v1.11+"
-release:
-  name: emissary-crds
-  namespace: emissary-system

charts/emissary-crds/readme.tpl

@@ -1,66 +0,0 @@
-# {{ .Project.ShortName }}
-
-[{{ .Project.Name }}]({{ .Project.URL }}) - {{ .Project.Description }}
-
-## Introduction
-
-This chart deploys the Emissary-ingress CRDS and (optionally) conversion
-webhook on a [Kubernetes](http://kubernetes.io) cluster using the
-[Helm](https://helm.sh) package manager.
-
-## Prerequisites
-{{ range .Prerequisites }}
-- {{ . }}
-{{- end }}
-
-## Installing the Chart
-
-A typical installation will use the `emissary-system` namespace:
-
-```console
-helm install {{ .Release.Name }} \
-     --namespace emissary-system --create-namespace \
-     {{ .Repository.Name }}/{{ .Chart.Name }} \
-     --version {{ .Chart.Version }} \
-     --wait
-```
-
-The command deploys the Emissary-ingress CRDs on the Kubernetes cluster in the
-default configuration. The [configuration](#configuration) section lists the
-parameters that can be configured during installation.
-
-## Changelog
-
-Notable chart changes are listed in the [CHANGELOG](./CHANGELOG.md)
-
-{{ if .Chart.Values -}}
-## Configuration
-
-The following table lists the configurable parameters of the `{{ .Chart.Name }}` chart and their default values.
-
-{{ .Chart.Values }}
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
-
-```console
-helm install {{ .Release.Name }} \
-     --namespace emissary-system --create-namespace \
-     {{ .Repository.Name }}/{{ .Chart.Name }} \
-     --version {{ .Chart.Version }} \
-     --set {{ .Chart.ValuesExample }} \
-     --wait
-```
-
-Alternatively, a YAML file that specifies the values for the parameters can be provided while
-installing the chart. For example:
-
-
-```console
-helm install {{ .Release.Name }} \
-     --namespace emissary-system --create-namespace \
-     {{ .Repository.Name }}/{{ .Chart.Name }} \
-     --version {{ .Chart.Version }} \
-     --values values.yaml \
-     --wait
-```
-{{- end }}

charts/emissary-crds/templates/NOTES.txt

@@ -1,14 +0,0 @@
-The emissary-crds chart was successfully installed! 🎉
-
-To complete the Emissary-ingress installation, please now proceed to install
-the emissary-ingress chart in the {{ .Release.Namespace }} namespace.
-
-{{- if .Values.enableLegacyVersions }}
-The V2 CRDs and apiext are installed and available for use.
-{{- if .Values.enableV1 }}
-The V1 CRDs are available, too.
-{{- end -}}
-{{- end }}
-
-Looking for more? Visit https://emissary-ingress.dev/ !
-

charts/emissary-crds/templates/_helpers.yaml

@@ -1,23 +0,0 @@
-{{- define "partials.conversion" -}}
-{{- if .Values.enableLegacyVersions }}
-  conversion:
-    strategy: Webhook
-    webhook:
-      clientConfig:
-        service:
-          name: emissary-apiext
-          namespace: {{ .Release.Namespace }}
-          path: /webhooks/crd-convert
-          port: 443
-      conversionReviewVersions:
-      - v1
-{{- end -}}
-{{- end -}}
-
-{{- define "partials.v3alpha1storage" -}}
-{{- if .Values.enableLegacyVersions -}}
-  false
-{{- else -}}
-  true
-{{- end -}}
-{{- end -}}

charts/emissary-crds/templates/apiext.yaml

@@ -1,218 +0,0 @@
-{{- if .Values.enableLegacyVersions }}
----
-################################################################################
-# ServiceAccount                                                               #
-################################################################################
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: emissary-apiext
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/instance: emissary-apiext
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
----
-################################################################################
-# Cluster permissions                                                          #
-################################################################################
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: emissary-apiext
-  labels:
-    app.kubernetes.io/instance: emissary-apiext
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
-rules:
-  - apiGroups: [ "apiextensions.k8s.io" ]
-    resources: [ "customresourcedefinitions" ]
-    verbs: [ "list", "watch" ]
-  - apiGroups: [ "apiextensions.k8s.io" ]
-    resources: [ "customresourcedefinitions", "customresourcedefinitions/status" ]
-    resourceNames:
-      - authservices.getambassador.io
-      - consulresolvers.getambassador.io
-      - devportals.getambassador.io
-      - hosts.getambassador.io
-      - kubernetesendpointresolvers.getambassador.io
-      - kubernetesserviceresolvers.getambassador.io
-      - listeners.getambassador.io
-      - logservices.getambassador.io
-      - mappings.getambassador.io
-      - modules.getambassador.io
-      - ratelimitservices.getambassador.io
-      - tcpmappings.getambassador.io
-      - tlscontexts.getambassador.io
-      - tracingservices.getambassador.io
-    verbs: [ "update" ]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: emissary-apiext
-  labels:
-    app.kubernetes.io/instance: emissary-apiext
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: emissary-apiext
-subjects:
-  - kind: ServiceAccount
-    namespace: {{ .Release.Namespace }}
-    name: emissary-apiext
----
-################################################################################
-# Namespaced permissions                                                       #
-################################################################################
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: emissary-apiext
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/instance: emissary-apiext
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
-rules:
-  - apiGroups: [ "" ]
-    resources: [ "secrets" ]
-    verbs: [ "create", "list", "watch" ]
-  - apiGroups: [ "" ]
-    resources: [ "secrets" ]
-    resourceNames: [ "emissary-ingress-webhook-ca" ]
-    verbs: [ "get", "update" ]
-  - apiGroups: [ "coordination.k8s.io" ]
-    resources: [ "leases" ]
-    verbs: [ "create" ]
-  - apiGroups: [ "coordination.k8s.io" ]
-    resources: [ "leases" ]
-    resourceNames: [ "emissary-ca-mgr-leader" ]
-    verbs: [ "get", "update" ]
-  - apiGroups: [ "" ]
-    resources: [ "events" ]
-    verbs: [ "create" ]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: emissary-apiext
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/instance: emissary-apiext
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: emissary-apiext
-subjects:
-- kind: ServiceAccount
-  namespace: {{ .Release.Namespace }}
-  name: emissary-apiext
----
-################################################################################
-# Main                                                                         #
-################################################################################
-apiVersion: v1
-kind: Service
-metadata:
-  name: emissary-apiext
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/instance: emissary-apiext
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
-spec:
-  type: ClusterIP
-  ports:
-    - name: https
-      port: 443
-      targetPort: https
-  selector:
-    app.kubernetes.io/instance: emissary-apiext
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: emissary-apiext
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/instance: emissary-apiext
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: emissary-apiext
-      app.kubernetes.io/name: emissary-apiext
-      app.kubernetes.io/part-of: emissary-apiext
-  replicas: 3
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/instance: emissary-apiext
-        app.kubernetes.io/managed-by: helm
-        app.kubernetes.io/name: emissary-apiext
-        app.kubernetes.io/part-of: emissary-apiext
-        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-        emissary-ingress.dev/control-plane-ns: {{ .Values.emissary.namespace }}
-    spec:
-      serviceAccountName: emissary-apiext
-      containers:
-        - name: emissary-apiext
-          image: {{ .Values.apiext.repository }}:{{ .Values.apiext.tag }}
-          imagePullPolicy: {{ .Values.apiext.pullPolicy }}
-          command: [ "apiext", "emissary-apiext" ]
-          args: [ "--crd-label-selector", "app.kubernetes.io/part-of=emissary-apiext" ]
-          ports:
-            - name: http
-              containerPort: 8080
-            - name: https
-              containerPort: 8443
-          startupProbe:
-            httpGet:
-              path: /probes/live
-              port: 8080
-            failureThreshold: 10
-            periodSeconds: 3
-          livenessProbe:
-            httpGet:
-              scheme: HTTP
-              path: /probes/live
-              port: 8080
-            periodSeconds: 3
-            failureThreshold: 3
-          readinessProbe:
-            httpGet:
-              scheme: HTTP
-              path: /probes/ready
-              port: 8080
-            periodSeconds: 3
-            failureThreshold: 3
-{{- end -}}

