apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: name: supervisor.pinniped.dev.0.25.0 namespace: supervisor-ns spec: refName: supervisor.pinniped.dev version: 0.25.0 releaseNotes: | Initial release of the pinniped supervisor package licenses: - Apache-2.0 valuesSchema: openAPIv3: type: object additionalProperties: false properties: app_name: type: string description: Namespace of pinniped-supervisor default: pinniped-supervisor namespace: type: string description: Creates a new namespace statically in yaml with the given name and installs the app into that namespace. default: pinniped-supervisor into_namespace: type: string nullable: true description: 'Overrides namespace. This is actually confusingly worded. TODO: CAN WE REWRITE THIS ONE???' default: null custom_labels: type: object additionalProperties: false description: 'All resources created statically by yaml at install-time and all resources created dynamically by controllers at runtime will be labelled with `app: $app_name` and also with the labels specified here.' properties: {} replicas: type: integer description: Specify how many replicas of the Pinniped server to run. default: 2 image_repo: type: string nullable: true description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used. default: null image_digest: type: string nullable: true description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used. default: null image_tag: type: string nullable: true description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used. default: null package_image_repo: type: string nullable: true default: null package_image_digest: type: string nullable: true default: null package_image_tag: type: string nullable: true default: null package_version: type: string nullable: true default: null image_pull_dockerconfigjson: type: object additionalProperties: false nullable: true properties: auths: type: object additionalProperties: false properties: https://registry.example.com: type: object additionalProperties: false properties: username: type: string default: USERNAME password: type: string default: PASSWORD auth: type: string default: BASE64_ENCODED_USERNAME_COLON_PASSWORD deprecated_service_http_nodeport_port: type: integer nullable: true description: will be removed in a future release; when specified, creates a NodePort Service with this `port` value, with port 8080 as its `targetPort`; e.g. 31234 default: null deprecated_service_http_nodeport_nodeport: type: integer nullable: true description: will be removed in a future release; the `nodePort` value of the NodePort Service, optional when `deprecated_service_http_nodeport_port` is specified; e.g. 31234 default: null deprecated_service_http_loadbalancer_port: type: integer nullable: true description: will be removed in a future release; when specified, creates a LoadBalancer Service with this `port` value, with port 8080 as its `targetPort`; e.g. 8443 default: null deprecated_service_http_clusterip_port: type: integer nullable: true description: will be removed in a future release; when specified, creates a ClusterIP Service with this `port` value, with port 8080 as its `targetPort`; e.g. 8443 default: null service_https_nodeport_port: type: integer nullable: true description: when specified, creates a NodePort Service with this `port` value, with port 8443 as its `targetPort`; e.g. 31243 default: null service_https_nodeport_nodeport: type: integer nullable: true description: the `nodePort` value of the NodePort Service, optional when `service_https_nodeport_port` is specified; e.g. 31243 default: null service_https_loadbalancer_port: type: integer nullable: true description: when specified, creates a LoadBalancer Service with this `port` value, with port 8443 as its `targetPort`; e.g. 8443 default: null service_https_clusterip_port: type: integer nullable: true description: when specified, creates a ClusterIP Service with this `port` value, with port 8443 as its `targetPort`; e.g. 8443 default: null service_loadbalancer_ip: type: string nullable: true description: The `loadBalancerIP` value of the LoadBalancer Service. Ignored unless service_https_loadbalancer_port is provided. e.g. 1.2.3.4 default: null log_level: type: string nullable: true description: 'Specify the verbosity of logging: info ("nice to know" information), debug (developer information), trace (timing information), or all (kitchen sink). Do not use trace or all on production systems, as credentials may get logged.' default: null deprecated_log_format: type: string nullable: true description: 'Specify the format of logging: json (for machine parsable logs) and text (for legacy klog formatted logs). By default, when this value is left unset, logs are formatted in json. This configuration is deprecated and will be removed in a future release at which point logs will always be formatted as json.' default: null run_as_user: type: integer description: run_as_user specifies the user ID that will own the process, see the Dockerfile for the reasoning behind this choice default: 65532 run_as_group: type: integer description: run_as_group specifies the group ID that will own the process, see the Dockerfile for the reasoning behind this choice default: 65532 api_group_suffix: type: string description: Specify the API group suffix for all Pinniped API groups. By default, this is set to pinniped.dev, so Pinniped API groups will look like foo.pinniped.dev, authentication.concierge.pinniped.dev, etc. As an example, if this is set to tuna.io, then Pinniped API groups will look like foo.tuna.io. authentication.concierge.tuna.io, etc. default: pinniped.dev https_proxy: type: string nullable: true description: Set the standard golang HTTPS_PROXY and NO_PROXY environment variables on the Supervisor containers. These will be used when the Supervisor makes backend-to-backend calls to upstream identity providers using HTTPS, e.g. when the Supervisor fetches discovery documents, JWKS keys, and tokens from an upstream OIDC Provider. The Supervisor never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY. default: null no_proxy: type: string description: NO_PROXY environment variable. do not proxy Kubernetes endpoints default: $(KUBERNETES_SERVICE_HOST),169.254.169.254,127.0.0.1,localhost,.svc,.cluster.local endpoints: type: object additionalProperties: false nullable: true description: Control the HTTP and HTTPS listeners of the Supervisor. properties: https: type: object additionalProperties: false properties: network: type: string default: tcp | unix | disabled address: type: string default: host:port when network=tcp or /pinniped_socket/socketfile.sock when network=unix deprecated_insecure_accept_external_unencrypted_http_requests: type: boolean description: Optionally override the validation on the endpoints.http value which checks that only loopback interfaces are used. default: false template: spec: fetch: - imgpkgBundle: image: benjaminapetersen/pinniped-package-repo-package-supervisor:0.25.0 template: - ytt: paths: - config/ - kbld: paths: - .imgpkg/images.yml - '-' deploy: - kapp: {}