charts/emissary-crds/templates/authservices.yaml

@@ -1,375 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: authservices.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: AuthService
-    listKind: AuthServiceList
-    plural: authservices
-    singular: authservice
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: AuthService is the Schema for the authservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: AuthServiceSpec defines the desired state of AuthService
-            properties:
-              add_auth_headers:
-                additionalProperties:
-                  type: string
-                type: object
-              add_linkerd_headers:
-                type: boolean
-              allow_request_body:
-                type: boolean
-              allowed_authorization_headers:
-                items:
-                  type: string
-                type: array
-              allowed_request_headers:
-                items:
-                  type: string
-                type: array
-              auth_service:
-                type: string
-              failure_mode_allow:
-                type: boolean
-              include_body:
-                properties:
-                  allow_partial:
-                    type: boolean
-                  max_bytes:
-                    description: These aren't pointer types because they are required.
-                    type: integer
-                required:
-                - allow_partial
-                - max_bytes
-                type: object
-              path_prefix:
-                type: string
-              proto:
-                enum:
-                - http
-                - grpc
-                type: string
-              protocol_version:
-                enum:
-                - v2
-                - v3
-                type: string
-              status_on_error:
-                description: Why isn't this just an int??
-                properties:
-                  code:
-                    type: integer
-                type: object
-              timeout_ms:
-                type: integer
-              v3CircuitBreakers:
-                items:
-                  properties:
-                    max_connections:
-                      type: integer
-                    max_pending_requests:
-                      type: integer
-                    max_requests:
-                      type: integer
-                    max_retries:
-                      type: integer
-                    priority:
-                      enum:
-                      - default
-                      - high
-                      type: string
-                  type: object
-                type: array
-              v3StatsName:
-                type: string
-            required:
-            - auth_service
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: AuthService is the Schema for the authservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: AuthServiceSpec defines the desired state of AuthService
-            properties:
-              add_auth_headers:
-                additionalProperties:
-                  type: string
-                type: object
-              add_linkerd_headers:
-                type: boolean
-              allow_request_body:
-                type: boolean
-              allowed_authorization_headers:
-                items:
-                  type: string
-                type: array
-              allowed_request_headers:
-                items:
-                  type: string
-                type: array
-              auth_service:
-                type: string
-              failure_mode_allow:
-                type: boolean
-              include_body:
-                properties:
-                  allow_partial:
-                    type: boolean
-                  max_bytes:
-                    description: These aren't pointer types because they are required.
-                    type: integer
-                required:
-                - allow_partial
-                - max_bytes
-                type: object
-              path_prefix:
-                type: string
-              proto:
-                enum:
-                - http
-                - grpc
-                type: string
-              protocol_version:
-                enum:
-                - v2
-                - v3
-                type: string
-              status_on_error:
-                description: Why isn't this just an int??
-                properties:
-                  code:
-                    type: integer
-                type: object
-              timeout_ms:
-                type: integer
-              v3CircuitBreakers:
-                items:
-                  properties:
-                    max_connections:
-                      type: integer
-                    max_pending_requests:
-                      type: integer
-                    max_requests:
-                      type: integer
-                    max_retries:
-                      type: integer
-                    priority:
-                      enum:
-                      - default
-                      - high
-                      type: string
-                  type: object
-                type: array
-              v3StatsName:
-                type: string
-            required:
-            - auth_service
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: AuthService is the Schema for the authservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: AuthServiceSpec defines the desired state of AuthService
-            properties:
-              add_auth_headers:
-                additionalProperties:
-                  type: string
-                type: object
-              add_linkerd_headers:
-                type: boolean
-              allow_request_body:
-                type: boolean
-              allowed_authorization_headers:
-                items:
-                  type: string
-                type: array
-              allowed_request_headers:
-                items:
-                  type: string
-                type: array
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-              auth_service:
-                type: string
-              circuit_breakers:
-                items:
-                  properties:
-                    max_connections:
-                      type: integer
-                    max_pending_requests:
-                      type: integer
-                    max_requests:
-                      type: integer
-                    max_retries:
-                      type: integer
-                    priority:
-                      enum:
-                      - default
-                      - high
-                      type: string
-                  type: object
-                type: array
-              failure_mode_allow:
-                type: boolean
-              include_body:
-                properties:
-                  allow_partial:
-                    type: boolean
-                  max_bytes:
-                    description: These aren't pointer types because they are required.
-                    type: integer
-                required:
-                - allow_partial
-                - max_bytes
-                type: object
-              path_prefix:
-                type: string
-              proto:
-                enum:
-                - http
-                - grpc
-                type: string
-              protocol_version:
-                description: ProtocolVersion is the envoy api transport protocol version
-                enum:
-                - v2
-                - v3
-                type: string
-              stats_name:
-                type: string
-              status_on_error:
-                properties:
-                  code:
-                    type: integer
-                type: object
-              timeout_ms:
-                type: integer
-              tls:
-                type: string
-              v2ExplicitTLS:
-                description: V2ExplicitTLS controls some vanity/stylistic elements
-                  when converting from v3alpha1 to v2.  The values in an V2ExplicitTLS
-                  should not in any way affect the runtime operation of Emissary;
-                  except that it may affect internal names in the Envoy config, which
-                  may in turn affect stats names.  But it should not affect any end-user
-                  observable behavior.
-                properties:
-                  serviceScheme:
-                    description: "ServiceScheme specifies how to spell and capitalize\
-                      \ the scheme-part of the service URL. \n Acceptable values are\
-                      \ \"http://\" (case-insensitive), \"https://\" (case-insensitive),\
-                      \ or \"\".  The value is used if it agrees with whether or not\
-                      \ this resource enables TLS origination, or if something else\
-                      \ in the resource overrides the scheme."
-                    pattern: ^([hH][tT][tT][pP][sS]?://)?$
-                    type: string
-                  tls:
-                    description: "TLS controls whether and how to represent the \"\
-                      tls\" field when its value could be implied by the \"service\"\
-                      \ field.  In v2, there were a lot of different ways to spell\
-                      \ an \"empty\" value, and this field specifies which way to\
-                      \ spell it (and will therefore only be used if the value will\
-                      \ indeed be empty). \n | Value        | Representation     \
-                      \                   | Meaning of representation          | |--------------+---------------------------------------+------------------------------------|\
-                      \ | \"\"           | omit the field                        |\
-                      \ defer to service (no TLSContext)   | | \"null\"       | store\
-                      \ an explicit \"null\" in the field | defer to service (no TLSContext)\
-                      \   | | \"string\"     | store an empty string in the field\
-                      \    | defer to service (no TLSContext)   | | \"bool:false\"\
-                      \ | store a Boolean \"false\" in the field  | defer to service\
-                      \ (no TLSContext)   | | \"bool:true\"  | store a Boolean \"\
-                      true\" in the field   | originate TLS (no TLSContext)      |\
-                      \ \n If the meaning of the representation contradicts anything\
-                      \ else (if a TLSContext is to be used, or in the case of \"\
-                      bool:true\" if TLS is not to be originated), then this field\
-                      \ is ignored."
-                    enum:
-                    - ''
-                    - 'null'
-                    - bool:true
-                    - bool:false
-                    - string
-                    type: string
-                type: object
-            required:
-            - auth_service
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/consulresolvers.yaml

@@ -1,127 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: consulresolvers.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: ConsulResolver
-    listKind: ConsulResolverList
-    plural: consulresolvers
-    singular: consulresolver
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: ConsulResolver is the Schema for the ConsulResolver API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ConsulResolver tells Ambassador to use Consul to resolve
-              services. In addition to the AmbassadorID, it needs information about
-              which Consul server and DC to use.
-            properties:
-              address:
-                type: string
-              datacenter:
-                type: string
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: ConsulResolver is the Schema for the ConsulResolver API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ConsulResolver tells Ambassador to use Consul to resolve
-              services. In addition to the AmbassadorID, it needs information about
-              which Consul server and DC to use.
-            properties:
-              address:
-                type: string
-              datacenter:
-                type: string
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: ConsulResolver is the Schema for the ConsulResolver API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ConsulResolver tells Ambassador to use Consul to resolve
-              services. In addition to the AmbassadorID, it needs information about
-              which Consul server and DC to use.
-            properties:
-              address:
-                type: string
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-              datacenter:
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/devportals.yaml

@@ -1,376 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: devportals.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: DevPortal
-    listKind: DevPortalList
-    plural: devportals
-    singular: devportal
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: "DevPortal is the Schema for the DevPortals API \n DevPortal\
-          \ resources specify the `what` and `how` is shown in a DevPortal: \n 1.\
-          \ `what` is in a DevPortal can be controlled with \n - a `selector`, that\
-          \ can be used for filtering `Mappings`. \n - a `docs` listing of (services,\
-          \ url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git\
-          \ repository with go-templates/markdown/css). \n Multiple `DevPortal`s can\
-          \ exist in the cluster, and the Dev Portal server will show them at different\
-          \ endpoints. A `DevPortal` resource with a special name, `ambassador`, will\
-          \ be used for configuring the default Dev Portal (served at `/docs/` by\
-          \ default)."
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: DevPortalSpec defines the desired state of DevPortal
-            properties:
-              content:
-                description: Content specifies where the content shown in the DevPortal
-                  come from
-                properties:
-                  branch:
-                    type: string
-                  dir:
-                    type: string
-                  url:
-                    type: string
-                type: object
-              default:
-                description: Default must be true when this is the default DevPortal
-                type: boolean
-              docs:
-                description: Docs is a static docs definition
-                items:
-                  description: 'DevPortalDocsSpec is a static documentation definition:
-                    instead of using a Selector for finding documentation for services,
-                    users can provide a static list of <service>:<URL> tuples. These
-                    services will be shown in the Dev Portal with the documentation
-                    obtained from this URL.'
-                  properties:
-                    service:
-                      description: Service is the service being documented
-                      type: string
-                    timeout_ms:
-                      description: Timeout specifies the amount of time devportal
-                        will wait for the downstream service to report an openapi
-                        spec back
-                      type: integer
-                    url:
-                      description: URL is the URL used for obtaining docs
-                      type: string
-                  type: object
-                type: array
-              naming_scheme:
-                description: Describes how to display "services" in the DevPortal.
-                  Default namespace.name
-                enum:
-                - namespace.name
-                - name.prefix
-                type: string
-              preserve_servers:
-                description: Configures this DevPortal to use server definitions from
-                  the openAPI doc instead of rewriting them based on the url used
-                  for the connection.
-                type: boolean
-              search:
-                description: DevPortalSearchSpec allows configuration over search
-                  functionality for the DevPortal
-                properties:
-                  enabled:
-                    type: boolean
-                  type:
-                    description: 'Type of search. "title-only" does a fuzzy search
-                      over openapi and page titles "all-content" will fuzzy search
-                      over all openapi and page content. "title-only" is the default.
-                      warning:  using all-content may incur a larger memory footprint'
-                    enum:
-                    - title-only
-                    - all-content
-                    type: string
-                type: object
-              selector:
-                description: Selector is used for choosing what is shown in the DevPortal
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: MatchLabels specifies the list of labels that must
-                      be present in Mappings for being present in this DevPortal.
-                    type: object
-                  matchNamespaces:
-                    description: MatchNamespaces is a list of namespaces that will
-                      be included in this DevPortal.
-                    items:
-                      type: string
-                    type: array
-                type: object
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: "DevPortal is the Schema for the DevPortals API \n DevPortal\
-          \ resources specify the `what` and `how` is shown in a DevPortal: \n 1.\
-          \ `what` is in a DevPortal can be controlled with \n - a `selector`, that\
-          \ can be used for filtering `Mappings`. \n - a `docs` listing of (services,\
-          \ url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git\
-          \ repository with go-templates/markdown/css). \n Multiple `DevPortal`s can\
-          \ exist in the cluster, and the Dev Portal server will show them at different\
-          \ endpoints. A `DevPortal` resource with a special name, `ambassador`, will\
-          \ be used for configuring the default Dev Portal (served at `/docs/` by\
-          \ default)."
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: DevPortalSpec defines the desired state of DevPortal
-            properties:
-              content:
-                description: Content specifies where the content shown in the DevPortal
-                  come from
-                properties:
-                  branch:
-                    type: string
-                  dir:
-                    type: string
-                  url:
-                    type: string
-                type: object
-              default:
-                description: Default must be true when this is the default DevPortal
-                type: boolean
-              docs:
-                description: Docs is a static docs definition
-                items:
-                  description: 'DevPortalDocsSpec is a static documentation definition:
-                    instead of using a Selector for finding documentation for services,
-                    users can provide a static list of <service>:<URL> tuples. These
-                    services will be shown in the Dev Portal with the documentation
-                    obtained from this URL.'
-                  properties:
-                    service:
-                      description: Service is the service being documented
-                      type: string
-                    timeout_ms:
-                      description: Timeout specifies the amount of time devportal
-                        will wait for the downstream service to report an openapi
-                        spec back
-                      type: integer
-                    url:
-                      description: URL is the URL used for obtaining docs
-                      type: string
-                  type: object
-                type: array
-              naming_scheme:
-                description: Describes how to display "services" in the DevPortal.
-                  Default namespace.name
-                enum:
-                - namespace.name
-                - name.prefix
-                type: string
-              preserve_servers:
-                description: Configures this DevPortal to use server definitions from
-                  the openAPI doc instead of rewriting them based on the url used
-                  for the connection.
-                type: boolean
-              search:
-                description: DevPortalSearchSpec allows configuration over search
-                  functionality for the DevPortal
-                properties:
-                  enabled:
-                    type: boolean
-                  type:
-                    description: 'Type of search. "title-only" does a fuzzy search
-                      over openapi and page titles "all-content" will fuzzy search
-                      over all openapi and page content. "title-only" is the default.
-                      warning:  using all-content may incur a larger memory footprint'
-                    enum:
-                    - title-only
-                    - all-content
-                    type: string
-                type: object
-              selector:
-                description: Selector is used for choosing what is shown in the DevPortal
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: MatchLabels specifies the list of labels that must
-                      be present in Mappings for being present in this DevPortal.
-                    type: object
-                  matchNamespaces:
-                    description: MatchNamespaces is a list of namespaces that will
-                      be included in this DevPortal.
-                    items:
-                      type: string
-                    type: array
-                type: object
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: "DevPortal is the Schema for the DevPortals API \n DevPortal\
-          \ resources specify the `what` and `how` is shown in a DevPortal: \n 1.\
-          \ `what` is in a DevPortal can be controlled with \n - a `selector`, that\
-          \ can be used for filtering `Mappings`. \n - a `docs` listing of (services,\
-          \ url) \n 2. `how` is a pointer to some `contents` (a checkout of a Git\
-          \ repository with go-templates/markdown/css). \n Multiple `DevPortal`s can\
-          \ exist in the cluster, and the Dev Portal server will show them at different\
-          \ endpoints. A `DevPortal` resource with a special name, `ambassador`, will\
-          \ be used for configuring the default Dev Portal (served at `/docs/` by\
-          \ default)."
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: DevPortalSpec defines the desired state of DevPortal
-            properties:
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-              content:
-                description: Content specifies where the content shown in the DevPortal
-                  come from
-                properties:
-                  branch:
-                    type: string
-                  dir:
-                    type: string
-                  url:
-                    type: string
-                type: object
-              default:
-                description: Default must be true when this is the default DevPortal
-                type: boolean
-              docs:
-                description: Docs is a static docs definition
-                items:
-                  description: 'DevPortalDocsSpec is a static documentation definition:
-                    instead of using a Selector for finding documentation for services,
-                    users can provide a static list of <service>:<URL> tuples. These
-                    services will be shown in the Dev Portal with the documentation
-                    obtained from this URL.'
-                  properties:
-                    service:
-                      description: Service is the service being documented
-                      type: string
-                    timeout_ms:
-                      description: Timeout specifies the amount of time devportal
-                        will wait for the downstream service to report an openapi
-                        spec back
-                      type: integer
-                    url:
-                      description: URL is the URL used for obtaining docs
-                      type: string
-                  type: object
-                type: array
-              naming_scheme:
-                description: Describes how to display "services" in the DevPortal.
-                  Default namespace.name
-                enum:
-                - namespace.name
-                - name.prefix
-                type: string
-              preserve_servers:
-                description: Configures this DevPortal to use server definitions from
-                  the openAPI doc instead of rewriting them based on the url used
-                  for the connection.
-                type: boolean
-              search:
-                description: DevPortalSearchSpec allows configuration over search
-                  functionality for the DevPortal
-                properties:
-                  enabled:
-                    type: boolean
-                  type:
-                    description: 'Type of search. "title-only" does a fuzzy search
-                      over openapi and page titles "all-content" will fuzzy search
-                      over all openapi and page content. "title-only" is the default.
-                      warning:  using all-content may incur a larger memory footprint'
-                    enum:
-                    - title-only
-                    - all-content
-                    type: string
-                type: object
-              selector:
-                description: Selector is used for choosing what is shown in the DevPortal
-                properties:
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: MatchLabels specifies the list of labels that must
-                      be present in Mappings for being present in this DevPortal.
-                    type: object
-                  matchNamespaces:
-                    description: MatchNamespaces is a list of namespaces that will
-                      be included in this DevPortal.
-                    items:
-                      type: string
-                    type: array
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/hosts.yaml

@@ -1,657 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: hosts.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: Host
-    listKind: HostList
-    plural: hosts
-    singular: host
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions }}
-  - additionalPrinterColumns:
-    - jsonPath: .spec.hostname
-      name: Hostname
-      type: string
-    - jsonPath: .status.state
-      name: State
-      type: string
-    - jsonPath: .status.phaseCompleted
-      name: Phase Completed
-      type: string
-    - jsonPath: .status.phasePending
-      name: Phase Pending
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v2
-    schema:
-      openAPIV3Schema:
-        description: Host is the Schema for the hosts API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: HostSpec defines the desired state of Host
-            properties:
-              acmeProvider:
-                description: Specifies whether/who to talk ACME with to automatically
-                  manage the $tlsSecret.
-                properties:
-                  authority:
-                    description: Specifies who to talk ACME with to get certs. Defaults
-                      to Let's Encrypt; if "none" (case-insensitive), do not try to
-                      do ACME for this Host.
-                    type: string
-                  email:
-                    type: string
-                  privateKeySecret:
-                    description: "Specifies the Kubernetes Secret to use to store\
-                      \ the private key of the ACME account (essentially, where to\
-                      \ store the auto-generated password for the auto-created ACME\
-                      \ account).  You should not normally need to set this--the default\
-                      \ value is based on a combination of the ACME authority being\
-                      \ registered wit and the email address associated with the account.\
-                      \ \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference,\
-                      \ not an Ambassador-style `{name}.{namespace}` string.  Because\
-                      \ we're opinionated, it does not support referencing a Secret\
-                      \ in another namespace (because most native Kubernetes resources\
-                      \ don't support that), but if we ever abandon that opinion and\
-                      \ decide to support non-local references it, it would be by\
-                      \ adding a `namespace:` field by changing it from a core.v1.LocalObjectReference\
-                      \ to a core.v1.SecretReference, not by adopting the `{name}.{namespace}`\
-                      \ notation."
-                    properties:
-                      name:
-                        default: ''
-                        description: 'Name of the referent. This field is effectively
-                          required, but due to backwards compatibility is allowed
-                          to be empty. Instances of this type with an empty value
-                          here are almost certainly wrong. TODO: Add other useful
-                          fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                          TODO: Drop `kubebuilder:default` when controller-gen doesn''t
-                          need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                  registration:
-                    description: This is normally set automatically
-                    type: string
-                type: object
-              hostname:
-                description: Hostname by which the Ambassador can be reached.
-                type: string
-              previewUrl:
-                description: Configuration for the Preview URL feature of Service
-                  Preview. Defaults to preview URLs not enabled.
-                properties:
-                  enabled:
-                    description: Is the Preview URL feature enabled?
-                    type: boolean
-                  type:
-                    description: What type of Preview URL is allowed?
-                    enum:
-                    - Path
-                    type: string
-                type: object
-              requestPolicy:
-                description: Request policy definition.
-                properties:
-                  insecure:
-                    properties:
-                      action:
-                        enum:
-                        - Redirect
-                        - Reject
-                        - Route
-                        type: string
-                      additionalPort:
-                        type: integer
-                    type: object
-                type: object
-              selector:
-                description: Selector by which we can find further configuration.
-                  Defaults to hostname=$hostname
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: A label selector requirement is a selector that
-                        contains values, a key, and an operator that relates the key
-                        and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: operator represents a key's relationship to
-                            a set of values. Valid operators are In, NotIn, Exists
-                            and DoesNotExist.
-                          type: string
-                        values:
-                          description: values is an array of string values. If the
-                            operator is In or NotIn, the values array must be non-empty.
-                            If the operator is Exists or DoesNotExist, the values
-                            array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: matchLabels is a map of {key,value} pairs. A single
-                      {key,value} in the matchLabels map is equivalent to an element
-                      of matchExpressions, whose key field is "key", the operator
-                      is "In", and the values array contains only "value". The requirements
-                      are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              tls:
-                description: TLS configuration.  It is not valid to specify both `tlsContext`
-                  and `tls`.
-                properties:
-                  alpn_protocols:
-                    type: string
-                  ca_secret:
-                    type: string
-                  cacert_chain_file:
-                    type: string
-                  cert_chain_file:
-                    type: string
-                  cert_required:
-                    type: boolean
-                  cipher_suites:
-                    items:
-                      type: string
-                    type: array
-                  ecdh_curves:
-                    items:
-                      type: string
-                    type: array
-                  max_tls_version:
-                    type: string
-                  min_tls_version:
-                    type: string
-                  private_key_file:
-                    type: string
-                  redirect_cleartext_from:
-                    type: integer
-                  sni:
-                    type: string
-                  v3CRLSecret:
-                    type: string
-                type: object
-              tlsContext:
-                description: "Name of the TLSContext the Host resource is linked with.\
-                  \ It is not valid to specify both `tlsContext` and `tls`. \n Note\
-                  \ that this is a native-Kubernetes-style core.v1.LocalObjectReference,\
-                  \ not an Ambassador-style `{name}.{namespace}` string.  Because\
-                  \ we're opinionated, it does not support referencing a Secret in\
-                  \ another namespace (because most native Kubernetes resources don't\
-                  \ support that), but if we ever abandon that opinion and decide\
-                  \ to support non-local references it, it would be by adding a `namespace:`\
-                  \ field by changing it from a core.v1.LocalObjectReference to a\
-                  \ core.v1.SecretReference, not by adopting the `{name}.{namespace}`\
-                  \ notation."
-                properties:
-                  name:
-                    default: ''
-                    description: 'Name of the referent. This field is effectively
-                      required, but due to backwards compatibility is allowed to be
-                      empty. Instances of this type with an empty value here are almost
-                      certainly wrong. TODO: Add other useful fields. apiVersion,
-                      kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                      TODO: Drop `kubebuilder:default` when controller-gen doesn''t
-                      need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              tlsSecret:
-                description: Name of the Kubernetes secret into which to save generated
-                  certificates.  If ACME is enabled (see $acmeProvider), then the
-                  default is $hostname; otherwise the default is "".  If the value
-                  is "", then we do not do TLS for this Host.
-                properties:
-                  name:
-                    description: name is unique within a namespace to reference a
-                      secret resource.
-                    type: string
-                  namespace:
-                    description: namespace defines the space within which the secret
-                      name must be unique.
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            description: HostStatus defines the observed state of Host
-            properties:
-              errorBackoff:
-                type: string
-              errorReason:
-                description: errorReason, errorTimestamp, and errorBackoff are valid
-                  when state==Error.
-                type: string
-              errorTimestamp:
-                format: date-time
-                type: string
-              phaseCompleted:
-                description: phaseCompleted and phasePending are valid when state==Pending
-                  or state==Error.
-                enum:
-                - NA
-                - DefaultsFilled
-                - ACMEUserPrivateKeyCreated
-                - ACMEUserRegistered
-                - ACMECertificateChallenge
-                type: string
-              phasePending:
-                description: phaseCompleted and phasePending are valid when state==Pending
-                  or state==Error.
-                enum:
-                - NA
-                - DefaultsFilled
-                - ACMEUserPrivateKeyCreated
-                - ACMEUserRegistered
-                - ACMECertificateChallenge
-                type: string
-              state:
-                enum:
-                - Initial
-                - Pending
-                - Ready
-                - Error
-                type: string
-              tlsCertificateSource:
-                enum:
-                - Unknown
-                - None
-                - Other
-                - ACME
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-{{- end }}
-  - additionalPrinterColumns:
-    - jsonPath: .spec.hostname
-      name: Hostname
-      type: string
-    - jsonPath: .status.state
-      name: State
-      type: string
-    - jsonPath: .status.phaseCompleted
-      name: Phase Completed
-      type: string
-    - jsonPath: .status.phasePending
-      name: Phase Pending
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: Host is the Schema for the hosts API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: HostSpec defines the desired state of Host
-            properties:
-              acmeProvider:
-                description: Specifies whether/who to talk ACME with to automatically
-                  manage the $tlsSecret.
-                properties:
-                  authority:
-                    description: Specifies who to talk ACME with to get certs. Defaults
-                      to Let's Encrypt; if "none" (case-insensitive), do not try to
-                      do ACME for this Host.
-                    type: string
-                  email:
-                    type: string
-                  privateKeySecret:
-                    description: "Specifies the Kubernetes Secret to use to store\
-                      \ the private key of the ACME account (essentially, where to\
-                      \ store the auto-generated password for the auto-created ACME\
-                      \ account).  You should not normally need to set this--the default\
-                      \ value is based on a combination of the ACME authority being\
-                      \ registered wit and the email address associated with the account.\
-                      \ \n Note that this is a native-Kubernetes-style core.v1.LocalObjectReference,\
-                      \ not an Ambassador-style `{name}.{namespace}` string.  Because\
-                      \ we're opinionated, it does not support referencing a Secret\
-                      \ in another namespace (because most native Kubernetes resources\
-                      \ don't support that), but if we ever abandon that opinion and\
-                      \ decide to support non-local references it, it would be by\
-                      \ adding a `namespace:` field by changing it from a core.v1.LocalObjectReference\
-                      \ to a core.v1.SecretReference, not by adopting the `{name}.{namespace}`\
-                      \ notation."
-                    properties:
-                      name:
-                        default: ''
-                        description: 'Name of the referent. This field is effectively
-                          required, but due to backwards compatibility is allowed
-                          to be empty. Instances of this type with an empty value
-                          here are almost certainly wrong. TODO: Add other useful
-                          fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                          TODO: Drop `kubebuilder:default` when controller-gen doesn''t
-                          need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
-                        type: string
-                    type: object
-                    x-kubernetes-map-type: atomic
-                  registration:
-                    description: This is normally set automatically
-                    type: string
-                type: object
-              ambassador_id:
-                description: Common to all Ambassador objects (and optional).
-                items:
-                  type: string
-                type: array
-              hostname:
-                description: Hostname by which the Ambassador can be reached.
-                type: string
-              mappingSelector:
-                description: Selector for Mappings we'll associate with this Host.
-                  At the moment, Selector and MappingSelector are synonyms, but that
-                  will change soon.
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: A label selector requirement is a selector that
-                        contains values, a key, and an operator that relates the key
-                        and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: operator represents a key's relationship to
-                            a set of values. Valid operators are In, NotIn, Exists
-                            and DoesNotExist.
-                          type: string
-                        values:
-                          description: values is an array of string values. If the
-                            operator is In or NotIn, the values array must be non-empty.
-                            If the operator is Exists or DoesNotExist, the values
-                            array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: matchLabels is a map of {key,value} pairs. A single
-                      {key,value} in the matchLabels map is equivalent to an element
-                      of matchExpressions, whose key field is "key", the operator
-                      is "In", and the values array contains only "value". The requirements
-                      are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              previewUrl:
-                description: Configuration for the Preview URL feature of Service
-                  Preview. Defaults to preview URLs not enabled.
-                properties:
-                  enabled:
-                    description: Is the Preview URL feature enabled?
-                    type: boolean
-                  type:
-                    description: What type of Preview URL is allowed?
-                    enum:
-                    - Path
-                    type: string
-                type: object
-              requestPolicy:
-                description: Request policy definition.
-                properties:
-                  insecure:
-                    properties:
-                      action:
-                        enum:
-                        - Redirect
-                        - Reject
-                        - Route
-                        type: string
-                      additionalPort:
-                        type: integer
-                    type: object
-                type: object
-              selector:
-                description: 'DEPRECATED: Selector by which we can find further configuration.
-                  Use MappingSelector instead.'
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
-                    items:
-                      description: A label selector requirement is a selector that
-                        contains values, a key, and an operator that relates the key
-                        and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies
-                            to.
-                          type: string
-                        operator:
-                          description: operator represents a key's relationship to
-                            a set of values. Valid operators are In, NotIn, Exists
-                            and DoesNotExist.
-                          type: string
-                        values:
-                          description: values is an array of string values. If the
-                            operator is In or NotIn, the values array must be non-empty.
-                            If the operator is Exists or DoesNotExist, the values
-                            array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
-                            type: string
-                          type: array
-                          x-kubernetes-list-type: atomic
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                    x-kubernetes-list-type: atomic
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: matchLabels is a map of {key,value} pairs. A single
-                      {key,value} in the matchLabels map is equivalent to an element
-                      of matchExpressions, whose key field is "key", the operator
-                      is "In", and the values array contains only "value". The requirements
-                      are ANDed.
-                    type: object
-                type: object
-                x-kubernetes-map-type: atomic
-              tls:
-                description: TLS configuration.  It is not valid to specify both `tlsContext`
-                  and `tls`.
-                properties:
-                  alpn_protocols:
-                    type: string
-                  ca_secret:
-                    type: string
-                  cacert_chain_file:
-                    type: string
-                  cert_chain_file:
-                    type: string
-                  cert_required:
-                    type: boolean
-                  cipher_suites:
-                    items:
-                      type: string
-                    type: array
-                  crl_secret:
-                    type: string
-                  ecdh_curves:
-                    items:
-                      type: string
-                    type: array
-                  max_tls_version:
-                    type: string
-                  min_tls_version:
-                    type: string
-                  private_key_file:
-                    type: string
-                  redirect_cleartext_from:
-                    type: integer
-                  sni:
-                    type: string
-                type: object
-              tlsContext:
-                description: "Name of the TLSContext the Host resource is linked with.\
-                  \ It is not valid to specify both `tlsContext` and `tls`. \n Note\
-                  \ that this is a native-Kubernetes-style core.v1.LocalObjectReference,\
-                  \ not an Ambassador-style `{name}.{namespace}` string.  Because\
-                  \ we're opinionated, it does not support referencing a Secret in\
-                  \ another namespace (because most native Kubernetes resources don't\
-                  \ support that), but if we ever abandon that opinion and decide\
-                  \ to support non-local references it, it would be by adding a `namespace:`\
-                  \ field by changing it from a core.v1.LocalObjectReference to a\
-                  \ core.v1.SecretReference, not by adopting the `{name}.{namespace}`\
-                  \ notation."
-                properties:
-                  name:
-                    default: ''
-                    description: 'Name of the referent. This field is effectively
-                      required, but due to backwards compatibility is allowed to be
-                      empty. Instances of this type with an empty value here are almost
-                      certainly wrong. TODO: Add other useful fields. apiVersion,
-                      kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                      TODO: Drop `kubebuilder:default` when controller-gen doesn''t
-                      need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.'
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-              tlsSecret:
-                description: Name of the Kubernetes secret into which to save generated
-                  certificates.  If ACME is enabled (see $acmeProvider), then the
-                  default is $hostname; otherwise the default is "".  If the value
-                  is "", then we do not do TLS for this Host.
-                properties:
-                  name:
-                    description: name is unique within a namespace to reference a
-                      secret resource.
-                    type: string
-                  namespace:
-                    description: namespace defines the space within which the secret
-                      name must be unique.
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
-            type: object
-          status:
-            description: HostStatus defines the observed state of Host
-            properties:
-              errorBackoff:
-                type: string
-              errorReason:
-                description: errorReason, errorTimestamp, and errorBackoff are valid
-                  when state==Error.
-                type: string
-              errorTimestamp:
-                format: date-time
-                type: string
-              phaseCompleted:
-                description: phaseCompleted and phasePending are valid when state==Pending
-                  or state==Error.
-                enum:
-                - NA
-                - DefaultsFilled
-                - ACMEUserPrivateKeyCreated
-                - ACMEUserRegistered
-                - ACMECertificateChallenge
-                type: string
-              phasePending:
-                description: phaseCompleted and phasePending are valid when state==Pending
-                  or state==Error.
-                enum:
-                - NA
-                - DefaultsFilled
-                - ACMEUserPrivateKeyCreated
-                - ACMEUserRegistered
-                - ACMECertificateChallenge
-                type: string
-              state:
-                enum:
-                - Initial
-                - Pending
-                - Ready
-                - Error
-                type: string
-              tlsCertificateSource:
-                enum:
-                - Unknown
-                - None
-                - Other
-                - ACME
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}
-    subresources:
-      status: {}

charts/emissary-crds/templates/kubernetesendpointresolvers.yaml

@@ -1,116 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: kubernetesendpointresolvers.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: KubernetesEndpointResolver
-    listKind: KubernetesEndpointResolverList
-    plural: kubernetesendpointresolvers
-    singular: kubernetesendpointresolver
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver
-          API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubernetesEndpointResolver tells Ambassador to use Kubernetes
-              Endpoints resources to resolve services. It actually has no spec other
-              than the AmbassadorID.
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver
-          API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubernetesEndpointResolver tells Ambassador to use Kubernetes
-              Endpoints resources to resolve services. It actually has no spec other
-              than the AmbassadorID.
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: KubernetesEndpointResolver is the Schema for the kubernetesendpointresolver
-          API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubernetesEndpointResolver tells Ambassador to use Kubernetes
-              Endpoints resources to resolve services. It actually has no spec other
-              than the AmbassadorID.
-            properties:
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/kubernetesserviceresolvers.yaml

@@ -1,116 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: kubernetesserviceresolvers.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: KubernetesServiceResolver
-    listKind: KubernetesServiceResolverList
-    plural: kubernetesserviceresolvers
-    singular: kubernetesserviceresolver
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver
-          API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubernetesServiceResolver tells Ambassador to use Kubernetes
-              Service resources to resolve services. It actually has no spec other
-              than the AmbassadorID.
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver
-          API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubernetesServiceResolver tells Ambassador to use Kubernetes
-              Service resources to resolve services. It actually has no spec other
-              than the AmbassadorID.
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: KubernetesServiceResolver is the Schema for the kubernetesserviceresolver
-          API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KubernetesServiceResolver tells Ambassador to use Kubernetes
-              Service resources to resolve services. It actually has no spec other
-              than the AmbassadorID.
-            properties:
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/listeners.yaml

@@ -1,195 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: listeners.getambassador.io
-spec:
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: Listener
-    listKind: ListenerList
-    plural: listeners
-    singular: listener
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.port
-      name: Port
-      type: string
-    - jsonPath: .spec.protocol
-      name: Protocol
-      type: string
-    - jsonPath: .spec.protocolStack
-      name: Stack
-      type: string
-    - jsonPath: .spec.statsPrefix
-      name: StatsPrefix
-      type: string
-    - jsonPath: .spec.securityModel
-      name: Security
-      type: string
-    - jsonPath: .spec.l7Depth
-      name: L7Depth
-      type: string
-    name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: Listener is the Schema for the hosts API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ListenerSpec defines the desired state of this Port
-            properties:
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-              hostBinding:
-                description: HostBinding allows restricting which Hosts will be used
-                  for this Listener.
-                properties:
-                  namespace:
-                    description: NamespaceBindingType defines we we specify which
-                      namespaces to look for Hosts in.
-                    properties:
-                      from:
-                        description: NamespaceFromType defines how we evaluate a NamespaceBindingType.
-                        enum:
-                        - SELF
-                        - ALL
-                        - SELECTOR
-                        type: string
-                    type: object
-                  selector:
-                    description: A label selector is a label query over a set of resources.
-                      The result of matchLabels and matchExpressions are ANDed. An
-                      empty label selector matches all objects. A null label selector
-                      matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector
-                          requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector
-                            that contains values, a key, and an operator that relates
-                            the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector
-                                applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship
-                                to a set of values. Valid operators are In, NotIn,
-                                Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If
-                                the operator is In or NotIn, the values array must
-                                be non-empty. If the operator is Exists or DoesNotExist,
-                                the values array must be empty. This array is replaced
-                                during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A
-                          single {key,value} in the matchLabels map is equivalent
-                          to an element of matchExpressions, whose key field is "key",
-                          the operator is "In", and the values array contains only
-                          "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                    x-kubernetes-map-type: atomic
-                type: object
-              l7Depth:
-                description: L7Depth specifies how many layer 7 load balancers are
-                  between us and the edge of the network.
-                format: int32
-                type: integer
-              port:
-                description: Port is the network port. Only one Listener can use a
-                  given port.
-                format: int32
-                maximum: 65535
-                minimum: 1
-                type: integer
-              protocol:
-                description: Protocol is a shorthand for certain predefined stacks.
-                  Exactly one of Protocol or ProtocolStack must be supplied.
-                enum:
-                - HTTP
-                - HTTPS
-                - HTTPPROXY
-                - HTTPSPROXY
-                - TCP
-                - TLS
-                - UDP
-                type: string
-              protocolStack:
-                description: ProtocolStack explicitly specifies the protocol stack
-                  to set up. Exactly one of Protocol or ProtocolStack must be supplied.
-                items:
-                  description: ProtocolStackElement defines specific layers that may
-                    be combined in a protocol stack for processing connections to
-                    a port.
-                  enum:
-                  - HTTP
-                  - PROXY
-                  - TLS
-                  - TCP
-                  - UDP
-                  type: string
-                type: array
-              securityModel:
-                description: SecurityModel specifies how to determine whether connections
-                  to this port are secure or insecure.
-                enum:
-                - XFP
-                - SECURE
-                - INSECURE
-                type: string
-              statsPrefix:
-                description: 'StatsPrefix specifies the prefix for statistics sent
-                  by Envoy about this Listener. The default depends on the protocol:
-                  "ingress-http", "ingress-https", "ingress-tls-$port", or "ingress-$port".'
-                type: string
-            required:
-            - hostBinding
-            - port
-            - securityModel
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources: {}

charts/emissary-crds/templates/logservices.yaml

@@ -1,218 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: logservices.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: LogService
-    listKind: LogServiceList
-    plural: logservices
-    singular: logservice
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: LogService is the Schema for the logservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: LogServiceSpec defines the desired state of LogService
-            properties:
-              driver:
-                enum:
-                - tcp
-                - http
-                type: string
-              driver_config:
-                properties:
-                  additional_log_headers:
-                    items:
-                      properties:
-                        during_request:
-                          type: boolean
-                        during_response:
-                          type: boolean
-                        during_trailer:
-                          type: boolean
-                        header_name:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-              flush_interval_byte_size:
-                type: integer
-              flush_interval_time:
-                type: integer
-              grpc:
-                type: boolean
-              service:
-                type: string
-              v3ProtocolVersion:
-                enum:
-                - v2
-                - v3
-                type: string
-              v3StatsName:
-                type: string
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: LogService is the Schema for the logservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: LogServiceSpec defines the desired state of LogService
-            properties:
-              driver:
-                enum:
-                - tcp
-                - http
-                type: string
-              driver_config:
-                properties:
-                  additional_log_headers:
-                    items:
-                      properties:
-                        during_request:
-                          type: boolean
-                        during_response:
-                          type: boolean
-                        during_trailer:
-                          type: boolean
-                        header_name:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-              flush_interval_byte_size:
-                type: integer
-              flush_interval_time:
-                type: integer
-              grpc:
-                type: boolean
-              service:
-                type: string
-              v3ProtocolVersion:
-                enum:
-                - v2
-                - v3
-                type: string
-              v3StatsName:
-                type: string
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: LogService is the Schema for the logservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: LogServiceSpec defines the desired state of LogService
-            properties:
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-              driver:
-                enum:
-                - tcp
-                - http
-                type: string
-              driver_config:
-                properties:
-                  additional_log_headers:
-                    items:
-                      properties:
-                        during_request:
-                          type: boolean
-                        during_response:
-                          type: boolean
-                        during_trailer:
-                          type: boolean
-                        header_name:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-              flush_interval_byte_size:
-                type: integer
-              flush_interval_time:
-                type: integer
-              grpc:
-                type: boolean
-              protocol_version:
-                description: ProtocolVersion is the envoy api transport protocol version
-                enum:
-                - v2
-                - v3
-                type: string
-              service:
-                type: string
-              stats_name:
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/modules.yaml

@@ -1,126 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: modules.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: Module
-    listKind: ModuleList
-    plural: modules
-    singular: module
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: "A Module defines system-wide configuration.  The type of module\
-          \ is controlled by the .metadata.name; valid names are \"ambassador\" or\
-          \ \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module\
-          \ https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            properties:
-              config:
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: "A Module defines system-wide configuration.  The type of module\
-          \ is controlled by the .metadata.name; valid names are \"ambassador\" or\
-          \ \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module\
-          \ https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            properties:
-              config:
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: "A Module defines system-wide configuration.  The type of module\
-          \ is controlled by the .metadata.name; valid names are \"ambassador\" or\
-          \ \"tls\". \n https://www.getambassador.io/docs/edge-stack/latest/topics/running/ambassador/#the-ambassador-module\
-          \ https://www.getambassador.io/docs/edge-stack/latest/topics/running/tls/#tls-module-deprecated"
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            properties:
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-              config:
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-            required:
-            - config
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/ratelimitservices.yaml

@@ -1,236 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: ratelimitservices.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: RateLimitService
-    listKind: RateLimitServiceList
-    plural: ratelimitservices
-    singular: ratelimitservice
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: RateLimitService is the Schema for the ratelimitservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: RateLimitServiceSpec defines the desired state of RateLimitService
-            properties:
-              domain:
-                type: string
-              failure_mode_deny:
-                description: FailureModeDeny when set to true, envoy will deny traffic
-                  if it is unable to communicate with the rate limit service.
-                type: boolean
-              protocol_version:
-                enum:
-                - v2
-                - v3
-                type: string
-              service:
-                type: string
-              timeout_ms:
-                type: integer
-              v3GRPC:
-                properties:
-                  use_resource_exhausted_code:
-                    description: UseResourceExhaustedCode, when set to true, will
-                      cause envoy to return a `RESOURCE_EXHAUSTED` gRPC code instead
-                      of the default `UNAVAILABLE` gRPC code.
-                    type: boolean
-                type: object
-              v3StatsName:
-                type: string
-            required:
-            - service
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: RateLimitService is the Schema for the ratelimitservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: RateLimitServiceSpec defines the desired state of RateLimitService
-            properties:
-              domain:
-                type: string
-              failure_mode_deny:
-                description: FailureModeDeny when set to true, envoy will deny traffic
-                  if it is unable to communicate with the rate limit service.
-                type: boolean
-              protocol_version:
-                enum:
-                - v2
-                - v3
-                type: string
-              service:
-                type: string
-              timeout_ms:
-                type: integer
-              v3GRPC:
-                properties:
-                  use_resource_exhausted_code:
-                    description: UseResourceExhaustedCode, when set to true, will
-                      cause envoy to return a `RESOURCE_EXHAUSTED` gRPC code instead
-                      of the default `UNAVAILABLE` gRPC code.
-                    type: boolean
-                type: object
-              v3StatsName:
-                type: string
-            required:
-            - service
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: RateLimitService is the Schema for the ratelimitservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: RateLimitServiceSpec defines the desired state of RateLimitService
-            properties:
-              ambassador_id:
-                description: Common to all Ambassador objects.
-                items:
-                  type: string
-                type: array
-              domain:
-                type: string
-              failure_mode_deny:
-                description: FailureModeDeny when set to true, envoy will deny traffic
-                  if it is unable to communicate with the rate limit service.
-                type: boolean
-              grpc:
-                properties:
-                  use_resource_exhausted_code:
-                    description: UseResourceExhaustedCode, when set to true, will
-                      cause envoy to return a `RESOURCE_EXHAUSTED` gRPC code instead
-                      of the default `UNAVAILABLE` gRPC code.
-                    type: boolean
-                type: object
-              protocol_version:
-                description: ProtocolVersion is the envoy api transport protocol version
-                enum:
-                - v2
-                - v3
-                type: string
-              service:
-                type: string
-              stats_name:
-                type: string
-              timeout_ms:
-                type: integer
-              tls:
-                type: string
-              v2ExplicitTLS:
-                description: V2ExplicitTLS controls some vanity/stylistic elements
-                  when converting from v3alpha1 to v2.  The values in an V2ExplicitTLS
-                  should not in any way affect the runtime operation of Emissary;
-                  except that it may affect internal names in the Envoy config, which
-                  may in turn affect stats names.  But it should not affect any end-user
-                  observable behavior.
-                properties:
-                  serviceScheme:
-                    description: "ServiceScheme specifies how to spell and capitalize\
-                      \ the scheme-part of the service URL. \n Acceptable values are\
-                      \ \"http://\" (case-insensitive), \"https://\" (case-insensitive),\
-                      \ or \"\".  The value is used if it agrees with whether or not\
-                      \ this resource enables TLS origination, or if something else\
-                      \ in the resource overrides the scheme."
-                    pattern: ^([hH][tT][tT][pP][sS]?://)?$
-                    type: string
-                  tls:
-                    description: "TLS controls whether and how to represent the \"\
-                      tls\" field when its value could be implied by the \"service\"\
-                      \ field.  In v2, there were a lot of different ways to spell\
-                      \ an \"empty\" value, and this field specifies which way to\
-                      \ spell it (and will therefore only be used if the value will\
-                      \ indeed be empty). \n | Value        | Representation     \
-                      \                   | Meaning of representation          | |--------------+---------------------------------------+------------------------------------|\
-                      \ | \"\"           | omit the field                        |\
-                      \ defer to service (no TLSContext)   | | \"null\"       | store\
-                      \ an explicit \"null\" in the field | defer to service (no TLSContext)\
-                      \   | | \"string\"     | store an empty string in the field\
-                      \    | defer to service (no TLSContext)   | | \"bool:false\"\
-                      \ | store a Boolean \"false\" in the field  | defer to service\
-                      \ (no TLSContext)   | | \"bool:true\"  | store a Boolean \"\
-                      true\" in the field   | originate TLS (no TLSContext)      |\
-                      \ \n If the meaning of the representation contradicts anything\
-                      \ else (if a TLSContext is to be used, or in the case of \"\
-                      bool:true\" if TLS is not to be originated), then this field\
-                      \ is ignored."
-                    enum:
-                    - ''
-                    - 'null'
-                    - bool:true
-                    - bool:false
-                    - string
-                    type: string
-                type: object
-            required:
-            - service
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/tcpmappings.yaml

@@ -1,288 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: tcpmappings.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: TCPMapping
-    listKind: TCPMappingList
-    plural: tcpmappings
-    singular: tcpmapping
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: TCPMapping is the Schema for the tcpmappings API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: TCPMappingSpec defines the desired state of TCPMapping
-            properties:
-              address:
-                type: string
-              circuit_breakers:
-                items:
-                  properties:
-                    max_connections:
-                      type: integer
-                    max_pending_requests:
-                      type: integer
-                    max_requests:
-                      type: integer
-                    max_retries:
-                      type: integer
-                    priority:
-                      enum:
-                      - default
-                      - high
-                      type: string
-                  type: object
-                type: array
-              cluster_tag:
-                type: string
-              enable_ipv4:
-                type: boolean
-              enable_ipv6:
-                type: boolean
-              host:
-                type: string
-              idle_timeout_ms:
-                type: string
-              port:
-                description: Port isn't a pointer because it's required.
-                type: integer
-              resolver:
-                type: string
-              service:
-                type: string
-              v3StatsName:
-                type: string
-              weight:
-                type: integer
-            required:
-            - port
-            - service
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: TCPMapping is the Schema for the tcpmappings API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: TCPMappingSpec defines the desired state of TCPMapping
-            properties:
-              address:
-                type: string
-              circuit_breakers:
-                items:
-                  properties:
-                    max_connections:
-                      type: integer
-                    max_pending_requests:
-                      type: integer
-                    max_requests:
-                      type: integer
-                    max_retries:
-                      type: integer
-                    priority:
-                      enum:
-                      - default
-                      - high
-                      type: string
-                  type: object
-                type: array
-              cluster_tag:
-                type: string
-              enable_ipv4:
-                type: boolean
-              enable_ipv6:
-                type: boolean
-              host:
-                type: string
-              idle_timeout_ms:
-                type: string
-              port:
-                description: Port isn't a pointer because it's required.
-                type: integer
-              resolver:
-                type: string
-              service:
-                type: string
-              v3StatsName:
-                type: string
-              weight:
-                type: integer
-            required:
-            - port
-            - service
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: TCPMapping is the Schema for the tcpmappings API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: TCPMappingSpec defines the desired state of TCPMapping
-            properties:
-              address:
-                type: string
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-              circuit_breakers:
-                items:
-                  properties:
-                    max_connections:
-                      type: integer
-                    max_pending_requests:
-                      type: integer
-                    max_requests:
-                      type: integer
-                    max_retries:
-                      type: integer
-                    priority:
-                      enum:
-                      - default
-                      - high
-                      type: string
-                  type: object
-                type: array
-              cluster_tag:
-                type: string
-              enable_ipv4:
-                type: boolean
-              enable_ipv6:
-                type: boolean
-              host:
-                type: string
-              idle_timeout_ms:
-                type: string
-              port:
-                description: Port isn't a pointer because it's required.
-                type: integer
-              resolver:
-                type: string
-              service:
-                type: string
-              stats_name:
-                type: string
-              tls:
-                type: string
-              v2ExplicitTLS:
-                description: V2ExplicitTLS controls some vanity/stylistic elements
-                  when converting from v3alpha1 to v2.  The values in an V2ExplicitTLS
-                  should not in any way affect the runtime operation of Emissary;
-                  except that it may affect internal names in the Envoy config, which
-                  may in turn affect stats names.  But it should not affect any end-user
-                  observable behavior.
-                properties:
-                  serviceScheme:
-                    description: "ServiceScheme specifies how to spell and capitalize\
-                      \ the scheme-part of the service URL. \n Acceptable values are\
-                      \ \"http://\" (case-insensitive), \"https://\" (case-insensitive),\
-                      \ or \"\".  The value is used if it agrees with whether or not\
-                      \ this resource enables TLS origination, or if something else\
-                      \ in the resource overrides the scheme."
-                    pattern: ^([hH][tT][tT][pP][sS]?://)?$
-                    type: string
-                  tls:
-                    description: "TLS controls whether and how to represent the \"\
-                      tls\" field when its value could be implied by the \"service\"\
-                      \ field.  In v2, there were a lot of different ways to spell\
-                      \ an \"empty\" value, and this field specifies which way to\
-                      \ spell it (and will therefore only be used if the value will\
-                      \ indeed be empty). \n | Value        | Representation     \
-                      \                   | Meaning of representation          | |--------------+---------------------------------------+------------------------------------|\
-                      \ | \"\"           | omit the field                        |\
-                      \ defer to service (no TLSContext)   | | \"null\"       | store\
-                      \ an explicit \"null\" in the field | defer to service (no TLSContext)\
-                      \   | | \"string\"     | store an empty string in the field\
-                      \    | defer to service (no TLSContext)   | | \"bool:false\"\
-                      \ | store a Boolean \"false\" in the field  | defer to service\
-                      \ (no TLSContext)   | | \"bool:true\"  | store a Boolean \"\
-                      true\" in the field   | originate TLS (no TLSContext)      |\
-                      \ \n If the meaning of the representation contradicts anything\
-                      \ else (if a TLSContext is to be used, or in the case of \"\
-                      bool:true\" if TLS is not to be originated), then this field\
-                      \ is ignored."
-                    enum:
-                    - ''
-                    - 'null'
-                    - bool:true
-                    - bool:false
-                    - string
-                    type: string
-                type: object
-              weight:
-                type: integer
-            required:
-            - port
-            - service
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/tlscontexts.yaml

@@ -1,253 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: tlscontexts.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: TLSContext
-    listKind: TLSContextList
-    plural: tlscontexts
-    singular: tlscontext
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: TLSContext is the Schema for the tlscontexts API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: TLSContextSpec defines the desired state of TLSContext
-            properties:
-              alpn_protocols:
-                type: string
-              ca_secret:
-                type: string
-              cacert_chain_file:
-                type: string
-              cert_chain_file:
-                type: string
-              cert_required:
-                type: boolean
-              cipher_suites:
-                items:
-                  type: string
-                type: array
-              ecdh_curves:
-                items:
-                  type: string
-                type: array
-              hosts:
-                items:
-                  type: string
-                type: array
-              max_tls_version:
-                enum:
-                - v1.0
-                - v1.1
-                - v1.2
-                - v1.3
-                type: string
-              min_tls_version:
-                enum:
-                - v1.0
-                - v1.1
-                - v1.2
-                - v1.3
-                type: string
-              private_key_file:
-                type: string
-              redirect_cleartext_from:
-                type: integer
-              secret:
-                type: string
-              secret_namespacing:
-                type: boolean
-              sni:
-                type: string
-              v3CRLSecret:
-                type: string
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: TLSContext is the Schema for the tlscontexts API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: TLSContextSpec defines the desired state of TLSContext
-            properties:
-              alpn_protocols:
-                type: string
-              ca_secret:
-                type: string
-              cacert_chain_file:
-                type: string
-              cert_chain_file:
-                type: string
-              cert_required:
-                type: boolean
-              cipher_suites:
-                items:
-                  type: string
-                type: array
-              ecdh_curves:
-                items:
-                  type: string
-                type: array
-              hosts:
-                items:
-                  type: string
-                type: array
-              max_tls_version:
-                enum:
-                - v1.0
-                - v1.1
-                - v1.2
-                - v1.3
-                type: string
-              min_tls_version:
-                enum:
-                - v1.0
-                - v1.1
-                - v1.2
-                - v1.3
-                type: string
-              private_key_file:
-                type: string
-              redirect_cleartext_from:
-                type: integer
-              secret:
-                type: string
-              secret_namespacing:
-                type: boolean
-              sni:
-                type: string
-              v3CRLSecret:
-                type: string
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: TLSContext is the Schema for the tlscontexts API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: TLSContextSpec defines the desired state of TLSContext
-            properties:
-              alpn_protocols:
-                type: string
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-              ca_secret:
-                type: string
-              cacert_chain_file:
-                type: string
-              cert_chain_file:
-                type: string
-              cert_required:
-                type: boolean
-              cipher_suites:
-                items:
-                  type: string
-                type: array
-              crl_secret:
-                type: string
-              ecdh_curves:
-                items:
-                  type: string
-                type: array
-              hosts:
-                items:
-                  type: string
-                type: array
-              max_tls_version:
-                enum:
-                - v1.0
-                - v1.1
-                - v1.2
-                - v1.3
-                type: string
-              min_tls_version:
-                enum:
-                - v1.0
-                - v1.1
-                - v1.2
-                - v1.3
-                type: string
-              private_key_file:
-                type: string
-              redirect_cleartext_from:
-                type: integer
-              secret:
-                type: string
-              secret_namespacing:
-                type: boolean
-              sni:
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/templates/tracingservices.yaml

@@ -1,424 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
-  labels:
-    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    emissary-ingress.dev/control-plane-ns: {{ .Release.Namespace }}
-    app.kubernetes.io/name: emissary-apiext
-    app.kubernetes.io/part-of: emissary-apiext
-  name: tracingservices.getambassador.io
-spec:
-  {{- include "partials.conversion" . }}
-  group: getambassador.io
-  names:
-    categories:
-    - ambassador-crds
-    kind: TracingService
-    listKind: TracingServiceList
-    plural: tracingservices
-    singular: tracingservice
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-{{- if .Values.enableLegacyVersions -}}
-{{- if .Values.enableV1 }}
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: TracingService is the Schema for the tracingservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: TracingServiceSpec defines the desired state of TracingService
-            properties:
-              config:
-                properties:
-                  access_token_file:
-                    type: string
-                  collector_cluster:
-                    type: string
-                  collector_endpoint:
-                    type: string
-                  collector_endpoint_version:
-                    enum:
-                    - HTTP_JSON_V1
-                    - HTTP_JSON
-                    - HTTP_PROTO
-                    type: string
-                  collector_hostname:
-                    type: string
-                  service_name:
-                    type: string
-                  shared_span_context:
-                    type: boolean
-                  trace_id_128bit:
-                    type: boolean
-                  v3PropagationModes:
-                    items:
-                      enum:
-                      - ENVOY
-                      - LIGHTSTEP
-                      - B3
-                      - TRACE_CONTEXT
-                      type: string
-                    type: array
-                type: object
-              driver:
-                enum:
-                - lightstep
-                - zipkin
-                - datadog
-                - opentelemetry
-                type: string
-              sampling:
-                properties:
-                  client:
-                    type: integer
-                  overall:
-                    type: integer
-                  random:
-                    type: integer
-                type: object
-              service:
-                type: string
-              tag_headers:
-                items:
-                  type: string
-                type: array
-              v3CustomTags:
-                items:
-                  description: TracingCustomTag provides a data structure for capturing
-                    envoy's `type.tracing.v3.CustomTag`
-                  properties:
-                    environment:
-                      description: Environment explicitly specifies the protocol stack
-                        to set up. Exactly one of Literal, Environment or Header must
-                        be supplied.
-                      properties:
-                        default_value:
-                          type: string
-                        name:
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    literal:
-                      description: Literal explicitly specifies the protocol stack
-                        to set up. Exactly one of Literal, Environment or Header must
-                        be supplied.
-                      properties:
-                        value:
-                          type: string
-                      required:
-                      - value
-                      type: object
-                    request_header:
-                      description: Header explicitly specifies the protocol stack
-                        to set up. Exactly one of Literal, Environment or Header must
-                        be supplied.
-                      properties:
-                        default_value:
-                          type: string
-                        name:
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    tag:
-                      type: string
-                  required:
-                  - tag
-                  type: object
-                type: array
-              v3StatsName:
-                type: string
-            required:
-            - driver
-            - service
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: false
-{{- end }}
-  - name: v2
-    schema:
-      openAPIV3Schema:
-        description: TracingService is the Schema for the tracingservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: TracingServiceSpec defines the desired state of TracingService
-            properties:
-              config:
-                properties:
-                  access_token_file:
-                    type: string
-                  collector_cluster:
-                    type: string
-                  collector_endpoint:
-                    type: string
-                  collector_endpoint_version:
-                    enum:
-                    - HTTP_JSON_V1
-                    - HTTP_JSON
-                    - HTTP_PROTO
-                    type: string
-                  collector_hostname:
-                    type: string
-                  service_name:
-                    type: string
-                  shared_span_context:
-                    type: boolean
-                  trace_id_128bit:
-                    type: boolean
-                  v3PropagationModes:
-                    items:
-                      enum:
-                      - ENVOY
-                      - LIGHTSTEP
-                      - B3
-                      - TRACE_CONTEXT
-                      type: string
-                    type: array
-                type: object
-              driver:
-                enum:
-                - lightstep
-                - zipkin
-                - datadog
-                - opentelemetry
-                type: string
-              sampling:
-                properties:
-                  client:
-                    type: integer
-                  overall:
-                    type: integer
-                  random:
-                    type: integer
-                type: object
-              service:
-                type: string
-              tag_headers:
-                items:
-                  type: string
-                type: array
-              v3CustomTags:
-                items:
-                  description: TracingCustomTag provides a data structure for capturing
-                    envoy's `type.tracing.v3.CustomTag`
-                  properties:
-                    environment:
-                      description: Environment explicitly specifies the protocol stack
-                        to set up. Exactly one of Literal, Environment or Header must
-                        be supplied.
-                      properties:
-                        default_value:
-                          type: string
-                        name:
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    literal:
-                      description: Literal explicitly specifies the protocol stack
-                        to set up. Exactly one of Literal, Environment or Header must
-                        be supplied.
-                      properties:
-                        value:
-                          type: string
-                      required:
-                      - value
-                      type: object
-                    request_header:
-                      description: Header explicitly specifies the protocol stack
-                        to set up. Exactly one of Literal, Environment or Header must
-                        be supplied.
-                      properties:
-                        default_value:
-                          type: string
-                        name:
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    tag:
-                      type: string
-                  required:
-                  - tag
-                  type: object
-                type: array
-              v3StatsName:
-                type: string
-            required:
-            - driver
-            - service
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-        type: object
-    served: true
-    storage: true
-{{- end }}
-  - name: v3alpha1
-    schema:
-      openAPIV3Schema:
-        description: TracingService is the Schema for the tracingservices API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: TracingServiceSpec defines the desired state of TracingService
-            properties:
-              ambassador_id:
-                description: "AmbassadorID declares which Ambassador instances should\
-                  \ pay attention to this resource. If no value is provided, the default\
-                  \ is: \n ambassador_id: - \"default\""
-                items:
-                  type: string
-                type: array
-              config:
-                properties:
-                  access_token_file:
-                    type: string
-                  collector_cluster:
-                    type: string
-                  collector_endpoint:
-                    type: string
-                  collector_endpoint_version:
-                    enum:
-                    - HTTP_JSON_V1
-                    - HTTP_JSON
-                    - HTTP_PROTO
-                    type: string
-                  collector_hostname:
-                    type: string
-                  propagation_modes:
-                    items:
-                      enum:
-                      - ENVOY
-                      - LIGHTSTEP
-                      - B3
-                      - TRACE_CONTEXT
-                      type: string
-                    type: array
-                  service_name:
-                    type: string
-                  shared_span_context:
-                    type: boolean
-                  trace_id_128bit:
-                    type: boolean
-                type: object
-              custom_tags:
-                items:
-                  description: TracingCustomTag provides a data structure for capturing
-                    envoy's `type.tracing.v3.CustomTag`
-                  properties:
-                    environment:
-                      description: Environment explicitly specifies the protocol stack
-                        to set up. Exactly one of Literal, Environment or Header must
-                        be supplied.
-                      properties:
-                        default_value:
-                          type: string
-                        name:
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    literal:
-                      description: Literal explicitly specifies the protocol stack
-                        to set up. Exactly one of Literal, Environment or Header must
-                        be supplied.
-                      properties:
-                        value:
-                          type: string
-                      required:
-                      - value
-                      type: object
-                    request_header:
-                      description: Header explicitly specifies the protocol stack
-                        to set up. Exactly one of Literal, Environment or Header must
-                        be supplied.
-                      properties:
-                        default_value:
-                          type: string
-                        name:
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    tag:
-                      type: string
-                  required:
-                  - tag
-                  type: object
-                type: array
-              driver:
-                enum:
-                - lightstep
-                - zipkin
-                - datadog
-                - opentelemetry
-                type: string
-              sampling:
-                properties:
-                  client:
-                    type: integer
-                  overall:
-                    type: integer
-                  random:
-                    type: integer
-                type: object
-              service:
-                type: string
-              stats_name:
-                type: string
-              tag_headers:
-                description: 'Deprecated: tag_headers is deprecated. Use custom_tags
-                  instead. `tag_headers: ["header"]` can be defined as `custom_tags:
-                  [{"request_header": {"name": "header"}}]`.'
-                items:
-                  type: string
-                type: array
-            required:
-            - driver
-            - service
-            type: object
-        type: object
-    served: true
-    storage: {{ include "partials.v3alpha1storage" . }}

charts/emissary-crds/values.yaml.in

@@ -1,16 +0,0 @@
-# Set to true to include the v2 versions and the conversion webhook.
-enableLegacyVersions: true
-# Set to true to also include v1 versions; requires enableLegacyVersions to be true.
-enableV1: true
-
-emissary:
-  # Namespace for the main Emissary installation
-  namespace: emissary
-
-apiext:
-  # Repository and image name for apiext images
-  repository: @imageRepo@
-  # Version tag for apiext images
-  tag: @version@
-  # imagePullPolicy for apiext images
-  pullPolicy: IfNotPresent

charts/emissary-ingress/Chart.yaml.in

@@ -16,8 +16,10 @@ keywords:
 - emissary
 - emissary ingress
 maintainers:
+- name: flydiverny
+  email: markus@maga.se
 - name: kflynn
-  email: flynn@buoyant.io
-- name: aliceproxy
-  email:
+  email: flynn@datawire.io
+- name: nbkrause
+  email: nkrause@datawire.io
 engine: gotpl

charts/emissary-ingress/templates/NOTES.txt

@@ -1,5 +1,5 @@
 -------------------------------------------------------------------------------
-  Congratulations! You've successfully installed Emissary-ingress!
+  Congratulations! You've successfully installed Emissary Ingress!
 
 -------------------------------------------------------------------------------
 To get the IP address of Emissary, run the following commands:

docs/releaseNotes.yml

@@ -32,9 +32,9 @@
 
 changelog: https://github.com/emissary-ingress/emissary/blob/$branch$/CHANGELOG.md
 items:
-  - version: 3.10.0-dev
+  - version: 3.10.0
     prevVersion: 3.9.0
-    date: "TBD"
+    date: "2025-07-29"
     notes:
       - title: Upgrade to Envoy 1.30.2
         type: feature